Profile Image

Professor Vijay Varadharajan

Global Innovation Chair in Cybersecurity

Faculty of Engineering and Built Environment

Career Summary

Biography

Vijay Varadharajan is Global Innovation Chair Professor in Cyber Security at the University of Newcastle since March 2017. He is also the Director of Advanced Cyber Security Engineering Research Centre (ACSRC) at Newcastle. Previously he was Microsoft Chair Professor in Innovation in Computing at Macquarie University (2001 till March 2017). Before this he was Dean/Head of School of Computing and IT at University of Western Sydney (1996-2000).

Previously, Vijay has headed worldwide Security Research at HP Labs based European Headquarters at Bristol, UK (1988-1995). During his tenure at HP Labs., under his leadership, some 6 different security technologies were transferred into successful HP products in Divisions, generating over billions of dollars. He also headed the Technical Security Strategy Initiative at HP under the Senior Vice President, USA. Before this, he was a Research Manager at British Telecom Research Labs. U.K (1987-88). During 1985-1986, first he was Research Fellow and then Lecturer in Computer Science at Plymouth and Reading Universities. He did his Ph.D in Computer and Communication Security in the U.K (1981-1984) from Plymouth and Exeter Universities in U.K., sponsored by BT Research Labs. He did his Electronic Engineering degree from Sussex University, UK (1978-1981). He was awarded the 1981 Prize of the Institution of Electrical Engineers, IEE, for outstanding performance at Sussex University as well as the Committee of Vice Chancellors and Principals Award (UK).

Vijay has had several visiting positions at different institutions over the years including Isaac Newton Inst of Mathematical Sciences, Cambridge University, UK, Senior Research Scientist at Microsoft Research Cambridge UK, Senior Research Scientist at the Institute of Mathematical Sciences at National University of Singapore, Invited Professor at French National Research Labs (INRIA), Invited Professor at the Indian Inst. of Technology, Research Scientist at Fujitsu Research Labs, Fellow at British Telecom Research Labs., UK, Visiting Professor at eScience Institute, Edinburgh University, Adjunct at Oxford Martin School, Oxford University, UK and Visiting Professor at the Chinese Academy of Sciences. Vijay has also been a Senior Visiting Fellow with the Australian Academy of Science and the Indian Institute of Science. Recently Vijay has been appointed as Mercator Fellow by the German Research Foundation with the Technical University of Darmstadt (2016-2022).

Vijay was on the Board of International Advisors of TCPA, USA, originally formed by HP, Microsoft, Intel, Sun and Compaq. Now TCPA is known as TCG and TCPA security specification is currently being in products endorsed by numerous companies. Vijay is a founding member of the Trustworthy Computing Academic Advisory Board (Microsoft, USA) (announced by Bill Gates in July 2002) (2002-2014), is a member of the SAP International Security Advisory Board (SAP Corporation, Germany/Germany) (2010-2014) and is a member of SAP Next Business and Technology Board (USA) (2011-2013). He is also a member of the Australian Government's Peak Security Advisory Body, ITSEAG, for the Ministry of Broadband, Communications and Digital Economy, Australia (2008-2013). Vijay  is a member of the Australian Academy of Science National Committee on Information and Communication Systems (2014 -- ). In April 2014, Vijay has been appointed to the ICT Advisory Panel in the NSW Government (2014-2015). In May 2015, he has been appointed to the Cyber Security Task Force (CSTF) in India, which has been created upon the recommendation of the Prime Minister of India (2015 -- ). He was a memmber of Strategic Research Priorities Committee (Cyber Security), Office of the Chief Scientist of Australia (2015). Previously he has acted as an Expert in Security for the European Union and for the UK Dept. of Trade and Industry. He has also acted as consultant and architect for several projects in computing, financial and telecom organizations in the UK, US and in Australia. He has been the Technical Board Director of Computer Science at Australian Computer Society (1999-2006), and a member of the Board of Studies NSW Australian Government 2005-2012. Vijay was a member of the Australian Research Council (ARC) ARC College of Experts in Engineering, Mathematics and Informatics in 2011 for 3 years.

Vijay has published more than 400 papers in International Journals and Conferences, has co-authored and edited 10 books on Information Technology, Security, Networks and Distributed Systems and have held 3 patents. His research work over the years has contributed to the development of several successful secure commercial systems in the areas of Secure Distributed Applications, Secure Network Systems, Security Tools, Secure Mobile Systems as well as Cryptographic and Smart Card based Systems and secure financial, telecom and medical solutions. His current areas of research interest include Cloud Computing Security, Internet of Things Security, Big Data and Distributed Applications Security, Malware and Security Attacks, Software Security, Trusted Computing, Internet Security, Wireless and Mobile Networks Security, Secure E-Commerce, Security Architectures, Security Policies, Models and Protocols. He has supervised successfully over 34 PhD and 10 Masters Research students in UK and Australia. He was awarded MQ University's Supervisor of the Year in 2003.

He has given over 40 Keynote Speeches at Academic International Conferences, and has given over 200 invited speeches in various acadmic and industrial symposiums and workshops. He has been a program committee member/chaired over 200 international conferences all over the world. He is an Editorial Board member of several journals including the prestigious ACM Transactions on Information System Security (TISSEC) (USA), IEEE Transactions on Dependable and Secure Systems (TDSC), IEEE Transactions in Information Forensics and Security (TIFS), IEEE Transactions in Cloud Computing (TCC) (USA), International Journal of Information Security, Springer (Germany), Computer and Communication Security Reviews (UK) as well as IEEE Security and Privacy. His research work has been supported by industry such as Microsoft, Hewlett-Packard, British Telecom and Fujitsu, as well as government agencies such Australian Research Council (ARC), UK Research Council (EPSRC), Australian Defense (DSD), Dept of Prime Minister and Cabinet Australia and European Union (COST, EUREKA, ESPRIT, RACE, INFOSEC EU and 7th Framework).

He is a Fellow of the British Computer Society (FBCS), a Fellow of the IEE, UK (FIEE), a Fellow of the Institute of Mathematics and Applications, UK (FIMA), a Fellow of the Australian Institute of Engineers (FIEAust) and a Fellow of the Australian Computer Society (FACS).Please write your Biography

Qualifications

  • Doctor of Philosophy, Plymouth Polytechnic
  • Bachelor of Science (Honours), University of Sussex - UK

Professional Experience

UON Appointment

Title Organisation / Department
Professor University of Newcastle
Faculty of Engineering and Built Environment
Australia

Academic appointment

Dates Title Organisation / Department
1/01/2001 - 1/03/2017 Microsoft Chair Professor Macquarie University
Innovation in Computing
Australia
1/01/1996 - 31/12/2000 Dean/Head of School of Computing and IT University of Western Sydney
Australia

Membership

Dates Title Organisation / Department
1/05/2015 -  Member Cyber Security Task Force (CSTF)
India
1/01/2015 - 31/12/2015 Member Office of the Chief Scientist
Strategic Research Priorities Committee (Cyber Security)
Australia
1/01/2014 -  Member Australian Academy of Science
National Committee on Information and Communication Systems
1/01/2014 - 31/12/2015 Member NSW Government ICT Advisory Panel
Australia
1/01/2011 - 31/12/2013 Member SAP Corporation
SAP Next Business and Technology Board
Germany
1/01/2011 - 31/12/2013 Member ARC (Australian Research Council)
Australia
1/01/2010 - 31/12/2014 Member SAP Corporation
SAP International Security Advisory Board
Germany
1/01/2008 - 31/12/2013 Member Ministry of Broadband, Communications and Digital Economy
Australian Government's Peak Security Advisory Body, ITSEAG
Australia
1/01/2005 - 31/12/2012 Member NSW Board of Studies
Australia
1/01/2002 - 31/12/2014 Founding member Microsoft Corporation
Trustworthy Computing Academic Advisory Board
United States

Professional appointment

Dates Title Organisation / Department
1/03/2017 -  Director Advanced Cyber Security Engineering Research Centre (ACSRC)
Australia
Edit

Publications

For publications that are currently unpublished or in-press, details are shown in italics.


Book (8 outputs)

Year Citation Altmetrics Link
2013 Wang G, Varadharajan V, Martinez G, Message from the CSS 2013 general chairs (2013)
2013 Zia T, Zomaya A, Varadharajan V, Mao M, Preface (2013)
2013 Varadharajan V, Yu JX, Message from the general chairs (2013)
2010 Rannenberg K, Varadharajan V, Weber C, Preface (2010)
2004 Wang H, Pieprzyk J, Varadharajan V, Preface (2004)
2001 Varadharajan V, Preface (2001)
DOI 10.1007/3-540-47719-5
1999 Varadharajan V, Preface (1999)
DOI 10.1007/b72329
1997 Varadharajan V, Preface (1997)
DOI 10.1007/BFb0027916
Show 5 more books

Chapter (7 outputs)

Year Citation Altmetrics Link
2014 Damavandinejadmonfared S, Varadharajan V, 'Effective finger vein-based authentication: Kernel principal component analysis', Emerging Trends in Image Processing, Computer Vision and Pattern Recognition 447-455 (2014) [B1]

© 2015 Elsevier Inc. All rights reserved. Kernel functions have been very useful in data classification for the purpose of identification and verification so far. Applying such m... [more]

© 2015 Elsevier Inc. All rights reserved. Kernel functions have been very useful in data classification for the purpose of identification and verification so far. Applying such mappings first and using some methods on the mapped data such as principal component analysis (PCA) has been proven novel in many different areas. A lot of improvements have been proposed on PCA, such as kernel PCA, and kernel entropy component analysis, which are known as very novel and reliable methods in face recognition and data classification. In this paper, we implemented four different kernel mapping functions on finger database to determine the most appropriate one in terms of analyzing finger vein data using one-dimensional PCA. Extensive experiments have been conducted for this purpose using polynomial, Gaussian, exponential, and Laplacian PCA in four different examinations to determine the most significant one.

DOI 10.1016/B978-0-12-802045-6.00029-6
2014 Damavandinejadmonfared S, Varadharajan V, 'Biometric analysis for finger vein data: Two-dimensional kernel principal component analysis', Emerging Trends in Image Processing, Computer Vision and Pattern Recognition 393-405 (2014) [B1]

© 2015 Elsevier Inc. All rights reserved. In this paper, a whole identification system is introduced for finger vein recognition. The proposed algorithm first maps the input data... [more]

© 2015 Elsevier Inc. All rights reserved. In this paper, a whole identification system is introduced for finger vein recognition. The proposed algorithm first maps the input data into kernel space, then; two-dimensional principal component analysis (2DPCA) is applied to extract the most valuable features from the mapped data. Finally, Euclidian distance classifies the features and the final decision is made. Because of the natural shape of human fingers, the image matrixes are not square, which makes them possible to use kernel mappings in two different ways-along row or column directions. Although some research has been done on the row and column direction through 2DPCA, our argument is how to map the input data in different directions and get a square matrix out of it to be analyzed by 2DPCA. In this research, we have explored this area in details and obtained the most significant way of mapping finger vein data which results in consuming the least time and achieving the highest accuracy for finger vein identification system. The authenticity of the results and the relationship between the finger vein data and our contribution are also discussed and explained. Furthermore, extensive experiments were conducted to prove the merit of the proposed system.

DOI 10.1016/B978-0-12-802045-6.00025-9
2014 Zhou L, Varadharajan V, Hitchens M, 'Cryptographic role-based access control for secure cloud data storage systems', Security, Privacy and Trust in Cloud Systems 313-344 (2014) [B1]

© 2014 Springer-Verlag Berlin Heidelberg. All rights are reserved. With the rapid increase in the amount of digital information that needs to be stored, cloud storage has attract... [more]

© 2014 Springer-Verlag Berlin Heidelberg. All rights are reserved. With the rapid increase in the amount of digital information that needs to be stored, cloud storage has attracted much attention in recent times because of its ability to deliver resources for storage to users on demand in a cost effective manner. The cloud can provide a scalable high-performance storage architecture, and can help to significantly reduce the cost of maintenance of individual services.

DOI 10.1007/978-3-642-38586-5_11
Citations Scopus - 1
2010 Balakrishnan V, Varadharajan V, Lucs P, Tupakula U, 'SMRTI: Secure Mobile Ad Hoc Network Routing with Trust Intrigue', Mobile Intelligence 412-436 (2010)
DOI 10.1002/9780470579398.ch18
2010 Balakrishnan V, Varadharajan V, Tupakula U, 'Security in mobile AD HOC networks', Selected Topics in Communication Networks and Distributed Systems 671-708 (2010)

© 2010 by World Scientific Publishing Co. Pte. Ltd. All Rights Reserved. Security is paramount in mobile ad hoc networks (MANETs) since a MANET is neither conducive to centralize... [more]

© 2010 by World Scientific Publishing Co. Pte. Ltd. All Rights Reserved. Security is paramount in mobile ad hoc networks (MANETs) since a MANET is neither conducive to centralized authorities nor suitable for inheriting the solutions that have been proposed for wired networks. Given that end-to-end communication between applications relies on the self-organized characteristics of MANETs, most if not all the proposed security solutions concentrate on securing communication through multi-hop trustworthy nodes. I n this chapter, we present state-of-the-art security in MANETs and the survey comprises MANET-based secure routing, key management, and trust management systems. However, we confine ourselves to a few well-regarded proposals due to the exhaustive list of proposals available in each of the above-mentioned categories. First, we discuss the features inherent in MANETs and their impact on the design of security mechanisms, in addition to the threats and attacks that are common in MANETs. Second, we describe a few well-known solutions in the area of secure routing and key management to demonstrate their role as a prevention system. We then discuss the limitations of those systems such as their inability to react to dynamically changing attack patterns and their assumption that nodes will cooperate for routing and network management. Finally, we address the recent advancements in security systems, where a defense-in-depth approach is adopted to incorporate trust management systems as the second layer of defense to prevention systems. Trust management systems complement prevention systems by measuring the trustworthiness of nodes and promptly react to dynamically changing attack patterns. We then detail the limitations of trust management systems and discuss possible research directions to address those limitations.

DOI 10.1142/9789812839442_0023
2008 Tupakula UK, Varadharajan V, 'Distributed denial of service attacks in networks', Handbook of Research on Information Security and Assurance 85-97 (2008)

In this chapter we discuss Distributed Denial of Service (DDoS) attacks in networks such as the Internet, which have become significantly prevalent over the recent years. We expla... [more]

In this chapter we discuss Distributed Denial of Service (DDoS) attacks in networks such as the Internet, which have become significantly prevalent over the recent years. We explain how DDoS attacks are performed and consider the ideal solution characteristics for defending against the DDoS attacks in the Internet. Then we present different research directions and thoroughly analyse some of the important techniques that have been recently proposed. Our analysis confirms that none of the proposed techniques can efficiently and completely counteract the DDoS attacks. Furthermore, as networks become more complex, they become even more vulnerable to DoS attacks when some of the proposed techniques are deployed in the Internet. The gap between the tools that can generate DDoS attacks and the tools that can detect or prevent DDoS attacks continues to increase. Finally, we briefly outline some best practices that the users are urged to follow to minimise the DoS attacks in the Internet. © 2009, IGI Global.

DOI 10.4018/978-1-59904-855-0.ch008
Co-authors Uday Tupakula
2007 Zhao W, Varadharajan V, Bryan G, 'A unified taxonomy framework of trust', Trust in E-Services: Technologies, Practices and Challenges 29-50 (2007)

In this chapter, we provide a formal definition of trust relationship with a strict mathematical structure that can reflect many of the commonly used notions of trust. Based on th... [more]

In this chapter, we provide a formal definition of trust relationship with a strict mathematical structure that can reflect many of the commonly used notions of trust. Based on this formal definition, we propose a unified taxonomy framework of trust. Under the taxonomy framework, we discuss classification of trust. In particular, we address the base level authentication trust at the lower layer and a hierarchy of trust relationships at a higher level. We provide a set of definitions, propositions, and operations based on the relations of trust relationships. Then we define and discuss properties of trust direction and trust symmetry. We define the trust scope label in order to describe the scope and diversity of trust relationship. All the definitions about the properties of trust become elements of the unified taxonomy framework of trust. Some example scenarios are provided to illustrate the concepts in the taxonomy framework. The taxonomy framework of trust will provide accurate terms and useful tools for enabling the analysis, design, and implementation of trust. The taxonomy framework of trust is first part of research for the overall methodology of trust relationships and trust management in distributed systems. © 2007, Idea Group Inc.

DOI 10.4018/978-1-59904-207-7.ch002
Citations Scopus - 2
Show 4 more chapters

Journal article (107 outputs)

Year Citation Altmetrics Link
2017 Yan Z, Deng RH, Varadharajan V, 'Cryptography and Data Security in Cloud Computing', INFORMATION SCIENCES, 387 53-55 (2017)
DOI 10.1016/j.ins.2016.12.034
2017 Guo F, Mu Y, Susilo W, Varadharajan V, 'Privacy-Preserving Mutual Authentication in RFID with Designated Readers', WIRELESS PERSONAL COMMUNICATIONS, 96 4819-4845 (2017)
DOI 10.1007/s11277-017-4430-x
2017 Mishra P, Pilli ES, Varadharajan V, Tupakula U, 'Intrusion detection techniques in cloud environment: A survey', JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, 77 18-47 (2017)
DOI 10.1016/j.jnca.2016.10.015
Citations Scopus - 5Web of Science - 3
2017 Mishra P, Pilli ES, Varadharajan V, Tupakula U, 'VAED: VMI-assisted evasion detection approach for infrastructure as a service cloud', CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE, 29 (2017)
DOI 10.1002/cpe.4133
2017 Guo F, Mu Y, Susilo W, Hsing H, Wong DS, Varadharajan V, 'Optimized Identity-Based Encryption from Bilinear Pairing for Lightweight Devices', IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 14 211-220 (2017)
DOI 10.1109/TDSC.2015.2445760
Citations Scopus - 1
2017 Varadharajan V, Tupakula U, 'On the Design and Implementation of an Integrated Security Architecture for Cloud with Improved Resilience', IEEE Transactions on Cloud Computing, 5 375-389 (2017)

© 2013 IEEE. In this paper, we propose an integrated security architecture which combines policy based access control with intrusion detection techniques and trusted computing te... [more]

© 2013 IEEE. In this paper, we propose an integrated security architecture which combines policy based access control with intrusion detection techniques and trusted computing technologies for securing distributed applications running on virtualised systems. Our security architecture incorporates access control security policies for secure interactions between applications and virtual machines in different physical virtualized servers. It provides intrusion detection and trusted attestation techniques to detect and counteract dynamic attacks in an efficient manner. We demonstrate how this integrated security architecture is used to secure the life cycle of virtual machines including dynamic hosting and allocation of resources as well as migration of virtual machines across different physical servers. We discuss the implementation of the developed architecture and show how the architecture can counteract attack scenarios involving malicious users exploiting vulnerabilities to achieve privilege escalation and then using the compromised machines to generate further attacks. The feedback between the various security components of our security architecture plays a critical role in detecting sophisticated, dynamically changing attacks, thereby increasing the resilience of the overall secure system.

DOI 10.1109/TCC.2016.2535320
2016 Zhou L, Varadharajan V, Gopinath K, 'A Secure Role-Based Cloud Storage System For Encrypted Patient-Centric Health Records', COMPUTER JOURNAL, 59 1593-1611 (2016) [C1]
DOI 10.1093/comjnl/bxw019
2016 Min B, Varadharajan V, 'Rethinking Software Component Security: Software Component Level Integrity and Cross Verification', COMPUTER JOURNAL, 59 1735-1748 (2016) [C1]
DOI 10.1093/comjnl/bxw047
2016 Min B, Varadharajan V, 'A novel malware for subversion of self-protection in anti-virus', SOFTWARE-PRACTICE & EXPERIENCE, 46 361-379 (2016) [C1]
DOI 10.1002/spe.2317
Citations Scopus - 3Web of Science - 2
2016 Yi X, Paulet R, Bertino E, Varadharajan V, 'Practical Approximate k Nearest Neighbor Queries with Location and Query Privacy', IEEE TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, 28 1546-1559 (2016) [C1]
DOI 10.1109/TKDE.2016.2520473
Citations Scopus - 10Web of Science - 3
2015 Tupakula U, Varadharajan V, 'Trust Enhanced Security for Tenant Transactions in the Cloud Environment', COMPUTER JOURNAL, 58 2388-2403 (2015) [C1]
DOI 10.1093/comjnl/bxu048
Citations Scopus - 1Web of Science - 1
Co-authors Uday Tupakula
2015 Damavandinejadmonfared S, Varadharajan V, 'A new extension to kernel entropy component analysis for image-based authentication systems', Journal of WSCG, 23 1-8 (2015) [C1]

© 2015, Vaclav Skala Union Agency. All rights reserved. We introduce Feature Dependent Kernel Entropy Component Analysis (FDKECA) as a new extension to Kernel Entropy Component A... [more]

© 2015, Vaclav Skala Union Agency. All rights reserved. We introduce Feature Dependent Kernel Entropy Component Analysis (FDKECA) as a new extension to Kernel Entropy Component Analysis (KECA) for data transformation and dimensionality reduction in Image-based recognition systems such as face and finger vein recognition. FD- KECA reveals structure related to a new mapping space, where the most optimized feature vectors are obtained and used for feature extraction and dimensionality reduction. Indeed, the proposed method uses a new space, which is feature wisely dependent and related to the input data space, to obtain significant PCA axes. We show that FDKECA produces strikingly different transformed data sets compared to KECA and PCA. Furthermore a new spectral clustering algorithm utilizing FDKECA is developed which has positive results compared to the previously used ones. More precisely, FDKECA clustering algorithm has both more time efficiency and higher accuracy rate than previously used methods. Finally, we compared our method with three well-known data transformation methods, namely Principal Component Analysis (PCA), Kernel Principal Component Analysis (KPCA), and Kernel Entropy Component Analysis (KECA) confirming that it outperforms all these direct competitors and as a result, it is revealed that FDKECA can be considered a useful alternative for PCA-based recognition algorithms.

2015 Varadharajan V, Tupakula U, 'Securing wireless mobile nodes from distributed denial-of-service attacks', CONCURRENCY AND COMPUTATION-PRACTICE & EXPERIENCE, 27 3794-3815 (2015) [C1]
DOI 10.1002/cpe.3353
Citations Scopus - 2Web of Science - 2
Co-authors Uday Tupakula
2015 Haghighi MS, Xiang Y, Varadharajan V, Quinn B, 'A Stochastic Time-Domain Model for Burst Data Aggregation in IEEE 802.15.4 Wireless Sensor Networks', IEEE TRANSACTIONS ON COMPUTERS, 64 627-639 (2015) [C1]
DOI 10.1109/TC.2013.2296773
Citations Scopus - 3Web of Science - 2
2015 Yu J, Ren K, Wang C, Varadharajan V, 'Enabling Cloud Storage Auditing With Key-Exposure Resistance', IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 10 1167-1179 (2015) [C1]
DOI 10.1109/TIFS.2015.2400425
Citations Scopus - 40Web of Science - 35
2015 Zhou L, Varadharajan V, Hitchens M, 'Trust Enhanced Cryptographic Role-Based Access Control for Secure Cloud Data Storage', IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 10 2381-2395 (2015) [C1]
DOI 10.1109/TIFS.2015.2455952
Citations Scopus - 6Web of Science - 4
2015 Zhou L, Varadharajan V, Hitchens M, 'Generic constructions for role-based encryption', INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 14 417-430 (2015) [C1]
DOI 10.1007/s10207-014-0267-4
Citations Scopus - 1
2015 Li N, Mu Y, Susilo W, Varadharajan V, 'Shared RFID ownership transfer protocols', COMPUTER STANDARDS & INTERFACES, 42 95-104 (2015) [C1]
DOI 10.1016/j.csi.2015.05.003
Citations Scopus - 1
2015 Li N, Mu Y, Susilo W, Guo F, Varadharajan V, 'Vulnerabilities of an ECC-based RFID authentication scheme', SECURITY AND COMMUNICATION NETWORKS, 8 3262-3270 (2015) [C1]
DOI 10.1002/sec.1250
Citations Scopus - 1Web of Science - 1
2014 Min B, Varadharajan V, Tupakula U, Hitchens M, 'Antivirus security: naked during updates', SOFTWARE-PRACTICE & EXPERIENCE, 44 1201-1222 (2014) [C1]
DOI 10.1002/spe.2197
Citations Scopus - 7Web of Science - 5
Co-authors Uday Tupakula
2014 Varadharajan V, Tupakula U, 'Counteracting security attacks in virtual machines in the cloud using property based attestation', JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, 40 31-45 (2014) [C1]
DOI 10.1016/j.jnca.2013.08.002
Citations Scopus - 11Web of Science - 7
Co-authors Uday Tupakula
2014 Varadharajan V, Tupakula U, 'Security as a Service Model for Cloud Environment', IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, 11 60-75 (2014) [C1]
DOI 10.1109/TNSM.2014.041614.120394
Citations Scopus - 39Web of Science - 19
Co-authors Uday Tupakula
2014 Guo F, Mu Y, Susilo W, Varadharajan V, 'Server-Aided Signature Verification for Lightweight Devices', COMPUTER JOURNAL, 57 481-493 (2014) [C1]
DOI 10.1093/comjnl/bxt003
2014 Nagarajan A, Varadharajan V, Tarr N, 'Trust enhanced distributed authorisation for web services', JOURNAL OF COMPUTER AND SYSTEM SCIENCES, 80 916-934 (2014)
DOI 10.1016/j.jcss.2014.02.002
Citations Scopus - 2Web of Science - 1
2014 Zhou L, Varadharajan V, Hitchens M, 'Secure administration of cryptographic role-based access control for large-scale cloud storage systems', JOURNAL OF COMPUTER AND SYSTEM SCIENCES, 80 1518-1533 (2014) [C1]
DOI 10.1016/j.jcss.2014.04.019
Citations Scopus - 12Web of Science - 9
2014 Ruan C, Varadharajan V, 'Dynamic delegation framework for role based access control in distributed data management systems', DISTRIBUTED AND PARALLEL DATABASES, 32 245-269 (2014) [C1]
DOI 10.1007/s10619-012-7120-4
Citations Scopus - 6Web of Science - 5
2014 Schulz S, Varadharajan V, Sadeghi A-R, 'The Silence of the LANs: Efficient Leakage Resilience for IPsec VPNs', IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 9 221-232 (2014) [C1]
DOI 10.1109/TIFS.2013.2289978
Citations Scopus - 2Web of Science - 2
2014 Guo F, Mu Y, Susilo W, Wong DS, Varadharajan V, 'CP-ABE With Constant-Size Keys for Lightweight Devices', IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 9 763-771 (2014) [C1]
DOI 10.1109/TIFS.2014.2309858
Citations Scopus - 27Web of Science - 21
2014 Huang CT, Huang L, Qin Z, Yuan H, Zhou L, Varadharajan V, Kuo CCJ, 'Survey on securing data storage in the cloud', APSIPA Transactions on Signal and Information Processing, 3 (2014) [C1]

Cloud Computing has become a well-known primitive nowadays; many researchers and companies are embracing this fascinating technology with feverish haste. In the meantime, security... [more]

Cloud Computing has become a well-known primitive nowadays; many researchers and companies are embracing this fascinating technology with feverish haste. In the meantime, security and privacy challenges are brought forward while the number of cloud storage user increases expeditiously. In this work, we conduct an in-depth survey on recent research activities of cloud storage security in association with cloud computing. After an overview of the cloud storage system and its security problem, we focus on the key security requirement triad, i.e., data integrity, data confidentiality, and availability. For each of the three security objectives, we discuss the new unique challenges faced by the cloud storage services, summarize key issues discussed in the current literature, examine, and compare the existing and emerging approaches proposed to meet those new challenges, and point out possible extensions and futuristic research opportunities. The goal of our paper is to provide a state-of-the-art knowledge to new researchers who would like to join this exciting new field. © The Authors, 2014.

DOI 10.1017/ATSIP.2014.6
Citations Scopus - 14Web of Science - 8
2014 Li N, Mu Y, Susilo W, Guo F, Varadharajan V, 'Privacy-Preserving Authorized RFID Authentication Protocols', RADIO FREQUENCY IDENTIFICATION: SECURITY AND PRIVACY ISSUES, RFIDSEC 2014, 8651 108-122 (2014)
DOI 10.1007/978-3-319-13066-8_7
Citations Scopus - 5
2013 Li N, Mu Y, Susilo W, Guo F, Varadharajan V, 'On RFID authentication protocols with wide-strong privacy', Cryptology and Information Security Series, 11 3-16 (2013) [C1]

Radio frequency identification (RFID) tag privacy is an important issue to RFID security. To date, there have been several attempts to achieve the wide-strong privacy by using zer... [more]

Radio frequency identification (RFID) tag privacy is an important issue to RFID security. To date, there have been several attempts to achieve the wide-strong privacy by using zero-knowledge protocols. In this paper, we launch an attack on the recent zero-knowledge based identification protocol for RFID, which was claimed to capture wide-strong privacy, and show that this protocol is flawed. Subsequently, we propose two zero-knowledge based tag authentication protocols and prove that they offer wide-strong privacy. © 2013 The authors and IOS Press. All rights reserved.

DOI 10.3233/978-1-61499-328-5-3
Citations Scopus - 1
2013 Zhou L, Varadharajan V, Hitchens M, 'Achieving Secure Role-Based Access Control on Encrypted Data in Cloud Storage', IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 8 1947-1960 (2013) [C1]
DOI 10.1109/TIFS.2013.2286456
Citations Scopus - 52Web of Science - 34
2013 Cheng S, Varadharajan V, Mu Y, Susilo W, 'A secure elliptic curve based RFID ownership transfer scheme with controlled delegation', Cryptology and Information Security Series, 11 31-43 (2013)

In practical applications, the owner of an RFID-tagged item canchange. In this paper, we propose a new RFID ownership transfer protocol using elliptic-curve cryptography. The pape... [more]

In practical applications, the owner of an RFID-tagged item canchange. In this paper, we propose a new RFID ownership transfer protocol using elliptic-curve cryptography. The paper first considers security and privacy requirements in the ownership transfer process. Then the paper provides a detailed description of our ownership transfer scheme outlining various protocol phases. Key features of the proposed scheme are that it allows controlled delegation and authorisation recovery, and the ownership transfer is achieved without a trusted third party. We describe a security analysis of the proposed scheme and demonstrate that it meets the desired security and privacy requirements. We also illustrate the performance results and show that our scheme is feasible for lightweight RFID tags. © 2013 The authors and IOS Press. All rights reserved.

DOI 10.3233/978-1-61499-328-5-31
Citations Scopus - 1
2012 Zhou L, Varadharajan V, Hitchens M, 'A flexible cryptographic approach for secure data storage in the cloud using role-based access control', International Journal of Cloud Computing, 1 201-201 (2012)
DOI 10.1504/IJCC.2012.046720
2012 Tupakula UK, Varadharajan V, 'Dynamic State-Based Security Architecture for Detecting Security Attacks in Virtual Machines', COMPUTER JOURNAL, 55 397-409 (2012) [C1]
DOI 10.1093/comjnl/bxr084
Citations Scopus - 3Web of Science - 1
Co-authors Uday Tupakula
2012 Rannenberg K, Varadharajan V, Weber C, 'Editorial Computers and Security Special Issue IFIP/SEC 2010 "Security & Privacy - Silver Linings in the Cloud"', COMPUTERS & SECURITY, 31 805-805 (2012)
DOI 10.1016/j.cose.2012.09.002
2011 Zhou L, Varadharajan V, Hitchens M, 'Enforcing Role-Based Access Control for Secure Data Storage in the Cloud', COMPUTER JOURNAL, 54 1675-1687 (2011)
DOI 10.1093/comjnl/bxr080
Citations Scopus - 49Web of Science - 31
2011 Nagarajan A, Varadharajan V, 'Dynamic trust enhanced security model for trusted platform based services', FUTURE GENERATION COMPUTER SYSTEMS-THE INTERNATIONAL JOURNAL OF GRID COMPUTING AND ESCIENCE, 27 564-573 (2011) [C1]
DOI 10.1016/j.future.2010.10.008
Citations Scopus - 24Web of Science - 18
2011 Haghighi MS, Mohamedpour K, Varadharajan V, Quinn BG, 'Stochastic Modeling of Hello Flooding in Slotted CSMA/CA Wireless Sensor Networks', IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 6 1185-1199 (2011) [C1]
DOI 10.1109/TIFS.2011.2163306
Citations Scopus - 2Web of Science - 2
2010 Ruan C, Varadharajan V, 'A graph theoretic approach to authorization delegation and conflict resolution in decentralised systems', DISTRIBUTED AND PARALLEL DATABASES, 27 1-29 (2010)
DOI 10.1007/s10619-009-7044-9
2010 Zhang J, Varadharajan V, 'Wireless sensor network key management survey and taxonomy', JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, 33 63-75 (2010)
DOI 10.1016/j.jnca.2009.10.001
Citations Scopus - 147Web of Science - 106
2010 Lin C, Varadharajan V, 'MobileTrust: a trust enhanced security architecture for mobile agent systems', INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 9 153-178 (2010)
DOI 10.1007/s10207-009-0098-x
Citations Scopus - 7Web of Science - 4
2010 Varadharajan V, 'Internet Filtering - Issues and Challenges', IEEE SECURITY & PRIVACY, 8 62-65 (2010)
Citations Scopus - 3Web of Science - 1
2009 Varadharajan V, 'A Note on Trust-Enhanced Security', IEEE SECURITY & PRIVACY, 7 57-59 (2009)
Citations Scopus - 16Web of Science - 8
2009 Wang Y, Lin KJ, Wong DS, Varadharajan V, 'Trust management towards service-oriented applications', Service Oriented Computing and Applications, 3 129-146 (2009)

In service-oriented computing (SOC) environments, service clients interact with service providers for services or transactions. From the point view of service clients, the trust s... [more]

In service-oriented computing (SOC) environments, service clients interact with service providers for services or transactions. From the point view of service clients, the trust status of a service provider is a critical issue to consider, particularly when the service provider is unknown to them. Typically, the trust evaluation is based on the feedback on the service quality provided by service clients. In this paper, we first present a trust management framework that is event-driven and rule-based. In this framework, trust computation is based on formulae. But rules are defined to determine which formula to use and what arguments to use, according to the event occurred during the transaction or service. In addition, we propose some trust evaluation metrics and a formula for trust computation. The formula is designed to be adaptable to different application domains by setting suitable arguments. Particularly, the proposed model addresses the incremental characteristics of trust establishment process. Furthermore, we propose a fuzzy logic based approach for determining reputation ranks that particularly differentiates new service providers and old (long-existing) ones. This is further incentive to new service providers and penalize poor quality services from service providers. Finally, a set of empirical studies has been conducted to study the properties of the proposed approaches, and the method to control the trust changes in both trust increment and decrement cases. The proposed framework is adaptable for different domains and complex trust evaluation systems. © 2008 Springer-Verlag London Limited.

DOI 10.1007/s11761-008-0035-2
Citations Scopus - 35Web of Science - 2
2009 Thomas JP, Li X, Jin H, Baiardi F, Varadharajan V, 'Call for papers for special issue on security in computer and Cyber-physical systems and networks', Security and Communication Networks, 2 455-456 (2009)
DOI 10.1002/sec.133
2008 Wang Y, Wong DS, Lin K-J, Varadharajan V, 'Evaluating transaction trust and risk levels in peer-to-peer e-commerce environments', INFORMATION SYSTEMS AND E-BUSINESS MANAGEMENT, 6 25-48 (2008)
DOI 10.1007/s10257-007-0056-y
Citations Scopus - 23Web of Science - 12
2008 Tupakula UK, Varadharajan V, 'A hybrid model against TCP SYN and reflection DDoS attacks', COMPUTER SYSTEMS SCIENCE AND ENGINEERING, 23 153-166 (2008)
Citations Scopus - 2Web of Science - 1
Co-authors Uday Tupakula
2007 Bao F, Boyd C, Gollmann D, Kim K, Kurosawa K, Mambo M, et al., 'Preface', International Journal of Wireless and Mobile Computing, 2 1-3 (2007)
2007 Indrakanti S, Varadharajan V, Agarwal R, 'On the design, implementation and application of an authorisation architecture for web services', International Journal of Information and Computer Security, 1 64-64 (2007)
DOI 10.1504/IJICS.2007.012245
2007 Indrakanti S, Varadharajan V, Agarwal R, 'On the design, implementation and application of an authorisation architecture for web services', International Journal of Information and Computer Security, 1 64-108 (2007)

This paper proposes an authorisation architecture for web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its co... [more]

This paper proposes an authorisation architecture for web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its components for secure authorisation of web services as well as the support for the management of authorisation information. The paper then describes the implementation aspects of the architecture. The architecture has been implemented and integrated within the .NET framework. The authorisation architecture for web services is demonstrated using a case study in the healthcare domain. The proposed architecture has several benefits. First and foremost, the architecture supports multiple access control models and mechanisms; it supports legacy applications exposed as web services as well as new web service-based applications built to leverage the benefits offered by the Service-Oriented Architecture; it is decentralised and distributed and provides flexible management and administration of web services and related authorisation information. The proposed architecture can be integrated into existing middleware platforms to provide enhanced security to web services deployed on those platforms. © 2007 Inderscience Enterprises Ltd.

Citations Scopus - 1
2007 Foster D, Varadharajan V, 'Trust-enhanced secure mobile agent-based system design', International Journal of Agent-Oriented Software Engineering, 1 205-224 (2007)

This paper presents a Security and Trust Enhanced Mobile Agent (SATEMA) architecture. It investigates some of the design decisions encountered during the development of the archit... [more]

This paper presents a Security and Trust Enhanced Mobile Agent (SATEMA) architecture. It investigates some of the design decisions encountered during the development of the architecture and its implementation. In particular, we consider design issues such as security and trust policy management, support for multiple applications as well as with single- and multiple-hop scenarios using the proposed architecture. We discuss the design choices and describe the solutions that have been adopted in the architecture. We have implemented two applications, namely, a travel application and an auction application using this proposed SATEMA architecture. © 2007 Inderscience Enterprises Ltd.

Citations Scopus - 1
2007 Tupakula UK, Varadharajan V, Gajam AK, Vuppala SK, Rao PNS, 'DDoS: Design, implementation and analysis of automated model', International Journal of Wireless and Mobile Computing, 2 72-85 (2007)

Earlier, we have proposed an automated model to minimise DDoS attacks in single ISP domain and extended the model to multiple ISP domains. Our approach has several advanced featur... [more]

Earlier, we have proposed an automated model to minimise DDoS attacks in single ISP domain and extended the model to multiple ISP domains. Our approach has several advanced features to minimise DDoS attacks in the internet. The focus of this paper is twofold: firstly, to present a detailed description of the design and implementation of the proposed model and second to discuss and analyse the extensive set of results obtained from the implementation and simulations. We describe the prototype implementation of our automated model using NetProwler network intrusion detection system and HP OpenView Network Node Manager. We will also discuss the performance analysis of our model on a large scale using NS2 tool. Both prototype and simulation test results confirm that our approach offers a promising solution against DDoS problem in the internet and the model can be implemented in real time with minor modifications to the existing tools. Copyright © 2007 Inderscience Enterprises Ltd.

DOI 10.1504/IJWMC.2007.013797
Citations Scopus - 4
Co-authors Uday Tupakula
2006 Zhao W, Varadharajan V, Bryan G, 'General methodology for analysis and modeling of trust relationships in distributed computing', Journal of Computers, 1 42-53 (2006)

In this paper, we discuss a general methodology for analysis and modeling of trust relationships in distributed computing. We discuss the classification of trust relationships, ca... [more]

In this paper, we discuss a general methodology for analysis and modeling of trust relationships in distributed computing. We discuss the classification of trust relationships, categorize trust relationships into two layers and provide a hierarchy of trust relationships based on a formal definition of trust relationship. We provide guidelines for the analysis and modeling of trust relationships. We review operations on trust relationships and relative types of trust relationships in our previous work. We provide a set of definitions for the properties of direction and symmetry of trust relationships. In order to analyze and model the scope and diversity of trust relationship, we define trust scope label. We provide some example scenarios to illustrate the proposed definitions about properties of trust relationship. All the definitions about the properties of trust relationships are elements of the taxonomy framework of trust relationships. We discuss the lifecycle of trust relationships that includes the analysis and modeling of trust relationships, trust relationships at runtime, and change management of trust relationships. We propose a trust management architecture at high level to place the analysis and modeling of trust relationships under the background of trust management. © 2006 ACADEMY PUBLISHER.

Citations Scopus - 4Web of Science - 4
2005 Indrakanti S, Varadharajan V, Hitchens M, 'Authorization service for Web Services and its application in a health care domain', International Journal of Web Services Research, 2 94-119 (2005)

In this paper, we discuss the design issues for an authorization framework for Web Services. In particular, we describe the features required for an authorization policy language ... [more]

In this paper, we discuss the design issues for an authorization framework for Web Services. In particular, we describe the features required for an authorization policy language for Web Services. We briefly introduce the authorization service provided by Microsoft .NET MyServices and describe our extended authorization model that proposes extensions to the .NET MyServices authorization service to support a range of authorization policies required in commercial systems. We discuss the application of the extended authorization model to a health care system built using Web Services. We use the XML Access Control Language (XACL) in our implementation to demonstrate our extended authorization model. This also enables us to evaluate the range of authorization policies that XACL supports. Copyright © 2005, Idea Group Inc.

Citations Scopus - 7
2005 Wang Y, Varadharajan V, 'Secure route structures for parallel mobile agents based systems using fast binary dispatch', MOBILE INFORMATION SYSTEMS, 1 185-205 (2005)
Citations Scopus - 1Web of Science - 1
2005 Bai Y, Zhang Y, Varadharajan V, 'On the sequence of authorization policy transformations', International Journal of Information Security, 4 120-131 (2005)

In [2, 3], we proposed a model-based approach to specify the transformation of authorizations based on the principle of minimal change [1] and its application in database systems... [more]

In [2, 3], we proposed a model-based approach to specify the transformation of authorizations based on the principle of minimal change [1] and its application in database systems. Nevertheless, there were some limitations in this approach. Firstly, we could not represent a sequence of transformations. Secondly, default authorizations could not be expressed. In this paper, we propose two high-level formal languages, L s and L sd , to specify a sequence of authorization transformations and default authorizations. Our work starts with L s , a simple, but expressive, language to specify certain sequence of authorization transformations. Furthermore, L sd has more powerful expressiveness than L s in the sense that constraints, causal and inherited authorizations, and general default authorizations can be specified. © Springer-Verlag 2005.

DOI 10.1007/s10207-004-0069-1
2005 Zhang J, Varadharajan V, Mu Y, 'Secure distribution and access of XML documents', International Journal of High Performance Computing and Networking, 3 356-365 (2005)

XML has been widely used for representation and storage of documents and their exchange over the internet. Security mechanisms for the protection of XML document sources and their... [more]

XML has been widely used for representation and storage of documents and their exchange over the internet. Security mechanisms for the protection of XML document sources and their distribution are essential. In this paper, we present a novel scheme for securing XML documents and their distribution over the internet. The proposed scheme has some distinct features. It requires only one private key for each user. Therefore, when a user leaves or joins the system, keys of all the other existing users in the system remain unchanged. This makes the proposed scheme more attractive, and hence particularly suitable for the dynamic distribution of documents over the internet. © 2005 Inderscience Enterprises Ltd.

Citations Scopus - 3
2004 Varadharajan V, Shankaran R, Hitchens M, 'Security for cluster based ad hoc networks', COMPUTER COMMUNICATIONS, 27 488-501 (2004)
DOI 10.1016/j.comcom.2003.10.005
Citations Scopus - 42Web of Science - 30
2004 Varadharajan V, 'Trustworthy computing: (Extended abstract)', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 3306 13-16 (2004)
Citations Scopus - 1
2004 Chaddoud G, Varadharajan V, Chrisment I, Schaff A, 'Gestion efficace de la sécurité des communications de groupe pour le service SSM', Techniques et sciences informatiques, 23 1107-1135 (2004)
DOI 10.3166/tsi.23.1107-1135
2004 Zhao W, Varadharajan V, Bryan G, 'Fair trading protocol with offline anonymous credit card payment', Information Systems Security, 13 41-47 (2004)

This paper proposes a fair trading protocol. The fair trading protocol provides an overall solution for a trading process with offline anonymous credit card payments. With the exp... [more]

This paper proposes a fair trading protocol. The fair trading protocol provides an overall solution for a trading process with offline anonymous credit card payments. With the exploding growth of electronic commerce on the Internet, the issue of fairness 1,2 is becoming increasingly more important. Fair exchange protocols have already been broadly used for applications such as electronic transactions, 3,4 electronic mails, 5,6 and contract signing. 7 Fairness is one of the critical issues in online transactions and related electronic payment systems. Many electronic payment systems have been proposed for providing different levels of security to financial transactions, such as iKP, 8 SET, 9 NetBill, 10 and NetCheque. 11 In a normal electronic commerce transaction, there is always a payer and a payee to exchange money for goods or services. At least one financial institution, normally a bank, should be present in the payment system. The financial institution plays the role of issuer for the payer and the role of acquirer for the payee. An electronic payment system must enable an honest payer to convince the payee of a legitimate payment and prevent a dishonest payer from using other unsuitable behavior. At the same time, some additional security requirements may be addressed based on the nature of trading processes and trust assumptions of the system. Payer, payee, and the financial institution have different interests and the trust between two parties should be as little as possible. In electronic commerce, the payment happens over an open network, such as the Internet, and the issue of fairness must be carefully addressed. There is no fairness for involved parties in the existing popular payment protocols. One target of this article is to address the fairness issue in the credit card payment process. In the existing credit card protocols, the financial institution that provides the credit card service plays the role of online authority and is actively involved in a payment. To avoid the involvement of financial institutions in normal transactions and to reduce running costs, some credit card-based schemes with offline financial authority have been proposed. 12 Another target of this article is to avoid the online financial institution for credit card service in normal transactions. © 2004 Taylor & Francis.

DOI 10.1201/1086/44530.13.3.20040701/83068.6
2004 Tupakula UK, Varadharajan V, 'Tracing DDoS floods: An automated approach', Journal of Network and Systems Management, 12 111-135 (2004)

We propose a Controller-Agent model that would greatly minimize distributed denial-of-servicfe (DDoS) attacks on the Internet. We introduce a new packet marking technique and agen... [more]

We propose a Controller-Agent model that would greatly minimize distributed denial-of-servicfe (DDoS) attacks on the Internet. We introduce a new packet marking technique and agent design that enables us to identify the approximate source of attack (nearest router) with a single packet even in the case of attacks with spoofed source addresses. Our model is invoked only during attack times, and is able to process the victims traffic separately without disturbing other traffic, it is also able to establish different attack signatures for different attacking sources and can prevent the attack traffic at the nearest router to the attacking system. It is simple in its implementation, it has fast response for any changes in attack traffic pattern, and can be incrementally deployed. Hence we believe that the model proposed in this paper seems to be a promising approach to prevent distributed denial-of-service attacks.

DOI 10.1023/B:JONS.0000015701.83726.ca
Citations Scopus - 8
Co-authors Uday Tupakula
2003 Bai Y, Varadharajan V, 'On transformation of authorization policies', DATA & KNOWLEDGE ENGINEERING, 45 333-357 (2003)
DOI 10.1016/S0169-023X(02)00194-5
Citations Scopus - 7Web of Science - 3
2003 Wang H, Zhang YC, Cao JL, Varadharajan V, 'Achieving secure and flexible M-services through tickets', IEEE TRANSACTIONS ON SYSTEMS MAN AND CYBERNETICS PART A-SYSTEMS AND HUMANS, 33 697-708 (2003)
DOI 10.1109/TSMCA.2003.819917
Citations Scopus - 29Web of Science - 21
2003 Mu Y, Zhang JQ, Varadharajan V, Lin YX, 'Robust non-interactive oblivious transfer', IEEE COMMUNICATIONS LETTERS, 7 153-155 (2003)
DOI 10.1109/LCOMM.2003.811213
Citations Scopus - 14Web of Science - 15
2003 Varadharajan V, Foster D, 'A security architecture for mobile agent based applications', WORLD WIDE WEB-INTERNET AND WEB INFORMATION SYSTEMS, 6 93-122 (2003)
DOI 10.1023/A:1022360516731
Citations Scopus - 14Web of Science - 6
2003 Ruan C, Varadharajan V, 'A formal graph based framework for supporting authorization delegations and conflict resolutions', International Journal of Information Security, 1 211-222 (2003)
DOI 10.1007/s10207-003-0018-4
2002 Bai Y, Varadharajan V, 'Object oriented database with authorization policies', FUNDAMENTA INFORMATICAE, 53 229-250 (2002)
Citations Scopus - 1
2002 Ruan C, Varadharajan V, 'Resolving conflicts in authorization delegations', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2384 271-285 (2002)

In this paper, we first discuss some drawbacks of the existing conflict authorization resolution methods when access rights are delegated, and then propose a flexible authorizatio... [more]

In this paper, we first discuss some drawbacks of the existing conflict authorization resolution methods when access rights are delegated, and then propose a flexible authorization model to deal with the conflict resolution problem with delegation. In our model, conflicts are classified into comparable and incomparable ones. With comparable conflicts, the conflicts come from the grantors that have grant connectivity relationship with each other, and the predecessor¿s authorizations will always take precedence over the successor¿s. In this way, the access rights can be delegated but the delegation can still be controlled. With incomparable conflicts, the conflicts come from the grantors that do not have grant connectivity relationship with each other. Multiple resolution policies are provided so that users can select the specific one that best suits their requirements. In addition, the overridden authorizations are still preserved in the system and they can be reactivated when other related authorizations are revoked or the policy for resolving conflicts is changed. We give a formal description of our model and describe in detail the algorithms to implement the model. Our model is represented using labelled digraphs, which provides a formal basis for proving the semantic correctness of our model. © 2002 Springer-Verlag Berlin Heidelberg.

Citations Scopus - 14
2002 Mu Y, Varadharajan V, 'Group cryptography: Signature and encryption', Informatica (Ljubljana), 26 249-254 (2002)

Traditional group signature schemes reflect only one side of the spectrum of public cryptography, i.e., signing, where the group public key is used for a sole purpose: verificatio... [more]

Traditional group signature schemes reflect only one side of the spectrum of public cryptography, i.e., signing, where the group public key is used for a sole purpose: verification of group signatures. This paper describes a new group cryptographic system that presents a promise for both signing and encryption. That is, besides verifications, a sole group public key can be also used for encryption and the associated decryption can be implemented by any member in the designated group. The proposed system meets all key features for an ideal group cryptography.

Citations Scopus - 2
2002 Chen G, Varadharajan V, Ray P, Zuluaga P, 'Management for eBusiness in the New Millennium: A Report on APNOMS 2001', Journal of Network and Systems Management, 10 255-259 (2002)

The fifth Asia-Pacific Network Operations and Management Symposium, APNOMS 2001, held in Australia provided an important platform to advance all aspects of telecommunications mana... [more]

The fifth Asia-Pacific Network Operations and Management Symposium, APNOMS 2001, held in Australia provided an important platform to advance all aspects of telecommunications management. The theme for this symposium was 'Management for eBusiness in the New Millenium' which included customer information and relationship management as crucial elements. The symposium provided forum for specific regional experiences in managing eBusiness such as exceptional growth of mobile communications. The tutorial on 'Information Security Technology for eBusiness' described different security solutions, strategies, models, functionalities, applications and research trends for security in electronic commerce.

DOI 10.1023/A:1015962901420
Citations Scopus - 9
2001 Saunders G, Hitchens M, Varadharajan V, 'Role-Based Access Control and the Access Control Matrix', Operating Systems Review (ACM), 35 6-20 (2001)

The Access Matrix is a useful model for understanding the behaviour and properties of access control systems. While the matrix is rarely implemented, access control in real system... [more]

The Access Matrix is a useful model for understanding the behaviour and properties of access control systems. While the matrix is rarely implemented, access control in real systems is usually based on access control mechanisms, such as access control lists or capabilities, that have clear relationships with the matrix model. In recent times a great deal of interest has been shown in Role Based Access Control (RBAC) models. However, the relationship between RBAC models and the Access Matrix is not clear. In this paper we present a model of RBAC based on the Access Matrix which makes the relationships between the two explicit. In the process of constructing this model, some fundamental similarities between certain capability models and RBAC are revealed.

DOI 10.1145/506084.506085
Citations Scopus - 14
2001 Varadharajan V, Shankaran R, Hitchens M, 'An approach for secure multicasting in mobile IP networks', Journal of the Indian Institute of Science, 80 113-127 (2001)

There is a considerable interest in the area of mobility with the advent of powerful portable computing devices such as laptops and other information appliances. These enable a us... [more]

There is a considerable interest in the area of mobility with the advent of powerful portable computing devices such as laptops and other information appliances. These enable a user to access a service from anywhere at any time. Such nomadic computing poses several challenges in multicasting and security. We first consider a framework that has been proposed by Acharya et al. [Acharya, A., Bakre, A. and Badrinath, B. R. IP multicast extension for mobile internet working, Rutger DCS Technical Report, LCSR-TR_243.] for multicasting in mobile IP networks. In this paper, we extend this framework to support a secure multicasting service. We describe secure schemes for a mobile host to initiate, join and leave a multicast group. We also discuss the secure mov ement of mobile hosts in intra and inter campus environments.

2000 Wu CK, Varadharajan V, 'Public key cryptosystems based on Boolean permutations and their applications', International Journal of Computer Mathematics, 74 167-184 (2000)

In this paper we propose the use of Boolean permutations to design public key cryptosystems. The security of the cryptosystems is based on the difficulty of inverting Boolean perm... [more]

In this paper we propose the use of Boolean permutations to design public key cryptosystems. The security of the cryptosystems is based on the difficulty of inverting Boolean permutations. Using two Boolean permutations for which the inverses are easy to find, one can construct a composite Boolean permutation which is hard to invert. The paper proposes three such Boolean permutation based public key systems. The paper also consider applications of a Boolean permutation based public key system to digital signatures and shared signatures.

Citations Scopus - 5
2000 Hitchens M, Varadharajan V, 'Design and specification of role based access control policies', IEE Proceedings: Software, 147 117-129 (2000)

The authors describe a language based approach to the specification of authorisation policies that can be used to support the range of access control policies in commercial object... [more]

The authors describe a language based approach to the specification of authorisation policies that can be used to support the range of access control policies in commercial object systems. They discuss the issues involved in the design of a language for role based access control systems. The notion of roles is used as a primitive construct within the language. The basic constructs of the language are discussed and the language is used to specify several access control policies such as role based access control; static and dynamic separation of duty delegation and joint action based access policies. The language is flexible and is able to capture meta-level operations, and it is often these features which are significant when it comes to the applicability of an access control system to practical real situations. © IEE, 2000.

DOI 10.1049/ip-sen:20000792
Citations Scopus - 23
1999 Wu CK, Varadharajan V, 'Boolean permutation-based key escrow', Computers and Electrical Engineering, 25 291-304 (1999)

There has been an increasing interest in the design and use of key escrow schemes in recent times. This paper proposes a new key escrow protocol based on Boolean permutations and ... [more]

There has been an increasing interest in the design and use of key escrow schemes in recent times. This paper proposes a new key escrow protocol based on Boolean permutations and analyses its properties. It shows that the verification of the shares of key escrow agencies is easy and secure. In addition this protocol provides forward security as well as the capability to fully disclose the escrowed private keys in the case of guilty users. The paper also proposes methods for constructing practical trapdoor Boolean permutations with a low storage complexity. Apart from the proposal of the key escrow protocol itself, this paper describes some of the key properties of Boolean permutations which make them suitable for their use in the design of cryptosystems.

DOI 10.1016/S0045-7906(99)00014-2
Citations Scopus - 1
1999 Varadharajan V, Shankaran R, Hitchens M, 'On the design of secure ATM networks', COMPUTER COMMUNICATIONS, 22 1512-1525 (1999)
DOI 10.1016/S0140-3664(99)00124-3
Citations Scopus - 1
1999 Varadharajan V, Nguyen KQ, Mu Y, 'On the design of efficient RSA-based off-line electronic cash schemes', Theoretical Computer Science, 226 173-184 (1999)

Electronic cash is arguably one of the most important applications of modern cryptology. There have been two types of electronic cash schemes namely on-line and off-line. In gener... [more]

Electronic cash is arguably one of the most important applications of modern cryptology. There have been two types of electronic cash schemes namely on-line and off-line. In general off-line schemes are more efficient than on-line ones. The two fundamental issues with any off-line electronic cash scheme have been the detection of double spending and provision of anonymity. These issues make the design of secure off-line electronic cash schemes not an easy task. Cut-and-choose technology was one of the first techniques that was introduced to address the issue of double spending in an off-line scheme. However, this technique is not very efficient. Subsequently, other techniques had been proposed to achieve both double spending and client anonymity without using the cut and choose method. These include the works of Brands based on the discrete logarithm and that of Ferguson based on RSA and polynomial secret sharing scheme. In this paper, we propose an improved version of off-line electronic cash scheme based on the Ferguson's protocol. This scheme improves the efficiency by making some of the parameters used in the protocol to be reusable and removes the risk of framing by the bank by hiding the client's identity. © 1999 Elsevier Science B.V. All rights reserved.

Citations Scopus - 16
1998 Varadharajan V, Kumar N, Mu Y, 'Approach to designing security model for mobile agent based systems', Conference Record / IEEE Global Telecommunications Conference, 3 1600-1606 (1998)

This paper considers the design of a security model for mobile agent based computing systems. The security model proposes the notion of a security enhanced agent that captures a v... [more]

This paper considers the design of a security model for mobile agent based computing systems. The security model proposes the notion of a security enhanced agent that captures a variety of security information needed in the provision of security services. It defines the privileges of the agent required to perform the actions, the rights that other principals can have over the agent as well as delegation of privileges. The security model identifies security management and policy base components in agent enabled hosts which interpret the privileges and rights of agents and enforce the security controls.

Citations Scopus - 1
1997 Varadharajan V, Katsavos P, 'High-speed network security. I. SMDS and Frame Relay', Computer Communications, 20 832-847 (1997)

There is a growing interest in the development of broadband services and networks for commercial use in both local area and wide area networks. In particular, connectionless Switc... [more]

There is a growing interest in the development of broadband services and networks for commercial use in both local area and wide area networks. In particular, connectionless Switched Multilmegabit Data Service (SMDS) and connection-oriented Frame Relay-based broadband services are beginning to be offered by a number of major operators in the US and Europe. This paper considers the issues that need to be addressed in the design of security services for such high-speed networks. First the relevant characteristics of broadband network interfaces are discussed, some of the existing security protocols for TCP/IP and OSI networks are reviewed, and their suitability for providing security in broadband networks assessed. Then the developed arguments are applied to design security services for the connectionless LAN and SMDS networks and connection-oriented Frame Relay networks. The paper concludes with a discussion on the establishment of secure Switched Virtual Connections (SVCs). © 1997 Elsevier Science B.V.

1997 Varadharajan V, 'Extending the Schematic Protection Model II: Revocation', Operating Systems Review (ACM), 31 64-77 (1997)

The Schematic Protection Model, SPM, allows us to specify the protection structure of a system and gives an algorithm to reason about the transmission of privileges in the system.... [more]

The Schematic Protection Model, SPM, allows us to specify the protection structure of a system and gives an algorithm to reason about the transmission of privileges in the system. This paper extends the SPM model to address revocation of privileges. In [9], we had proposed an extension of the SPM to provide authentication. The two extensions are independent in the sense that each one affects a different part of the decision algorithm.

Citations Scopus - 1
1996 Varadharajan V, Calvelli C, 'Key management for a secure LAN-SMDS network', Computer Communications, 19 813-823 (1996)

A key management system for a secure interconnected local area network (LAN) is considered. The paper first briefly describes the design of a secure LAN and a Switched Multimegabi... [more]

A key management system for a secure interconnected local area network (LAN) is considered. The paper first briefly describes the design of a secure LAN and a Switched Multimegabit Data Service (SMDS) interconnected LAN system. A key management protocol for the system is then given. Finally, a formal analysis of the protocol is carried out using an extended form of BAN logic.

1996 Varadharajan V, Allen P, 'Joint actions based authorization schemes', Operating Systems Review (ACM), 30 32-45 (1996)

Authorization policy requirements in commercial applications are often richer compared to military applications in terms of the types of privileges required, and more complex in t... [more]

Authorization policy requirements in commercial applications are often richer compared to military applications in terms of the types of privileges required, and more complex in terms of both the nature and degree of interactions between participating objects. Delegation and joint action mechanisms allow a more flexible and dynamic form of access control, thereby enabling the representation of sophisticated authorization policies. This paper explores some issues that need to be addressed when designing such joint actions based authorization policies. We describe some approaches to supporting joint actions based authorization policies, and their ramifications for trust of various components of the implementation. We consider an example from the medical field, and define attributes relevant to the design of joint action schemes and present three schemes for supporting joint action based authorization policies.

Citations Scopus - 8
1996 Varadharajan V, Calvelli C, 'Extending the schematic protection model .2. Revocation', COMPUTERS & SECURITY, 15 525-536 (1996)
DOI 10.1016/S0167-4048(96)00010-7
1996 Varadharajan V, Calvelli C, 'An access control model and its use in representing mental health application access policy', IEEE Transactions on Knowledge and Data Engineering, 8 81-95 (1996)

This paper considers an access control model and proposes extensions to it to deal with authentication and revocation. The model is then applied to represent access control policy... [more]

This paper considers an access control model and proposes extensions to it to deal with authentication and revocation. The model is then applied to represent access control policy in a mental health system. In the first part of the paper, extensions to the Schematic Protection Model (SPM) are presented. The authentication and revocation extensions are independent of one another in the sense that each one affects a different part of the decision algorithm. The extensions comprise a modification of the syntax to be able to represent the new concepts and, more importantly, a modification of the decision algorithm for the safety problem to take these changes into account. We introduce the concept of conditional tickets and use it to provide authentication. Apart from this, we have found this concept to be useful in modeling systems. Hence we have separated this (syntactical) issue from the definition of the new algorithm. The second part considers the access policy for a mental health application. We have used the extensions of SPM to model part of this access policy. Even with our extensions, SPM still remains a monotonic model, where rights can be removed only in very special cases, and this makes it impossible to represent all the aspects of the problem. Other than to serve as an example for the extensions we propose, this paper also helps to separate aspects of this access control policy which are inherently monotonic from parts which are defined in a non-monotonic way, but can still be represented in a monotonic model. ©1996 IEEE.

DOI 10.1109/69.485638
Citations Scopus - 7
1994 Katsavos P, Varadharajan V, 'A secure Frame Relay service', Computer Networks and ISDN Systems, 26 1539-1558 (1994)

This paper considers the protection of Frame Relay traffic. First, the structure and functionality of the Frame Relay interface are described. Then, the inadequacies of the existi... [more]

This paper considers the protection of Frame Relay traffic. First, the structure and functionality of the Frame Relay interface are described. Then, the inadequacies of the existing security protocols in protecting the Frame Relay traffic effectively are examined. This leads to the proposal of a new security sublayer (SFRC) which provides Secure Frame Relay Connections. The reasons for the placement of the SFRC sublayer within the Frame Relay interface are also discussed. The security services provided by the SFRC sublayer, the structure of the protocol data unit, and the MIB objects controlling the functionality of the layer are then described. Finally, a set of supplementary security services that need to be supported in conjunction with the SFRC sublayer are outlined. © 1994.

DOI 10.1016/0169-7552(94)90028-0
Citations Scopus - 3
1993 Calvelli C, Varadharajan V, 'Authentication and revocation in SPM extended abstract', ACM SIGOPS Operating Systems Review, 27 42-57 (1993)
DOI 10.1145/163640.163644
1992 KARUNAMOORTHY G, VARADHARAJAN V, BALACHANDRAN C, 'EHRLICHIOSIS IN A BULLOCK AND SHE-BUFFALO IN TAMIL-NADU', INDIAN VETERINARY JOURNAL, 69 262-264 (1992)
Citations Web of Science - 2
1991 VARADHARAJAN V, 'A PETRI NET MODEL FOR SYSTEM-DESIGN AND REFINEMENT', JOURNAL OF SYSTEMS AND SOFTWARE, 15 239-250 (1991)
DOI 10.1016/0164-1212(91)90040-D
Citations Scopus - 3Web of Science - 3
1991 Mitchell CJ, Varadharajan V, 'Modified forms of cipher block chaining', Computers and Security, 10 37-40 (1991)

A long-standing proposal for modifying cipher block chaining to prevent data expansion is shown to be insecure in some circumstances. Different modifications are then presented wh... [more]

A long-standing proposal for modifying cipher block chaining to prevent data expansion is shown to be insecure in some circumstances. Different modifications are then presented which appear secure. © 1991.

DOI 10.1016/0167-4048(91)90054-H
1991 Varadharajan V, Black S, 'Multilevel security in a distributed object-oriented system', Computers and Security, 10 51-68 (1991)

It is often suggested that distributed computing will be the major trend in computer systems during the next decade. However, distributed systems are vulnerable to a number of sec... [more]

It is often suggested that distributed computing will be the major trend in computer systems during the next decade. However, distributed systems are vulnerable to a number of security attacks. In this paper we look at the security problems of object-based distributed systems, and propose a model based on labelling for multilevel security. The purpose of this model is to preserve the information flow security in a distributed object-oriented system. We consider the basic concepts of processing objects, and also the security threats to such systems. We postulate various modelling possibilities, and produce a specific set of security properties which describe a multilevel secure object model. This particular model demonstrates how various modelling decisions are reflected in an actual model. © 1991.

DOI 10.1016/0167-4048(91)90056-J
Citations Scopus - 2
1990 Varadharajan V, 'A mathematical model for system design and refinement', International Journal of Computer Mathematics, 34 13-31 (1990)

This paper considers the use of Petri nets in the system design process. It proposes a new class of Petri nets called Information Flow Nets (IFNs) which are particularly suitable ... [more]

This paper considers the use of Petri nets in the system design process. It proposes a new class of Petri nets called Information Flow Nets (IFNs) which are particularly suitable for performing refinement in the system design. We first define the class of IFNs and describe their behaviour and some of their useful properties, such as clean termination. The notion of a ¿well-behaved IFN¿ is then defined and a top-down refinement technique is presented which allows us to construct arbitrary size well-behaved IFNs. The conditions required for the refinement technique to preserve the properties of a well-behaved IFN are derived. We formally prove that a refined IFN N¿ obtained by substituting a well-behaved IFN N' in a well-behaved IFN N, is itself well -behaved. The significance of such a technique is that it can be used, in a top-down approach to system design, to build systems that are automatically well-behaved. This in turn helps to avoid the difficulty of analyzing large and complex nets. © 1990, Taylor & Francis Group, LLC. All rights reserved.

DOI 10.1080/00207169008803860
1990 VARADHARAJAN V, 'NETWORK SECURITY POLICY MODELS', LECTURE NOTES IN COMPUTER SCIENCE, 453 74-95 (1990)
Citations Scopus - 4
1989 VARADHARAJAN V, 'NEW PUBLIC-KEY DISTRIBUTION-SYSTEMS - COMMENT', ELECTRONICS LETTERS, 25 64-65 (1989)
DOI 10.1049/el:19890046
Citations Web of Science - 2
1989 Varadharajan V, 'Verification of network security protocols', Computers and Security, 8 693-708 (1989)

During recent years there has been considerable interest and growth in computer networks and distributed systems. Computer networks employ encryption for several purposes, includi... [more]

During recent years there has been considerable interest and growth in computer networks and distributed systems. Computer networks employ encryption for several purposes, including private communication, message authentication and digital signatures. The correctness and security of these applications depend not only on the strength of the cryptographic algorithms but also on the protocols for key management. In this paper, we analyse the behaviour of a "generic" key distribution protocol using a model checker based on temporal logic. The protocol typifies several protocols that have been recently proposed to achieve an authenticated communication in a network environment. The protocol is first specified using a state-machine-based language. Then some important properties of the protocol are verified. Such analysis technique is useful in a wide range of applications. In particular, we feel that the model checker helps to bring the automatic verification of finite systems closer to a practical proposition. © 1989.

DOI 10.1016/0167-4048(89)90008-4
Citations Scopus - 8
1989 Varadharajan V, 'Use of a formal description technique in the specification of authentication protocols', Computer Standards and Interfaces, 9 203-215 (1989)

Formal specification techniques have been employed over the past decade or so by various workers in data communication and computer network systems in order to provide both defini... [more]

Formal specification techniques have been employed over the past decade or so by various workers in data communication and computer network systems in order to provide both definitional specifications of protocols and models of protocols for analytic purposes. This paper considers the use of the specification language LOTOS (Language of Temporal Ordering Specification) for specifying some authentication protocols developed in the security field. The language LOTOS recently became an International ISO Standard and the protocols specified form part of the ISO and CCITT Standards. In fact, the CCITT protocol which is considered in this paper, has been used in the LOCATOR (X.400 Secure Mail) project within HPLabs. We first give a brief introduction to LOTOS and then specify two security protocols from ISO/DP 9798 and CCITT X.509 Standards. We feel that a formal specification of protocols is a useful and a necessary step towards understandability, analysis and implementation of the protocols. Further, we feel that LOTOS possesses the necessary features required for specifying such protocols. © 1990.

DOI 10.1016/0920-5489(89)90022-6
Citations Scopus - 6
1988 Varadharajan V, 'Cryptosystems Based on Permutation Polynomials', International Journal of Computer Mathematics, 23 237-250 (1988)

This paper investigates the role of permutation polynomials in the design of public key cryptosystems and public key distribution systems. Several permutation polynomials for whic... [more]

This paper investigates the role of permutation polynomials in the design of public key cryptosystems and public key distribution systems. Several permutation polynomials for which the computation of the inverse is easy are examined and their suitability to constructing secure public key systems are discussed. A method of designing highly secure public key systems using permutation polynomials under the law of composition is also considered. © 1988, Taylor & Francis Group, LLC

DOI 10.1080/00207168808803620
Citations Scopus - 2
1987 Varadharajan V, Baker KD, 'NET-BASED SYSTEM DESIGN REPRESENTATION AND ANALYSIS.', Computer Systems Science and Engineering, 2 167-178 (1987)

An augmented Petri net scheme for representing and analysing the design of a software system is presented. Both the structure and the behaviour of the system can be modelled using... [more]

An augmented Petri net scheme for representing and analysing the design of a software system is presented. Both the structure and the behaviour of the system can be modelled using this scheme. The augmented Petri net formalism enables representation of both control and data flows of the system in an integrated manner. Tools to simulate, analyse and verify some behavioural properties of the modelled system using this scheme are currently being developed. Further, the use of this scheme in the synthesis of 'correct by construction' systems is also at present being investigated.

1987 VARADHARAJAN V, BAKER KD, 'DIRECTED GRAPH BASED REPRESENTATION FOR SOFTWARE SYSTEM-DESIGN', SOFTWARE ENGINEERING JOURNAL, 2 21-28 (1987)
Citations Scopus - 1Web of Science - 1
1986 Varadharajan V, Odini R, 'Security of public key distribution in matrix rings', Electronics Letters, 22 46-47 (1986)

In the letter the security of the public key distribution (PKD) system in matrix rings proposed by Odoni, Varadharajan and Sanders is investigated. In general, the strength depend... [more]

In the letter the security of the public key distribution (PKD) system in matrix rings proposed by Odoni, Varadharajan and Sanders is investigated. In general, the strength depends on the difficulty of taking logarithms in finite cyclic groups. © 1986, The Institution of Electrical Engineers. All rights reserved.

DOI 10.1049/el:19860031
Citations Scopus - 5
1986 Varadharajan V, 'Use of Trapdoor Structures in Cryptography', International Journal of Computer Mathematics, 19 153-173 (1986)

This paper examines possible trapdoor structures which can be used to design public key cryptosystems based on the factorization problem. Some examples of such finite trapdoor sys... [more]

This paper examines possible trapdoor structures which can be used to design public key cryptosystems based on the factorization problem. Some examples of such finite trapdoor systems which might serve as a basis for a generalized RSA cryptosystem are proposed. © 1986, Taylor & Francis Group, LLC. All rights reserved.

DOI 10.1080/00207168608803512
1985 Varadharajan V, Sanders P, 'Practical secure electronic mail system with public key distribution', Computer Communications, 8 121-127 (1985)

The design of a hybrid encryption system to allow secure data transfer between computers in a communications network is described. The system uses a symmetric algorithm for data s... [more]

The design of a hybrid encryption system to allow secure data transfer between computers in a communications network is described. The system uses a symmetric algorithm for data security with a public key distribution method. The security of the hybrid system is analysed, and a protocol sequence to establish a secure connection between the users in the network and to authenticate each other's identity is outlined. © 1985.

DOI 10.1016/0140-3664(85)90152-5
1985 Varadharajan V, Odoni R, 'Extension of rsa cryptosystems to matrix rings', Cryptologia, 9 140-153 (1985)

A generalization of the RSA cryptosystem in the ring of matrices over Z/mZ is presented. It is shown that factorization of the modulus m is needed to compute the exponent of the g... [more]

A generalization of the RSA cryptosystem in the ring of matrices over Z/mZ is presented. It is shown that factorization of the modulus m is needed to compute the exponent of the group formed by either non-singular matrix messages or upper triangular matrices including diagonal elements thus offering the same level of security as the RSA system. The latter method employing the triangular matrices as messages seems to be more practical than the use of arbitrary non-singular matrix messages. The scheme is as suitable for privacy and authentication as its predecessor. © 1985 Taylor & Francis Group, LLC.

DOI 10.1080/0161-118591859852
Citations Scopus - 5
1984 ODONI RWK, VARADHARAJAN V, SANDERS PW, 'PUBLIC KEY DISTRIBUTION IN MATRIX-RINGS', ELECTRONICS LETTERS, 20 386-387 (1984)
DOI 10.1049/el:19840267
Citations Scopus - 36Web of Science - 28
1983 Sanders P, Varadharajan V, 'Secure communications between microcomputer systems', Computer Communications, 6 245-252 (1983)

A data security communications interface unit has been developed to allow data transfer between Apple terminals in either plain or encrypted format under user control. The unit em... [more]

A data security communications interface unit has been developed to allow data transfer between Apple terminals in either plain or encrypted format under user control. The unit employs the Data Encryption Standard algorithm and has a degree of sophistication sufficient to meet most user needs. The unit uses the 6502 microprocessor to control encryption, decryption and communications. In addition to the transfer of encrypted data, the interface also provides a facility for storing encrypted program and data files locally in the Apple disc system. Further, the encryption system has been designed to allow storage and retrieval of completely encrypted or partly encrypted frames of information on the Prestel database. The interface has been tested extensively using several DES modes of operation. © 1983.

DOI 10.1016/0140-3664(83)90086-5
Citations Scopus - 1
1979 Radhakrishnan S, Varadharajan V, Subramonian S, 'Paroxysmal nocturnal haemoglobinuria with unusual clinical features.', Journal of the Indian Medical Association, 73 131-133 (1979)
Show 104 more journal articles

Conference (287 outputs)

Year Citation Altmetrics Link
2017 Yousefi-Azar M, Varadharajan V, Hamey L, Tupakula U, 'Autoencoder-based feature learning for cyber security applications', Proceedings of the International Joint Conference on Neural Networks (2017)

© 2017 IEEE. This paper presents a novel feature learning model for cyber security tasks. We propose to use Auto-encoders (AEs), as a generative model, to learn latent representa... [more]

© 2017 IEEE. This paper presents a novel feature learning model for cyber security tasks. We propose to use Auto-encoders (AEs), as a generative model, to learn latent representation of different feature sets. We show how well the AE is capable of automatically learning a reasonable notion of semantic similarity among input features. Specifically, the AE accepts a feature vector, obtained from cyber security phenomena, and extracts a code vector that captures the semantic similarity between the feature vectors. This similarity is embedded in an abstract latent representation. Because the AE is trained in an unsupervised fashion, the main part of this success comes from appropriate original feature set that is used in this paper. It can also provide more discriminative features in contrast to other feature engineering approaches. Furthermore, the scheme can reduce the dimensionality of the features thereby signicantly minimising the memory requirements. We selected two different cyber security tasks: networkbased anomaly intrusion detection and Malware classication. We have analysed the proposed scheme with various classifiers using publicly available datasets for network anomaly intrusion detection and malware classifications. Several appropriate evaluation metrics show improvement compared to prior results.

DOI 10.1109/IJCNN.2017.7966342
2017 Tupakula U, Varadharajan V, Karmakar K, 'SDN-based dynamic policy specification and enforcement for provisioning SECaaS in cloud', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2017)

© 2017, Springer International Publishing AG. In this paper we make use of SDN for provisioning of Security as a Service (SECaaS) to the tenant and simplify the security manageme... [more]

© 2017, Springer International Publishing AG. In this paper we make use of SDN for provisioning of Security as a Service (SECaaS) to the tenant and simplify the security management in cloud. We have developed a Security Application (SA) for the SDN Controller which is used for capturing the tenant security requirements and enforcing the related security policies for securing their virtual machines (VMs). We have developed a security policy specification language for enforcing TPM, Access Control and Intrusion Detection related security policies with the SA. Finally we present the prototype implementation of our approach and some performance results.

DOI 10.1007/978-3-319-68786-5_44
2017 Jin F, Varadharajan V, Tupakula U, 'An eclat algorithm based energy detection for cognitive radio networks', Proceedings - 16th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 11th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Conference on Embedded Software and Systems, Trustcom/BigDataSE/ICESS 2017 (2017)

© 2017 IEEE. Cognitive radio (CR) can improve the utilization of the spectrum by making use of licensed spectrum in an opportunistic manner. The sensing reports from all the CR n... [more]

© 2017 IEEE. Cognitive radio (CR) can improve the utilization of the spectrum by making use of licensed spectrum in an opportunistic manner. The sensing reports from all the CR nodes are sent to a Fusion Centre (FC) which aggregates these reports and takes decision about the presence of the PU, based on some decision rules. Such a collaborative sensing mechanism forms the foundation of any centralised CRN. However, this collaborative sensing mechanism provides more opportunities for malicious users (MUs) hiding in the legal users to launch spectrum sensing data falsification (SSDF) attacks. In an SSDF attack, some malicious users intentionally report incorrect local sensing results to the FC and disrupt the global decision-making process. To mitigate SSDF attacks, an Eclat algorithm based detection strategy is proposed in this paper for finding out the colluding malicious nodes. Simulation results show that the sensing performance of the scheme is better than the traditional majority based voting decision in the presence of SSDF attacks.

DOI 10.1109/Trustcom/BigDataSE/ICESS.2017.358
2017 Tupakula U, Varadharajan V, Karmakar K, 'Secure monitoring of the patients with wandering behaviour', BODYNETS 2016 - 11th International Conference on Body Area Networks (2017)

© 2017 EAI. Today there are several health care related problems such as dementia and cancer with no possible cure. Hence there is considerable interest in the medical sectors an... [more]

© 2017 EAI. Today there are several health care related problems such as dementia and cancer with no possible cure. Hence there is considerable interest in the medical sectors and constant encouragement from the governments to make use of the latest technological advancements for supporting such patients. Software Defined Networking(SDN) is a promising technological advancement in the networking world. In this paper we propose techniques for making use of the SDN, Wireless LAN and wearable devices for secure monitoring of the patients with wandering behaviour in hospital environments. Our model makes use of the global network knowledge available at the SDN controller to deal with the attacks in WLAN and provide priority for real time location monitoring of the patients. We will also present the prototype implementation of our model using ONOS SDN controller and OpenFlow Access Points.

DOI 10.4108/eai.15-12-2016.2267665
2017 Jin F, Varadharajan V, Tupakula U, 'A trust model based energy detection for cognitive radio networks', ACM International Conference Proceeding Series (2017)

© 2017 ACM. In a cognitive radio network (CRN), energy detection is one of the most efficient spectrum sensing techniques for the protection of legacy spectrum users, with which ... [more]

© 2017 ACM. In a cognitive radio network (CRN), energy detection is one of the most efficient spectrum sensing techniques for the protection of legacy spectrum users, with which the presence of primary users (PUs) can be detected promptly, allowing secondary users (SUs) to vacate the channels immediately. In this paper, we design a novel trust based energy detection model for CRNs. This model extends the widely used energy detection and employs the idea of a trust model to perform spectrum sensing in the CRN. In this model, trust among SUs is represented by opinion, which is an item derived from subjective logic. The opinions are dynamic and updated frequently: If one SU makes a correct decision, its opinion from other SUs' point of view can be increased. Otherwise, if an SU exhibits malicious behavior, it will be ultimately denied by the whole network. A trust recommendation is also designed to exchange trust information among SUs. The salient feature of our trust based energy detection model is that using trust relationships among SUs, this guarantees only reliable SUs will participate in generating a final result. This greatly reduces the computation overheads. Meanwhile, with neighbors' trust recommendations, a SU can make objective judgment about another SU's trustworthiness to maintain the whole system at a certain reliable level.

DOI 10.1145/3014812.3014882
2017 Cheng S, Varadharajan V, Mu Y, Susilo W, 'An efficient and provably secure RFID grouping proof protocol', ACM International Conference Proceeding Series (2017)

© 2017 ACM. RFID Grouping proof convinces an offline verifier that multiple tags are simultaneously scanned. Various solutions have been proposed but most of them have security a... [more]

© 2017 ACM. RFID Grouping proof convinces an offline verifier that multiple tags are simultaneously scanned. Various solutions have been proposed but most of them have security and privacy vulnerabilities. In this paper, we propose an elliptic-curve- based RFID grouping proof protocol. Our protocol is proven secure and narrow-strong private. We also demonstrate that our grouping proof can be batch verified to improve the efficiency for large-scale RFID systems and it is suitable for low-cost RFID tags.

DOI 10.1145/3014812.3014885
Citations Scopus - 2
2017 Kitakami M, Varadharajan V, 'Welcome Message from the Program Chairs', Proceedings of IEEE Pacific Rim International Symposium on Dependable Computing, PRDC (2017)
DOI 10.1109/PRDC.2017.6
2017 Mishra P, Pilli ES, Varadharajan V, Tupakula U, 'Out-VM monitoring for Malicious Network Packet Detection in cloud', ISEA Asia Security and Privacy Conference 2017, ISEASP 2017 (2017)

© 2017 IEEE. Cloud security is one of the biggest challenge in today's technological world. Researchers have proposed some solutions for cloud security. Virtual Machine (VM)... [more]

© 2017 IEEE. Cloud security is one of the biggest challenge in today's technological world. Researchers have proposed some solutions for cloud security. Virtual Machine (VM)-level solutions are configured and controlled at VM. They are less robust and can be easily subverted by attackers. In this paper, we propose an out-VM monitoring security approach named as Malicious Network Packet Detection (MNPD) which monitors the VMs from outside at both network and virtualization layer in cloud environment. MNPD performs the behavioral analysis of network traffic at Cloud Networking Server (CNS); providing primary defense from intrusions at network level. MNPD does the VM traffic validation at hypervisor of Cloud Compute Server (CCoS) to detect spoofing attacks, originated from VMs. The non-spoofed packets are further analyzed using behavior analysis of network traffic to detect any abnormality in the virtual traffic; providing second level of defense from intrusions at virtualization level. MNPD employs statistical learning technique (Random Forest) with ensemble of feature selection approach to learn the behavior of traffic patterns. MNPD does not involve overhead incurred in monitoring extensive memory writes or instruction-level traces. It is a more secure solution to detect attacks which never pass through physical interface and hence not detected by traditional IDS. The proposed approach has been validated with latest datasets (UNSW-NB and ITOC) and results seem to be promising.

DOI 10.1109/ISEASP.2017.7976995
2017 Varadharajan V, Karmakar KK, Tupakula U, 'Securing communication in multiple Autonomous System domains with Software Defined Networking', Proceedings of the IM 2017 - 2017 IFIP/IEEE International Symposium on Integrated Network and Service Management (2017)

© 2017 IFIP. In this paper we proposed policy based security architecture for securing the communication in multiple Autonomous System (AS) domains with Software Defined Networks... [more]

© 2017 IFIP. In this paper we proposed policy based security architecture for securing the communication in multiple Autonomous System (AS) domains with Software Defined Networks (SDN). We will present a high level overview of the architecture and detail discussion on some of the important components for securing the communication in multiple AS domains. A key component of the security architecture is the specification of security policies that are to be enforced on the SDN communications whether they are intra or inter-domain. We will present example scenarios to demonstrate the operation of the security architecture to enable end-to-end secure communication within a single AS domain and for multiple AS domains. We have justified the model using ONOS controller.

DOI 10.23919/INM.2017.7987280
2017 Mishra P, Pilli ES, Varadharajan V, Tupakula U, 'PSI-NetVisor: Program semantic aware intrusion detection at network and hypervisor layer in cloud', JOURNAL OF INTELLIGENT & FUZZY SYSTEMS, Jaipur, INDIA (2017)
DOI 10.3233/JIFS-169234
Citations Scopus - 1Web of Science - 1
2017 Karmakar KK, Varadharajan V, Tupakula U, 'Mitigating Attacks in Software Defined Network(SDN)', 2017 FOURTH INTERNATIONAL CONFERENCE ON SOFTWARE DEFINED SYSTEMS (SDS), Valencia, SPAIN (2017)
2016 Min B, Varadharajan V, 'Cascading attacks against smart grid using control command disaggregation and services', Proceedings of the ACM Symposium on Applied Computing (2016)

© 2016 ACM. In this paper, we propose new types of cascading attacks against smart grid that use control command disaggregation and core smart grid services. Although there have ... [more]

© 2016 ACM. In this paper, we propose new types of cascading attacks against smart grid that use control command disaggregation and core smart grid services. Although there have been tremendous research efforts in injection attacks against the smart grid, to our knowledge most studies focus on false meter data injection, and false command and false feedback injection attacks have been scarcely investigated. In addition, control command disaggregation has not been addressed from a security point of view, in spite of the fact that it is becoming one of core concepts in the smart grid and hence analysing its security implications is crucial to the smart grid security. Our cascading attacks use false control command, false feedback or false meter data injection, and cascade the effects of such injections throughout the smart grid subsystems and components. Our analysis and evaluation results show that the proposed attacks can cause serious service disruptions in the smart grid. The evaluation has been performed on a widely used smart grid simulation platform.

DOI 10.1145/2851613.2853128
Citations Scopus - 1
2016 Karmakar KK, Varadharajan V, Tupakula U, Hitchens M, 'Policy based security architecture for software defined networks', Proceedings of the ACM Symposium on Applied Computing (2016) [E1]

© 2016 ACM. Software Defined Network(SDN) is a promising technological advancement in the networking world. It is still evolving and security is a major concern for SDN. In this ... [more]

© 2016 ACM. Software Defined Network(SDN) is a promising technological advancement in the networking world. It is still evolving and security is a major concern for SDN. In this paper we proposed policy based security architecture for securing the SDN domains. Our architecture enables the administrator to enforce different types of policies such as based on the devices, users, location and path for securing the communication in SDN domain. Our architecture is developed as an application that can be run on any of the SDN Controllers. We have implemented our architecture using the POX Controller and Raspberry Pi 2 switches. We will present different case scenarios to demonstrate fine granular security policy enforcement with our architecture.

DOI 10.1145/2851613.2851728
Citations Scopus - 1
Co-authors Uday Tupakula
2016 Jayarathna D, Varadharajan V, Tupakula U, 'Integrated security for services hosted in virtual environments', Proceedings - 15th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, 10th IEEE International Conference on Big Data Science and Engineering and 14th IEEE International Symposium on Parallel and Distributed Processing with Applications, IEEE TrustCom/BigDataSE/ISPA 2016 (2016) [E1]

© 2016 IEEE. In this paper, we introduce an integrated security architecture that combines TPM based trust management with hypervisor level access control and intrusion detection... [more]

© 2016 IEEE. In this paper, we introduce an integrated security architecture that combines TPM based trust management with hypervisor level access control and intrusion detection system to provide a holistic approach for securing services hosted in virtualised environments. We describe the implementation of the security architecture in detail and demonstrate the functionality of the proposed architecture for different attack scenarios. Our architecture is able to perform dynamic attack detection and update the security policies to protect the services from the identified threats. The proposed integrated security architecture can be easily adopted to be used in cloud and distributed virtualised environments.

DOI 10.1109/TrustCom.2016.0049
2016 Varadharajan V, 'Trust enhanced secure role-based access control on encrypted data in cloud (Abstract of keynote talk)', IFIP Advances in Information and Communication Technology (2016)

© IFIP International Federation for Information Processing 2016. In this talk I will begin with a brief look at current trends in the technology scenery and some of the key secur... [more]

© IFIP International Federation for Information Processing 2016. In this talk I will begin with a brief look at current trends in the technology scenery and some of the key security challenges that are impacting on business and society. In particular, on the one hand there have been tremendous developments in cyber technologies such as cloud, Big Data and Internet of Technologies. Then we will consider security and trust issues in cloud services and cloud data. In this talk, we will focus on policy based access to encrypted data in the cloud. We will present a new technique, Role based Encryption (RBE), which integrates cryptographic techniques with role based access control. The RBE scheme allows policies defined by data owners to be enforced on the encrypted data stored in public clouds. The cloud provider will not be able to see the data content if the provider is not given the appropriate role by the data owner. We will present a practical secure RBE based hybrid cloud storage architecture, which allows an organisation to store data securely in a public cloud, while maintaining the sensitive information related to the organisation¿s structure in a private cloud. Then we will consider trust issues in RBE based secure cloud data systems. We will discuss two types of trust models that assist (i) the data owners/users to evaluate the trust on the roles/role managers in the system as well as (ii) the role managers to evaluate the trust on the data owners/users for when deciding on role memberships. These models will take into account the impact of role hierarchy and inheritance on the trustworthiness of the roles and users. We will also consider practical application of the trust models and illustrate how the trust evaluations can help to reduce the risks and enhance the quality of decision making by data owners and role managers of the cloud storage services.

DOI 10.1007/978-3-319-41354-9
2016 Karmakar KK, Varadharajan V, Tupakula U, 'On the Design and Implementation of a Security Architecture for End to End Services in Software Defined Networks', 2016 IEEE 41ST CONFERENCE ON LOCAL COMPUTER NETWORKS (LCN), Dubai, U ARAB EMIRATES (2016) [E1]
DOI 10.1109/LCN.2016.82
2016 Jayarathna D, Varadharajan V, Tupakula U, 'Integrated Security for Services Hosted in Virtual Environments', 2016 IEEE TRUSTCOM/BIGDATASE/ISPA, Tianjin, PEOPLES R CHINA (2016)
DOI 10.1109/TrustCom.2016.48
2016 Tupakula U, Varadharajan V, 'Securing Big Data Environments from Attacks', 2016 IEEE 2ND INTERNATIONAL CONFERENCE ON BIG DATA SECURITY ON CLOUD (BIGDATASECURITY), IEEE INTERNATIONAL CONFERENCE ON HIGH PERFORMANCE AND SMART COMPUTING (HPSC), AND IEEE INTERNATIONAL CONFERENCE ON INTELLIGENT DATA AND SECURITY (IDS), New York, NY (2016) [E1]
DOI 10.1109/BigDataSecurity-HPSC-IDS.2016.74
2016 Mishra P, Pilli ES, Varadharajan V, Tupakula U, 'Efficient Approaches for Intrusion Detection in Cloud Environment', 2016 IEEE INTERNATIONAL CONFERENCE ON COMPUTING, COMMUNICATION AND AUTOMATION (ICCCA), Noida, INDIA (2016)
2016 Mishra P, Pilli ES, Varadharajan V, Tupakula U, 'NvCloudIDS: A Security Architecture to Detect Intrusions at Network and Virtualization Layer in Cloud Environment', 2016 INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING, COMMUNICATIONS AND INFORMATICS (ICACCI), Jaipur, INDIA (2016) [E1]
Citations Web of Science - 1
2016 Karmakar KK, Varadharajan V, Tupakula U, 'On the Design and Implementation of a Security Architecture for Software Defined Networks', PROCEEDINGS OF 2016 IEEE 18TH INTERNATIONAL CONFERENCE ON HIGH PERFORMANCE COMPUTING AND COMMUNICATIONS; IEEE 14TH INTERNATIONAL CONFERENCE ON SMART CITY; IEEE 2ND INTERNATIONAL CONFERENCE ON DATA SCIENCE AND SYSTEMS (HPCC/SMARTCITY/DSS), Sydney, AUSTRALIA (2016)
DOI 10.1109/HPCC-SmartCity-DSS.2016.138
2016 Mishra P, Pilli ES, Varadharajan V, Tupakula U, 'Securing Virtual Machines from Anomalies using Program-Behavior Analysis in Cloud Environment', PROCEEDINGS OF 2016 IEEE 18TH INTERNATIONAL CONFERENCE ON HIGH PERFORMANCE COMPUTING AND COMMUNICATIONS; IEEE 14TH INTERNATIONAL CONFERENCE ON SMART CITY; IEEE 2ND INTERNATIONAL CONFERENCE ON DATA SCIENCE AND SYSTEMS (HPCC/SMARTCITY/DSS), Sydney, AUSTRALIA (2016)
DOI 10.1109/HPCC-SmartCity-DSS.2016.180
Citations Scopus - 2
2015 Fan X, Varadharajan V, Hitchens M, 'Provenance Based Classification Access Policy System Based on Encrypted Search for Cloud Data Storage', INFORMATION SECURITY, ISC 2015, Trondheim, NORWAY (2015)
DOI 10.1007/978-3-319-23318-5_16
2015 Min B, Varadharajan V, 'A Simple and Novel Technique for Counteracting Exploit Kits', INTERNATIONAL CONFERENCE ON SECURITY AND PRIVACY IN COMMUNICATION NETWORKS, SECURECOMM 2014, PT I, Beijing, PEOPLES R CHINA (2015)
DOI 10.1007/978-3-319-23829-6_19
Citations Scopus - 2Web of Science - 1
2015 Min B, Varadharajan V, 'Design and Analysis of a Sophisticated Malware Attack Against Smart Grid', INFORMATION SECURITY (ISC 2013), Dallas, TX (2015) [E1]
DOI 10.1007/978-3-319-27659-5_9
2015 Hou X, Kumar ATK, Thomas JP, Varadharajan V, 'Dynamic workload balancing for hadoop MapReduce', Proceedings - 4th IEEE International Conference on Big Data and Cloud Computing, BDCloud 2014 with the 7th IEEE International Conference on Social Computing and Networking, SocialCom 2014 and the 4th International Conference on Sustainable Computing and Communications, SustainCom 2014 (2015)

© 2014 IEEE. Hadoop has two components which are HDFS and MapReduce. HDFS is a distributed file system for storing data for users of Hadoop and MapReduce is the framework that ex... [more]

© 2014 IEEE. Hadoop has two components which are HDFS and MapReduce. HDFS is a distributed file system for storing data for users of Hadoop and MapReduce is the framework that executes jobs from users. Hadoop stores user data based on space utilization of data nodes on the cluster rather than the processing capability of the data nodes. Furthermore Hadoop runs in a heterogeneous environment as all data nodes may not be homogeneous. For these reasons, workload imbalances will occur when Hadoop runs resulting in poor performance. In this paper, we propose a dynamic algorithm to balance the workload between different racks on a Hadoop cluster based on information obtained from analyzing the log files of Hadoop. Moving tasks from the busiest rack to another rack improves the performance of Hadoop MapReduce by reducing the running time of jobs. Our simulations indicate that using our algorithm, we can decrease by more than 50% the remaining time of the tasks belonged to a job running on the busiest rack.

DOI 10.1109/BDCloud.2014.103
Citations Scopus - 6
2015 Wijesinghe U, Tupakula U, Varadharajan V, 'An enhanced model for network flow based botnet detection', Conferences in Research and Practice in Information Technology Series (2015)

© 2015, Australian Computer Society, Inc. The botnet is a group of hijacked computers, which are employed under command and control mechanism administered by a botmaster. Botnet ... [more]

© 2015, Australian Computer Society, Inc. The botnet is a group of hijacked computers, which are employed under command and control mechanism administered by a botmaster. Botnet evolved from IRC based centralized botnet to employing common protocols such as HTTP with decentralized architectures and then peer-to-peer designs. As Botnets have become more sophisticated, the need for advanced techniques and research against botnets has grown. In this paper, we propose techniques to detect botnets by analysing network traffic flows. We developed templates for capturing traffic flows with more relevant attributes for botnet detection. Also we make use of the IPFIX standard for the specification of the templates. Hence our techniques can be used to detect different bot families with lesser overheads and are vendor neutral.

Co-authors Uday Tupakula
2015 Damavandinejadmonfared S, Varadharajan V, 'A new extension of kernel principal component analysis for finger vein authentication', Conferences in Research and Practice in Information Technology Series (2015)

© 2015, Australian Computer Society, Inc. In this paper, we introduce a new method of data transformation for finger vein recognition system. Our proposed method uses kernel mapp... [more]

© 2015, Australian Computer Society, Inc. In this paper, we introduce a new method of data transformation for finger vein recognition system. Our proposed method uses kernel mapping functions to map the data before performing Principal Component Analysis. Kernel Principal Component Analysis (KPCA) is a well-known extension of PCA which is suitable for finding nonlinear patterns as it maps the data nonlinearly. In this work we develop an extension of KPCA which is both faster and more appropriate than KPCA for finger vein recognition system. The proposed method is called Feature Dependent Kernel Principal Component Analysis (FDKPCA). In FDKPCA the data is mapped differently from KPCA resulting in lower-dimension feature space where more important and valuable features are selected and extracted. Furthermore, extensive experiments reveal the significance of the proposed method for finger vein recognition systems.

2015 Jayarathna D, Tupakula U, Varadharajan V, 'Hypervisor-based security architecture to protect web applications', Conferences in Research and Practice in Information Technology Series (2015)

Web based applications are very common nowadays where almost every software can be accessible through a web browser in one form or the other. This paper proposes techniques to det... [more]

Web based applications are very common nowadays where almost every software can be accessible through a web browser in one form or the other. This paper proposes techniques to detect diffierent threats related to web applications by using a hypervisorbased security architecture. The proposed architecture leverages the hypervisor's visibility of the virtual machines' runtime state and traffic ows for securing the web application. The unique feature of the proposed architecture is that it is capable of doing fine granular detection of web application attacks, i.e. to the specific web page level, and protecting the application against zero-day attacks. © 2015, Australian Computer Society, Inc.

Co-authors Uday Tupakula
2015 Min B, Varadharajan V, 'Design and Evaluation of Feature Distributed Malware Attacks against the Internet of Things (IoT)', 2015 20TH INTERNATIONAL CONFERENCE ON ENGINEERING OF COMPLEX COMPUTER SYSTEMS (ICECCS), Gold Coast, AUSTRALIA (2015)
DOI 10.1109/ICECCS.2015.19
Citations Scopus - 1
2015 Wijesinghe U, Tupakula U, Varadharajan V, 'Botnet Detection using Software Defined Networking', 2015 22ND INTERNATIONAL CONFERENCE ON TELECOMMUNICATIONS (ICT), Sydney, AUSTRALIA (2015)
Citations Scopus - 1
Co-authors Uday Tupakula
2015 Min B, Varadharajan V, 'Secure Dynamic Software Loading and Execution using Cross Component Verification', 2015 45TH ANNUAL IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS AND NETWORKS, Univ Estadual Campinas, Rio de Janeiro, BRAZIL (2015) [E1]
DOI 10.1109/DSN.2015.17
Citations Scopus - 2Web of Science - 2
2015 Jin F, Varadharajan V, Tupakula U, 'Improved Detection of Primary User Emulation Attacks in Cognitive Radio Networks', 25TH INTERNATIONAL TELECOMMUNICATION NETWORKS AND APPLICATIONS CONFERENCE (ITNAC 2015), Sydney, AUSTRALIA (2015) [E1]
Citations Scopus - 5Web of Science - 2
2015 Min B, Varadharajan V, 'Design, Implementation and Evaluation of a Novel Anti-Virus Parasitic Malware', 30TH ANNUAL ACM SYMPOSIUM ON APPLIED COMPUTING, VOLS I AND II, Salamanca, SPAIN (2015) [E1]
DOI 10.1145/2695664.2695683
Citations Scopus - 2Web of Science - 1
2015 Li N, Mu Y, Susilo W, Varadharajan V, 'Anonymous yoking-group proofs', ASIACCS 2015 - Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (2015) [E1]

Copyright © 2015 ACM. Yoking-proofs show an interesting application in Radio Frequency Identification (RFID) that a verifier can check whether two tags are simultaneously scanned... [more]

Copyright © 2015 ACM. Yoking-proofs show an interesting application in Radio Frequency Identification (RFID) that a verifier can check whether two tags are simultaneously scanned by a reader. We consider a scenario that multi-group of tags can be proved to be scanned simultaneously. Grouping-proof, which is an extension of yoking-proofs, allows multiple tags to be proved together, while existing protocols cannot support multiple groups. In this paper, we introduce a novel concept called "yoking-group proofs". Additionally, we propose an anonymous yoking-proof protocol and an anonymous yoking-group proof protocol and prove their security in Universal Composability framework.

DOI 10.1145/2714576.2714609
Citations Scopus - 2
2014 Min B, Varadharajan V, 'Feature-Distributed Malware Attack: Risk and Defence', COMPUTER SECURITY - ESORICS 2014, PT II, Wroclaw Univ Technol, Wroclaw, POLAND (2014) [E1]
Citations Scopus - 4
2014 Min G, Varadharajan V, Ko RKL, Xiang Y, Marmol FG, Ruj S, et al., 'TSP 2013: Message from workshop chairs', Proceedings - 2013 IEEE International Conference on High Performance Computing and Communications, HPCC 2013 and 2013 IEEE International Conference on Embedded and Ubiquitous Computing, EUC 2013 (2014)
DOI 10.1109/HPCC.and.EUC.2013.350
2014 Tupakula U, Varadharajan V, 'Secure monitoring for dementia patients', Proceedings of the ACM Symposium on Applied Computing (2014) [E1]

There are several challenges for monitoring the patients with specific requirements such as people with dementia. For example, vascular dementia which is caused generally after st... [more]

There are several challenges for monitoring the patients with specific requirements such as people with dementia. For example, vascular dementia which is caused generally after stroke could result in serious conditions and change of behaviour such as wandering, loss of vision and speech. Although the nursing staff make sincere effort for taking care and monitoring of the patients, it is rare that a nursing staff is allocated to each patient. Hence even a minor lack of attention can lead to havoc situation if any of the patient is found to be missing. This results in high stress for the nursing staff and the hospital management. The aim of this work is to develop techniques for secure monitoring of dementia patients in hospital environments. Our model tracks the patients in real time and can generate alarms if the location of the patients is found to be suspicious. Furthermore, our model makes use of the existing infrastructures to minimize the cost of deployment. Copyright 2014 ACM.

DOI 10.1145/2554850.2554950
Co-authors Uday Tupakula
2014 Jayarathna D, Tupakula U, Varadharajan V, 'Hypervisor-based security architecture for validating DNS services (Poster)', Conferences in Research and Practice in Information Technology Series (2014)

Domain Name System (DNS) is one of the critical services in the current Internet infrastructure. However DNS is vulnerable to a range of attacks. One of the fundamental weaknesses... [more]

Domain Name System (DNS) is one of the critical services in the current Internet infrastructure. However DNS is vulnerable to a range of attacks. One of the fundamental weaknesses with the existing DNS protocols is that the request and response messages are transmitted on the network as plain text. This paper addresses important threats related to Doman Name System (DNS) using a hypervisor based security architecture. The proposed architecture leverages the hypervisor visibility of the virtual machines' traffic flows to monitor and utilise Virtual Machine Introspection (VMI) techniques to inspect and restore data. It also uses inbuilt snapshot/restore capabilities of the hypervisor to completely restore virtual machines if required. Objective of the proposed architecture is not to actively prevent attacks, but provide a means of identifying different attacks by passively monitoring DNS related conversations coming in and out of virtualised system hosting the DNS. Our model can alert the external monitoring agent(s) or security administrator and actively restore the system if the attack has already compromised the DNS. © 2014, Australian Computer Society, Inc.

Citations Scopus - 2
Co-authors Uday Tupakula
2014 Yi X, Paulet R, Bertino E, Varadharajan V, 'Practical k Nearest Neighbor Queries with Location Privacy', 2014 IEEE 30TH INTERNATIONAL CONFERENCE ON DATA ENGINEERING (ICDE), Chicago, IL (2014)
Citations Scopus - 25Web of Science - 15
2014 Zhou L, Varadharajan V, Hitchens M, 'A Trust Management Framework for Secure Cloud Data Storage Using Cryptographic Role-Based Access Control', E-BUSINESS AND TELECOMMUNICATIONS, ICETE 2013, Reykjavik, ICELAND (2014)
DOI 10.1007/978-3-662-44788-8_14
2014 Tupakula U, Varadharajan V, 'Trust Enhanced Cloud Security for Healthcare Services', 2014 IEEE 13TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM), Beijing, PEOPLES R CHINA (2014) [E1]
DOI 10.1109/TrustCom.2014.46
Co-authors Uday Tupakula
2014 Min B, Varadharajan V, 'Design and Analysis of a New Feature-Distributed Malware', 2014 IEEE 13TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM), Beijing, PEOPLES R CHINA (2014) [E1]
DOI 10.1109/TrustCom.2014.58
2014 Tupakula U, Varadharajan V, 'Techniques for Detecting Attacks on Critical Infrastructure', 2014 INTERNATIONAL CONFERENCE ON COMPUTING, NETWORKING AND COMMUNICATIONS (ICNC), Honolulu, HI (2014)
Co-authors Uday Tupakula
2014 Min B, Varadharajan V, 'Design and Analysis of Security Attacks against Critical Smart Grid Infrastructures', 2014 19TH INTERNATIONAL CONFERENCE ON ENGINEERING OF COMPLEX COMPUTER SYSTEMS (ICECCS 2014), Tianjin, PEOPLES R CHINA (2014) [E1]
DOI 10.1109/ICECCS.2014.16
Citations Scopus - 4Web of Science - 3
2014 Koeberl P, Schulz S, Sadeghi AR, Varadharajan V, 'TrustLite: A security architecture for tiny embedded devices', Proceedings of the 9th European Conference on Computer Systems, EuroSys 2014 (2014)

Embedded systems are increasingly pervasive, interdependent and in many cases critical to our every day life and safety. Tiny devices that cannot afford sophisticated hardware sec... [more]

Embedded systems are increasingly pervasive, interdependent and in many cases critical to our every day life and safety. Tiny devices that cannot afford sophisticated hardware security mechanisms are embedded in complex control infrastructures, medical support systems and entertainment products [51]. As such devices are increasingly subject to attacks, new hardware protection mechanisms are needed to provide the required resilience and dependency at low cost. In this work, we present the TrustLite security architecture for flexible, hardware-enforced isolation of software modules. We describe mechanisms for secure exception handling and communication between protected modules, enabling seamless interoperability with untrusted operating systems and tasks. TrustLite scales from providing a simple protected firmware runtime to advanced functionality such as attestation and trusted execution of userspace tasks. Our FPGA prototype shows that these capabilities are achievable even on low-cost embedded systems. Copyright © 2007 by the Association for Computing Machinery, Inc.

DOI 10.1145/2592798.2592824
Citations Scopus - 46
2013 Li N, Mu Y, Susilo W, Varadharajan V, 'Secure RFID ownership transfer protocols', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2013) [E1]

An RFID tag could change hands many times during its lifetime. In a retail chain, the ownership of the tag is instituted by the supplier who initially owns the tag. In the view of... [more]

An RFID tag could change hands many times during its lifetime. In a retail chain, the ownership of the tag is instituted by the supplier who initially owns the tag. In the view of a buyer, the validity of the current tag ownership and the originality of supplier are most important. In typical RFID ownership transfer protocols, the knowledge of the tag's authentication key proves the ownership. However, it is insufficient against an active attacker, since tags are usually lack of tamper-proof protections. Ownership transfer relies on a successful verification of tag's supplier and current ownership. In this paper, we formally define the security model of ownership transfer protocols and propose a secure ownership transfer protocol. In our scheme, current owner provides a new owner with the evidence of transfer and a proof of tag origin. Key management becomes easy in our system, since the one asymmetric verification key of the owner can be used to verify multiple tags that belong to the owner. © 2013 Springer-Verlag.

DOI 10.1007/978-3-642-38033-4_14
Citations Scopus - 2
2013 Lee A, Varadharajan V, Tupakula UK, 'On Malware Characterization and Attack Classification.', AWC (2013)
Co-authors Uday Tupakula
2013 Varadharajan V, Tupakula U, 'Integrated Security Architecture for Virtual Machines', SECURITY AND PRIVACY IN COMMUNICATION NETWORKS, SECURECOMM 2013, Sydney, AUSTRALIA (2013)
Co-authors Uday Tupakula
2013 Habib SM, Varadharajan V, Mühlhäuser M, 'A framework for evaluating trust of service providers in cloud marketplaces', Proceedings of the ACM Symposium on Applied Computing (2013) [E1]

The Cloud Security Alliance (CSA) provides a framework for cloud platform providers that manages standardized self assessments regarding security controls. The framework as it sta... [more]

The Cloud Security Alliance (CSA) provides a framework for cloud platform providers that manages standardized self assessments regarding security controls. The framework as it stands does not allow consumers to specify and check their own requirements, nor does it contain any means for verifying the capabilities claimed by the providers. From a customer perspective, both these aspects are essential for evaluating the trustworthiness of cloud providers and for making an informed decision. We propose a novel concept for verifying the capabilities captured in the CSA's framework, plus a decision model that checks consumer requirements against the verification results. Our capability verification combines hard trust based on rigid validation with soft trust based on evidence about past behaviour. Elaborate formal methods are applied in both fields and combined into a single concept. Copyright 2013 ACM.

DOI 10.1145/2480362.2480727
Citations Scopus - 7
2013 Guo F, Mu Y, Susilo W, Varadharajan V, 'Membership encryption and its applications', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2013) [E1]

We propose a new encryption primitive called Membership Encryption. Let P(G) be a privacy-preserving token on a group attribute/identity G, such that given P(G) it is hard to know... [more]

We propose a new encryption primitive called Membership Encryption. Let P(G) be a privacy-preserving token on a group attribute/identity G, such that given P(G) it is hard to know the attributes in G. In this membership encryption, if an encryption takes as input an attribute A and the token P(G), the decryption requires holding the membership A ¿ G, i.e., A belongs to this group attribute. Membership encryption is applicable in constructing membership proof A ¿ P(G) with privacy preserving on group attribute and the membership. Membership encryption can be also utilized to construct an efficient two-round K-out-of-N oblivious transfer protocol. In this paper, we construct a provably secure membership encryption where the group token P(G) is constant-size with maximum number accountability on attributes. Using our scheme, the proposed oblivious transfer protocol exhibits the nice feature of O(1) communication cost for any K from receiver to sender, and O(N) communication cost from sender to receiver. © 2013 Springer-Verlag.

DOI 10.1007/978-3-642-39059-3_15
Citations Scopus - 7
2013 Min B, Varadharajan V, 'A New Technique for Counteracting Web Browser Exploits', 2014 23RD AUSTRALASIAN SOFTWARE ENGINEERING CONFERENCE (ASWEC), Sydney, AUSTRALIA (2013)
DOI 10.1109/ASWEC.2014.28
2013 Tupakula U, Varadharajan V, 'Security Techniques for Counteracting Attacks in Mobile Healthcare Services', 4TH INTERNATIONAL CONFERENCE ON EMERGING UBIQUITOUS SYSTEMS AND PERVASIVE NETWORKS (EUSPN-2013) AND THE 3RD INTERNATIONAL CONFERENCE ON CURRENT AND FUTURE TRENDS OF INFORMATION AND COMMUNICATION TECHNOLOGIES IN HEALTHCARE (ICTH), Niagara Falls, CANADA (2013) [E1]
DOI 10.1016/j.procs.2013.09.049
Citations Scopus - 2Web of Science - 2
Co-authors Uday Tupakula
2013 Tupakula U, Varadharajan V, 'Securing Mobile Devices from DoS Attacks', 2013 IEEE 16TH INTERNATIONAL CONFERENCE ON COMPUTATIONAL SCIENCE AND ENGINEERING (CSE 2013), Sydney, AUSTRALIA (2013) [E1]
DOI 10.1109/CSE.2013.16
Citations Scopus - 2Web of Science - 1
Co-authors Uday Tupakula
2013 Habib SM, Varadharajan V, Muehlhaeuser M, 'A Trust-aware Framework for Evaluating Security Controls of Service Providers in Cloud Marketplaces', 2013 12TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2013), Melbourne, AUSTRALIA (2013) [E1]
DOI 10.1109/TrustCom.2013.58
Citations Scopus - 14Web of Science - 8
2013 Krishna A, Varadharajan V, Tarr N, 'On the Design of a Trust Enhanced Distributed Authorisation Architecture for Service Oriented Architectures', 2013 12TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2013), Melbourne, AUSTRALIA (2013) [E1]
DOI 10.1109/TrustCom.2013.246
2013 Tupakula U, Varadharajan V, 'Trust Enhanced Security Architecture for Detecting Insider Threats', 2013 12TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2013), Melbourne, AUSTRALIA (2013) [E1]
DOI 10.1109/TrustCom.2013.8
Co-authors Uday Tupakula
2013 Zhou L, Varadharajan V, Hitchens M, 'Integrating Trust with Cryptographic Role-based Access Control for Secure Cloud Data Storage', 2013 12TH IEEE INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS (TRUSTCOM 2013), Melbourne, AUSTRALIA (2013) [E1]
DOI 10.1109/TrustCom.2013.69
Citations Scopus - 6Web of Science - 3
2013 Varadharajan V, Tupakula U, 'On the Security of Tenant Transactions in the Cloud', 2013 IEEE FIFTH INTERNATIONAL CONFERENCE ON CLOUD COMPUTING TECHNOLOGY AND SCIENCE (CLOUDCOM), VOL 1, Bristol, ENGLAND (2013) [E1]
DOI 10.1109/CloudCom.2013.76
Citations Scopus - 1
Co-authors Uday Tupakula
2013 Zhou L, Varadharajan V, Hitchens M, 'Trust-based Secure Cloud Data Storage with Cryptographic Role-based Access Control', PROCEEDINGS OF THE 10TH INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY (SECRYPT 2013), Reykjavik, ICELAND (2013) [E1]
2012 Zhao H, Hu J, Qin J, Varadharajan V, Wan H, 'Hashed random key pre-distribution scheme for large heterogeneous sensor networks', Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012 (2012) [E1]

Many wireless sensor networks (WSNs) consist of a large number of distributed sensor nodes that are batteries powered, vulnerable to tampering, and equipped with limited computati... [more]

Many wireless sensor networks (WSNs) consist of a large number of distributed sensor nodes that are batteries powered, vulnerable to tampering, and equipped with limited computational capabilities and memory. These characteristics render WSNs facing many security threats, which require cryptographic security mechanisms for secure communication, key revocation and management of security issues arising from the addition of new nodes. In this paper, we propose a key management scheme to meet the security requirements of wireless sensor networks. The scheme relies on the theory of random graph to build a fully secure connectivity for distributed sensor nodes. It uses heterogeneous structure to limit ranges of attacks, and utilizes hash chains to realize authentication of pool keys and broadcast messages of auxiliary nodes. The security and network connectivity characteristics supported by the key management scheme are discussed and simulation experiments are presented. © 2012 IEEE.

DOI 10.1109/TrustCom.2012.171
Citations Scopus - 8
2012 Varadharajan V, Tupakula U, 'TREASURE: Trust enhanced security for cloud environments', Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012 (2012) [E1]

Today, cloud computing is one of the popular technologies. In addition to this, most of the hardware that is being shipped today is equipped with the TPM which can be used for rea... [more]

Today, cloud computing is one of the popular technologies. In addition to this, most of the hardware that is being shipped today is equipped with the TPM which can be used for realization of trusted platforms. Recently several TPM attestation techniques such as binary attestation and property based attestation techniques have been proposed but there are some fundamental issues that need to be addressed for using these techniques in practice. In this paper we consider an architecture where different services are hosted on the cloud infrastructure by multiple cloud customers (tenants). Then we consider an attacker model that is specific to the cloud and some of the challenges with the current TPM based attestation techniques. We will also propose a novel trust enhanced security model for cloud which overcomes the challenges with the current TPM based attestation techniques and efficiently deals with the attacks in the cloud. In our model, the cloud service provider is used as the Certification Authority (CA) for the tenant virtual machines. The CA only certifies the basic security properties which are the assurance on the traffic originating from the tenant virtual machine and validation of the tenant virtual machine transactions. The components of the CA monitor the interactions of the tenant virtual machine for the certified properties. Since the tenant virtual machines are running on the cloud service provider infrastructure, it is aware of the dynamic changes to the tenant virtual machine. The CA can terminate the ongoing transactions and/or dynamically isolate the tenant virtual machine if there is a variation in the behaviour of the tenant virtual machine from the certified properties. Hence our model can be used to address the challenges with the current TPM based attestation techniques and efficiently deal with the attacks in the cloud. We will present implementation of our model on Xen and how it deals with the attacks in different attack case scenarios. We will also show that our model is beneficial for the cloud service providers, tenants and tenant customers. © 2012 IEEE.

DOI 10.1109/TrustCom.2012.283
Citations Scopus - 5
Co-authors Uday Tupakula
2012 Zhou L, Varadharajan V, Hitchens M, 'Trusted administration of large-scale cryptographic role-based access control systems', Proc. of the 11th IEEE Int. Conference on Trust, Security and Privacy in Computing and Communications, TrustCom-2012 - 11th IEEE Int. Conference on Ubiquitous Computing and Communications, IUCC-2012 (2012) [E1]

There has been an increasing trend towards outsourcing data to the cloud to cope with the massive increase in the amount of data. Hence trusted enforcement of access control polic... [more]

There has been an increasing trend towards outsourcing data to the cloud to cope with the massive increase in the amount of data. Hence trusted enforcement of access control policies on outsourced data in the cloud has become a significant issue. In this paper we address trusted administration and enforcement of role-based access control policies on data stored in the cloud. Role-based access control (RBAC) simplifies the management of access control policies by creating two mappings; roles to permissions and users to roles. Recently crypto-based RBAC (C-RBAC) schemes have been developed which combine cryptographic techniques and access control to secured data in an outsourced environment. In such schemes, data is encrypted before outsourcing it and the ciphertext data is stored in the untrusted cloud. This ciphertext can only be decrypted by those users who satisfy the role-based access control policies. However such schemes assume the existence of a trusted administrator managing all the users and roles in the system. Such an assumption is not realistic in large-scale systems as it is impractical for a single administrator to manage the entire system. Though administrative models for RBAC systems have been proposed decentralize the administration tasks associated with the roles, these administrative models cannot be used in the C-RBAC schemes, as the administrative policies cannot be enforced in an untrusted distributed cloud environment. In this paper, we propose a trusted administrative model AdC-RBAC to manage and enforce role-based access policies for C-RBAC schemes in large-scale cloud systems. The AdC-RBAC model uses cryptographic techniques to ensure that the administrative tasks such as user, permission and role management are performed only by authorized administrative roles. Our proposed model uses role-based encryption techniques to ensure that only administrators who have the permissions to manage a role can add/revoke users to/from the role and owners can verify that a role is created by qualified administrators before giving out their data. We show how the proposed model can be used in an untrusted cloud while guaranteeing its security using cryptographic and trusted access control enforcement techniques. © 2012 IEEE.

DOI 10.1109/TrustCom.2012.285
Citations Scopus - 2
2012 Liu C, Ranjan R, Chen J, Yu PS, Thuraisingham B, Varadharajan V, 'Message from the PriSecCSN2012 workshop chairs', Proceedings - 2nd International Conference on Cloud and Green Computing and 2nd International Conference on Social Computing and Its Applications, CGC/SCA 2012 (2012)

The First International Symposium on Privacy and Security in Cloud and Social Networks (PriSecCSN2012) is co-located with the Second International Conference on Cloud and Green Co... [more]

The First International Symposium on Privacy and Security in Cloud and Social Networks (PriSecCSN2012) is co-located with the Second International Conference on Cloud and Green Computing (CGC2012) held on November 1-3, 2012, Xiangtan, Hunan, China. Social network analysis and cloud computing are two of the most exciting new trends in the recent developments of information technology. As the new generation computing paradigm, cloud enables computing resources to be provided as IT services in a pay-as-you-go fashion with high efficiency and effectiveness. With the popularity of social software as well as the fast development of cloud and other high-performance computing infrastructures, the outcome of social network analysis is becoming more and more attractive. However, information privacy and security issues are major challenges in both these areas. This symposium aims at providing a forum for researchers, practitioners and developers from different background areas such as distributed computing, social computing, information security and privacy protection areas to exchange the latest experience, research ideas and synergic research and development on fundamental issues and applications about security and privacy issues in cloud environments and social networks. The symposium solicits high quality research results in all related areas. PriSecCSN2012 contains 3 papers. Each of them was peer reviewed by at least three program committee members. The symposium covers a broad range of topics in the field of Privacy and Security in Cloud and Social Networks such as Security and privacy in Big Data management, Application of modern cryptography in cloud and social networks, Emerging threats in cloud-based services, Multi-tenancy related security/privacy issues, Vulnerabilities in cloud infrastructure, Security modelling and threats in cloud computing, Security/privacy in hybrid cloud, User authentication in cloud services, Information hiding, Trust and policy management in cloud, Remote data integrity protection, Securing distributed data storage in the cloud, Security and privacy in mobile cloud, Malware propagation in social networks, Information leakage via social networks, Trust and reputation in social networks, Security configuration based on social contexts groups, Online social footprints, Multi-faceted privacy preservation. © 2012 IEEE.

DOI 10.1109/CGC.2012.134
2012 Schulz S, Sadeghi AR, Zhdanova M, Mustafa HA, Xu W, Varadharajan V, 'Tetherway: A framework for tethering camouflage', WiSec'12 - Proceedings of the 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks (2012) [E1]

The rapidly increasing data usage and overload in mobile broadband networks has driven mobile network providers to actively detect and bill customers who tether tablets and laptop... [more]

The rapidly increasing data usage and overload in mobile broadband networks has driven mobile network providers to actively detect and bill customers who tether tablets and laptops to their mobile phone for mobile Internet access. However, users may not be willing to pay additional fees only because they use their bandwidth differently, and may consider tethering detection as violation of their privacy. Furthermore, accurate tethering detection is becoming harder for providers as many modern smartphones are under full control of the user, running customized, complex software and applications similar to desktop systems. In this work, we analyze the network characteristics available to network providers to detect tethering customers. We present and categorize possible detection mechanisms and derive cost factors based on how well the approach scales with large customer bases. For those characteristics that appear most reasonable and practical to deploy by large providers, we present elimination or obfuscation mechanisms and substantiate our design with a prototype Android App.

DOI 10.1145/2185448.2185468
Citations Scopus - 6
2012 Guo F, Mu Y, Susilo W, Varadharajan V, 'A pre-computable signature scheme with efficient verification for RFID', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2012) [E1]

Passive RFID tags have limited rewritable memory for data storage and limited computation power, which pose difficulties to implement security protection on RFID tags. It has been... [more]

Passive RFID tags have limited rewritable memory for data storage and limited computation power, which pose difficulties to implement security protection on RFID tags. It has been shown that strong security and privacy protections for RFID require utilizing public-key cryptography. Unfortunately, the implementation of public key cryptography is infeasible in low-cost passive tags. With this issue in mind, in this work, we propose a pre-computable signature scheme with a very efficient signature verification algorithm for RFID applications. Our signature scheme is provably secure under the DDH assumption and a variant of q-SDH assumption. With pre-computations, no exponentiation is required in our signature verification. Our research shows that it is feasible for low-cost RFID tags to verify signatures with the basic modular multiplication only (if they have a small amount of writable memory). © 2012 Springer-Verlag.

DOI 10.1007/978-3-642-29101-2_1
Citations Scopus - 1
2012 Zhang J, Shankaran R, Orgun MA, Sattar A, Varadharajan V, 'A dynamic authentication scheme for hierarchical wireless sensor networks', Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST (2012) [E1]

Sensor networks offer economically viable solutions for a wide variety of monitoring applications. In surveillance of critical infrastructure such as airports by sensor networks, ... [more]

Sensor networks offer economically viable solutions for a wide variety of monitoring applications. In surveillance of critical infrastructure such as airports by sensor networks, security becomes a major concern. To resist against malicious attacks, secure communication between severely resource-constrained sensor nodes is necessary while maintaining scalability and flexibility to topology changes. A robust security solution for such networks must facilitate authentication of sensor nodes and the establishment of secret keys among nodes In this paper, we propose a decentralized authentication and key management framework for hierarchical ad hoc sensor networks. This scheme is light weight and energy aware and reduces the communication overhead. © 2012 Springer-Verlag Berlin Heidelberg.

DOI 10.1007/978-3-642-29154-8-16
Citations Scopus - 6
2012 Varadharajan V, 'Security and trust in the web', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2012)

Security and trust issues have been catapulted to the forefront with the dramatic developments in technologies such as web applications, cloud computing, mobile devices and social... [more]

Security and trust issues have been catapulted to the forefront with the dramatic developments in technologies such as web applications, cloud computing, mobile devices and social networking. Though trust has always been a foundational stone of security, the greater dependency of society and economy on information technology have increased the need to consider trust issues more explicitly and systematically. This talk will address some of the key challenges in security and trust in the distributed information infrastructures. The talk will start with a brief look at some of the recent developments in the threat scenery. Then I will consider the notion of trust in the security world and see how trust issues arise in current ubiquitous computing systems context. Then we will consider a hybrid approach which combines the "hard" attestation based trust with the "soft" social and reputation based trust. Such a hybrid approach can help to improve the detection of malicious entities which in turn can enhance the quality of secure decision making. I will conclude the talk by demonstrating such a trust enhanced security approach using some examples from systems that we have been developing during recent years. © 2012 Springer-Verlag Berlin Heidelberg.

DOI 10.1007/978-3-642-29253-8_2
2012 Sadeghi AR, Schulz S, Varadharajan V, 'The silence of the LANs: Efficient leakage resilience for IPsec VPNs', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2012)

Virtual Private Networks (VPNs) are increasingly used to build logically isolated networks. However, existing VPN designs and deployments neglect the problem of traffic analysis a... [more]

Virtual Private Networks (VPNs) are increasingly used to build logically isolated networks. However, existing VPN designs and deployments neglect the problem of traffic analysis and covert channels. Hence, there are many ways to infer information from VPN traffic without decrypting it. Many proposals were made to mitigate network covert channels, but previous works remained largely theoretical or resulted in prohibitively high padding overhead and performance penalties. In this work, we (1) analyse the impact of covert channels in IPsec, (2) present several improved and novel approaches for covert channel mitigation in IPsec, (3) propose and implement a system for dynamic performance trade-offs, and (4) implement our design in the Linux IPsec stack and evaluate its performance for different types of traffic and mitigation policies. At only 24% overhead, our prototype enforces tight information-theoretic bounds on all information leakage. © 2012 Springer-Verlag.

DOI 10.1007/978-3-642-33167-1_15
Citations Scopus - 4
2012 Tupakula U, Varadharajan V, Dutta D, 'Intrusion Detection Techniques for Virtual Domains', 2012 19TH INTERNATIONAL CONFERENCE ON HIGH PERFORMANCE COMPUTING (HIPC), Pune, INDIA (2012)
Citations Scopus - 1
Co-authors Uday Tupakula
2012 Tupakula U, Varadharajan V, 'Distributed Service Control Technique for Detecting Security Attacks', 2012 IEEE NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM (NOMS), Maui, HI (2012)
Co-authors Uday Tupakula
2011 Ulucenk C, Varadharajan V, Balakrishnan V, Tupakula U, 'Techniques for Analysing PDF Malware', 2011 18TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE (APSEC 2011), Univ Sci, Ho Chi Minh, VIETNAM (2011) [E1]
DOI 10.1109/APSC.2011.41
Citations Scopus - 1
Co-authors Uday Tupakula
2011 Tupakula U, Varadharajan V, Bichhawat A, 'Security Architecture for Virtual Machines', ALGORITHMS AND ARCHITECTURES FOR PARALLEL PROCESSING, PT I, Melbourne, AUSTRALIA (2011)
Citations Scopus - 1
Co-authors Uday Tupakula
2011 Tupakula U, Varadharajan V, Vuppala SK, 'Security techniques for beyond 3G wireless mobile networks', Proceedings - 2011 IFIP 9th International Conference on Embedded and Ubiquitous Computing, EUC 2011 (2011) [E1]

Significant developments in the recent times have led to an increasing use of mobile devices such as smart phones in accessing Internet services and applications over wireless net... [more]

Significant developments in the recent times have led to an increasing use of mobile devices such as smart phones in accessing Internet services and applications over wireless networks. In this paper, we propose a security architecture for counteracting denial of service attacks in Beyond 3G (B3G) network architecture with mobile nodes. We describe the system architecture and discuss the different cases of attack scenarios involving the mobility of the attacking and victim nodes. Our proposed solution takes into account practical issues such as limited resources of the mobile nodes. It has distinct advantages such as monitoring of the traffic to the victim node and the attack traffic being dropped before reaching the victim; the ability to traceback the attacking node and prevent the attack at the home agent or foreign agent that is closer to the attacking node; and the ability to deal with dynamic changes in attack traffic patterns. We also present an analysis of our proposed architecture as well as simulation results. © 2011 IEEE.

DOI 10.1109/EUC.2011.64
Citations Scopus - 4
Co-authors Uday Tupakula
2011 Tupakula U, Varadharajan V, 'TVDSEC: Trusted virtual domain security', Proceedings - 2011 4th IEEE International Conference on Utility and Cloud Computing, UCC 2011 (2011) [E1]

Virtualisation is one of the important technologies for the realisation of cloud computing. A Virtual Machine Monitor (VMM) is an additional software layer which has complete cont... [more]

Virtualisation is one of the important technologies for the realisation of cloud computing. A Virtual Machine Monitor (VMM) is an additional software layer which has complete control on the physical resources and enables to run multiple operating systems on a scalable computer. Recently some of the techniques have been proposed to develop Trusted Virtual domains. A trusted virtual domain (TVD) enables grouping of related virtual machines running on separate physical machine into a single network domain with a unified security policy. In this paper we analyze the security issues related to TVD and propose security techniques to deal with the attacks in TVD. © 2011 IEEE.

DOI 10.1109/UCC.2011.18
Citations Scopus - 3
Co-authors Uday Tupakula
2011 Tupakula U, Varadharajan V, Akku N, 'Intrusion detection techniques for infrastructure as a service cloud', Proceedings - IEEE 9th International Conference on Dependable, Autonomic and Secure Computing, DASC 2011 (2011) [E1]

Today, cloud computing is one of the increasingly popular technology where the customer can use the resources of the cloud services providers to perform their tasks and only pay f... [more]

Today, cloud computing is one of the increasingly popular technology where the customer can use the resources of the cloud services providers to perform their tasks and only pay for the resources they use. The customer virtual machines in the cloud are vulnerable to different types of attacks. In this paper we propose techniques for securing customer virtual machines from different types of attacks in the Infrastructure as a Service cloud and describe how this can be achieved in practice. Our model enables to differentiate attack traffic originating from each virtual machine even if multiple virtual machines on a VMM are sharing a single IP address. © 2011 IEEE.

DOI 10.1109/DASC.2011.128
Citations Scopus - 23
Co-authors Uday Tupakula
2011 Seberry J, Varadharajan V, Chen J, Wang H, Yang LT, Ma J, 'DASC 2011: Message from the chairs', Proceedings - IEEE 9th International Conference on Dependable, Autonomic and Secure Computing, DASC 2011 (2011)
DOI 10.1109/DASC.2011.5
2011 Tupakula U, Varadharajan V, 'On the design of virtual machine intrusion detection system', Proceedings of the 12th IFIP/IEEE International Symposium on Integrated Network Management, IM 2011 (2011) [E1]

In this paper we propose comprehensive security architecture called VICTOR to deal with different types of attacks on virtual machines. Our model takes into account the specific c... [more]

In this paper we propose comprehensive security architecture called VICTOR to deal with different types of attacks on virtual machines. Our model takes into account the specific characteristics of operating system and applications running in each virtual machine (VM) at a fine granular level to deal with the attacks. Our architecture has several components such as entity validation, intrusion detection engine and dynamic analyzer. The entity validation component is used in the detection of attack traffic with spoofed source address, secure logging, and capturing information of the operating system and applications running in the virtual machines. The intrusion detection engine component is used for detection of known attacks and suspicious behaviour by monitoring the incoming and outgoing traffic of virtual machines. The dynamic analyzer is used for detection and validation of suspicious processes, detection of zero day attacks and fine granular isolation of malicious process or application that is generating the attack traffic. © 2011 IEEE.

DOI 10.1109/INM.2011.5990655
Co-authors Uday Tupakula
2011 Tupakula U, Varadharajan V, Vuppala SK, 'Counteracting DDoS attacks in WLAN', ACM International Conference Proceeding Series (2011) [E1]

The security protocols for WLAN such as WEP have fundamental weakness which can be exploited by the attacker to obtain unauthorized access to the wireless networks and generate at... [more]

The security protocols for WLAN such as WEP have fundamental weakness which can be exploited by the attacker to obtain unauthorized access to the wireless networks and generate attacks. In this paper, we propose a security architecture for counteracting denial of service attacks in wireless based network architecture with mobile nodes. We describe the system model and discuss the different cases of attack scenarios involving the mobility of the attacking and victim nodes. We describe how mobile IP protocol in conjunction with our model can be used to deal efficiently with the attacks on mobile nodes. © 2011 ACM.

DOI 10.1145/2070425.2070445
Co-authors Uday Tupakula
2011 Ruan C, Varadharajan V, 'Reasoning about dynamic delegation in role based access control systems', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2011) [E1]

This paper proposes a logic based framework that supports dynamic delegation for role based access control systems in a decentralised environment. It allows delegation of administ... [more]

This paper proposes a logic based framework that supports dynamic delegation for role based access control systems in a decentralised environment. It allows delegation of administrative privileges for both roles and access rights between roles. We have introduced the notion of trust in delegation and have shown how extended logic programs can be used to express and reason about roles and their delegations with trust degrees, roles' privileges and their propagations, delegation depth as well as conflict resolution. Furthermore, our framework is able to enforce various role constraints such as separation of duties, role composition and cardinality constraints. The proposed framework is flexible and provides a sound basis for specifying and evaluating sophisticated role based access control policies in decentralised environments. © 2011 Springer-Verlag.

DOI 10.1007/978-3-642-20149-3_19
Citations Scopus - 1
2011 Ries S, Habib SM, Muehlhaeuser M, Varadharajan V, 'CertainLogic: A Logic for Modeling Trust and Uncertainty', TRUST AND TRUSTWORTHY COMPUTING, TRUST 2011, Carnegie Mellon Univ, Pittsburgh, PA (2011)
Citations Scopus - 28Web of Science - 8
2011 Haghighi MS, Mohamed-pour K, Varadharajan V, 'Analysis of Packet Loss for Batch Traffic Arrivals in IEEE 802.15.4-based Networks', 2011 IEEE 36TH CONFERENCE ON LOCAL COMPUTER NETWORKS (LCN), Bonn, GERMANY (2011)
Citations Scopus - 1Web of Science - 1
2011 Ulucenk C, Varadharajan V, Balakrishnan V, Tupakula U, 'Techniques for Analysing PDF Malware', 2011 18TH ASIA-PACIFIC SOFTWARE ENGINEERING CONFERENCE (APSEC 2011), Univ Sci, Ho Chi Minh, VIETNAM (2011)
DOI 10.1109/APSC.2011.41
Co-authors Uday Tupakula
2011 Krishna A, Varadharajan V, 'A Hybrid Trust Model for Authorisation Using Trusted Platforms', TRUSTCOM 2011: 2011 INTERNATIONAL JOINT CONFERENCE OF IEEE TRUSTCOM-11/IEEE ICESS-11/FCST-11, Changsha, PEOPLES R CHINA (2011) [E1]
DOI 10.1109/TrustCom.2011.39
Citations Scopus - 4
2011 Tupakula U, Varadharajan V, 'TVLAN: Trusted and Virtualised Local Area Networks', TRUSTCOM 2011: 2011 INTERNATIONAL JOINT CONFERENCE OF IEEE TRUSTCOM-11/IEEE ICESS-11/FCST-11, Changsha, PEOPLES R CHINA (2011) [E1]
DOI 10.1109/TrustCom.2011.78
Citations Scopus - 1
Co-authors Uday Tupakula
2011 Tupakula U, Varadharajan V, 'Security Techniques for Zero Day Attacks', 2011 7TH INTERNATIONAL WIRELESS COMMUNICATIONS AND MOBILE COMPUTING CONFERENCE (IWCMC), Istanbul, TURKEY (2011)
Co-authors Uday Tupakula
2011 Indrakanti S, Varadharajan V, 'Coordination based Distributed Authorization for Business Processes in Service Oriented Architectures', PROCEEDINGS OF THE SIXTH INTERNATIONAL CONFERENCE ON INTERNET AND WEB APPLICATIONS AND SERVICES (ICIW 2011), St Maarten, NETHERLANDS (2011)
2010 Rannenberg K, Varadharajan V, Weber C, 'Security and Privacy - Silver linings in the Cloud: 25th IFIP TC 11 International Information Security Conference, SEC 2010 Held as Part of WCC 2010 Brisbane, Australia, September 20-23, 2010 Proceedings', IFIP Advances in Information and Communication Technology (2010)
2010 Nagarajan A, Varadharajan V, 'Modelling Dynamic Trust with Property Based Attestation in Trusted Platforms', DATA AND APPLICATIONS SECURITY AND PRIVACY XXIV, PROCEEDINGS, Rome, ITALY (2010)
Citations Scopus - 1
2010 Wang H, Sun L, Varadharajan V, 'Purpose-Based Access Control Policies and Conflicting Analysis', SECURITY AND PRIVACY - SILVER LININGS IN THE CLOUD, Australian Comp Soc (ACS), Brisbane, AUSTRALIA (2010)
Citations Scopus - 2Web of Science - 2
2010 Sayad Haghighi M, Mohamedpour K, Varadharajan V, Mohammadi-Nodooshan A, 'Overhearing gain analysis in low-traffic CDMA wireless sensor networks', SUTC 2010 - 2010 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing, UMC 2010 - 2010 IEEE International Workshop on Ubiquitous and Mobile Computing (2010)

There have been trends in using spread spectrum channel accessing techniques in wireless sensor networks to mitigate the effect of potential collisions in concurrent transmissions... [more]

There have been trends in using spread spectrum channel accessing techniques in wireless sensor networks to mitigate the effect of potential collisions in concurrent transmissions and to increase the throughput as well as countering jamming-like noises. Overhearing of the data has been previously analyzed in cellular CDMA networks as this technique was first introduced for mobile communications with multiple transmitting users sending their data to a single base station which controls their transmission power. But sensor (and ad hoc) networks are usually devoid of any coordinating devices and the transmission is usually done toward different local destinations using distributed power controlling methods. This paper provides a systematic analysis of overhearing performance in low-traffic sensor networks especially when the sensing point is located somewhere at the middle of the network which is not necessarily near the sink. The distributed code assignment which is a key issue in infrastructureless CDMA networks has been taken into account in the development of a theoretical model. The result of this analysis shows that the higher the number of used codes, the higher is the gain of overhearing. Thus using this parameter, the network designer has statistical control over the amount of potential overheard data. We have also developed simulations of the proposed model and the results support the predictions of the theoretical model. © 2010 IEEE.

DOI 10.1109/SUTC.2010.18
2010 Zhang J, Shankaran R, Orgun MA, Varadharajan V, Sattar A, 'A dynamic trust establishment and management framework for wireless sensor networks', Proceedings - IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2010 (2010)

In this paper, we present a trust establishment and management framework for hierarchical wireless sensor networks. The wireless sensor network architecture we consider consists o... [more]

In this paper, we present a trust establishment and management framework for hierarchical wireless sensor networks. The wireless sensor network architecture we consider consists of a collection of sensor nodes, cluster heads and a base station arranged hierarchically. The framework encompasses schemes for establishing and managing trust between these different entities. We demonstrate that the proposed framework helps to minimize the memory, computation and communication overheads involved in trust management in wireless sensor networks. Our framework takes into account direct and indirect (group) trust in trust evaluation as well as the energy associated with sensor nodes in service selection. It also considers the dynamic aspect of trust by introducing a trust varying function which could be adjusted to give greater weight to the most recently obtained trust values in the trust calculation. The architecture also has the ability to deal with the inter-cluster movement of sensor nodes using a combination of certificate based trust and behaviour based trust. © 2010 IEEE.

DOI 10.1109/EUC.2010.80
Citations Scopus - 14
2010 Nagarajan A, Varadharajan V, Hitchens M, 'Analysis of property based attestation in trusted platforms', Proceedings - IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2010 (2010)

Binary attestation in trusted computing platforms provide the ability to reason about the state of a system using hash measurements. Property based attestation on the other hand e... [more]

Binary attestation in trusted computing platforms provide the ability to reason about the state of a system using hash measurements. Property based attestation on the other hand enables more meaningful attestation by abstracting low level binary values to high level security properties or functions of systems. In this paper, we try to understand the kind of security properties that trusted platforms can attest. We propose that security properties can have different levels of granularity and provide a pyramid model that classifies properties at four different levels. We leverage the Common Criteria framework for security requirements to provide examples of such properties. The model is then implemented in the context of authorisation for Web services. © 2010 IEEE.

DOI 10.1109/EUC.2010.136
Citations Scopus - 2
2010 Babenko LK, Chefranov AG, Varadharajan V, 'SIN'10 - Proceedings of the 3rd International Conference of Security of Information and Networks: Program chairs' welcome message', SIN'10 - Proceedings of the 3rd International Conference of Security of Information and Networks (2010)
2010 Zhang J, Shankaran R, Orgun MA, Varadharajan V, Sattar A, 'A Trust Management Architecture for Hierarchical Wireless Sensor Networks', IEEE LOCAL COMPUTER NETWORK CONFERENCE, Denver, CO (2010)
Citations Scopus - 25
2010 Tupakula UK, Varadharajan V, 'Detecting security attacks in trusted virtual domains', Proceedings - IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, EUC 2010 (2010)

A trusted virtual domain (TVD) enables grouping of related virtual machines running on separate physical machine into a single network domain with a unified security policy. Since... [more]

A trusted virtual domain (TVD) enables grouping of related virtual machines running on separate physical machine into a single network domain with a unified security policy. Since the virtual machines can be running different operating systems and applications, the attacker can generate attacks in the TVD by exploiting a single vulnerability in any of the operating systems or applications. Our aim in this paper is to consider the design choices and develop an intrusion detection architecture that would enable efficient detection and prevention of different types of attacks in such a TVD based distributed environments. The proposed architecture can capture the knowledge of the operating systems and applications at fine granular level and isolate the malicious entities that are generating the attack traffic. Our model takes into account the security policies that are specific to the virtual machine as well as security policies of the trusted virtual domains to deal with the attacks efficiently. © 2010 IEEE.

DOI 10.1109/EUC.2010.87
Citations Scopus - 1
Co-authors Uday Tupakula
2009 Ruan C, Varadharajan V, 'Reasoning on weighted delegatable authorizations', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2009)

This paper studies logic based methods for representing and evaluating complex access control policies needed by modern database applications. In our framework, authorization and ... [more]

This paper studies logic based methods for representing and evaluating complex access control policies needed by modern database applications. In our framework, authorization and delegation rules are specified in a Weighted Delegatable Authorization Program (WDAP) which is an extended logic program. We show how extended logic programs can be used to specify complex security policies which support weighted administrative privilege delegation, weighted positive and negative authorizations, and weighted authorization propagations. We also propose a conflict resolution method that enables flexible delegation control by considering priorities of authorization grantors and weights of authorizations. A number of rules are provided to achieve delegation depth control, conflict resolution, and authorization and delegation propagations. © 2009 Springer Berlin Heidelberg.

DOI 10.1007/978-3-642-03573-9_23
Citations Scopus - 2
2009 Ruan C, Varadharajan V, 'Trust enhanced authorization for mobile agents', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2009)

Trust has been recognized as an important aspect for mobile agent security. In this paper, we develop a logic based trust model which enables the capturing of a comprehensive set ... [more]

Trust has been recognized as an important aspect for mobile agent security. In this paper, we develop a logic based trust model which enables the capturing of a comprehensive set of trust relationships to enhance the security of conventional access control mechanisms in a mobile based applications. We first discuss the notion of trust and its relevance to mobile agent security. Next we define a logic program based language to facilitate the modelling process. To enforce the security related trustworthy behaviours, we then define a set of general rules to capture the semantics. Finally, the language is applied in a mobile agent context to demonstrate how the trust can be explicitly modelled and reasoned about to support better security decisions for the mobile agent based systems. © 2009 Springer Berlin Heidelberg.

DOI 10.1007/978-3-642-03964-5-9
Citations Scopus - 1
2009 Lu J, Li R, Varadharajan V, Lu Z, Ma X, 'Secure interoperation in multidomain environments employing UCON policies', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2009)

Ensuring secure interoperation in multidomain environments based on role based access control (RBAC) has drawn considerable research works in the past. However, RBAC primarily con... [more]

Ensuring secure interoperation in multidomain environments based on role based access control (RBAC) has drawn considerable research works in the past. However, RBAC primarily consider static authorization decisions based on subjects' permissions on target objects, and there is no further enforcement during the access. Recently proposed usage control (UCON) can address these requirements of access policy representation for temporal and time-consuming problems. In this paper, we propose a framework to facilitate the establishment of secure interoperability in multidomain environments employing Usage Control (UCON) policies. In particular, we propose an attribute mapping technique to establish secure context in multidomain environments. A key challenge in the establishment of secure interoperability is to guarantee security of individual domains in presence of interoperation. We study how conflicts arise and show that it is efficient to resolve the security violations of cyclic inheritance and separation of duty. © 2009 Springer Berlin Heidelberg.

DOI 10.1007/978-3-642-04474-8_31
Citations Scopus - 2
2009 Gan Z, Ding Q, Varadharajan V, 'Reputation-Based Trust Network Modelling and Simplification in Multiagent-Based E-Commerce Systems', PROCEEDINGS OF THE 2009 FIFTH INTERNATIONAL CONFERENCE ON NEXT GENERATION WEB SERVICES PRACTICES, NWESP 2009, Charles Univ, Fac Math & Phys, Prague, CZECH REPUBLIC (2009)
DOI 10.1109/NWeSP.2009.13
Citations Scopus - 4Web of Science - 1
2009 Shankaran R, Varadharajan V, Orgun MA, Hitchens M, 'Context-Aware Trust Management for Peer-to-Peer Mobile Ad-Hoc Networks', 2009 IEEE 33RD INTERNATIONAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE, VOLS 1 AND 2, Seattle, WA (2009)
2009 Nagarajan A, Varadharajan V, Hitchens M, Gallery E, 'Property Based Attestation and Trusted Computing: Analysis and Challenges', NSS: 2009 3RD INTERNATIONAL CONFERENCE ON NETWORK AND SYSTEM SECURITY, Surfers Paradise, AUSTRALIA (2009)
Citations Scopus - 24Web of Science - 9
2009 Gallery E, Nagarajan A, Varadharajan V, 'A Property-Dependent Agent Transfer Protocol', TRUSTED COMPUTING, PROCEEDINGS, St Hughs Coll, Oxford, ENGLAND (2009)
Citations Scopus - 2Web of Science - 1
2009 Nagarajan A, Varadharajan V, Hitchens M, 'ALOPA: Authorization Logic for Property Attestation in Trusted Platforms', AUTONOMIC AND TRUSTED COMPUTING, PROCEEDINGS, Brisbane, AUSTRALIA (2009)
Citations Scopus - 2Web of Science - 1
2009 Li L, Wang Y, Varadharajan V, 'Fuzzy Regression Based Trust Prediction in Service-Oriented Applications', AUTONOMIC AND TRUSTED COMPUTING, PROCEEDINGS, Brisbane, AUSTRALIA (2009)
Citations Scopus - 13Web of Science - 8
2009 Lu J, Li R, Varadharajan V, Lu Z, Ma X, 'Secure Interoperation in Multidomain Environments Employing UCON Policies', INFORMATION SECURITY, PROCEEDINGS, Pisa, ITALY (2009)
DOI 10.1061/41064(358)395
Citations Web of Science - 1
2009 Shankaran R, Varadharajan V, Orgun MA, Hitchens M, 'Context-aware trust management for peer-to-peer mobile Ad-Hoc networks', Proceedings - International Computer Software and Applications Conference (2009)

Mobile Ad hoc Networks (MANETs) are self-organizing and adaptive, and securing such networks is non-trivial. Most security schemes suggested for MANETs tend to build upon some fun... [more]

Mobile Ad hoc Networks (MANETs) are self-organizing and adaptive, and securing such networks is non-trivial. Most security schemes suggested for MANETs tend to build upon some fundamental assumptions regarding the trustworthiness of the participating hosts and the underlying networking systems without presenting any definite scheme for trust establishment. If MANET is to achieve the same level of acceptance as traditional wired and wireless network, then a formal specification of trust and a framework for trust management must become an intrinsic part of its infrastructure. The goal of this paper is to highlight issues relating to trust in MANETs and describe a context-aware, reputation-based approach for establishing trust that assesses the trustworthiness of the participating nodes in a dynamic and uncertain MANET environment. © 2009 IEEE.

DOI 10.1109/COMPSAC.2009.132
Citations Scopus - 15
2009 Li X, Wang G, Varadharajan V, Yang P, Baiardi F, Yu Z, 'Message from the UbiSafe-09 chairs', 8th IEEE International Symposium on Dependable, Autonomic and Secure Computing, DASC 2009 (2009)
DOI 10.1109/DASC.2009.166
2009 Gan Z, He J, Ding Q, Varadharajan V, 'Trust relationship modelling in E-commerce-based social network', CIS 2009 - 2009 International Conference on Computational Intelligence and Security (2009)

In multi-agent-based e-commerce environments, like a social network, it is critical for buying agents to build trust with the selling agents in the virtual E-marketplaces so as to... [more]

In multi-agent-based e-commerce environments, like a social network, it is critical for buying agents to build trust with the selling agents in the virtual E-marketplaces so as to mitigate the possible harm inflicted by any dishonest sellers. However, traditional approaches for establishing trust in the physical world can no longer be used. This paper introduces a graphical representation approach to uncover the existing social trust network in the virtual E-marketplaces. Firstly, it presents some notations of the graphical description approach. Secondly it discusses how to reconstruct the trust network in terms of the trust commonsense in people's daily life. © 2009 IEEE.

DOI 10.1109/CIS.2009.184
Citations Scopus - 8
2009 Safavi-Naini R, Varadharajan V, 'Proceedings of the 4th International Symposium on ACM Symposium on Information, Computer and Communications Security, ASIACCS'09: Message from the program chairs', Proceedings of the 4th International Symposium on ACM Symposium on Information, Computer and Communications Security, ASIACCS'09 (2009)
DOI 10.1145/1533057.1533059
2009 Varadharajan V, 'Evolution and challenges in trust and security in information system infrastructures', SIN'09 - Proceedings of the 2nd International Conference on Security of Information and Networks (2009)

In these uncertain economic times, two key ingredients which are in short supply are trust and confidence. The concept of trust has been around for many decades (if not for centur... [more]

In these uncertain economic times, two key ingredients which are in short supply are trust and confidence. The concept of trust has been around for many decades (if not for centuries) in different disciplines such as business, psychology, philosophy as well as in security technology. The current financial climate gives a particularly prescient example. As financial journalist Walter Bagehot wrote some 135 years ago, "after a great calamity, everybody is suspicious of everybody" and "credit, the disposition of one man to trust another, is singularly varying." The problem, as Bagehot observed it, was trust, or rather the lack of it, and it's as true today as it was in his time. Financial mechanisms aren't the only entities that must deal with trust-today's social networking communities such as Facebook, Wikipedia, and other online communities have to constantly reconcile trust issues, from searching and locating credible information, to conveying and protecting personal information. Furthermore with ever increasing reliance on digital economy, most business and government activities today depend on networked information systems for their operations. In this talk, we'll take a short journey through the concept and evolution of trust in the secure computing technology world, and examine some of the challenges involved in trusted computing today.

DOI 10.1145/1626195.1626197
Citations Scopus - 3
2009 Tupakula UK, Varadharajan V, Vuppala SK, 'SBAC: Service Based Access Control', 2009 14TH IEEE INTERNATIONAL CONFERENCE ON ENGINEERING OF COMPLEX COMPUTER SYSTEMS (ICECCS), Potsdam, GERMANY (2009)
DOI 10.1109/ICECCS.2009.43
Citations Scopus - 9Web of Science - 2
Co-authors Uday Tupakula
2009 Tupakula UK, Varadharajan V, Pandalaneni SR, 'DoSTRACK: A system for defending against DoS attacks', Proceedings of the ACM Symposium on Applied Computing (2009)

Denial of service (DoS) attacks are one of the complex problems in the current Internet. In this paper, we propose a system, DoSTRACK, that can efficiently deal with the TCP SYN a... [more]

Denial of service (DoS) attacks are one of the complex problems in the current Internet. In this paper, we propose a system, DoSTRACK, that can efficiently deal with the TCP SYN and reflection Distributed Denial of Service (DDoS) attacks. We also describe a prototype implementation of our model with HP OpenView Network Node Manager (NNM) and discuss how our model can be beneficial to the DDoS victim and the ISP. Copyright 2009 ACM.

DOI 10.1145/1529282.1529291
Citations Scopus - 2
Co-authors Uday Tupakula
2008 Shankaran R, Varadharajan V, Orgun MA, Hitchens M, 'Critical Issues in Trust Management for Mobile Ad-Hoc Networks', PROCEEDINGS OF THE 2009 IEEE INTERNATIONAL CONFERENCE ON INFORMATION REUSE AND INTEGRATION, Las Vegas, NE (2008)
Citations Scopus - 3
2008 Zhao W, Varadharajan V, 'A Novel Approach of Web Search Based on Community Wisdom', 2008 3RD INTERNATIONAL CONFERENCE ON INTERNET AND WEB APPLICATIONS AND SERVICES (ICIW 2008), Athens, GREECE (2008)
DOI 10.1109/ICIW.2008.66
Citations Scopus - 1
2008 Nagarajan A, Varadharajan V, Hitchens M, Arora S, 'On the applicability of trusted computing in distributed authorization using Web services', DATA AND APPLICATIONS SECURITY XXII, London, ENGLAND (2008)
Citations Scopus - 5Web of Science - 1
2008 Zhao W, Varadharajan V, 'Trust management for web services', Proceedings of the IEEE International Conference on Web Services, ICWS 2008 (2008)

In this paper, we propose a comprehensive trust management approach for web services that covers the analysis/modelling of trust relationships and the development of trust managem... [more]

In this paper, we propose a comprehensive trust management approach for web services that covers the analysis/modelling of trust relationships and the development of trust management layer in a consistent manner. The specific characteristics of trust relationships in web services are discussed. We introduce a separated trust management layer for web services that can hold computing components for trust management tasks. A trust management architecture for web services is proposed for building up the trust management layer. The proposed trust management architecture for web services deals with trust requirements, trust evaluation, and trust consumption in web services under a unified umbrella and it provides a solid foundation upon which may evolve the trust management layer for web services. © 2008 Crown Copyright.

DOI 10.1109/ICWS.2008.53
Citations Scopus - 17
2008 Balakrishnan V, Varadharajan V, Tupakula U, 'Subjective logic based trust model for mobile ad hoc networks', Proceedings of the 4th International Conference on Security and Privacy in Communication Networks, SecureComm'08 (2008)

In last five years, several trust models have been proposed to enhance the security of Mobile Ad hoc Networks (MANET). Nevertheless, these trust models fail to express the notion ... [more]

In last five years, several trust models have been proposed to enhance the security of Mobile Ad hoc Networks (MANET). Nevertheless, these trust models fail to express the notion of ignorance during the establishment of trust relationships between mobile nodes. Furthermore, they lack a well-defined approach to defend against the issues resulting from recommendations. In this paper, we propose a novel subjective logic based trust model that enables mobile nodes to explicitly represent and manage ignorance as uncertainty during the establishment of trust relationships with other nodes. Our model defines additional operators to subjective logic in order to address the ignorance introduced between mobile nodes (which have already established trust relationships) as a result of mobility-induced separation. Second, we demonstrate on how mobile nodes formulate their opinions for other nodes based on the evidence collected from the benign and malicious behaviors of those nodes. We then describe on how mobile nodes establish trust relationships with other nodes using the opinions held for those nodes. Depending on the policies defined, these relationships are then used by our model to enhance the security of mobile communications. Third, we propose a novel approach to communicate recommendations by which no explicit packets or additional headers are disseminated as recommendations. This allows our model to defend against recommendation related issues such as free-riding, honest-elicitation, and recommender's bias. Finally, we demonstrate the performance of our model through NS2 simulations. Copyright © 2008 ACM.

DOI 10.1145/1460877.1460916
Citations Scopus - 14
2008 Zhang J, Varadharajan V, 'A New Security Scheme for Wireless Sensor Networks', GLOBECOM 2008 - 2008 IEEE GLOBAL TELECOMMUNICATIONS CONFERENCE, New Orleans, LA (2008)
DOI 10.1109/GLOCOM.2008.ECP.32
Citations Scopus - 14
2007 Balakrishnan V, Varadharajan V, Tupakula U, Moe MEG, 'Mitigating flooding attacks in mobile ad-hoc networks supporting anonymous communications', The 2nd International Conference on Wireless Broadband and Ultra Wideband Communications, AusWireless 2007 (2007)

Recently several techniques that provide different degree of anonymity have been proposed for wired and wireless communication. Although, the recently proposed techniques are succ... [more]

Recently several techniques that provide different degree of anonymity have been proposed for wired and wireless communication. Although, the recently proposed techniques are successful in achieving high degree of anonymity, there are some disadvantages associated with the proposed techniques. In this paper we analyze the flooding and packet drop attacks in mobile ad hoc networks that support anonymous communication. Then we propose a novel technique to deal with the flooding attacks. Our approach can efficiently identify and isolate the malicious node that floods the network. In addition, our technique provides a mechanism to identify the benign behavior of an expelled node and rejoins the expelled node back into the network. Furthermore, our approach does not require any additional packets to communicate the behavior of the flooding node and hence does not incur any additional overhead. Finally we validate the performance analysis of our technique through NS2 simulations. © 2007 IEEE.

DOI 10.1109/AUSWIRELESS.2007.46
Citations Scopus - 10
2007 Zhang J, Wang Y, Varadharajan V, 'A new security scheme for integration of mobile agents and Web services', Second International Conference on Internet and Web Applications and Services, ICIW'07 (2007)

Web services specification provides an open standard for the distributed service oriented architecture. It is widely used in Internet and pervasive networks supporting wireless mo... [more]

Web services specification provides an open standard for the distributed service oriented architecture. It is widely used in Internet and pervasive networks supporting wireless mobile devices. A mobile agent is a composition of computer software and data which is able to migrate from one host to another autonomously and continue its execution on the destination host. Mobile agent technology can reduce the bandwidth requirement and tolerate the network faults - able to operate without an active connection between clients and server. Hence, the applications of the combination of mobile agents and web service have been widely investigated in recent years. However, the security issue is still of a major concern. In this paper, we propose a novel agent-based web service security scheme. This scheme provides a new authentication protocol without using the username/password pair, which is infeasible for mobile agent, and gives an alternative method to current security mechanism without using Certification Authorities (CA) based public key infrastructure. With this scheme, we can simplify the key management and reduce the computation particularly for group-oriented web services. © 2007 IEEE.

DOI 10.1109/ICIW.2007.5
Citations Scopus - 5
2007 Balakrishnan V, Varadharajan V, Tupakula U, Lucs P, 'Trust integrated cooperation architecture for mobile ad-hoc networks', Proceedings of 4th IEEE Internatilonal Symposium on Wireless Communication Systems 2007, ISWCS (2007)

In recent years, several secure routing protocols have been proposed to secure communications among nodes in mobile ad hoc networks. However, they are not tailored to defend again... [more]

In recent years, several secure routing protocols have been proposed to secure communications among nodes in mobile ad hoc networks. However, they are not tailored to defend against Denial of Service (DoS) attacks such as flooding and packet drop attacks. This has led to the development of models that target cooperation among nodes. These models either fail to protect against flooding attacks or only defend against greedy nodes that drop packets to save battery resources. The main shortcoming of cooperation models is that they fail to evaluate the trustworthiness for other nodes. In this paper, we propose a Trust Integrated Cooperation Architecture which consists of an obligation-based cooperation model known as fellowship to defend against both flooding and packet drop attacks. In our architecture, fellowship enhances its security decisions through a trust model known as Secure MANET Routing with Trust Intrigue (SMRTI). In comparison with related models, SMRTI deploys a novel approach to communicate recommendations such that the deployed approach is free from well-known issues such as honest elicitation, free riding, bias of a recommender, and additional overhead. © 2007 IEEE.

DOI 10.1109/ISWCS.2007.4392409
Citations Scopus - 3
2007 Balakrishnan V, Varadharajan V, Tupakula U, Lucs P, 'TEAM: Trust enhanced security architecture for mobile ad-hoc networks', ICON 2007 - Proceedings of the 2007 15th IEEE International Conference on Networks (2007)

Security is paramount in Mobile Ad-hoc Networks (MANET) as they are not conducive to centralized trusted authorities. Several solutions have been proposed for MANET in the areas o... [more]

Security is paramount in Mobile Ad-hoc Networks (MANET) as they are not conducive to centralized trusted authorities. Several solutions have been proposed for MANET in the areas of key management, secure routing, nodal cooperation, and trust management. Nevertheless, MANET lacks a unified architecture to take advantage of the deployed security models. In this paper, we propose Trust Enhanced security Architecture for MANET (TEAM), in which a trust model is overlaid on the following security models - key management mechanism, secure routing protocol, and cooperation model. We briefly present the operation of our architecture and then we detail the system operation of our novel trust and cooperation model, which we call as Secure MANET Routing with Trust Intrigue (SMRTI) and fellowship respectively. SMRTI captures the evidence of trustworthiness for other nodes from the security models, and in return assists them to make better security decisions. Unlike related trust models, SMRTI captures recommendations in such a way that it eliminates both freeriding and honest-elicitation problems. In comparison with related cooperation models, fellowship model defends against both flooding and packet drop attacks. It can efficiently identify and isolate both malicious and selfish nodes that fail to share the communication channel or forward packets for other nodes. Furthermore, our models do not rely on any centralized authority or tamper-proof hardware. Simulation results confirm that our models enhance the performance of TEAM. © 2007 IEEE.

DOI 10.1109/ICON.2007.4444083
Citations Scopus - 13
Co-authors Uday Tupakula
2007 Lin C, Varadharajan V, 'A hybrid trust model for enhancing security in distributed systems', ARES 2007: SECOND INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, PROCEEDINGS, Vienna, AUSTRIA (2007)
Citations Scopus - 16Web of Science - 2
2007 Zhang J, Wang Y, Varadharajan V, 'Mobile agent and web service integration security architecture', IEEE INTERNATIONAL CONFERENCE ON SERVICE-ORIENTED COMPUTING AND APPLICATIONS, PROCEEDINGS, Newport Beach, CA (2007)
DOI 10.1109/SOCA.2007.29
Citations Scopus - 6
2007 Wang Y, Varadharajan V, 'Role-based recommendation and trust evaluation', 9TH IEEE INTERNATIONAL CONFERENCE ON E-COMMERCE TECHNOLOGY/4TH IEEE INTERNATIONAL CONFERENCE ON ENTERPRISE COMPUTING, E-COMMERCE AND E-SERVICES, Tokyo, JAPAN (2007)
DOI 10.1109/CEC-EEE.2007.83
Citations Scopus - 37Web of Science - 6
2007 Wang Y, Lin K-J, Wong DS, Varadharajan V, 'The design of a rule-based and event-driven trust management framework', ICEBE 2007: IEEE INTERNATIONAL CONFERENCE ON E-BUSINESS ENGINEERING, PROCEEDINGS, Hong Kong, PEOPLES R CHINA (2007)
DOI 10.1109/ICEBE.2007.28
Citations Scopus - 11Web of Science - 8
2007 Gan Z, Tang J, Wu P, Varadharajan V, 'A novel security risk evaluation for information systems', 2007 JAPAN-CHINA JOINT WORKSHOP ON FRONTIER OF COMPUTER SCIENCE AND TECHNOLOGY, PROCEEDINGS, Wuhan, PEOPLES R CHINA (2007)
DOI 10.1109/FCST.2007.9
Citations Scopus - 3
2007 Nagarajan A, Varadharajan V, Hitchens M, 'Trust management and negotiation for attestation in trusted platforms using web services', EIGHTH INTERNATIONAL CONFERENCE ON PARALLEL AND DISTRIBUTED COMPUTING, APPLICATIONS AND TECHNOLOGIES, PROCEEDINGS, Adelaide, AUSTRALIA (2007)
Citations Scopus - 3
2007 Balakrishnan V, Varadharajan V, Tupakula U, Lucs P, 'Trust Integrated Cooperation Architecture for mobile ad-hoc networks', 2007 FOURTH INTERNATIONAL SYMPOSIUM ON WIRELESS COMMUNICATION SYSTEMS, VOLS 1 AND 2, Trondheim, NORWAY (2007)
2007 Balakrishnan V, Varadharajan V, Tupakula U, Lucs P, 'TEAM: Trust Enhanced Security Architecture for Mobile Ad-hoc Networks', 2007 15TH IEEE INTERNATIONAL CONFERENCE ON NETWORKS, Adelaide, AUSTRALIA (2007)
2007 Nagarajan A, Varadharajan V, Hitchens M, 'Trust Management for Trusted Computing Platforms in Web Services', STC'07: PROCEEDINGS OF THE 2007 ACM WORKSHOP ON SCALABLE TRUSTED COMPUTING, Alexandria, VA (2007)
Citations Scopus - 16Web of Science - 5
2007 Balakrishnan V, Varadharajan V, Lucs P, Tupakula UK, 'Trust enhanced secure mobile ad-hoc network routing', 21ST INTERNATIONAL CONFERENCE ON ADVANCED NETWORKING AND APPLICATIONS WORKSHOPS/SYMPOSIA, VOL 2, PROCEEDINGS, Niagara Falls, CANADA (2007)
Citations Scopus - 23Web of Science - 3
Co-authors Uday Tupakula
2007 Balakrishnan V, Varadharajan V, Tupakula UK, Lucs P, 'Trust and recommendations in mobile ad hoc networks', 3rd International Conference on Networking and Services,ICNS 2007 (2007)

Recently several trust and reputation models have been proposed to enhance the security of mobile ad hoc networks. In these models, recommendations are circulated by forwarding ex... [more]

Recently several trust and reputation models have been proposed to enhance the security of mobile ad hoc networks. In these models, recommendations are circulated by forwarding explicit messages or introducing extra message headers. Apart from incurring additional overhead, the recommendations are prone to issues such as recommender's bias, honest-elicitation, and free-riding. In this paper, we propose a trust model to enhance the security of mobile ad hoc networks and to address the issues related to recommendations. The model uses only trusted routes for communication, and isolates malicious nodes depending on the evidence collected from direct interactions and recommendations. It deploys a novel approach for communicating recommendations such that they are free from recommender's bias, honest-elicitation, and free-riding. Simulation results confirm the effectiveness of our model. © 2007 IEEE.

DOI 10.1109/ICNS.2007.123
Citations Scopus - 20
Co-authors Uday Tupakula
2006 Wang Y, Varadharajan V, 'DynamicTrust: The trust development in peer-to-peer environments', IEEE INTERNATIONAL CONFERENCE ON SENSOR NETWORKS, UBIQUITOUS, AND TRUSTWORTHY COMPUTING, VOL 1, PROCEEDINGS, Tai Chung, TAIWAN (2006)
Citations Scopus - 3Web of Science - 1
2006 Lin C, Varadharajan V, 'Trust based risk management for distributed system security - A new approach', FIRST INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, PROCEEDINGS, Vienna Univ Technol, Vienna, AUSTRIA (2006)
Citations Scopus - 17Web of Science - 4
2006 Zhang J, Varadharajan V, Mu Y, 'ID-based secure PIM-SM schemes', Proceedings of the Sixth IASTED International Multi-Conference on Wireless and Optical Communications, Banff, CANADA (2006)
2006 Zhang J, Varadharajan V, Mu Y, 'A scalable multi-service group key management scheme', Proceedings of the Advanced International Conference on Telecommunications and International Conference on Internet and Web Applications and Services, AICT/ICIW'06 (2006)

Scalable multi-service oriented group key management addresses issues relating to situations where dynamic group users have different privileges for accessing different sets of se... [more]

Scalable multi-service oriented group key management addresses issues relating to situations where dynamic group users have different privileges for accessing different sets of services. In this paper, we propose a new flexible group key management scheme based on an ID-based distribution encryption algorithm. This scheme has several advantages over existing multi-service oriented schemes. We show that the proposed scheme has some unique scalability properties, less storage, less communication overhead and inherent traitor tracing and stateless properties than previously known schemes. We believe the proposed scheme can be used to provide a secure information distribution method for many multi-service group-oriented applications. © 2006 IEEE.

DOI 10.1109/AICT-ICIW.2006.31
Citations Scopus - 5
2006 Ruan C, Varadharajan V, 'Implementing authorization delegations using graph', DATABASE AND EXPERT SYSTEMS APPLICATIONS, PROCEEDINGS, Cracow, POLAND (2006)
Citations Scopus - 6
2006 Ruan C, Varadharajan V, 'Integration of graph based authorization policies', FOUNDATIONS OF INTELLIGENT SYSTEMS, PROCEEDINGS, Bari, ITALY (2006)
Citations Scopus - 1
2006 Gan Z, Varadharajan V, 'Design and implementation of a practical secure distributed healthcare application', SECRYPT 2006: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, Setubal Coll Business Adm, Setubal, PORTUGAL (2006)
2006 Gan Z, Wei D, Varadharajan V, 'Improving software security through an integrated approach', SECRYPT 2006: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND CRYPTOGRAPHY, Setubal Coll Business Adm, Setubal, PORTUGAL (2006)
2006 Zhao W, Varadharajan V, Bryan G, 'A unified framework for trust management', 2006 SECURECOMM AND WORKSHOPS, Baltimore, MD (2006)
Citations Scopus - 3Web of Science - 1
2006 Lin C, Varadharajan V, 'Trust enhanced security - A new philosophy for secure collaboration of mobile agents', 2006 INTERNATIONAL CONFERENCE ON COLLABORATIVE COMPUTING: NETWORKING, APPLICATIONS AND WORKSHARING, Athens, GA (2006)
DOI 10.1109/FUZZY.2006.1681759
2006 Shankaran R, Varadharajan V, Hitchens M, 'Securing the ad hoc Dynamic Source Routing Protocol', 2006 IEEE INTERNATIONAL CONFERENCE ON WIRELESS COMMUNICATIONS, NETWORKING AND MOBILE COMPUTING, VOLS 1-4, Wuhan, PEOPLES R CHINA (2006)
2006 Lin C, Varadharajan V, 'Trust enhanced security - A new philosophy for secure collaboration of mobile agents', 2006 International Conference on Collaborative Computing: Networking, Applications and Worksharing, CollaborateCom (2006)

The mobile agent computing model violates some of the fundamental assumptions of conventional security techniques. Consequently, this has rendered many of the existing conventiona... [more]

The mobile agent computing model violates some of the fundamental assumptions of conventional security techniques. Consequently, this has rendered many of the existing conventional security countermeasures less effective for mobile agents. In this paper, we propose a new philosophy of trust enhanced security, which advocates a paradigm shift for mobile agent security solutions: from security-centric to trust-centric with the aim of providing improved security and performance of mobile agents. We first examine the problem of uncertainty in behavior induced by the security assumption violations by mobile agents; we then propose a trust enhanced security approach and argue for the need for a paradigm shift to trust-centric solutions. Next we identify a list of general design requirements for the trust-centric solutions and outline the new architectural design which supports the new trust enhanced security philosophy in practice. Finally we discuss the emergent properties of the new architecture and introduce the experimental results for validating the properties. ©2006 IEEE.

DOI 10.1109/COLCOM.2006.361905
Citations Scopus - 9
2006 Tupakula UK, Varadharajan V, 'Analysis of Traceback Techniques', Conferences in Research and Practice in Information Technology Series (2006)

Today's Internet is extremely vulnerable to Distributed Denial of service (DDoS) attacks. There is tremendous pressure on the sites performing online business and ISP's ... [more]

Today's Internet is extremely vulnerable to Distributed Denial of service (DDoS) attacks. There is tremendous pressure on the sites performing online business and ISP's to protect their networks from DDoS attacks. Recently, several novel traceback techniques have been proposed to trace the approximate spoofed source of attack. Each proposed traceback technique has some unique advantages and disadvantages over the others. In this paper we will consider some of the novel traceback techniques and focus our discussion i) to raise some of the real time issues that can be addressed in the further research and ii) from the attackers perspective on how to generate DDoS attacks and remain untraced even if any of the traceback technique is deployed in the Internet. We will also demonstrate how attacks can be further amplified if ICMP traceback technique is deployed in the Internet and discuss techniques to minimise the additional attack traffic. We believe that the networks tend to become complex and more vulnerable to DDoS attacks if some of the proposed traceback techniques are deployed in the Internet. © 2006, Australian Computer Society, Inc.

Citations Scopus - 4
Co-authors Uday Tupakula
2006 Balakrishnan V, Varadharajan V, Tupakula UK, 'Fellowship: Defense against Flooding and Packet Drop Attacks in MANET', 2006 IEEE/IFIP NETWORK OPERATIONS AND MANAGEMENT SYMPOSIUM, VOLS 1 AND 2, Vancouver, CANADA (2006)
Citations Scopus - 14
Co-authors Uday Tupakula
2005 Balakrishnan V, Varadharajan V, 'Designing secure wireless mobile ad hoc networks', AINA 2005: 19TH INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS, VOL 2, Taipei, TAIWAN (2005)
Citations Scopus - 12Web of Science - 1
2005 Wang Y, Varadharajan V, 'Two-phase peer evaluation in P2P e-commerce environments', 2005 IEEE International Conference on e-Technology, e-Commerce and e-Service, Proceedings, Hong Kong Baptist Univ, Hong Kong, PEOPLES R CHINA (2005)
Citations Scopus - 7Web of Science - 6
2005 Lin C, Varadharajan V, Wang Y, Pruthi V, 'Trust enhanced security for mobile agents', CEC 2005: Seventh IEEE International Conference on E-Commerce Technology, Proceedings, Munich, GERMANY (2005)
DOI 10.1109/ICECT.2005.97
Citations Scopus - 25
2005 Gan ZB, Wei DW, Varadharajan V, 'Evaluating the performance and scalability of Web Application Systems', THIRD INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY AND APPLICATIONS, VOL 1, PROCEEDINGS, Sydney, AUSTRALIA (2005)
Citations Scopus - 1
2005 Foster D, Varadharajan V, 'Security and trust enhanced mobile agent based system design', Third International Conference on Information Technology and Applications, Vol 1, Proceedings, Sydney, AUSTRALIA (2005)
Citations Scopus - 9Web of Science - 1
2005 Balakrishnan V, Varadharajan V, 'Short paper: Fellowship in mobile ad hoc networks', FIRST INTERNATIONAL CONFERENCE ON SECURITY AND PRIVACY FOR EMERGING AREAS IN COMMUNICATIONS NETWORKS, PROCEEDINGS, Athens, GREECE (2005)
DOI 10.1109/SECURECOMM.2005.40
Citations Scopus - 2
2005 Wang Y, Varadharajan V, 'Trust(2) : Developing trust in peer-to-peer environments', 2005 IEEE INTERNATIONAL CONFERENCE ON SERVICES COMPUTING, VOL 1, PROCEEDINGS, Orlando, FL (2005)
Citations Scopus - 35Web of Science - 2
2005 Wang Y, Varadharajan V, 'A mobile autonomous agent-based secure payment protocol supporting multiple payments', 2005 IEEE/WIC/ACM International Conference on Intelligent Agent Technology, Proceedings, Compiegne Univ Technol, Compiegne, FRANCE (2005)
Citations Scopus - 10
2005 Tran H, Watters P, Hitchens M, Varadharajan V, 'Trust and authorization in the Grid: A recommendation model', International Conference on Pervasive Services 2005, Proceedings, Santorini, GREECE (2005)
Citations Scopus - 12Web of Science - 2
2005 Zhao W, Varadharajan V, 'Efficient TTP-free mental poker protocols', International Conference on Information Technology: Coding and Computing, ITCC (2005)

Zhao et al proposed an efficient mental poker protocol which did not require using a Trusted Third Party(TTP). The protocol is efficient and suitable for any number of players but... [more]

Zhao et al proposed an efficient mental poker protocol which did not require using a Trusted Third Party(TTP). The protocol is efficient and suitable for any number of players but it introduces a security flaw. In this paper, we propose two mental poker protocols based on Zhao's previous work. The security flaw has been removed and the additional computing cost is small. © 2005 IEEE.

Citations Scopus - 4
2005 Gan ZB, Wei DW, Zhang JL, Varadharajan V, 'Business-process-oriented software requirements automatic generator', Proceedings - 3rd International Conference on Information Technology and Applications, ICITA 2005 (2005)

Requirements analysis is not only the most important stage of information systems development but also a complex and time-consuming process. Tools play an important role in suppor... [more]

Requirements analysis is not only the most important stage of information systems development but also a complex and time-consuming process. Tools play an important role in supporting and automating software requirements analysis. They become indispensable in dealing with large and complex systems. This paper first introduces a business-processes-oriented requirements analysis model. And a business-process-oriented Software Requirements Automatic Generator (SRAG) is herein presented, alongside the design of a prototype. © 2005 IEEE.

Citations Scopus - 5
2005 Gan ZB, Lin C, Vijay V, 'A middleware-based script language', 4th Annual International Conference on Mobile Business, ICMB 2005 (2005)

© 2005 IEEE. Middleware has greatly promoted the 3-tie mode of application systems. But as application software requirements become more complex and more frequently changing, the... [more]

© 2005 IEEE. Middleware has greatly promoted the 3-tie mode of application systems. But as application software requirements become more complex and more frequently changing, the development cycle of middleware is demanded shorter and shorter. Within a middleware, once a component is amended, the middleware must be compiled and integrated into an application in a reliable, controlled manner. However, can the middleware directly be integrated and operated into an application without being recompiled after it is amended? To address this issue, this paper proposes a middleware-based script language (M-script) that can be used directly to update the middleware in order to adapt the new business requirements. An application example of the M-script is presented, and the result demonstrates that it simplifies the middleware redevelopment process, as well as enables rapid implementation of new business requirements.

DOI 10.1109/ICMB.2005.8
2005 Ejiri M, Lewis L, Milham D, Nakjima I, Varadharajan V, Birch F, 'Service-level agreement - How to reach the practical agreement, not the announcement', 2005 9th IFIP/IEEE International Symposium on Integrated Network Management, IM 2005 (2005)

SLA is becoming crucial in competitive ICT environment as one of key differentiations and in future demand where customer participated/centric operations are essential. SLA should... [more]

SLA is becoming crucial in competitive ICT environment as one of key differentiations and in future demand where customer participated/centric operations are essential. SLA should be reached through the negotiation between customers and service providers. However current discussion of SLA is too much focused on QoS related features, most of them are not familiar with end users and also customers are forced to accept/select SLAs which are defined /announced by service providers. In the panel, the following issues will be discussed: (1) What is "Services"? Operations services are becoming more important. (2) "Level" should be defined by qualitative/quantitative way? (3) SLA features should be customer perceptible/visible features and QoS should be translated by customer language. (4) Mechanism to reach "Agreement" by customers/service providers negotiation. (5) SLA negotiation process in service providers business processes.

DOI 10.1109/INM.2005.1440854
2005 Indrakanti S, Varadharajan V, Hitchens M, 'Principles for the design of authorization framework for the Service Oriented Architecture', Proceedings of the 1st International Conference on Internet Technologies and Applications, ITA 05 (2005)

While there are several efforts underway to provide security for the Service Oriented Architecture (SOA), there is no specification or standard defined to provide authorization se... [more]

While there are several efforts underway to provide security for the Service Oriented Architecture (SOA), there is no specification or standard defined to provide authorization services for the SOA. The SOA comprises of Web services and business process workflows built using Web services. Based on our analysis of existing authorization frameworks and policy specification models for the SOA, we envisage an authorization framework for the SOA to provide extensions to both the security layers of Web services and business processes separately. Also the Web services Description and Messaging layers must be extended to support authorization services designed for the SOA. In this paper, we lay out the core design principles for authorization services in each of these layers to achieve a comprehensive design of an authorization framework for the SOA.

Citations Scopus - 1
2005 Indrakanti S, Varadharajan V, Hitchens M, 'Analysis of existing authorization models and requirements for design of authorization framework for the Service Oriented Architecture', ISWS '05: Proceedings of the 2005 International Symposium on Web Services and Applications, Las Vegas, NV (2005)
Citations Scopus - 1
2005 Ruani C, Varadharajan V, 'Data protection in distributed database systems', FOUNDATIONS OF INTELLIGENT SYSTEMS, PROCEEDINGS, Saratoga Springs, NY (2005)
2005 Indrakanti S, Varadharajan V, 'An authorization architecture for Web services', DATA AND APPLICATIONS SECURITY XIX, PROCEEDINGS, Storrs, CT (2005)
2005 Lin C, Varadharajan V, Wang Y, 'Maximizing utility of mobile agent based E-commerce applications with trust enhanced security', TRUST, PRIVACY, AND SECURITY IN DIGITAL BUSINESS, Copenhagen, DENMARK (2005)
Citations Scopus - 1Web of Science - 1
2005 Varadharajan V, 'Authorization and trust enhanced security for distributed applications', INFORMATION SYSTEMS SECURITY, PROCEEDINGS, Jadavpur Univ, Calcutta, INDIA (2005)
Citations Scopus - 2Web of Science - 1
2005 Zhao WL, Varadharajan V, Bryan G, 'Analysis and modelling of trust in distributed information systems', INFORMATION SYSTEMS SECURITY, PROCEEDINGS, Jadavpur Univ, Calcutta, INDIA (2005)
Citations Scopus - 3
2005 Zhao W, Varadharajan V, Bryan G, 'Type and scope of trust relationships in collaborative interactions in distributed environments', ICEIS 2005 - Proceedings of the 7th International Conference on Enterprise Information Systems (2005)

In this paper, we consider the modelling of trust relationships in distributed systems based on a formal mathematical structure. We discuss different forms of trust. In particular... [more]

In this paper, we consider the modelling of trust relationships in distributed systems based on a formal mathematical structure. We discuss different forms of trust. In particular, we address the base level authentication trust at the lower layer with a hierarchy of trust relationships at a higher level. Then we define and discuss trust direction and symmetric characteristics of trust for collaborative interactions in distributed environments. We define the trust scope label in order to describe the scope and diversity of trust relationship under our taxonomy framework. We illustrate the proposed definitions and properties of the trust relationships using example scenarios. The discussed trust types and properties will form part of an overall trust taxonomy framework and they can be used in the overall methodology of life cycle of trust relationships in distributed information systems that is currently in the process of development.

Citations Scopus - 1
2005 Indrakanti S, Varadharajan V, Hitchens M, 'Architectural framework for web services authorization', Proceedings of the Joint Workshop on Web Services and Model-Driven Enterprise Information Services, WSMDEIS 2005, in Conjunction with ICEIS 2005 (2005)

This paper proposes an authorization architecture for Web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its co... [more]

This paper proposes an authorization architecture for Web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its components for secure authorization of Web services as well as the support for the management of authorization information. The paper also describes authorization algorithms required to authorize a Web service client. The architecture is currently being implemented within the .NET framework.

Citations Scopus - 2
2005 Ching L, Varadharajan V, Yan W, Pruthi V, 'Security and trust management in mobile agents: A new perspective', IET Conference Publications (2005)

This paper presents a new perspective for mobile agent security - trust enhanced security and develops MobileTrust - a novel trust management architecture to support the trust enh... [more]

This paper presents a new perspective for mobile agent security - trust enhanced security and develops MobileTrust - a novel trust management architecture to support the trust enhanced security solutions for mobile agents. Based on this new perspective we go beyond traditional security mechanism based architectural design by incorporating a trust model into the underlying security architecture. Such an approach enables explicit management of security related trust relationships and it integrates trust into security decision making process to achieve trust enhanced security, which is impossible with the traditional security models. The proposed architecture provides several desirable emergent properties: increased level of security for mobile agent and host, improved flexibility, and scalability of the underlying security system, which are only made possible by this new trust management based approach.

DOI 10.1049/cp:20051473
2005 Indrakanti S, Varadharajan V, 'An authorization architecture for Web services', Lecture Notes in Computer Science (2005)

This paper considers the authorization service requirements for the service oriented architecture and proposes an authorization architecture for Web services. It describes the arc... [more]

This paper considers the authorization service requirements for the service oriented architecture and proposes an authorization architecture for Web services. It describes the architectural framework, the administration and runtime aspects of our architecture and its components for secure authorization of Web services as well as the support for the management of authorization information. The proposed architecture has several benefits. It is able to support legacy applications exposed as Web services as well as new Web service based applications built to leverage the benefits offered by the service oriented architecture; it can support multiple access control models and mechanisms and is decentralized and distributed and provides flexible management and administration of Web services and related authorization information. The proposed architecture can be integrated into existing middleware platforms to provide enhanced security to exposed Web services. The architecture is currently being implemented within the .NET framework. © IFIP International Federation for Information Processing 2005.

Citations Scopus - 3
2005 Tran H, Hitchens M, Varadharajan V, Watters P, 'A trust based access control framework for P2P file-sharing systems', Proceedings of the Annual Hawaii International Conference on System Sciences (2005)

Peer-to-peer (P2P) file sharing systems have become popular as a new paradigm for information exchange. However, the decentralized and anonymous characteristics of P2P environment... [more]

Peer-to-peer (P2P) file sharing systems have become popular as a new paradigm for information exchange. However, the decentralized and anonymous characteristics of P2P environments make the task of controlling access to sharing information more difficult, which cannot be done by traditional access control methods. In this paper, we identify access control requirements in such environments and propose a trust based access control framework for P2P file-sharing systems. The framework integrates aspects of trust and recommendation models, fairness based participation schemes and access control schemes, and applies them to P2P file-sharing systems. We believe that the proposed scheme is realistic and argue that our approach preserves P2P decentralized structure and peers' autonomy property whist enabling collaboration between peers.

Citations Scopus - 69
2004 Zhang JQ, Varadharajan V, Mu Y, 'Securing XML document sources and their distribution', 18TH INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS, VOL 1 (LONG PAPERS), PROCEEDINGS, Fukuoka, JAPAN (2004)
Citations Scopus - 2
2004 Indrakanti S, Varadharajan V, Hitchens M, 'Authorization service for web services and its implementation', IEEE INTERNATIONAL CONFERENCE ON WEB SERVICES, PROCEEDINGS, San Diego, CA (2004)
DOI 10.1109/ICWS.2004.1314814
Citations Scopus - 4
2004 Lin C, Varadharajan V, Wang Y, Pruthi V, 'Enhancing grid security with trust management', 2004 IEEE INTERNATIONAL CONFERENCE ON SERVICES COMPUTING, PROCEEDINGS, Shanghai, PEOPLES R CHINA (2004)
Citations Web of Science - 36
2004 Lin C, Varadharajan V, Wang Y, Pruthi V, 'Enhancing grid security with trust management', Proceedings - 2004 IEEE International Conference on Services Computing, SCC 2004 (2004)

Recently, trust has been recognized as an important factor for Grid computing security. In this paper, we develop a trust management architecture for trust enhanced Grid security ... [more]

Recently, trust has been recognized as an important factor for Grid computing security. In this paper, we develop a trust management architecture for trust enhanced Grid security incorporating a novel trust model which is capable of capturing various types of trust relationships that exist in a Grid system and providing mechanisms for trust evaluation, recommendations and update for trust decisions. The outcomes of the trust decisions can then be employed by the Grid security system to formulate trust enhanced security solutions. We design several algorithms to demonstrate how one can derive the trust enhanced security solutions for both user and resource provider protection with the proposed trust management architecture. Leveraging on trust knowledge and forming it as part of the security decisions, the proposed architecture possesses several desirable emerging properties that enable it to provide an improved level of security for Grid computing systems.

DOI 10.3934/dcds.2005.12.303
Citations Scopus - 74
2004 Indrakanti S, Varadharajan V, Hitchens M, Kumar A, 'Secure authorisation for web services', DATA AND APPLICATIONS SECURITY XVII: STATUS AND PROSPECTS, Estes Pk, CO (2004)
Citations Scopus - 2
2004 Hitchens M, Shankaran R, Varadharajan V, 'Securing the ad-hoc on-demand distance vector protocol', PARALLEL AND DISTRIBUTED COMPUTING SYSTEMS, San Francisco, CA (2004)
2004 Ruan C, Varadharajan V, 'A weighted graph approach to authorization delegation and conflict resolution', INFORMATION SECURITY AND PRIVACY, PROCEEDINGS, Sydney, AUSTRALIA (2004)
Citations Scopus - 11Web of Science - 1
2004 Wang Y, Varadharajan V, 'Interaction trust evaluation in decentralized environments', E-COMMERCE AND WEB TECHNOLOGIES, Zaragoza, SPAIN (2004)
Citations Scopus - 24Web of Science - 20
2004 Zhao WL, Varadharajan V, Bryan G, 'Modelling trust relationship in distributed environments', TRUST AND PRIVACY IN DIGITAL BUSINESS, PROCEEDINGS, Zaragoza, SPAIN (2004)
Citations Scopus - 8Web of Science - 2
2004 Lin C, Varadharajan V, Wang Y, Mu Y, 'On the design of a new trust model for mobile agent security', TRUST AND PRIVACY IN DIGITAL BUSINESS, PROCEEDINGS, Zaragoza, SPAIN (2004)
Citations Scopus - 16Web of Science - 12
2004 Wang Y, Varadharajan V, 'A time-based peer trust evaluation in P2P e-commerce environments', WEB INFORMATION SYSTEMS - WISE 2004, PROCEEDINGS, Brisbane, AUSTRALIA (2004)
Citations Scopus - 8Web of Science - 9
2004 Zhang JQ, Varadharajan V, Mu Y, 'A secure PIM-SM multicast routing protocol', DISTRIBUTED COMPUTING - IWDC 2004, PROCEEDINGS, Indian Statist Inst, Kolkata, INDIA (2004)
2004 Wang Y, Varadharajan V, 'Interaction trust evaluation in decentralized environments', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2004)

© Springer-Verlag Berlin Heidelberg 2004. In decentralized environments, such as P2P, as lack of central management, the trust issue is prominently important for interactions bet... [more]

© Springer-Verlag Berlin Heidelberg 2004. In decentralized environments, such as P2P, as lack of central management, the trust issue is prominently important for interactions between unfamiliar peers. This paper first presents a probabilistic approach for evaluating the interaction trust of unfamiliar peers according to their interaction history. In addition, after an interaction, peers can evaluate each other and modify the trust status. Based on it, this paper presents an approach for trust value modification after interactions.

Citations Scopus - 10
2004 Chaddoud G, Varadharajan V, 'Efficient secure group management for SSM', IEEE International Conference on Communications (2004)

We propose in this paper a new approach to channel key management in the architecture S -SSM, we designed to secure SSM communication. S -SSM defines two mechanisms for access con... [more]

We propose in this paper a new approach to channel key management in the architecture S -SSM, we designed to secure SSM communication. S -SSM defines two mechanisms for access control and content protection. The first one is carried out through subscriber authentication and access permission. The second is realized through the management of a unique key, called the channel key, k ch , shared among the sender and subscribers. The management k ch is based on a novel distributed encryption scheme that enables an entity to efficiently add and remove a subscriber without affecting other subscribers.

Citations Scopus - 4
2004 Tupakula UK, Varadharajan V, Gajam AK, 'Counteracting TCP SYN DDoS attacks using automated model', GLOBECOM '04: IEEE GLOBAL TELECOMMUNICATIONS CONFERENCE, VOLS 1-6, Dallas, TX (2004)
Citations Scopus - 4
Co-authors Uday Tupakula
2003 Shankaran R, Varadharajan V, Hitchens M, 'A secure mulficast support framework for mobile IP', WCNC 2003: IEEE WIRELESS COMMUNICATIONS AND NETWORKING CONFERENCE RECORD, VOLS 1-3, NEW ORLEANS, LA (2003)
Citations Scopus - 1
2003 Zhang JQ, Varadharajan V, Mu Y, 'A novel dynamic key management scheme for secure multicasting', ICON 2003: 11TH IEEE INTERNATIONAL CONFERENCE ON NETWORKS, Sydney, AUSTRALIA (2003)
Citations Scopus - 9Web of Science - 3
2003 Ruan C, Varadharajan V, Zhang Y, 'Delegatable authorization program and its application', Proceedings of the International Conference on Security and Management (2003)

Data protection is a significant issue in any secure information system. In this paper, we develop a decentralized authorization delegation model in which users can be delegated, ... [more]

Data protection is a significant issue in any secure information system. In this paper, we develop a decentralized authorization delegation model in which users can be delegated, granted or forbidden some access rights. This security model is formulated as an extended logic program which allows both negation as failure and classical negation. The stable model semantics is used to decide the users' access rights on data items. Under the proposed framework, conflicting problem is addressed and a promising resolution method is presented based on the underlying delegation relations and hierarchical structures of subjects, objects and access rights. The authorization inheritance are also supported in our model. Finally, as an application, we show how this framework can support different electronic consent models within the context of health care.

Citations Scopus - 1
2003 Saunders G, Hitchens M, Varadharajan V, 'Role-based access control and the access control matrix', INFORMATION AND COMMUNICATIONS SECURITY, PROCEEDINGS, HUEHAOTE CITY, PEOPLES R CHINA (2003)
Citations Scopus - 1Web of Science - 1
2003 Ruan C, Varadharajan V, Zhang Y, 'A logic model for temporal authorization delegation with negation', INFORMATION SECURITY, PROCEEDINGS, BRISTOL, ENGLAND (2003)
Citations Scopus - 6Web of Science - 1
2003 Lin C, Varadharajan V, 'Modelling and evaluating trust relationships in mobile agents based systems', APPLIED CRYPTOGRAPHY AND NETWORK SECURITY, PROCEEDINGS, KUNMING, PEOPLES R CHINA (2003)
Citations Scopus - 7Web of Science - 4
2003 Ruan C, Varadharajan V, 'An authorization model for e-consent requirement in a health care application', APPLIED CRYPTOGRAPHY AND NETWORK SECURITY, PROCEEDINGS, KUNMING, PEOPLES R CHINA (2003)
Citations Scopus - 3Web of Science - 3
2003 Ruan C, Varadharajan V, 'Supporting e-consent on health data by logic', FOUNDATIONS OF INTELLIGENT SYSTEMS, MAEBASHI CITY, JAPAN (2003)
2003 Ruan C, Varadharajan V, 'Decentralized temporal authorization administration', DATABASE AND EXPERT SYSTEMS APPLICATIONS, PROCEEDINGS, TECH UNIV PRAGUE, PRAGUE, CZECH REPUBLIC (2003)
2003 Indrakanti S, Varadharajan V, Todi RK, 'Authorisation Service in .Net My Services.', ICWI (2003)
2003 Islam M, Thomas J, Varadharajan V, 'Reducing the Scope of Denial of Service Attacks in QoS Routing', Conference Record / IEEE Global Telecommunications Conference (2003)

Existing routing algorithms treat Quality of Service (QoS) parameters and secure routing as completely separate entities requiring separate algorithms. In this paper we propose se... [more]

Existing routing algorithms treat Quality of Service (QoS) parameters and secure routing as completely separate entities requiring separate algorithms. In this paper we propose secure QoS Distance Vector and secure Bellman-Ford-Moore routing algorithms that meet QoS requirements and satisfy security concerns. Security is achieved by placing filters in the network. The routing algorithms generate routes through these filters to meet the specified QoS requirements. Simulation results indicate that secure QoS Distance Vector algorithm performs the better of the two algorithms. Moreover, the density of filters and the placement strategy of filters affect the length of the route generated.

2003 Tupakula UK, Varadharajan V, 'Counteracting DDoS attacks in multiple ISP domains using routing arbiter architecture', ICON 2003: 11TH IEEE INTERNATIONAL CONFERENCE ON NETWORKS, Sydney, AUSTRALIA (2003)
Citations Scopus - 8
Co-authors Uday Tupakula
2003 Tupakula UK, Varadharajan V, 'A Practical Method to Counteract Denial of Service Attacks.', ACSC (2003)
Co-authors Uday Tupakula
2003 Tupakula UK, Varadharajan V, 'A controller agent model to counteract DoS attacks in multiple domains', INTEGRATED NETWORK MANAGEMENT VIII, COLORADO SPRINGS, CO (2003)
DOI 10.1109/INM.2003.1194168
Citations Web of Science - 1
Co-authors Uday Tupakula
2003 Tupakula UK, Varadharajan V, 'A controller agent model to counteract DoS attacks in multiple domains', IFIP Advances in Information and Communication Technology (2003)

In this paper we discuss techniques to prevent Distributed Denial of Service (DDoS) attacks within the ISP domain and extend the scheme to prevent the attack in multiple ISP domai... [more]

In this paper we discuss techniques to prevent Distributed Denial of Service (DDoS) attacks within the ISP domain and extend the scheme to prevent the attack in multiple ISP domains. With a new packet marking technique and agent design, our model is able to identify the approximate source of attack with a single packet and has many features to minimise DDoS attacks. © 2003 by Springer Science+Business Media Dordrecht.

DOI 10.1007/978-0-387-35674-7
Citations Scopus - 2
Co-authors Uday Tupakula
2002 Mu Y, Varadharajan V, 'An efficient Internet credit card scheme from the weil pairing', THIRD INTERNATIONAL SYMPOSIUM ON ELECTRONIC COMMERCE, PROCEEDINGS, RES TRIANGLE PK, NC (2002)
DOI 10.1109/ISEC.2002.1166911
2002 Zhang JQ, Varadharajan V, Mu Y, 'A secure object sharing scheme for Java Card', INFORMATION AND COMMUNICATIONS SECURITY, PROCEEDINGS, SINGAPORE, SINGAPORE (2002)
2002 Hitchens M, Varadharajan V, Saunders G, 'Policy administration domains', INFORMATION SECURITY AND PRIVACY, MELBOURNE, AUSTRALIA (2002)
2002 Mu Y, Zhang JQ, Varadharajan V, 'm out of n Oblivious Transfer', INFORMATION SECURITY AND PRIVACY, MELBOURNE, AUSTRALIA (2002)
Citations Scopus - 27Web of Science - 21
2002 Ruan C, Varadharajan V, Zhang Y, 'Logic-based reasoning on delegatable authorizations', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2002)

In this paper, we propose a logic program based formulation that supports delegatable authorizations, where negation as failure, classical negation and rules inheritance are allow... [more]

In this paper, we propose a logic program based formulation that supports delegatable authorizations, where negation as failure, classical negation and rules inheritance are allowable. A conflict resolution policy has been developed in our approach that can be used to support the controlled delegation and exception. In our framework, authorization rules are specified in a Delegatable Authorization Program (DAP) which is an extended logic program associated with different types of partial orderings on the domain, and these orderings specify various inheritance relationships among subjects, objects and access rights in the domain. The semantics of a DAP is defined based on the well-known stable model and the conflict resolution is achieved in the process of model generation for the underlying DAP. Our framework provides users a feasible way to express complex security policies. © Springer-Verlag Berlin Heidelberg 2002.

Citations Scopus - 7
2001 Wietrzyk VI, Takizawa M, Orgun MA, Varadharajan V, 'A secure transaction environment for workflows in distributed systems', PROCEEDINGS OF THE EIGHTH INTERNATIONAL CONFERENCE ON PARALLEL AND DISTRIBUTED SYSTEMS, KYONGJU CITY, SOUTH KOREA (2001)
DOI 10.1109/ICPADS.2001.934820
Citations Scopus - 5Web of Science - 6
2001 Shankaran R, Varadharajan V, Hitchens M, 'Secure distributed location management scheme for mobile hosts', LCN 2001: 26TH ANNUAL IEEE CONFERENCE ON LOCAL COMPUTER NETWORKS, PROCEEDINGS, TAMPA, FL (2001)
DOI 10.1109/LCN.2001.990799
2001 Zhang Y, Varadharajan V, 'A logic for modeling the dynamics of beliefs in cryptographic protocols', Proceedings - 24th Australasian Computer Science Conference, ACSC 2001 (2001)

© 2001 IEEE. We present a logic of modeling the dynamics of beliefs in cryptographic protocols. Differently from previous proposals, our logic is situation based, in which a prot... [more]

© 2001 IEEE. We present a logic of modeling the dynamics of beliefs in cryptographic protocols. Differently from previous proposals, our logic is situation based, in which a protocol is viewed as a finite sequence of actions performed by various principals at different situations, and each action is a primitive term in the language. Therefore, it becomes possible to model the dynamic change of each principal's beliefs at each step of the protocol within the logic system. Our logic has a precise semantics and is sound with respect to the underlying automatic system.

DOI 10.1109/ACSC.2001.906645
Citations Scopus - 13
2001 Mu Y, Nguyen KQ, Varadharajan V, 'A fair electronic cash scheme', ELECTRONIC COMMERCE TECHNOLOGIES, PROCEEDINGS, HONG KONG, PEOPLES R CHINA (2001)
Citations Scopus - 14Web of Science - 8
2001 Varadharajan V, 'Secure networked computing', INFORMATION ASSURANCE IN COMPUTER NETWORKS: METHODS, MODELS AND ARCHITECTURES FOR NETWORK SECURITY, PROCEEDINGS, ST PETERSBURG, RUSSIA (2001)
2001 Wietrzyk VI, Takizawa M, Varadharajan V, 'A strategy for MLS workflow', INFORMATION SECURITY AND PRIVACY, PROCEEDINGS, SYDNEY, AUSTRALIA (2001)
Citations Scopus - 1
2001 Hitchens M, Varadharajan V, 'Tower: A language for role based access control', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2001)

© Springer-Verlag Berlin Heidelberg 2001. A language for specifying role-based access control (RBAC) policies is presented. The language is designed to support the range of acces... [more]

© Springer-Verlag Berlin Heidelberg 2001. A language for specifying role-based access control (RBAC) policies is presented. The language is designed to support the range of access control policies of commercial object systems. The basic structures of RBAC, such as role, users and permission, are present in the language as basic constructs. Examples are given in the language of access control situations, such as static and dynamic separation of duty, delegation and joint action based access policies. The language is flexible and is able to capture meta-level operations. The language also provides a mechanism for tracking actions and basing access control decisions on past events.

Citations Scopus - 13
2001 Mu Y, Varadharajan V, 'An internet anonymous auction scheme', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2001)

© Springer-Verlag Berlin Heidelberg 2001. This paper proposes a new Internet bidding system that offers anonymity of bidders and fairness to both bidders and the auction server. ... [more]

© Springer-Verlag Berlin Heidelberg 2001. This paper proposes a new Internet bidding system that offers anonymity of bidders and fairness to both bidders and the auction server. Our scheme satisfies all the basic security requirements for a sealed-bid auction system, without requiring multiple servers.

DOI 10.1007/3-540-45247-8_14
Citations Scopus - 5
2001 Wu CK, Varadharajan V, 'Fair exchange of digital signatures with offline trusted third party', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2001)

© Springer-Verlag Berlin Heidelberg 2001. In this paper we show how fair exchange of digital signatures can be made possible without a separate verifiable encryption. This means ... [more]

© Springer-Verlag Berlin Heidelberg 2001. In this paper we show how fair exchange of digital signatures can be made possible without a separate verifiable encryption. This means that the fair exchange protocol can be established based on an existing signature algorithm without modification, except that the users need to get a ticket from an off-line trusted third party to enable the fair exchange. The trusted third party is needed to make a judgment only when there is a dispute. Explicit protocols based on different digital signature algorithms are proposed.

Citations Scopus - 6
2001 Hitchens M, Varadharajan V, 'RBAC for XML document stores', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2001)

© Springer-Verlag Berlin Heidelberg 2001. Web based services and applications have increased the availability and accessibility of information. XML (eXtensible Markup Language) h... [more]

© Springer-Verlag Berlin Heidelberg 2001. Web based services and applications have increased the availability and accessibility of information. XML (eXtensible Markup Language) has recently emerged as an important standard in the area of information representation. XML documents can represent information at different levels of sensitivity. Access control for XML document stores must recognise the fine-grained nature of the document structure. In this paper we present an approach to access control for XML document stores. This framework is based on RBAC and includes a syntax for specifying access control policies for the store.

Citations Scopus - 8
2001 Molli P, Skaf-Molli H, Godart C, Ray P, Shankaran R, Varadharajan V, 'Integrating network services for virtual teams', ICEIS 2001 - Proceedings of the 3rd International Conference on Enterprise Information Systems (2001)

Virtual team provider is an emerging business on the Internet. It allows people to work together distributed across space, time and organization. Tools like BSCW or SourceForge al... [more]

Virtual team provider is an emerging business on the Internet. It allows people to work together distributed across space, time and organization. Tools like BSCW or SourceForge allow an organization to host virtual teams. Although, these tools deliver functionalities, they lack required features (e.g. security, dependability and quality of service) to make them commercially acceptable. In this paper, we describe underlying effort needed at the network services level to make virtual team software commercially viable.

Citations Scopus - 2
2001 Mu Y, Varadharajan V, 'Robust and secure broadcasting', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2001)

© Springer-Verlag Berlin Heidelberg 2001. This paper describes a secure Pay TV protocol based on a public-key distributed encryption scheme that enables the Pay TV broadcaster to... [more]

© Springer-Verlag Berlin Heidelberg 2001. This paper describes a secure Pay TV protocol based on a public-key distributed encryption scheme that enables the Pay TV broadcaster to robustly add or remove any subscriber without changing private decryption keys of other subscribers. In other words, the updating process is transparent to the subscribers. This feature exhibits a distinct advantage over a symmetric key based system where all subscribers share a single key and therefore it is impossible to dynamically remove a subscriber from the system.

Citations Scopus - 21
2001 Shankaran R, Varadharajan V, Hitchens M, 'A distributed location management scheme for mobile hosts', Proceedings of the Internatoinal Conference on Parallel and Distributed Systems - ICPADS (2001)

With the increasing growth in mobile computing devices and wireless networks, users are able to access information from anywhere and at anytime. In such situations, the issues of ... [more]

With the increasing growth in mobile computing devices and wireless networks, users are able to access information from anywhere and at anytime. In such situations, the issues of location management for mobile hosts are becoming increasingly significant. Different location management schemes such as Columbia University's mobile IP scheme and IETF mobile IP have been proposed. In this paper, we propose a new distributed location management scheme and discuss the advantages of the proposed scheme over the others. The paper then considers the issues of multicasting in the proposed architecture.

Citations Scopus - 4
2000 Varadharajan V, 'Security enhanced mobile agents', Proceedings of the ACM Conference on Computer and Communications Security (2000)

This paper describes a security model for mobile agent based systems. The model defines the notion of a security-enhanced agent and outlines security management components in agen... [more]

This paper describes a security model for mobile agent based systems. The model defines the notion of a security-enhanced agent and outlines security management components in agent platform bases and considers secure migration of agents from one base to another. The security enhanced agent carries a passport that contains its security credentials and some related security code. Then we describe how authentication, integrity and confidentiality, and access control are achieved using the agent's passport and the security infrastructure in the agent bases. We also consider the types of access control policies that can be specified using the security enhanced agents and the policy base in the agent platforms. We discuss the application of the security model in roaming mobile agents and consider a simple scenario involving security auditing in networks.

Citations Scopus - 42
2000 Bai Y, Varadharajan V, 'A logical formalization for specifying authorizations in object-oriented databases', RESEARCH ADVANCES IN DATABASE AND INFORMATION SYSTEMS SECURITY, SEATTLE, WA (2000)
2000 Hitchens M, Varadharajan V, 'Elements of a language for role-based access control', INFORMATION SECURITY FOR GLOBAL INFORMATION INFRASTRUCTURES, BEIJING, PEOPLES R CHINA (2000)
2000 Mu Y, Varadharajan V, 'Towards a protection model for supporting multiple access control policies', Proceedings - 11th Australasian Database Conference, ADC 2000 (2000)

© 2000 IEEE. The Schematic Protection Model (SPM) allows us to specify the protection structure of an object-oriented database and provides an algorithm to reason about the trans... [more]

© 2000 IEEE. The Schematic Protection Model (SPM) allows us to specify the protection structure of an object-oriented database and provides an algorithm to reason about the transmission of privileges. In this paper, we extend the SPM model to support multiple access policies, by introducing the concept of groups and the negation of authorisation.

DOI 10.1109/ADC.2000.819820
2000 Zhao W, Varadharajan V, Mu Y, 'Fair on-line gambling', Proceedings - Annual Computer Security Applications Conference, ACSAC (2000)

© 2000 IEEE. This paper proposes a fair electronic gambling scheme for the Internet. The proposed scheme provides a unique link between payment and gambling outcome so that the w... [more]

© 2000 IEEE. This paper proposes a fair electronic gambling scheme for the Internet. The proposed scheme provides a unique link between payment and gambling outcome so that the winner can be ensured to get the payment. Since an optimal fair exchange method is used in gambling message exchange the proposed system guarantees that no one can successfully cheat during a gambling process. Our system requires an off-line Trusted Third Party (TTP). If a cheating occurs, the TTP can resolve the problem and make the gambling process fair.

DOI 10.1109/ACSAC.2000.898894
Citations Scopus - 6
2000 Mu Y, Varadharajan V, 'Distributed signcryption', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2000)

© Springer-Verlag Berlin Heidelberg 2000. This paper proposes a distributed encryption scheme, where any party can ¿signcrypt¿ a message and distribute it to a designated group... [more]

© Springer-Verlag Berlin Heidelberg 2000. This paper proposes a distributed encryption scheme, where any party can ¿signcrypt¿ a message and distribute it to a designated group and any member in the receiving group can ¿de-signcrypt¿ the message. We also propose a group signcryption, where, given a designated group, any member in the group can signcrypt a message on the group¿s behalf. A group signcrypted message can be distributed to another group. The proposed schemes have potential applicability in electronic commerce.

Citations Scopus - 35
2000 Mu Y, Varadharajan V, 'Fail-stop confirmer signatures', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2000)

© Springer-Verlag Berlin Heidelberg 2000. A designated confirmer signature allows the signer to prove to the signature's recipient that the designated confirmer can confirm ... [more]

© Springer-Verlag Berlin Heidelberg 2000. A designated confirmer signature allows the signer to prove to the signature's recipient that the designated confirmer can confirm the signature without the signer. In this paper we propose a fail-stop confirmer signature scheme based on the concept of fail-stop knowledge proofs and signature knowledge proofs on discrete logarithms. We also develop a blinded version of the confirmer scheme. The new confirmer signatures have enhanced security against forgery from powerful adversaries.

DOI 10.1007/10718964_30
Citations Scopus - 2
2000 Wietrzyk VIS, Orgun MA, Varadharajan V, 'On the analysis of on-line database reorganization', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2000)

© Springer-Verlag Berlin Heidelberg 2000. We consider the problem of on-line database reorganization. The types of reorganization that we discuss are restoration of clustering, p... [more]

© Springer-Verlag Berlin Heidelberg 2000. We consider the problem of on-line database reorganization. The types of reorganization that we discuss are restoration of clustering, purging of old data, creation of a backup copy, compaction, and construction of indexes. The contributions of this paper are both of theoretical and of experimental nature.

DOI 10.1007/3-540-44472-6_23
2000 Wang H, Varadharajan V, Zhang Y, 'Towards a Generic Logic for Analysing Network Protocols.', ICDCS Workshop on Internet (2000)
1999 Murayama Y, Varadharajan V, 'Message from the IWSEC Workshop Co-Chairs.', ICPP Workshops (1999)
DOI 10.1109/ICPP.1999.10010
1999 Wu C-K, Varadharajan V, 'Modified Chinese Remainder Theorem and Its Application to Proxy Signatures.', ICPP Workshops (1999)
DOI 10.1109/ICPPW.1999.800054
1999 Saunders G, Hitchens M, Varadharajan V, 'An analysis of access control models', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)

© Springer-Verlag Berlin Heidelberg 1999. Access control in real systems is implemented using one or more abstractions based on the access control matrix (ACM). The most common a... [more]

© Springer-Verlag Berlin Heidelberg 1999. Access control in real systems is implemented using one or more abstractions based on the access control matrix (ACM). The most common abstractions are access control lists (ACLs) and capabilities. In this paper, we consider an extended Harrison-Ruzzo-Ullman (HRU) model to make some formal observations about capability systems versus access control list based systems. This analysis makes the characteristics of these types of access control mechanisms more explicit and is intended to provide a better understanding of their use. A combined model providing the flexibility of capabilities with the simplicity of the ACL and its relation to other models proposed earlier (e.g.[10,6] ) are discussed.

Citations Scopus - 2
1999 Nguyen KQ, Mu Y, Varadharajan V, 'Divertible zero-knowledge proof of polynomial relations and blind group signature', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)

© Springer-Verlag Berlin Heidelberg 1999. A divertible protocol is a protocol between three parties in which one party is able to divert another party¿s proof of some facts to p... [more]

© Springer-Verlag Berlin Heidelberg 1999. A divertible protocol is a protocol between three parties in which one party is able to divert another party¿s proof of some facts to prove some other facts to the other party. This paper presents a divertible protocol to prove multi-variant polynomial relations. Its direct application to blind group signature is also shown.

Citations Scopus - 5
1999 Bai Y, Varadharajan V, 'Authorization in object oriented databases', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)

© Springer-Verlag Berlin Heidelberg 1999. Formal specification on authorization in object oriented databases is becoming increasingly significant. However most of the work in thi... [more]

© Springer-Verlag Berlin Heidelberg 1999. Formal specification on authorization in object oriented databases is becoming increasingly significant. However most of the work in this field suffers a lack of formal logic semantics to characterize different types of inheritance properties of authorization policies among complex data objects. In this paper, we propose a logic formalization specify object oriented databases together with authorization policies. Our formalization has a high level language structure to specify object oriented databases and allows various types of authorizations to be associated with.

1999 Wang H, Varadharajan V, Zhang Y, 'A secure communication scheme for multiagent systems', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)

© Springer-Verlag Berlin Heidelberg 1999. In this paper we present a secure communication scheme for multiagent systems. First, we briefly introduce an architecture for multiagen... [more]

© Springer-Verlag Berlin Heidelberg 1999. In this paper we present a secure communication scheme for multiagent systems. First, we briefly introduce an architecture for multiagent systems, and discuss security problems with such systems. We then present the communication scheme in detail, including the mathematical principle and the cryptographic protocol. To further demonstrate how our communication scheme works, we present an example with which we show how a piece of plaintext message is encrypted and decrypted between two agents within a multiagent system in accordance with our communication scheme. In evaluation we show that, compared with other encryption systems such as RSA, our scheme is more simple and suitable for implementation on computers used in multiagent systems. Importantly, it remains as secure as other systems as long as the plaintext is not too short. In conclusion, we discuss issues about the management of secret keys and the suitability of the communication scheme.

Citations Scopus - 2
1999 Bai Y, Varadharajan V, 'On formal languages for sequences of authorization transformations', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)

© Springer-Verlag Berlin Heidelberg 1999. In a multi-user, information-sharing computer systems, authorization policy is needed to ensure that the information flows in the desire... [more]

© Springer-Verlag Berlin Heidelberg 1999. In a multi-user, information-sharing computer systems, authorization policy is needed to ensure that the information flows in the desired way and to prevent illegal access to the system resource. Usually such policy has a temporal property. That is, it needs to be updated to capture the changing requirements of applications, systems and users. These updates are implemented via transformation of authorization policies. In this paper, we propose two high-level formal languages L and L d to specify the transformation of authorizations in secure computer systems. L is a simple language that can be used to specify a sequence of authorization transformations. Though it has a simple syntax and semantics, we show that L is expressive enough to specify some well-known examples of authorization transformations. Language L d is an augmentation ofL which includes default propositions within the domain description of authorization policies. However, the semantics of L d is not just a simple extension of the semantics of L. We show that L d is more expressive than L in that constraints, causal and inherited authorizations, and general default authorizations can be specified.

Citations Scopus - 1
1999 Van Le T, Nguyen KQ, Varadharajan V, 'how to prove that a committed number is prime', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)

© Springer-Verlag Berlin Heidelberg 1999. The problem of proving a number is of a given arithmetic format with some prime elements, is raised in RSA undeniable signature, group s... [more]

© Springer-Verlag Berlin Heidelberg 1999. The problem of proving a number is of a given arithmetic format with some prime elements, is raised in RSA undeniable signature, group signature and many other cryptographic protocols. So far, there have been several studies in literature on this topic. However, except the scheme of Camenisch and Michels, other works are only limited to some special forms of arithmetic format with prime elements. In Camenisch and Michels's scheme, the main building block is a protocol to prove a committed number to be prime based on algebraic primality testing algorithms. In this paper, we propose a new protocol to prove a committed number to be prime. Our protocol is O(t) times more efficient than Camenisch and Michels's protocol, where t is the security parameter. This results in O(t) time improvement for the overall scheme.

Citations Scopus - 5
1999 Hitchens M, Varadharajan V, 'Issues in the design of a language for role based access control', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)

© Springer-Verlag Berlin Heidelberg 1999. In this paper, we describe a language based approach to the specification of authorisation policies that can be used to support the rang... [more]

© Springer-Verlag Berlin Heidelberg 1999. In this paper, we describe a language based approach to the specification of authorisation policies that can be used to support the range of access control policies in commercial object systems. We discuss the issues involved in the design of a language for role based access control systems. The notion of roles is used as a primitive construct within the language. This paper describes the basic constructs of the language and the language is used to specify several access control policies such as role based access control, static and dynamic separation of duty, delegation as well as joint action based access policies. The language is flexible and is able to capture meta-level operations and it is often these features which are significant when it comes to the applicability of an access control system to practical real situations.

DOI 10.1007/978-3-540-47942-0_4
Citations Scopus - 6
1999 Nguyen KQ, Bao F, Mu Y, Varadharajan V, 'Zero-knowledge proofs of possession of digital signatures and its applications', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)

© Springer-Verlag Berlin Heidelberg 1999. Demonstrating in zero-knowledge the possession of digital signatures has many cryptographic applications such as anonymous authenticatio... [more]

© Springer-Verlag Berlin Heidelberg 1999. Demonstrating in zero-knowledge the possession of digital signatures has many cryptographic applications such as anonymous authentication, identity escrow, publicly verifiable secret sharing and group signature. This paper presents a general construction of zero-knowledge proof of possession of digital signatures. An implementation is shown for discrete logarithm settings. It includes protocols of proving exponentiation and modulo operators, which are the most interesting operators in digital signatures. The proposed construction is applicable for ElGamal signature scheme and its variations. The construction also works for the RSA signature scheme. In discrete logarithm settings, our technique is O(l) times more efficient than previously known methods.

DOI 10.1007/978-3-540-47942-0_9
Citations Scopus - 4
1999 Nguyen K, Mu Y, Varadharajan V, 'Undeniable confirmer signature', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)

© Springer-Verlag Berlin Heidelberg 1999. In undeniable signature, a signature can only be verified with cooperation of the signer. If the signer refuses to cooperate, it is infe... [more]

© Springer-Verlag Berlin Heidelberg 1999. In undeniable signature, a signature can only be verified with cooperation of the signer. If the signer refuses to cooperate, it is infea-sible to check the validity of a signature. This problem is eliminated in confirmer signature schemes where the verification capacity is given to a confirmer rather than the signer. In this paper, we present a variation of confirmer signature, called undeniable confirmer signature in that both the signer and a confirmer can verify the validity of a signature. The scheme provides a better flexibility for the signer and the user as well as reduces the involvement of designated confirmers, who are usually trusted in practice. Furthermore, we show that our scheme is divertible, i.e., our signature can be blindly issued. This is essential in some applications such as subscription payment system, which is also shown.

Citations Scopus - 6
1999 Mu Y, Varadharajan V, Nguyen KQ, 'Delegated decryption', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1999)

© Springer-Verlag Berlin Heidelberg 1999. This paper proposes a new public key based system that enables us to have a single public key with one or more decryption keys and a uni... [more]

© Springer-Verlag Berlin Heidelberg 1999. This paper proposes a new public key based system that enables us to have a single public key with one or more decryption keys and a unique signing key. One straightforward application for our system is in delegated or proxy based decryption. The proxy based decryption requires that the decryption authority can be delegated to another party (proxy) without revealing the signing key information. This suggests that the proxy who has the legitimate right for decryption cannot sign on behalf of the public key owner; only the legitimate signer can be the owner of the public key.

Citations Scopus - 18
1999 Shankaran R, Varadharajan V, Hitchens M, 'Secure multicast extensions for mobile networks', Conference on Local Computer Networks (1999)

There has been a considerable interest shown in the area of mobility. With the advent of powerful portable devices such as laptop and palmtop there is a growing trend amongst user... [more]

There has been a considerable interest shown in the area of mobility. With the advent of powerful portable devices such as laptop and palmtop there is a growing trend amongst users to go the nomadic way. This implies that a user can get access to any service at any time without any interruption. Such nomadic computing poses several challenges in multicasting and security. We first consider a framework that has been proposed by [1] for multicasting in mobile IP networks. In this paper, we extend this framework to support a secure multicasting service. We describe secure schemes for a mobile host to initiate, join and leave a multicast group. We also discuss the secure movement of mobile hosts in intra and inter campus environments.

Citations Scopus - 3
1999 Wang H, Varadharajan V, Slaney J, 'Towards perfect objects', "Technology of Object-Oriented Languages and Systems (1999)

We present in this paper an extended object model for software system modelling and design. The extended object model was developed from ontological research into the nature and t... [more]

We present in this paper an extended object model for software system modelling and design. The extended object model was developed from ontological research into the nature and the generality of intelligent systems. The extension was made by attaching domains, states and categories to variables, and adding three types of constraints into the ordinary object model: identity constraints are for maintaining the identity and integrity of objects; trigger constraints are for enabling agents to act in objects autonomously; and goal constraints are for guiding agents to act in desired direction. We first introduce the theoretical background of the object model in brief. We then present the models in detail. We also discuss the advantages of our extended object model in software system modelling and design. In conclusion we summarise the main results we have achieved, and discuss some ongoing works that are relevant.

1998 Varadharajan V, Crall C, Pato J, 'Issues in the design of secure authorization service for distributed applications', GLOBECOM 98: IEEE GLOBECOM 1998 - CONFERENCE RECORD, VOLS 1-6, SYDNEY, AUSTRALIA (1998)
Citations Scopus - 1
1998 Varadharajan V, Crall C, Pato J, 'Authorization in enterprise-wide distributed system - A practical design and application', 14TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, PHOENIX, AZ (1998)
DOI 10.1109/CSAC.1998.738614
1998 Shankaran R, Varadharajan V, 'Secure signaling and access control for ATM networks', 14TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, PHOENIX, AZ (1998)
DOI 10.1109/CSAC.1998.738622
1998 Yi M, Varadharajan V, 'Anonymous secure E-voting over a network', 14TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, PROCEEDINGS, PHOENIX, AZ (1998)
DOI 10.1109/CSAC.1998.738649
Citations Web of Science - 1
1998 Mu Y, Varadharajan V, 'A new scheme of credit based payment for electronic commerce', 23RD ANNUAL CONFERENCE ON LOCAL COMPUTER NETWORKS - PROCEEDINGS, LOWELL, MA (1998)
DOI 10.1109/LCN.1998.727668
Citations Scopus - 5Web of Science - 2
1998 Nguyen KQ, Mu Y, Varadharajan V, 'A new digital cash scheme based on blind Nyberg-Rueppel digital signature', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1998)

© Springer-Verlag Berlin Heidelberg 1998. We propose a new untraceable digital cash scheme using blind Nyberg-Rueppel digital signature. The scheme provides security features suc... [more]

© Springer-Verlag Berlin Heidelberg 1998. We propose a new untraceable digital cash scheme using blind Nyberg-Rueppel digital signature. The scheme provides security features such as client anonymity, coin forgery prevention and double spending detection. The proposed scheme is also more efficient than previously proposed schemes by Chaum and Brands.

Citations Scopus - 3
1998 Bai Y, Varadharajan V, 'A high level language for conventional access control models', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1998)

© Springer-Verlag Berlin Heidelberg 1998. A formal language to specify general access control policies and their sequences of transformations has been proposed in [1]. The access... [more]

© Springer-Verlag Berlin Heidelberg 1998. A formal language to specify general access control policies and their sequences of transformations has been proposed in [1]. The access control policy was specified by a domain description which consisted of a finite set of initial policy propositions, policy transformation propositions and default propositions. Usually, access control models are falls into two conventional categories: discretionary access control(DAC) and mandatory access control(MAC). Traditional DAC models basically enumerate all the subjects and objects in a system and regulate the access to the object based on the identity of the subject. It can be best represented by the HRU's access control matrix [4] . While on the other hand, MAC models are lattice based models, in the sense that each subject and object is associated with a sensitivity level which forms a lattice [3]. In this paper, we intend to demonstrate that both a DAC-like model and a MAC-like model can be realized by an approach using our formal language. We also discuss some other related works.

1998 Varadharajan V, Shankaran R, Hitchens M, 'Secure authentication and access control in ATM networks', LONG-HAUL, ATM AND MULTI-MEDIA NETWORKS - NOC '98, MANCHESTER, ENGLAND (1998)
1998 Varadharajan V, Mu Y, Hitchens M, 'Design choices for public key based Kerberos authentication system', PROCEEDINGS OF THE 21ST AUSTRALASIAN COMPUTER SCIENCE CONFERENCE, ACSC'98, PERTH, AUSTRALIA (1998)
1997 Bai Y, Varadharajan V, 'Updating policy base: An application of knowledge base in authorizations', 1997 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENT PROCESSING SYSTEMS, VOLS 1 & 2, BEIJING, PEOPLES R CHINA (1997)
1997 Bai Y, Varadharajan V, 'A logic for state transformations in authorization policies', 10TH COMPUTER SECURITY FOUNDATIONS WORKSHOP, PROCEEDINGS, ROCKPORT, MA (1997)
DOI 10.1109/CSFW.1997.596810
Citations Scopus - 15Web of Science - 7
1997 Varadharajan V, Shankaran R, Hitchens M, 'Security services and public key infrastructure for ATM networks', LCN'97 - 22ND ANNUAL CONFERENCE ON LOCAL COMPUTER NETWORKS, PROCEEDINGS, MINNEAPOLIS, MN (1997)
DOI 10.1109/LCN.1997.630995
Citations Scopus - 2
1997 Varadharajan V, Shankaran R, Hitchens M, 'Security issues in asynchronous transfer mode', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1997)

© 1997, Springer-Verlag. All rights reserved. This paper addresses the design and management of security services for ATM networks. Various options for the positioning of securit... [more]

© 1997, Springer-Verlag. All rights reserved. This paper addresses the design and management of security services for ATM networks. Various options for the positioning of security services within the ATM protocol stack are discussed. After considering these possibilities, it is proposed to place the security layer between the AAL and ATM layers. The proposed security layer provides confidentiality, integrity and data origin authentication in the user plane. The developed security design can be transparently integrated into the B-ISDN Protocol Reference Model without in any way violating the existing standards.

DOI 10.1007/BFb0027945
Citations Scopus - 1
1997 Mu Y, Varadharajan V, Lin YX, 'New micropayment schemes based on paywords', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1997)

© 1997, Springer-Verlag. All rights reserved. This paper proposes three new micropayment schemes based on hashing and salting techniques. These schemes add significant features t... [more]

© 1997, Springer-Verlag. All rights reserved. This paper proposes three new micropayment schemes based on hashing and salting techniques. These schemes add significant features to the PayWord scheme proposed earlier by Rivest and Shamir. The scheme SPayWord introduces a salt into the payment process which makes the scheme more secure with smaller PayWords. The scheme UPayWord removes the constraint of the original PayWord scheme which requires a client to set the maximum number of PayWords in advance. The scheme PPayWord provides mechanisms for dealing with the loss of PayWords in communication thereby enabling successful verification of subsequent PayWords after the loss in a secure manner. The schemes presented in tiffs paper seem to be significant for use in practical off-line micropayment systems.

DOI 10.1007/BFb0027935
Citations Scopus - 7
1997 Bai Y, Varadharajan V, 'Analysis and implementation of a formal authorization policy design approach', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1997)

© 1997, Springer-Verlag. All rights reserved. In [1], we proposed a formal approach to specify authorization policies and their transformations. In this paper, we discuss the imp... [more]

© 1997, Springer-Verlag. All rights reserved. In [1], we proposed a formal approach to specify authorization policies and their transformations. In this paper, we discuss the implementation issues of this approach and analyse the complexities of the algorithms introduced.

DOI 10.1007/BFb0027939
1997 Nguyen KQ, Varadharajan V, Mu Y, 'A new efficient off-line anonymous cash scheme', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1997)

© Springer-Verlag Berlin Heidelberg 1997. Current off-fine electronic cash systems require at least one interaction between the client and the vendor for each coin. We propose a ... [more]

© Springer-Verlag Berlin Heidelberg 1997. Current off-fine electronic cash systems require at least one interaction between the client and the vendor for each coin. We propose a new electronic cash scheme that requires only one interaction between the client and the vendor for a complete electronic transaction. Our new protocol provides unconditional client anonymity, double-spending detection and forgery-prevention.

DOI 10.1007/3-540-63890-3_22
1997 Nguyen KQ, Mu Y, Varadharajan V, '', Annual Computer Security Applications Conference (1997)

Current off-line electronic cash systems require a great number of complex online computations by clients during the payment phase. In this paper, we propose a new off-line anonym... [more]

Current off-line electronic cash systems require a great number of complex online computations by clients during the payment phase. In this paper, we propose a new off-line anonymous cash scheme that greatly reduces the number of online computations that need to be done by the clients for each payment transaction. In particular, except for the first coin in a transaction, the client only needs to perform minimal computations for the remaining coins in the transaction. Our scheme also provides unconditional client anonymity and is able to detect double-spending and is resistant to coin forgery and framing attacks.

Citations Scopus - 3
1997 Nguyen KQ, Mu Y, Varadharajan V, 'Micro-digital money for electronic commerce', Annual Computer Security Applications Conference (1997)

This paper proposes two novel cash-based micropayment schemes based on a new technique referred to as the double-locked hash chain technique. Both schemes support divisibility and... [more]

This paper proposes two novel cash-based micropayment schemes based on a new technique referred to as the double-locked hash chain technique. Both schemes support divisibility and transferability of digital coins in a simpler way compared to the existing solutions. The basic scheme allows full or partial use of a coin chain in a transaction; if only part of a coin chain has been used with one vendor, the rest of the chain can be used for instance in a subsequent transaction with another vendor. The modified scheme extends this to multiple chains making the scheme particularly suitable for a large number of micropayment transactions.

Citations Scopus - 5
1997 Varadharajan V, Shankaran R, 'Security for ATM networks', Conference Record / IEEE Global Telecommunications Conference (1997)

This paper addresses the design and management of security services for ATM networks. Various options for the positioning of security services within the ATM protocol stack are di... [more]

This paper addresses the design and management of security services for ATM networks. Various options for the positioning of security services within the ATM protocol stack are discussed. After considering these possibilities, it is proposed to place the security layer between the AAL and ATM layers. The proposed security layer provides confidentiality, integrity and data origin authentication in the user plane. The paper then presents an authentication scheme and a key establishment protocol. This protocol is integrated with the existing ATM signaling protocol, as part of the call setup procedures. The developed security design can be transparently integrated into the B-ISDN Protocol, Reference Model without violating the existing standards.

1997 Varadharajan V, Mu Y, 'Preserving privacy in mobile communications: a hybrid method', IEEE International Conference on Personal Wireless Communications (1997)

In this paper, we propose three security protocols for mobile communications, which enable mutual authentication and establish a shared secret key between mobile users. They also ... [more]

In this paper, we propose three security protocols for mobile communications, which enable mutual authentication and establish a shared secret key between mobile users. They also provide a certain degree of anonymity of the communicating users to other system users. Our protocols are based on a hybrid scheme involving a combination of public key and symmetric key based systems.

Citations Scopus - 10
1997 Bai Y, Varadharajan V, 'A Formal Security Design Approach for Transformation of Authorizations in Information Systems.', PACIS (1997)
1996 Varadharajan V, 'Design of enterprise-wide secure networked system', PROCEEDINGS OF THE 5TH WORKSHOPS ON ENABLING TECHNOLOGIES: INFRASTRUCTURE FOR COLLABORATIVE ENTERPRISES (WET ICE '96), STANFORD, CA (1996)
DOI 10.1109/ENABL.1996.555093
1996 Varadharajan V, 'Security in high speed networks', 21ST IEEE CONFERENCE ON LOCAL COMPUTER NETWORKS, PROCEEDINGS, MINNEAPOLIS, MN (1996)
DOI 10.1109/LCN.1996.558125
1996 Varadharajan V, Allen P, 'Support for joint action based security policies', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1996)

© Springer-Verlag Berlin Heidelberg 1996. Authorization policy requirements in commercial applications are often richer compared to military applications in terms of the types of... [more]

© Springer-Verlag Berlin Heidelberg 1996. Authorization policy requirements in commercial applications are often richer compared to military applications in terms of the types of privileges required, and more complex in terms of both the nature and degree of interactions between participating objects. Delegation and joint action mechanisms allow a more flexible and dynamic form of access control, thereby enabling the representation of sophisticated authorization policies. This paper explores some issues that need to be addressed when designing joint actions based authorization policies, and their ramifications for trust of various components in the architecture. We consider an example from the medical field, and define attributes relevant to the design of joint action schemes and present three schemes for supporting joint action based authorization policies.

Citations Scopus - 1
1996 Mu Y, Varadharajan V, 'On the design of security protocols for mobile communications', Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (1996)

© Springer-Verlag Berlin Heidelberg 1996. Use of mobile personal computers in open networked environment is revolutionalising the way we use computer. Mobile networked computing ... [more]

© Springer-Verlag Berlin Heidelberg 1996. Use of mobile personal computers in open networked environment is revolutionalising the way we use computer. Mobile networked computing is raising important information security and privacy issues. This paper is concerned with the design of authentication protocols for a mobile computing environment. The paper first analyses the authentication initiator protocols proposed by Belier, Chang and Yacobi (BCY) and the modifications considered by Carlsen and points out some weaknesses. The paper then suggests improvements to these protocols. The paper proposes secure end-to-end protocols between mobile users using both symmetric and public key based systems. These protocols enable mutual authentication and establish a shared secret key between mobile users. Furthermore, these protocols provide a certain degree of anonymity of the communicating users to be achieved vis-a-vis other system users.

Citations Scopus - 24
1996 Hitchens M, Varadharajan V, 'esign Choices For Symmetric Key Based Inter-Domain Authentication Protocols In Distributed Systems.', ACSAC (1996)
DOI 10.1109/CSAC.1996.569679
1996 Varadharajan V, Mu Y, 'On The Design Of Secure Electronic Payment Schemes For Internet.', ACSAC (1996)
DOI 10.1109/CSAC.1996.569674
1996 Varadharajan V, Mu Y, 'Design of Secure End-toEnd Protocols for Mobile Systems.', IFIP World Conference on Mobile Communications (1996)
1995 Varadharajan V, 'Security for local area and wide area networked computes communications', INFORMATION HIGHWAYS FOR A SMALLER WORLD AND BETTER LIVING, SEOUL, SOUTH KOREA (1995)
1994 VARADHARAJAN V, CALVELLI C, 'EXTENDING THE SCHEMATIC PROTECTION MODEL .1. CONDITIONAL TICKETS AND AUTHENTICATION', 1994 IEEE COMPUTER SOCIETY SYMPOSIUM ON RESEARCH IN SECURITY AND PRIVACY, PROCEEDINGS, OAKLAND, CA (1994)
Citations Scopus - 2
1993 Varadharajan V, 'Authentication in mobile distributed environment', IEE Conference Publication (1993)

Information and communication technology is on the threshold of a new style of computing. First, the telecommunications industry is witnessing the development of Personal Communic... [more]

Information and communication technology is on the threshold of a new style of computing. First, the telecommunications industry is witnessing the development of Personal Communication Systems that are 'person-specific' with person to person logical connections. Second, the computer industry is in the phase of practical implementation of distributed systems concepts. In particular, the notion of open systems is a major driving force. Use of mobile personal systems in a open distributed environment raises several issues with regard to information security and system dependability. This paper addresses one key aspect of information security in such a mobile distributed environment namely that of authentication. We consider the nature of the security threat, and how it may arise in practical situations. then we describe the characteristics of the required authentication security service to counteract this threat. In particular, we outline some of the common mechanisms that can be used to provide authentication. We illustrate these issues by considering some scenarios in the areas of mobile personal information systems and client server based distributed systems, and show how the authentication mechanisms can be used to counteract the masquerading threat.

Citations Scopus - 2
1993 Calvelli C, Varadharajan V, 'Representation of mental health application access policy in a monotonic model.', ACSAC (1993)
DOI 10.1109/CSAC.1993.315439
1992 Calvelli C, Varadharajan V, 'An Analysis of some Delegation Protocols for Distributed Systems.', CSFW (1992)
DOI 10.1109/CSFW.1992.236784
1991 VARADHARAJAN V, ALLEN P, BLACK S, 'AN ANALYSIS OF THE PROXY PROBLEM IN DISTRIBUTED SYSTEMS', 1991 IEEE COMPUTER SOCIETY SYMPOSIUM ON RESEARCH IN SECURITY AND PRIVACY, OAKLAND, CA (1991)
Citations Scopus - 56Web of Science - 1
1991 Varadharajan V, 'Hook-Up Property of Information Flow Secure Nets.', CSFW (1991)
DOI 10.1109/CSFW.1991.151582
1991 VARADHARAJAN V, 'NOTIFICATION - A PRACTICAL SECURITY PROBLEM IN DISTRIBUTED SYSTEMS', 14TH NATIONAL COMPUTER SECURITY CONFERENCE - INFORMATION SYSTEMS SECURITY: REQUIREMENTS & PRACTICES, PROCEEDINGS, VOLS 1 AND 2, WASHINGTON, DC (1991)
1990 VARADHARAJAN V, 'A MULTILEVEL SECURITY POLICY MODEL FOR NETWORKS', IEEE INFOCOM 90, VOLS 1-3, SAN FRANCISCO, CA (1990)
Citations Scopus - 6
1990 Varadharajan V, 'A formal approach to system design and refinement' (1990)

The Petri net formalism is used in the synthesis of system designs. A methodology is used that makes it possible to synthesize arbitrary size well-behaved Petri nets, using a step... [more]

The Petri net formalism is used in the synthesis of system designs. A methodology is used that makes it possible to synthesize arbitrary size well-behaved Petri nets, using a stepwise refinement technique. This technique provides a method for constructing large systems that are well-behaved by design. The steps that are required in developing a synthesis procedure are outlined and brief mention is made of some of the work that has been done in this area. A subclass of nets called information flow nets (IFNs) is proposed, and the notion of a well-behaved IFN is defined. A refinement procedure for IFNs is presented, and the conditions required for the refinement procedure to preserve well-behavedness are derived. The theorem of refinement of IFNs is given. The author formulates appropriate interpretations for the properties of the nets, enabling him to synthesize systems in different applications.

Citations Scopus - 1
1990 Varadharajan V, 'Petri net based modelling of information flow security requirements', Proceedings. The Computer Security Foundations Workshop III (1990)

An extended Petri net formalism which can be used to model information flow security requirements is described. The proposed framework can be used to specify a range of security p... [more]

An extended Petri net formalism which can be used to model information flow security requirements is described. The proposed framework can be used to specify a range of security policies by making specific choices for the components of the model. It is believed that Petri nets provide an elegant way of modeling security policies in a distributed system. The ability to model concurrency, the structural generality of Petri nets, and the existence of powerful analytical techniques make the Petri-net modeling approach even more useful. Two examples are given to illustrate the use of such a model.

Citations Scopus - 13
1990 Varadharajan V, 'Design of a network security policy model', IEE Conference Publication (1990)

The aim of this paper is to consider the development of multilevel network security policy models by drawing as many parallels as possible from the computer security models. We fi... [more]

The aim of this paper is to consider the development of multilevel network security policy models by drawing as many parallels as possible from the computer security models. We first consider how access control and information flow security issues arise in the design of multilevel secure network systems. We develop an outline of a simple abstract network security model which considers the access control and information flow security aspects in a multilevel network environment. We give a formal definition of such a model and the associated security requirements and then derive suitable conditions for the system to meet the security requirements. By definition, the system model is said to be 'secure' if these conditions are satisfied.

1990 Varadharajan V, Black S, 'A multilevel security model for a distributed object-oriented system.', ACSAC (1990)
DOI 10.1109/CSAC.1990.143753
1989 Black S, Calvelli C, Varadharajan V, 'Modelling security aspects of a message handling system in LOTOS', IEE Conference Publication (1989)

This paper describes the formal specification of the security aspects of a Message Handling System (MHS). We chose the International Standard formal description technique LOTOS to... [more]

This paper describes the formal specification of the security aspects of a Message Handling System (MHS). We chose the International Standard formal description technique LOTOS to describe this system. The actual system being modelled, called LOCATOR, is a secure mobile MHS, and was developed within the U.K.'s Alvey programme. Here we outline the MHS, the security services, and describe the modelling of these services in LOTOS.

1986 VARADHARAJAN V, 'TRAPDOOR RINGS AND THEIR USE IN CRYPTOGRAPHY', LECTURE NOTES IN COMPUTER SCIENCE (1986)
Citations Web of Science - 1
Show 284 more conferences
Edit

Grants and Funding

Summary

Number of grants 7
Total funding $590,797

Click on a grant title below to expand the full details for that specific grant.


20176 grants / $577,597

Cloud Security: Techniques for Securing Cloud Data and Services$249,690

Funding body: ARC (Australian Research Council)

Funding body ARC (Australian Research Council)
Project Team Professor Vijay Varadharajan
Scheme Discovery Projects
Role Lead
Funding Start 2017
Funding Finish 2017
GNo G1700620
Type Of Funding Aust Competitive - Commonwealth
Category 1CS
UON Y

Advanced Authorisation Infrastructures for Distributed Autonomic Systems$133,620

Funding body: Defence Science and Technology Group

Funding body Defence Science and Technology Group
Project Team Professor Vijay Varadharajan, Dr Anton Uzunov
Scheme Research Scholarship
Role Lead
Funding Start 2017
Funding Finish 2020
GNo G1700915
Type Of Funding Other Public Sector - Commonwealth
Category 2OPC
UON Y

Policy Driven Secure End to End Services in Distributed Software Defined Networks based Autonomous Systems$99,607

Funding body: Defence Science and Technology Group

Funding body Defence Science and Technology Group
Project Team Professor Vijay Varadharajan
Scheme Competitive Evaluation Research Agreement (CERA) Program
Role Lead
Funding Start 2017
Funding Finish 2017
GNo G1700594
Type Of Funding Other Public Sector - Commonwealth
Category 2OPC
UON Y

Security and Trust in IoT Infrastructures$55,644

Funding body: CSIRO - Commonwealth Scientific and Industrial Research Organisation

Funding body CSIRO - Commonwealth Scientific and Industrial Research Organisation
Project Team Professor Vijay Varadharajan, Doctor Nan Li
Scheme Research Grant
Role Lead
Funding Start 2017
Funding Finish 2018
GNo G1701323
Type Of Funding Other Public Sector - Commonwealth
Category 2OPC
UON Y

Security and Trust in Peer to Peer Computing Services$34,036

Funding body: Microsoft Australia

Funding body Microsoft Australia
Project Team Professor Vijay Varadharajan
Scheme Research Grant
Role Lead
Funding Start 2017
Funding Finish 2017
GNo G1701022
Type Of Funding Grant - Aust Non Government
Category 3AFG
UON Y

Health technology evaluation$5,000

Funding body: CSIRO - Commonwealth Scientific and Industrial Research Organisation

Funding body CSIRO - Commonwealth Scientific and Industrial Research Organisation
Project Team Professor John Attia, Doctor Luke Wolfenden, Professor Vijay Varadharajan, Dr Craig Dalton, Conjoint Associate Professor Andrew Searles, Ms Jane Gray
Scheme ON Prime
Role Investigator
Funding Start 2017
Funding Finish 2017
GNo G1701038
Type Of Funding Other Public Sector - Commonwealth
Category 2OPC
UON Y

1 grants / $13,200

Software platform and field based app for the design and management of key infrastructure assets$13,200

Funding body: Alliance Power and Data Pty Ltd

Funding body Alliance Power and Data Pty Ltd
Project Team Professor Vijay Varadharajan
Scheme Entrepreneurs' Programme: Innovation Connections
Role Lead
Funding Start
Funding Finish
GNo G1701508
Type Of Funding Grant - Aust Non Government
Category 3AFG
UON Y
Edit

Research Supervision

Number of supervisions

Completed0
Current1

Total current UON EFTSL

PhD0.8

Current Supervision

Commenced Level of Study Research Title Program Supervisor Type
2017 PhD Software Defined Network Security PhD (Computer Engineering), Faculty of Engineering and Built Environment, The University of Newcastle Principal Supervisor
Edit

News

PHD Scholarship - Advanced Authorization Infrastructures for Distributed Autonomic Systems

August 28, 2017

A PhD scholarship opportunity is available for a student to study the advanced authorisation infrastructures for distributed autonomic systems under the supervision of  Professor Vijay Varadharajan.

Professor Vijay Varadharajan

Position

Global Innovation Chair in Cybersecurity
Faculty of Engineering and Built Environment

Contact Details

Email vijay.varadharajan@newcastle.edu.au
Phone (02) 4921 8687
Mobile 0417023089

Office

Room EAG03d
Building Engineering A Building
Edit