Contents

  1. Instructions
    1. How to add a paper cite to this page
  2. List of Papers
    1. Security in Peer-to-Peer systems
    2. Network Protocols
      1. TCP/IP
      2. Anonymous Communication Protocols
    3. Wireless
      1. Authentication
      2. Specific Wireless Protocols
        1. Cellular
        2. 802.11
        3. RFID
        4. Metro Area Networks
        5. Bluetooth
        6. Sensor Networks
      3. Interfaces with Wireless/Wired Networks
      4. Location Services
    4. Social and Human factors in Security
    5. Applications
      1. VoIP
      2. IM and SMS
      3. WWW
        1. Browser Security
        2. Server and Web App Security
        3. Distributed Web Security
        4. Malicious Web Servers (Hands-on)
        5. Risks from 3rd party web services or Cloud computing models
    6. Security Models
    7. Defensive Network Components
      1. Firewalls
      2. Intrusion Detection
      3. Honey Pots
    8. Attack Code and Coordination
      1. BotNets
      2. DDoS
      3. Trojans and Viruses and Worms
    9. Tools for Analyzing and Classifying Attacks
    10. Crypto
      1. Cryptanalysis
    11. Authentication
    12. Physical Security
  3. Secure Anonymous Routing
  4. Malware due to Drive-by Downloads on Internet

Instructions

Some good conference proceedings to look at for interesting papers are listed below. You can also search the ACM digital library and IEEE IeeeExplore service for other papers and conference proceedings. Note to download fulltext papers from each of these you will need to be accessing them from a GW campus IP address or you will need to login to the Gelman Library remote database service (ALADIN Research Portal andALADIN login help).

How to add a paper cite to this page

You should add any papers you find that are interesting to this page. When you view the raw source you will see that the papers listed here are formatted as BibTeX entries. If where ever you found the paper has a BibTeX cite that is what you should use (acm.org and ieee.org will provide BibTeX cites automatically if you click on the link). Just add your paper to one of the  xxx  surrounded blocks for the appropriate topic. If you want to add a new general topic, just follow the template of how the current topics are formatted.

The BibTeX parser is somewhat sensitive, so if you add an 'incorrectly' formatted BibTeX entry, it may not display any of the papers in the BibTeX block with the bad paper. So if after saving your changes, you paper does not appear (and other vanish :) ) reedit the page and verify the BibTeX format is correct (like all of the others). To help with debugging you can surround just your new citation with it's own "#!bibtex " block so it doesn't affect any other papers.

If you can not find a BibTeX citation for the paper and don't want to generate one yourself, you can write the citation directly in a similar (but not identical) format to the way the BibTeX ones display.

Make sure to include a link to a place to download your paper in your citation. For BibTeX cites that can be done by adding an entry to the citation that provides a "pdf" record pointing to a URL where the paper can be downloaded. For example: 

 pdf = {http://doi.acm.org/10.1145/1028788.1028790},

If no online source exists that you can point to, you can attach the paper to this page by using an "attachment:" url and uploading the paper. 

[attachment:mypaper_name.pdf My Paper]

Do not DELETE ANY papers from this page.

List of Papers

Security in Peer-to-Peer systems

[cox_samsara03]
Landon P. Cox and Brian D. Noble. Samsara: honor among thieves in peer-to-peer storage. In Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pages 120-132, Bolton Landing, NY, October 2003. ACM Press.
[ .pdf ]

Network Protocols

TCP/IP

[Covert_TCP_05]
Steven J. Murdoch and Stephen Lewis. Embedding covert channels into tcp/ip. In Lecture Notes in Computer Science 3727, pages 247-261. Springer Berlin / Heidelberg, October 2005.
[ .pdf ]

This paper talks about ways to use the various fields in TCP/IP as a covert-channel for communications. The best choice for the authors is argued to be the Initial Sequence Number (ISN). It goes on to cover ways to use this in Linux and OpenBSD, and ways to detect it.

[IPID_inferences_05]
Weifeng Chen, Yong Huang, Bruno F. Ribeiro, Kyoungwon Suh, Honggang Zhang, Edmundo de Souza e Silva, Jim Kurose, and Don Towsley. Exploiting the ipid field to infer network path and end-system characteristics. In Proceedings of PAM 2005, 2005.
[ .pdf ]

This paper talks about ways to use the IPID field contained in Internet Protocol (IP) packets to infer characteristics about remote computers, such as the amount of internal traffic generated by the server, the number of servers in a load-balanced situation, and one-way communications delays to a target computer. It's interesting because it is using a required protocol field to infer information in an unintended and unique way.

Anonymous Communication Protocols

[Dingledine]
Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor the second-generationonion router. In In Proceedings of the 13th USENIX Security Symposium, August, 2004.
[ .pdf ]

The paper presents an overview of Tor, an anonymous communication service based which is a direct extension upon the original onion routing concept. Tor makes improvements to the original onion routing design by adding techniques from other anonymity protocols like Crowds and Hordes.

[1029199]
Nick Feamster and Roger Dingledine. Location diversity in anonymity networks. In WPES '04: Proceedings of the 2004 ACM workshop on Privacy in the electronic society, pages 66-76, New York, NY, USA, 2004. ACM.
[ .pdf ]

Most anonymity providing mix networks have relied on location diversity of the participating nodes while ignoring the fact that an attacker might be able to observe some portion of the network. The paper investigates the location diversity of nodes participating in previously developed anonymity networks when an attacker controls a administrative domain (autonomous system) within the network.

Wireless

Authentication

[1180362]
Svetlana Radosavac, John S. Baras, and George V. Moustakides. Impact of optimal mac layer attacks on the network layer. In SASN '06: Proceedings of the fourth ACM workshop on Security of ad hoc and sensor networks, pages 135-146, New York, NY, USA, 2006. ACM.
[ http ]

This paper proposes a solution called signalprint for wireless networks that lack of traditional authentication machenism. Signal strength is assessed by access points to determine physical location of each client thus prevent attacks based on masquerade.

Anand Raghunathan, Srivaths Ravi,Sunil Hattangady, Jean-Jackques Quisquater. Securing Mobile Appliances: New Challenges for the System Designer 2003. ISBN SSN:1530-1591 , 0-7695-1870-2. Design, Automation, and Test in Europe

This article speaks to how technology is becoming more pervasive in our everyday life. As this technology becomes more intergrated in our lives we will be letting these devices hold more and more personal information. Security becomes more paramount as personal information is being divulged more and more.

attachment:pervasive.pdf

Specific Wireless Protocols

Cellular

[1102171]
William Enck, Patrick Traynor, Patrick McDaniel, and Thomas La Porta. Exploiting open functionality in sms-capable cellular networks. In CCS '05: Proceedings of the 12th ACM conference on Computer and communications security, pages 393-404, New York, NY, USA, 2005. ACM.

Nowadays, cellular networks, has become in one important part of our lives and the world economics. This interesting paper explains how the interface between the Internet and SMS (Cellular control network) is vulnerable to attacks and how can be achieve with no more than a cable modem. This paper also explain the steps require to mitigate or eliminate the threats introduced by this attacks

[570720]
Vorapranee Khu-smith and Chris J. Mitchell. Using gsm to enhance e-commerce security. In WMC '02: Proceedings of the 2nd international workshop on Mobile commerce, pages 75-81, New York, NY, USA, 2002. ACM. Submitted by (UpenderNimbekar)This paper proposes a payment protocol in which the risk of storing the debit/credit card details at the merchant side is totally eliminated. USer authentication is also used. This is achieved by utilising the GSM data confidentiality service to encrypt sensitive information. The GSM security service is also used to provide user identity authentication. The additional security is realised in such a way that no management overhead is imposed to the user.
[ http ]

802.11

[Pang:MobiCom07]
Jeffrey Pang, Ben Greenstein, Ramakrishna Gummadi, Srinivasan Seshan, and David Wetherall. 802.11 user fingerprinting. In MobiCom '07: Proceedings of the 13th Annual International Conference on Mobile Computing and Networking, September 2007. This paper talks about security and privacy regarding wireless networks, specifically 802.11, and how any attacker can effectively fingerprint users in a wireless environment even when using pseudonyms (random MAC addresses) and link-layer encryption. The author explains 4 implicit identifiers: SSID probes, network destination addresses, broadcast packet sizes and MAC protocol fields; and how one or a combination of these can effectively and accurately pinpoint users in wireless networks.
[ .pdf ]

[ChanghuaHe:NDSS05]
John C. Mitchell. Changhua He. Security analysis and improvements for ieee 802.11i. In The 12th Annual Network and Distributed System Security Symposium, February 2005. This paper analyzes the IEEE 802.11i wireless networking standard with respect to data confidentiality, integrity, mutual authentication, and availability. 802.11i appears to provide effective data confidentiality and integrity when CCMP is used. Furthermore, it also may provide satisfactory mutual authentication and key management, although there are some potential implementation oversights that may cause severe problems. Since the 802.11i design does not emphasize availability, several DoS attacks are possible. The paper reviews the known DoS attacks on unprotected management frames and EAP frames, and discuss ways of mitigating them in 802.11i.
[ .pdf ]

[1624028]
M.; Lackey J. Bittau, A.; Handley. The final nail in wep's coffin. Security and Privacy, 2006 IEEE Symposium on, pages 15 pp.-, 21-24 May 2006.
[ http ]

This paper discusses many aspects of WEP security vulnerabilities, several traditional attacks and a new attack which is developed by the authors and it can defeat the latest patches on WEP, interesting topic! attachment:TheFinalNailInWEPCoffin.pdf

RFID

Ilan Kirschenbaum and Avishai Wool. How to build a low-cost, extended-range RFID skimmer. In Proceedings of the 15th USENIX Security Symposium, pages 43-57, Vancouver, B.C., Canada, August 2006.

This paper explains a method for creating a device that can "skim" personal information off of RFID-enabled devices such as credit cards, ePassports, physical access control cards, etc. This information could then be used to forge login credentials or make false purchases without the true owner knowing.

http://www.usenix.org/events/sec06/tech/full_papers/kirschenbaum/kirschenbaum.pdf

Ari Juels. RFID Security and Privacy:A Research Survey. IEEE Journal on Selected Areas in Communication (J-SAC) in 2006.

http://www.rsa.com/rsalabs/staff/bios/ajuels/publications/pdfs/rfid_survey_28_09_05.pdf

[1030112]
David Molnar and David Wagner. Privacy and security in library rfid: issues, practices, and architectures. In CCS '04: Proceedings of the 11th ACM conference on Computer and communications security, pages 210-219, New York, NY, USA, 2004. ACM.

http://www.cs.berkeley.edu/~dmolnar/library.pdf

Above two papers discusses the privacy and security issues of RFID implementations.

Metro Area Networks

This paper discusses the threats to large-scale WiFi networks from distributed attacks (including "wildfire" worms, and coordinated city-wide phishing scams based on wireless spoofing). It is a very interesting discussion.

http://www.usenix.org/events/sec07/tech/full_papers/akritidis/akritidis.pdf

Bluetooth

This paper looks at how worms are able to propogate themselves using the bluetooth protocol to effect different mobile platforms

bluetooth.pdf

Sensor Networks

Sensor networks are easily compromised, if one node is compromised than secret keys used by that node to communicate with all the other nodes in the network are easily accessible. This paper proposes a diversity in nodes within a single network in order help mitigate that danger.

[1180359]
Abdulrahman Alarifi and Wenliang Du. Diversify sensor nodes to improve resilience against node compromise. In SASN '06: Proceedings of the fourth ACM workshop on Security of ad hoc and sensor networks, pages 101-112, New York, NY, USA, 2006. ACM.
[ http ]

Interfaces with Wireless/Wired Networks

[1065-898X]
Sklavos Nicolas Rathakrishnan Moganakrishnan Fowler Scott Zeadally, Sherali1. End-to-end security across wired-wireless networks for mobile users. In Sep/Oct2007, Vol. 16 Issue 5, p264-277, 14p, 6 charts, 5 diagrams, 2 graphs, 2007. I thought this paper was interesting because it addressed the security issue of any system implementation that uses both wired and wireless networks. The author makes an analysis of security issues that rise from implementations on networks that use the two environments and presents ipsec as the best current solution.
[ .pdf ]

Location Services

[1186716]
Alfredo Matos, Justino Santos, Susana Sargento, Rui Aguiar, ao Jo ao Gir and Marco Liebsch. Hip location privacy framework. In MobiArch '06: Proceedings of first ACM/IEEE international workshop on Mobility in the evolving internet architecture, pages 57-62, New York, NY, USA, 2006. ACM.
[ http ]

This paper is about a new proposal to solve location privacy issues in the Host Identity Protocol architecture. I think this paper is interesting because it proposes a new protocol to seperate locators from identifiers.

[1607571]
Baik Hoh and M. Gruteser. Protecting location privacy through path confusion. Security and Privacy for Emerging Areas in Communications Networks, 2005. SecureComm 2005. First International Conference on, pages 194-205, 05-09 Sept. 2005.
[ www ]

This paper presents the study of a Path Perturbation algorithm for miximizing a user's location privacy from a set of applications (e.g. traffic monitoring, transportation planning) that continuously collect location samples from a large group of users. I find this paper interesting since nowadays these type of technologies are becoming so common which makes me wonder about our privacy.

Social and Human factors in Security

[1066]
Peter Welander. The human factor. In Novemer 2007, 2007. This paper introduced the Human factor as the key for the implementation of any Secure system and concludes that both human and the technology should be considered hand in hand when implementing any system.
[ .pdf ]

[9628147]
S Bratus. What hackers learn that the rest of us don't: Notes on hacker curriculum. In Security & Privacy Magazine Volume 5, Issue 4, pages 72-75, Washington, DC, 2007. IEEE.

attachment:HackersLearn.pdf

This paper deals with the differences in learning between and IT professionals, CS students and members of the Hacker community. Its talks about Hacker conferences and influences each has on the other.

[1047694]
Gregory Conti. Why computer scientists should attend hacker conferences. Commun. ACM, 48(3):23-24, 2005.
[ http ]

This article presents a fairly unique view on the utility of hacker conferences and how they can be useful to those not technically part of the 'hacker community'.

Applications

VoIP

[1638123]
E.Y. Chen. Detecting dos attacks on sip systems. VoIP Management and Security, 2006. 1st IEEE Workshop on, pages 53-58, 3 April 2006.

Keywords: Internet telephony, client-server systems, protocols, quality of service, telecommunication security DoS, SIP, VoIP technology, client-server system, denial of service attack, session initiation protocol, transaction anomaly

VoIP is gaining popularity as the technology improves and it remains a cost-efficient alternative to land line phone service. With this increase in popularity comes the risk of malicious attacks, such as Denial of Service (DoS) attacks. This paper discusses methods to detect DoS attacks from SIP flooding.

Detecting DoS attacks on SIP systems

[VOIP]
Ruth S Gayde. Aspects of network security for voip solutions using ims core network and wi-fi access. Bell Labs Technical Journal, 12(3), 2007.

A network providing Voice over Internet Protocol (VoIP) service requires many network elements. Each network element may have its own set of security capabilities, but not all security capabilities on all network elements are necessary at the same time for a given network configuration. An end-to-end network view is necessary to choose appropriate security capabilities while minimizing network overhead. For VoIP, using an IP Multimedia Subsystem (IMS) core network and wireless fidelity (Wi-Fi*) access, the service provider can offer the feature functionality of the core network to both enterprise and residential customers simultaneously. However, both market segments provide their own set of unique security challenges, and what is appropriate for one market segment is not necessarily appropriate for the other. This paper explores various security implications for both of these market segments and proposes options for securing each network configuration. Security aspects of the control plane, bearer plane, and management plane are considered.

VOIP_security.pdf

This is a very good article into VOIP and the underlying network protocols that are used to implement it. This article provides a good comparison of security verses convenience. All in all, it is a very interesting article to read.

[1298238]
Wafaa Bou Diab, Samir Tohme, and Carole Bassil. Critical vpn security analysis and new approach for securing voip communications over vpn networks. In WMuNeP '07: Proceedings of the 3rd ACM workshop on Wireless multimedia networking and performance modeling, pages 92-96, New York, NY, USA, 2007. ACM.

This good paper discusses the VPN approach to secure voice traffic over the Internet. It compares different VPN technologies(PPTP, L2TP, IPSec, SSL/TLS) to provide solutions for VoIP security protocols. IPSec VPNs is the best solution for real time traffic on behalf of security where VoIP traffic can be protected and secured.

attachment:securing_voip_over_vpn_networks.pdf

[1216668]
Nisha Rajagopal and Michael Devetsikiotis. Modeling and optimization for the design of ims networks. In ANSS '06: Proceedings of the 39th annual Symposium on Simulation, pages 34-41, Washington, DC, USA, 2006. IEEE Computer Society.
[ http ]

The paper focuses on the formulation of queuing models for the IMS network and characterization of the SIP server workload, and on a methodology for the design of such networks for optimal performance

IM and SMS

[1161307]
Abhijit Bose and Kang G. Shin. Proactive security for mobile messaging networks. In WiSe '06: Proceedings of the 5th ACM workshop on Wireless security, pages 95-104, New York, NY, USA, 2006. ACM.

This paper discusses ways to protect Instant Messaging and Short Messaging Service networks from the growing threat of malicious code. It approaches the issue from the angles of vulnerable client identification, containment, and proactive security of a cellular network.

Proactive security for mobile messaging networks

WWW

Browser Security

[1180434]
V. T. Lam, S. Antonatos, P. Akritidis, and K. G. Anagnostakis. Puppetnets: misusing web browsers as a distributed attack infrastructure. In CCS '06: Proceedings of the 13th ACM conference on Computer and communications security, pages 221-234, New York, NY, USA, 2006. ACM.

This paper discusses how malicious web sites can exploit vulnerabilities in the web infrastructure to remotely control browsers to cause attacks including DOS, worms, and reconnaissance scans.

Puppetnets--misusing web browsers as a distributed attack infrastructure

[iframe_malware_distribution08]
Niels Provos, Panayiotis Mavrommatis, Moheeb Abu Rajab, and Fabian Monrose. All your iframe are point to us. Technical Report Google TR provos-2008a, Google and Johns Hopkins University, Feb 2008. Web summary at http://googleonlinesecurity.blogspot.com/2008/02/all-your-iframe-are-point-to-us.html.
[ .pdf ]

An excellent paper analyzing the problem of "Drive by downloads" of malware from benign websites.

[1315253]
Ben Adida. Beamauth: two-factor web authentication with a bookmark. In CCS '07: Proceedings of the 14th ACM conference on Computer and communications security, pages 48-57, New York, NY, USA, 2007. ACM.

This paper proposes a web authentication technique that is deployed from the server and can protect against phishing attacks.

Beamauth-two-factor web authentication with a bookmark

[1180360]
Michael Hicks Trevor Jim, Nikhil Swamy. Defeating script injection attacks with browser-enforced embedded policies. -, 2007. ACM.
[ .pdf ]

This paper describes a way for defining a script policy that a website might use. this new methodolgy will allow the website to define what scripts are allowed to run in a certain conditions (policy). such a policy may prevent CSS like the Samy worm.

[ccs07_dnsrebind]
C. Jackson, A. Barth, A. Bortz, W. Shao, and D. Boneh. Protecting browsers from dns rebinding attacks. In Proceedings of the 14'th ACM conference on Computer and Communications Security (CCS). ACM, 2007.
[ .pdf ]

DNS rebinding attacks subvert the same-origin policy of browsers and convert them into open network proxies. We survey new DNS rebinding attacks that exploit the interaction between browsers and their plug-ins, such as Flash and Java. These attacks can be used to circumvent firewalls and are highly cost-effective for sending spam e-mail and defrauding pay-per-click advertisers, requiring less than 100 to temporarily hijack 100,000 IP addresses. We show that the classic defense against these attacks, called DNS pinning, is ineffective in modern browsers. The primary focus of this work, however, is the design of strong defenses against DNS rebinding attacks that protect modern browsers: we suggest easy-to-deploy patches for plug-ins that prevent large-scale exploitation, provide a defense tool, dnswall, that prevents firewall circumvention, and detail two defense options, policy-based pinning and host name authorization.

A good explanation of dns based browser attacks and methods to protect modern browsers from these vulnerabilities.

Server and Web App Security

[1294265]
Stephen Chong, Jed Liu, Andrew C. Myers, Xin Qi, K. Vikram, Lantian Zheng, and Xin Zheng. Secure web application via automatic partitioning. In SOSP '07: Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles, pages 31-44, New York, NY, USA, 2007. ACM.

Secure web application via automatic partitioning

[1315250]
Davide Balzarotti, Marco Cova, Viktoria V. Felmetsger, and Giovanni Vigna. Multi-module vulnerability analysis of web-based applications. In CCS '07: Proceedings of the 14th ACM conference on Computer and communications security, pages 25-35, New York, NY, USA, 2007. ACM.

Distributed Web Security

}

This paper is about how different proxies coordinate themselves in order to process and deliver contents, and the integrity of the delivered content is enforced using a decentralized strategy. To achieve this, we utilize a distributed role lookup table and a role-number based routing mechanism.

[1180382]
Mohammad Ashiqur Rahaman, Andreas Schaad, and Maarten Rits. Towards secure soap message exchange in a soa. In SWS '06: Proceedings of the 3rd ACM workshop on Secure web services, pages 77-84, New York, NY, USA, 2006. ACM.

attachment:soa_security.pdf

Security paper describing technologies used to secure Service Oriented Architectures that make use of Web Services and SOAP.

Malicious Web Servers (Hands-on)

[l33t_stuff]
Christian Seifert, Ramon Steenson, Thorsten Holz, Yuan Bing, Michael A. Davis. Know Your Enemy: Malicious Web Servers, Honeynet Project, 9 August, 2007

This paper provides a hands-on discussion if malicious webservers. If you are interested in the precise details of malicious servers really works, this paper is for you.

[l33t_stuff2]
Christian Seifert. Know Your Enemy: Behind the Scenes of Malicious Web Servers, Honeynet Project, 7 November, 2007

This paper is the last of a series of papers focusing on malicious web servers. In this document, Web Exploitations Kits are explored. (It's a fun read)

Risks from 3rd party web services or Cloud computing models

[1180360]
Gregory Conti. Googling considered harmful. -, 2006. ACM.
[ .pdf ]

This paper highlights the problem in the current security measures such as firewalls and cryptography because of the trust of the service provider (like when we do search in Google). it examines the effectiveness of existing privacy countermeasures and gives the road for future work for protection

Security Models

[1314473]
Timothy E. Levin, Cynthia E. Irvine, Clark Weissman, and Thuy D. Nguyen. Analysis of three multilevel security architectures. In CSAW '07: Proceedings of the 2007 ACM workshop on Computer security architecture, pages 37-46, New York, NY, USA, 2007. ACM.

this paper analyses three systems architectures that have been proposed for multilevel security. it's a good chance to have a look at three systems architectures and compare them and see what is the advantages and disadvantages of each one

Analysis of three multilevel security architectures.pdf

Defensive Network Components

Firewalls

[1264195]
Charles C. Zhang, Marianne Winslett, and Carl A. Gunter. On the safety and efficiency of firewall policy deployment. In SP '07: Proceedings of the 2007 IEEE Symposium on Security and Privacy, pages 33-50, Washington, DC, USA, 2007. IEEE Computer Society.

Firewalls play an all important role of acting as the first line of defense against malicious activities. Complexities in towards network is leading to incorrect firewall policy deployment. This paper provides an approach for safe policy deployments without compromising deployment efficiency.

Safety and Efficiency of Firewall Policy Deployment.pdf

Intrusion Detection

[1278945]
Carrie Gates and Carol Taylor. Challenging the anomaly detection paradigm: a provocative discussion. In NSPW '06: Proceedings of the 2006 workshop on New security paradigms, pages 21-29, New York, NY, USA, 2007. ACM. Previous assumptions on host based intrusions (anomalous host activity means host intrusion) are applied to the network level. The authors challenge the notion that anomalous network activity equates to a malicious attack.

Challenging the Anomaly Detection Paradigm

[1624002]
A. Borders, K.; Xin Zhao; Prakash. Siren: catching evasive malware. Security and Privacy, 2006 IEEE Symposium on, pages 6 pp.-, 21-24 May 2006.
[ http ]

This paper discusses the discovery of malware, particularly spyware, it presents a software called Siren which proactively cache spywares, detects the blend-in activities, proves it is more efficient than some commercial products attachment:CatchingEvasiveMalware.pdf

Honey Pots

[1314398]
Spiros Antonatos, Kostas Anagnostakis, and Evangelos Markatos. Honey@home: a new approach to large-scale threat monitoring. In WORM '07: Proceedings of the 2007 ACM workshop on Recurring malcode, pages 38-45, New York, NY, USA, 2007. ACM.
[ http ]

Honeypots are very useful for detecting attacks, however they typically require a large number of hosts to detect threats in a timely manner. This paper describes methods for deploying a large-scale honeypot network at a low cost. By deploying a large number of honeypots at a low cost, helping corporations thwart blacklist attempts.

Attack Code and Coordination

BotNets

[Rishi]
Jan Goebel and Thorsten Holz. Rishi: Identify bot contaminated hosts by irc nickname evaluation. In HotBots '07 Proceedings, pages 1-12, -, 2007. -.
[ .pdf ]

This article describes a way of detecting a BotNet infected computer by monitoring unusual IRC nicknames and channels. This only works for Bots that communicate with a central Command and Control server, but has been deployed in small scale and has detected over 80 infected machines, many that had not been detected by conventional software.

[bh-dc-07-Nazario-WP.pdf]
Botnet Tracking: Tools, Techniques, and Lessons learned, New York, NY, USA, 2007. Black Hat Media Archives.

This paper examines how how botnet have become a major threat the stability of the Internet and the security of users. The paper discusses what it takes to track and isolate botnets.

attachment:botnets.pdf

DDoS

[1159948]
Michael Walfish, Mythili Vutukuru, Hari Balakrishnan, David Karger, and Scott Shenker. Ddos defense by offense. In SIGCOMM '06: Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, pages 303-314, New York, NY, USA, 2006. ACM.
[ http ]

This article discusses a potential DDoS defense for application-level attacks that send many legitimate looking requests. The defense is performed by encouraginging all hosts to send higher volumes of traffic. The thinking behind this is that the attacking hosts are most likely utilizing all their bandwidth in the DDoS attack, thus if the 'good' clients crowd out the bad ones, then the DDoS is mitigated as the server spends more time processing the clients' good requests instead of being overwhelmed by the bad requests.

Trojans and Viruses and Worms

[9628145]
M Franz. Containing the ultimate trojan horse. In Security & Privacy Magazine Volume 5, Issue 4, pages 52 - 56, Washington, DC, 2007. IEEE.

attachment:Trojan.pdf

This paper talks about how one can secure an operating system against the now common email and Trojan viruses. It recommends securing your system as its base rather then inside each application or using an overly protective and costly security policy.

[bh-usa-07-hoffman_and_terrill-WP]
The Little Hybrid Web Worm That Could, New York, NY, USA, 2007. Black Hat Media Archives.

attachment:hybridworm.pdf

This paper examines how a new type of "hybrid web worm" could easily mutate itself to avoid signature detection, update itself with new offensive tools to attack updated operating systems and survive legacy cyber security defensive systems.

Tools for Analyzing and Classifying Attacks

[1314273]
Lingyu Wang, Anoop Singhal, and Sushil Jajodia. Toward measuring network security using attack graphs. In QoP '07: Proceedings of the 2007 ACM workshop on Quality of protection, pages 49-54, New York, NY, USA, 2007. ACM.
[ http ]

This paper proposes a framework for evaluation of network security by using Attack Graph. As all we know, network environments are variable as well as each instance of security settings varies and can be complicated to analyze. It is worth of reading because it comes up with a formal method to measure security configurations.

[bh-dc-07-Barnum-WP.pdf]
Attack patterns as a Knowledge Resource for Building Secure Software, New York, NY, USA, 2007. Black Hat Media Archives.

attachment:attackpatterns.pdf

This paper examines why computer scientists and network security professionals need an understanding of the hackers perspective and the methods they use to exploit software and networks.

Crypto

[349396]
Misha Koshelev, Vladik Kreinovich, and Luc Longpré. Encryption algorithms made natural. In ITiCSE-WGR '99: Working group reports from ITiCSE on Innovation and technology in computer science education, pages 50-51, New York, NY, USA, 1999. ACM.
[ http ]

Cryptanalysis

[1314469]
Onur Aciiçmez. Yet another microarchitectural attack:: exploiting i-cache. In CSAW '07: Proceedings of the 2007 ACM workshop on Computer security architecture, pages 11-18, New York, NY, USA, 2007. ACM.

MAEncrypt.pdf

This paper addresses exploitation of the instruction cache in microprocessors to defeat encryption. As encryption is one of the main ways to secure network communications, such an exploit may change the way microprocessors are developed.

Authentication

[1180427]
John Brainard, Ari Juels, Ronald L. Rivest, Michael Szydlo, and Moti Yung. Fourth-factor authentication: somebody you know. In CCS '06: Proceedings of the 13th ACM conference on Computer and communications security, pages 168-178, New York, NY, USA, 2006. ACM.

attachment:FourthFactor.pdf

Three ways authentification ( something you are, you have, you know) has been the tradition, however this interesting paper states how can we introduce a new factor to the authentification process and use a fouth-factor authentification (Human authentication through mutual acquaintance).

[1062916]
Martin Gaedke, Johannes Meinecke, and Martin Nussbaumer. A modeling approach to federated identity and access management. In WWW '05: Special interest tracks and posters of the 14th international conference on World Wide Web, pages 1156-1157, New York, NY, USA, 2005. ACM.

attachment:federated_identity_and_access_management.pdf

Paper that describes building blocks for a federated identity and access management system.

Physical Security

[SCADA]
Joe Weiss. Cyber security in the control room. Power Engineering, 111(9), 2007.

The article discusses issues surrounding control system cyber security in nuclear power plants. The system has often been referred to as supervisory control and data acquisition (SCADA) security. A Venn diagram is used to show the lack of people who are knowledgeable about control system cyber security. A problem cited in the article states that the approach usually needed to address control systems is not the same as the approach typically needed for information technology (IT) business systems.

attachment:SCADA_security.pdf

SCADA systems are used in most (if not all) of the nation's critical infrastructure. With the increasing number of cyber threats from both inside and outside the United States, these systems are extremely vulnerable to attack. This article is a good starting point for someone to get a good insight into how important these systems are, and how little people are paying attention to them.

Secure Anonymous Routing

Communication in Ad Hoc networks relies on the routing functionality of the intermediate nodes. Secure routing and preventing traffic analysis are important criterion for secure anonymous communication in Ad Hoc networks. By analyzing the traffic in ad hoc networks, the location and identity of the nodes can be found thereby losing anonymity. A number of techniques are available for anonymous routing. Existing techniques are vulnerable to packet type analysis attacks thus do not provide complete anonymity and security. Also they involve more cryptographic overhead. We propose a secure anonymous communication system for Ad Hoc networks involving less cryptographic operations and also addressing various drawbacks in existing techniques providing complete anonymity.

[1341791]
T. Rajendran and K. V. Sreenaath. Secure anonymous routing in ad hoc networks. In Compute '08: Proceedings of the 1st Bangalore annual Compute conference, pages 1-7, New York, NY, USA, 2008. ACM.

attachment:SecureAnonymousRouting.pdf

Malware due to Drive-by Downloads on Internet

Drive-By Downloads are caused by URLs that attempt to exploit their visitors and cause Malware to be installed and run automatically. This paper explains in details about its pervasiveness in today's web world. Paper also cites studies related to relationship between the user browsing habits and exposure to malware, different techniques used to lure the user into the malware distribution networks, and the different properties of these networks. Also, it mentions the geographical locations from where most of these attacks originate.

Drive-ByDownloads_Malware.pdf

http://googleonlinesecurity.blogspot.com/2008/02/all-your-iframe-are-point-to-us.html

InterestingPapers (last edited 2008-02-29 15:48:21 by UpenderNimbekar)