Browsing by Author "Peng Ning, Committee Member"

Now showing 1 - 18 of 18

Address Space Layout Permutation: Increasing Resistance to Memory Corruption Attacks
(2005-10-18) Bookholt, Christopher Glen; Jun Xu, Committee Chair; Peng Ning, Committee Member; Laurie Williams, Committee Member
A key problem with current address obfuscation techniques is their use of randomly sized pads to shift the location of critical memory regions. Padding limits the potential of existing techniques because pads are unused space. To increase protection, the pad size need be increased, thereby wasting additional address space. The relationship between protection and pad size forces system designers to choose between security and conservation of address space. This thesis improves upon existing address randomization techniques by proposing and implementing a novel approach to increase the probabilistic protection provided by address obfuscation with performance overhead comparable to contemporary techniques and without the use of large pads. Our approach is to randomly permute the user stack, heap, and mmap allocations throughout the entire 3 gigabyte user address space. The approach improves upon the protection of the best existing technique by an order of magnitude and with no more than 8 kilobytes lost to padding. Further, the technique incurs a performance overhead of 7-13% during process startup and less than 1% overhead thereafter. We also present a validation of address space randomization by showing that randomization limits the propagation speed of worms reliant on memory corruption attack vectors. Our analysis shows that an average time of more than 57 minutes is needed to complete a brute-force attack on the protection provided by our technique. The increased time needed for worms to exploit individual targets using the absolute location of either the user stack, heap, or an mmap allocation means that the fastest time needed to infect nearly 100% of a vulnerable population is on the order of hours, not minutes. Our analysis provides an in depth discussion of the probabilistic protection provided by our technique. The results offer detailed information regarding the expected performance impact in three critical computing environments: scientific, desktop, and network server. We conclude that our address obfuscation technique is capable of providing greater probabilistic protection than existing techniques at a comparable performance cost.
Automated Access Control Policy Testing through Code Generation
(2008-07-26) Sivasubramanian, Dhivya; Peng Ning, Committee Member; Tao Xie, Committee Member; Ting Yu, Committee Chair
Capacity Estimation of Wireless Mesh Networks
(2003-11-22) Jun, Jangeun; Mihail Sichitiu, Committee Chair; Mihail Devetsikiotis, Committee Co-Chair; Peng Ning, Committee Member; George N. Rouskas, Committee Member
The goal of this research is to estimate the capacity of wireless mesh networks (WMNs). WMNs have unique topology and traffic patterns when compared to conventional wireless Internet access networks. In WMNs, user nodes act as a host and a router simultaneously and form a meshed topology. Traffic is forwarded towards a gateway connected to the Internet by cooperating user nodes in a multihop fashion. Since the considered WMNs use IEEE 802.11 for medium access control and physical layer implementation, theoretical maximum throughput and fairness issues in IEEE 802.11 networks are investigated as a preliminary framework for the capacity estimation of WMN. Due to a centralized traffic pattern and meshed topology, forwarded traffic becomes heavier as it gets closer to the gateway. The characteristics of the traffic behavior in WMNs are thoroughly examined and an analytical solution for capacity estimation is presented. The analytical solution is derived for various topologies and validated using simulations.
Code-Reuse Attacks: New Frontiers and Defenses
(2011-03-18) Bletsch, Tyler; Vincent Freeh, Committee Chair; Xuxian Jiang, Committee Chair; Peng Ning, Committee Member; Yan Solihin, Committee Member
Design and Implementation of a Gnutella-based Reputation Management System
(2003-11-24) Murthy, Prashant; Munindar Singh, Committee Member; Peng Ning, Committee Member; Douglas Reeves, Committee Chair
Peer to peer (P2P) networks have introduced a new paradigm in content distribution. Such systems have shifted the paradigm from a client-server model into a client-client model. The tremendous success of such systems has proven that purely distributed search systems are feasible and that they may change the way we interact on the Internet. Most P2P protocols have been designed with minimum or no emphasis on security - Gnutella being one such open protocol standard. In this work, we focus on providing security over Gnutella by establishing trust between the entities (peers) in a P2P network using reputations and by ensuring integrity, authentication and non-repudiation of messages exchanged. Reputation systems collect, distribute and aggregate feedback about past behavior of the participants. Such systems help in establishing trust amongst strangers, detecting misbehaving nodes and isolating them. In this work, we analyze some existing reputation-based protocols in P2P networks. Among these protocols, we choose two approaches that are more specific and relevant to P2P networks. We compare these two protocols, namely, P2PRep and RCert in terms of security and performance. While P2PRep uses a broadcast polling mechanism and client-side storage to manage reputations, RCert uses unicast messages and server-side (local) storage of reputation content. Based on an analysis of the two approaches, we choose to enhance RCert. We identify the shortcomings and vulnerabilities of this protocol and propose an extension to RCert. We then provide the details of the design and implementation of our enhanced protocol - GTKgREP on Gtk-Gnutella, a unix-based Gnutella servent. We provide an assessment of the overheads associated with this protocol.
Design, Control and Characteristics of Multilevel Active NPC Converters for High Power Applications.
(2010-08-31) Li, Jun; Alex Huang, Committee Chair; Subhashish Bhattacharya, Committee Chair; Srdjan Lukic, Committee Member; Mesut Baran, Committee Member; Peng Ning, Committee Member
Energy Optimization in Sensor Networks
(2007-11-06) Chiang, Mu-Huan; Peng Ning, Committee Member; Gregory T. Byrd, Committee Chair; Mihail Sichitiu, Committee Member; Alexander G. Dean, Committee Member
Recent advances in wireless communications and computing technology are enabling the emergence of low-cost devices that incorporate sensing, processing, and communication functionalities. A large number of these devices are deployed to create a sensor network for both monitoring and control purposes. Sensor networks are currently an active research area mainly due to the potential of their applications. However, the operation of large scale sensor networks still requires solutions to numerous technical challenges that stem primarily from the constraints imposed by simple sensor devices. Among these challenges, the power constraint is the most critical one, since it involves not only reducing the energy consumption of a single sensor but also maximizing the lifetime of an entire network. The network lifetime can be maximized only by incorporating energy awareness into every stage of sensor network design and operation, thus empowering the system with the ability to make dynamic tradeoffs among energy consumption, system performance, and operational fidelity. Optimizing the energy usage is a critical challenge for wireless sensor networks (WSNs). The requirements of energy optimization schemes are as follows. (1) Low individual energy consumption: Sensor nodes can use up their limited energy supply, carrying out computations and transmission. In typical WSNs, nodes play a dual role as both data sender and data router. Malfunctioning of some sensor nodes due to power failure can cause significant topological changes and may require rerouting of packets and network reorganization. Therefore, reducing the energy consumption of each sensor node is critical for WSNs. (2) Balanced energy usage: While minimizing the energy consumption of individual sensor nodes is important, the energy status of the entire network should also be of the same order. If certain nodes have much higher workload than others, these nodes will drain off their energy rapidly and adversely impact the overall system lifetime. The workload of sensors should be balanced in order to achieve longer system lifetime. (3) Low computation and communication overhead: The resource limitations imposed by sensor hardware call for simple protocols that require minimal processing and a small memory footprint. The extra computation and communication introduced by the energy optimization schemes must also be kept low. Otherwise, energy required to perform the optimization schemes may outweigh the benefits. This thesis concentrates on the energy optimization issues in wireless sensor networks. We study the power consumption characteristics of typical sensor platforms, and propose energy optimization schemes in network and application level. We design distributed algorithms that reduce the amount of data traffic and unnecessary overhearing waste in WSNs, and further propose load balancing mechanisms that alleviate the unbalanced energy usage and prolong the effective system lifetime. At the network level, Adaptive Aggregation Tree (AAT) is proposed to dynamically transform the routing tree, using easily-obtained overheard information, to improve the aggregation efficiency. The local adaptivity of AAT achieves significant energy reduction, compared to the shortest-path tree where aggregation occurs opportunistically. We also propose Neighborhood-Aware Density Control (NADC), which exploits the overheard information to reduce the unnecessary overhearing waste along routing paths. In NADC, nodes observe their neighborhood and adapt their participation in the multihop routing topology. By reducing the node density near the routing paths, the overhearing waste can be reduced, and the extremely unbalanced energy usage among sensor nodes is also alleviated, which results in a longer system lifetime. The unbalanced energy usage problem is further addressed at the application level, where we propose Zone-Repartitioning (Z-R) for load balancing in data-centric storage systems. Z-R reduces the workload of certain hot-spots by distributing their communication load to other nodes when the event frequency of certain areas is much higher than the others.
Improving Query Performance using Materialized XML Views: A Learning-based approach
(2004-06-18) Shah, Ashish Narendra; Rada Chirkova, Committee Chair; Munindar Singh, Committee Member; Peng Ning, Committee Member
This thesis presents a novel approach in solving the problem of improving the efficiency of query processing on an XML interface of a relational database for frequent and important queries. The motivation of this research is provided by the need to eliminate processing overheads in converting relational data to an XML format by materializing beforehand answers to frequent and important queries (which we predefine as a query workload) in terms of an XML structure. The main contribution of this paper is to show that selective materialization of data as XML views reduces query-execution costs for the workload queries, in relatively static databases. Our learning-based approach precomputes and stores (materializes) parts of the answers to the workload queries as clustered XML views. In addition, the data in the materialized XML clusters are periodically incrementally refreshed and rearranged, to respond to the changes in the query workload. We use a collection of music data as a sample database to build our learning-based system. Our experiments show that the approach can significantly reduce processing costs for frequent and important queries on relational databases with XML interfaces.
Low-Overhead Designs for Secure Uniprocessor and Multiprocessor Architectures
(2009-12-04) Rogers, Brian Michael; Yan Solihin, Committee Chair; Gregory Byrd, Committee Member; Thomas Conte, Committee Member; Peng Ning, Committee Member; Milos Prvulovic, Committee Member
The security of computer systems is becoming a growing concern as the increasing ability and motivation of attackers continues to expand the types of attacks that exist to exploit a vast amount of digital information. In particular, new types of hardware-based attacks have become widespread in addition to the more traditional software attack methods. For example, a hardware attack may consist of utilizing a device to physically observe or tamper with sensitive information in a system. Such attacks are able to subvert software-only security measures, and as a result, computer researchers and designers have investigated hardware security solutions to address these concerns. In particular, secure processor architectures have been proposed as a way to prevent hardware-based attacks by cryptographically protecting the data and code executed in a system to ensure its privacy and integrity. Through such a level of protection, many important security issues may be addressed such as the prevention of the theft or tampering of critical data, prevention of reverse engineering of code, and protection from software piracy. In this dissertation, we propose and evaluate novel secure processor architectures for two broad types of system designs. First, for single processor chip systems, we propose a secure processor architecture based on the novel techniques of Address Independent Seed Encryption (AISE) and Bonsai Merkle Trees (BMT) for implementing memory encryption and integrity verification respectively. AISE is based on counter-mode encryption, and like prior counter-mode encryption schemes, it effectively hides cryptographic latencies from the critical path of off-chip data fetches. However, at the same time it eliminates significant security and system-level drawbacks associated with prior schemes such as the lack of support for virtual memory mechanisms and shared memory inter-process communication. BMT is a novel Merkle Tree memory integrity verification approach which retains the strong security properties of standard Merkle Tree protection, but with a significant reduction in execution time overheads and memory storage overheads. Experimental results on the SPEC 2000 benchmarks show that BMTs reduce the overhead of Merkle Tree integrity verification in a secure processor from 12% to 2% on average. Second, we propose the first secure processor architectures designed specifically for protecting distributed shared memory (DSM) multiprocessors. DSM systems require not only protecting data communicated between a processor and its memory, but also data communicated between processors across the interconnection network. We present a security requirements analysis for protecting the privacy and integrity of code and data in a DSM system, and then propose three table-based hardware schemes to protect processor-processor data communication in a DSM, while leveraging uniprocessor-based approaches for protecting processor-memory data communication. After evaluating these schemes, we identify several performance and complexity drawbacks that are inherent in two-level schemes such as this which protect the two types of DSM communication with separate mechanisms. Thus, we propose an alternative, single-level DSM data protection scheme which leverages a single mechanism for protecting all off-chip DSM data transfers. Our experimental results show that this single-level scheme has an average overhead of only 1.6% across all SPLASH-2 benchmarks compared to a similar but unprotected DSM system.
Microdata Privacy Protection Through Permutation-Based Approaches
(2008-03-25) Zhang, Qing; Ting Yu, Committee Chair; Munindar P. Singh , Committee Co-Chair; Peng Ning, Committee Member; Rada Chirkova, Committee Member
Data analysts often prefer access to data in the form of original tuples(i.e., microdata), instead of pre-aggregated statistics, since the former offers advantages in information flexibility and availability. Two problems should be addressed before releasing microdata. First, individual's privacy needs to be adequately protected. In general, the data will be anonymized before sharing. Second, the utility of the anonymized microdata should be maintained and common aggregate queries should be answered with reasonable accuracy. Most existing works on microdata anonymization are based on attribute generalization. Though popular, these approaches have limitations: the generalization of attributes make it difficult to answer typical aggregate queries with reasonable accuracy. This dissertation investigates new techniques to address the limitations of existing approaches. We propose to anonymize microdata through permutation-based approaches. In particular, we first extend existing privacy goals to better fit the protection requirement of numerical data, and develop a scheme to achieve this privacy goal through sensitive attribute permutation. Second, we propose a stronger privacy goal where an attacker can only learn from the microdata that an individual's sensitive attribute follows a pre-specified target distribution, but nothing more. We combine sensitive attribute permutation and generalization techniques to achieve this goal. To get better query answers when the target distribution is far from that of the original microdata, we further provide mechanisms to allow users to better control the tradeoff between privacy and accuracy. Third, we extend our techniques to anonymize graph data and support the accurate answering of queries that involve graph properties. Specifically, we partition the nodes and relabel (a form of permutation) the nodes within the same partition. Finally, we study anonymization techniques that can support personalized privacy, which allows individuals to flexibly control the privacy protection they desire.
Multi-Dimensional Data Set Visualization in Portable Computing Environments
(2003-12-16) Romeo, Michael John; Christopher G. Healey, Committee Chair; Peng Ning, Committee Member; Alan L. Tharp, Committee Member
This thesis studies the issues involved with a graphical presentation of large, multi-dimensional data sets. In particular, it will explore the display of such data sets on low cost, limited capacity portable computing environments (e.g. personal digital assistants, cellular phones, portable gaming devices). After a background discussion of the issues involved with scientific visualization and large multi-dimensional data sets, a presentation of several portable computing environments will be discussed along with graphics implementation packages for those environments. This will be followed by a description and presentation of a working implementation, for Pocket PC handheld devices, along with a discussion of some extensions and further areas of study.
Network and Host Based Countermeasures against Large-scale Networked Compromised Systems or Malicious Software.
(2010-07-14) Park, Young Hee; Douglas Reeves, Committee Chair; Peng Ning, Committee Member; Ting Yu, Committee Member; Xuxian Jiang, Committee Member
Polymorphic and Metamorphic Malware Detection
(2009-05-16) Zhang, Qinghua; S. Purushothaman Iyer, Committee Member; Peng Ning, Committee Member; Wenye Wang, Committee Member; Douglas S. Reeves, Committee Chair
Software attacks are a serious problem. Conventional anti-malware software expects malicious software, malware, to contain fixed and known code. Malware writers have devised methods of concealing or constantly changing their attacks to evade anti-malware software. Two important recent techniques are polymorphism, which makes uses of code encryption, and metamorphism, which uses a variety of code obfuscation techniques. This dissertation presents three new techniques for detection of these malware. The first technique is to recognize polymorphic malware that are encrypted and that self-decrypt before launching the attacks in network traffic. We propose a new approach that combines static analysis and instruction emulation techniques to more accurately identify the starting location and instructions of the decryption routine, which is characteristic of such malware, even if self-modifying code is used. This method has been implemented and tested on current polymorphic exploits, including ones generated by state-of-the-art polymorphic engines. All exploits have been detected (i.e., a 100% detection rate), including those for which the decryption routine is dynamically coded or self-modifying. The method has also been tested on benign network traffic and Windows executables. The false positive rates are approximately .0002% and .01% for these two categories, respectively. Running time is approximately linear in the size of the network payload being analyzed and is between 1 and 2 MB/s. The second technique is a means of recognizing metamorphic malware which has a transformed program image with equivalent or updated functionalities. We propose a new approach that uses fully automated static analysis of executables to summarize and compare program semantics, based primarily on the pattern of library or system functions which are called. This method has been prototyped and evaluated using randomized benchmark programs, instances of known malware program variants, and utility software available in multiple releases. The results demonstrate three important capabilities of the proposed method: (a) it does well at identifying metamorphic variants of common malware. (b) it distinguishes easily between programs that are not related and, (c) it can identify and detect program variations, or code reuse. Such variations can be due to the insertion of malware (such as viruses) into the executable of a host program. The third technique improves the applicability of a semantic metamorphic malware detector which is the second technique of this dissertation. We propose an automated approach to generate common malware behavior patterns for detection of metamorphic malware or new malware instances. This method combines static analysis and data-mining techniques. This method has been prototyped and evaluated on real world malicious bot software and benign Windows programs. Through the experimental comparison with the metamorphic malware detector, this method results in an about 80% reduction in semantic pattern population to detect known and new malware instances. It is more robust to a junk behavior pollution attack than the malware detector is. A set of experiments was performed to test the quality of the common behavior patterns which were generated with different parameter configurations. Two optimized common behavior patterns were obtained. The corresponding detection rates and true false positive rates are 94%, 8.3%, and 78%, 0.32% respectively. According to a recent paper [1], for indirect comparison and simple reference, the values of the two detection rates which are 94% and 78% more than double the detection rate of signature-based methods on unknown malware programs, which is 33.75%.
Process-level Isolation using Virtualization
(2010-01-07) Thakwani, Ashish; Peng Ning, Committee Member; Xuxian Jiang, Committee Member; Vincent W. Freeh, Committee Chair
We presents dfork, a new abstraction for performance and security isolation of processes. Whereas the normal fork system call provides a private address space for a child process, dfork leverages virtualization and other techniques to also provide a separate kernel and file system container. Further, unlike many existing virtualization-based approaches, dfork can be used recursively with no cumulative performance penalty, so an isolated process can itself spawn further isolated subprocesses. In contrast to existing software sandbox approaches, our system does not require an a priori policy in order to provide strong security guarantees. Finally, we show that the dfork approach is hypervisor agnostic--our implementation works under both the bare-metal Xen hypervisor and the OS-hosted VMware Workstation hypervisor. We have implemented the dfork model under Linux in a system we call Isolar. This implementation creates Xen or VMware domains that are NFS booted from a union file system. The end result is an environment that can isolate the effects of malicious activity up to and including a complete takeover of the guest kernel, including kernel-level rootkits. Further, the user may elect to selectively commit changes to the underlying file system, accepting some changes, keeping some isolated, and discarding others entirely. This is especially useful in understanding and reverting changes made by an isolated kernel-level rootkit. This thesis discusses the dfork architecture, provides an example implementation, presents a quantitative analysis of the security and performance isolation provided, and gauges the performance impact of the implementation as a whole.
A Routing Approach to Jamming Effects Mitigation in Wireless Multihop Networks
(2010-09-30) Patel, Umang; Rudra Dutta, Committee Chair; Injong Rhee, Committee Member; Peng Ning, Committee Member
Semantic Web Services Query and Manipulation Language for Quality Attributes of Web Services
(2003-08-21) Bilgin, Ahmet Soydan; Peng Ning, Committee Member; Munindar P. Singh, Committee Chair; Peter R. Wurman, Committee Member
The Web is moving toward a collection of interoperating Web services. Achieving this interoperability requires dynamic discovery of Web services on the bases of their capability. The capability of a service can be best determined by its functional description attributes, which describe the service interface such as input and output of the service, and quality attributes, which provide additional information to evaluate the service. This thesis defines an approach where these quality attributes can be advertised and queried by using DAML as the query, ontology, and service description language. As a core part of this system, we modify and extend an existing DAML query language. We develop this system as an extension of current Web service registries so our system will be fully synchronized with any available Web service registry.
Utility Guided Pattern Mining
(2004-02-26) Jagannath, Sandhya; Peng Ning, Committee Member; Peter Wurman, Committee Member; Jon Doyle, Committee Chair
This work is an initial exploration of the use of the decision-theoretic concept of utility to guide pattern mining. We present the use of utility functions as against thresholds and constraints as the mechanism to express user preferences and formulate several pattern mining problems that use utility functions. Utility guided pattern mining provides the twin benefits of capturing user preferences precisely using utility functions and of expressing user focus by choosing an appropriate utility guided pattern mining problem. It addresses the drawbacks of threshold guided pattern mining, the specification of threshold and the assumption of a fixed level of interest. We examine the problem of mining patterns with the best utility values in detail. We examine monotonicity properties of utility functions and the composition of utility functions from sub-utility functions as mechanisms to prune the search space. We also present a top-down approach for generating projected databases from FP-Trees, which is an order of magnitude faster than methods proposed in the literature.
Wolfsting: Extending Online Dynamic Malware Analysis Systems by Engaging Malware.
(2010-06-14) Mulukutla, Vikram; Douglas Reeves, Committee Chair; Xuxian Jiang, Committee Member; Peng Ning, Committee Member