UTC InfoSec Center
Research
Fine-grained Reputation-based
Routing in Wireless Ad Hoc Networks
We integrate reputation and trust management into routing protocols in MANETs. Reputation mechanism is based on constantly monitoring and updating first-hand information and second-hand information. The nodes within the network are able to monitor their neighbors and obtain first-hand information based on the perceived behavior. Second-hand information is obtained from the sharing of first-hand information with other nodes. The nodes thus create total reputation value by a combination of first-hand and second-hand information. The total reputation value is then available to neighboring nodes for routing decisions. Dynamic Source Routing Protocol (DSR) is selected to explore the possibility and benefits resulting from the integration of a reputation and trust management into a routing protocol. Reputation-based routing is designed to improve reliability in both route discovery and maintenance in MANETs.
Publications:
Alma Cemerlic, Li Yang, Trust-based Routing in Wireless Ad-hoc Networks, Proceedings of ACM Middle-Southeast Conference, Second-place master student awards, Gatlinburg, TN, November, 2006.
TMAS A Capstone Project
Hurricane Katrina that devastated the Gulf Coast region in 2005 exposed the management weaknesses and vulnerabilities in both the infrastructure and communication in emergency systems at federal, state, and local levels. Out of this unfortunate situation, UTC became involved in developing a local system to support a timely, secure and reliable emergency communication system. Last year, Total Municipal Awareness System (TMAS) was selected as the capstone project for both undergraduate and graduate students.
Publications:
Joseph M.
Kizza, Li Yang, Andy Novobilski, Kathy Winters, Total Municipal Awareness
Systems (TMAS) Capstone Project, Proceedings of Computer Forensics
Conference, Las Vegas, 2006.
A Relationship-based
Context-aware Flexible Authorization Framework for Mediation Systems
Security is a critical concern for mediator-based data integration among
heterogeneous data sources. We provide a modeling and architectural solution to
the problem of mediation security that addresses the security challenges
including context-awareness, semantic heterogeneity, and multiple security policy
specification. A generic, extensible modeling method for the security policies
in mediation systems is presented. A series of authorization constraints are identified based on
the relationship on the different security components in the mediation systems.
Moreover, we enforce the flexible access control to mediation systems while
providing uniform access for heterogeneous data sources.
Publications:
Li Yang, Joseph
M. Kizza, Raimund K. Ege, Malek Adjouadi, A Relationship-based Flexible
Authorization Framework for Mediation Systems, Proceedings of Software
Engineering and Knowledge Engineering (SEKE06),
pages 381-385, San Francisco, CA, July, 2006.
SecCMP: A Secure
Chip-Multiprocessor Architecture
Security has been considered as an important issue in processor design. Most of the existing mechanisms address security and integrity issues caused by untrusted main memory in single-core systems. We propose a secure Chip-Multiprocessor architecture (SecCMP) to handle security related problems such as key protection and core authentication in multi-core systems. Threshold secret sharing scheme is employed to protect critical keys because secret sharing is a distributed security scheme that matches the nature of multi-core systems. A critical secret is divided and distributed among multiple cores instead of keeping a single copy that is sensitive to exposure. The proposed SecCMP can not only enhance the security and fault-tolerance in key protection but also support core authentication. It is designed to be an efficient and secure architecture for CMPs. We use an application to demonstrate secure and remote critical information access and sharing supported by our SecCMP. Integrated with identity based cryptography, the SecCMP provides a secure and reliable way to generate and distribute encryption keys between local host and remote site when prior distribution of keys is not available.
Publications:
Li Yang, Lu Peng, SecCMP: A Secure Chip-Multiprocessor Architecture, Proceedings of Workshop on Architectural and System Support for Improving Software Dependability (ASID), in conjunction with International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), ACM digital library, pages 72-76, San Jose, CA, October 2006.
Integrate Trust into Usage Control in File Sharing
Most access control models have formal access control rules to govern the authorization of a request from a principal. Trust evaluation helps to identify a principal or behaviors of a principal in a pervasive and collaborative environment when complete information on a principal is not available. We integrate trust management into usage control model to make file sharing decision in an ever-changing environment. The attributes associated with a certain principal and requested objects, contexts associated with a certain request, and even behaviors of a principal can change during the collaborative file sharing environment. A variety of such mutability poses challenges in file protection when resources sharing must happen during collaboration. In order to address the challenges, we propose a framework to determine trust value of a principle of a principle and thus integrate the trust into access control to make decision on resource exchange. First, a trust value for a principal is evaluated based on both observed behaviors and peer recommendations. Second, the usage-based access control rules are checked to decide the authorization of a request. Our system is dynamic because untrusted principal can be disenrolled and on-going access can be revoked when it does not meet the access control rules due to mutability. We apply our trust based-usage control framework into an application of file sharing by simulation.
Publications:
Li Yang, Chang Phuong, Andy Novobilski, and Raimund Ege, Integrate Trust into Usage Control in File Sharing, under a journal review.
Dependable Information Communication System (DICS) in
Disaster Management
Disaster management efforts can
range from disaster forecast, intro- and inter-agency coordination protocols,
emergency notification, acknowledging and evacuation plans, to rescue relief
distribution methods, e.g. food and drugs distribution. The key challenge for all the above
efforts is the dependable and timely communication between agencies and masses,
which could significantly mitigate emergency management ability to minimize the
damage. The proposed dependable information
communication system (DICS) will provide and maintain vital communication
between the mass, physical environment, emergency responders, safety
department, hospitals, police offices and emergency services in the face of the
natural disaster (e.g., Hurricane) or man-made disaster (e.g., terrorism). The proposed system includes a
wireless sensor ad hoc network that monitors real-time situation of
environments as well as peers, and a set of reliable Information Communication
Mediators (ICMs) that employ redundant network communication channels. The ICMs progressively and securely
deliver and acknowledge receipts of time-sensitive disaster-related information
over several channels such that they can reinforce secure communication between
different agencies.
Grants:
Information Communications
Mediator Model in Disaster Management, Tennessee Higher Education
Commission's Center of Excellence in Applied Computational Science and
Engineering under grants R04-1302-005.
2006-2007, awarded.
