Application-level simulation for network security

NeSSi (network security simulator) is a novel network simulation tool which incorporates a variety of features relevant to network security distinguishing it from general-purpose network simulators. Its capabilities such as profile-based automated attack generation, traffic analysis and support for detection algorithm plug-ins allow it to be used for security research and evaluation purposes. NeSSi has been successfully used for testing intrusion detection algorithms, conducting network security analysis and developing overlay security frameworks. NeSSi is built upon the agent framework JIAC, resulting in a distributed and extensible architecture. In this paper, we provide an overview of the NeSSi architecture as well as its distinguishing features and briefly demonstrate its application to current security research projects.

Performance analysis of unified enterprise application security framework

Unified Enterprise application security is a new emerging approach for providing protection against application level attacks. Conventional application security approach that consists of embedding security into each critical application leads towards scattered security mechanism that is not only difficult to manage but also creates security loopholes. According to the CSIIFBI computer crime survey report, almost 80% of the security breaches come from authorized users. In this paper, we have worked on the concept of unified security model, which manages all security aspect from a single security window. The basic idea is to keep business functionality separate from security components of the application. Our main focus was on the designing of frame work for unified layer which supports single point of policy control, centralize logging mechanism, granular, context aware access control, and independent from any underlying authentication technology and authorization policy.

Intrusion detection framework for encrypted networks

Network-based Intrusion Detection Systems (NIDSs) monitor network traffic for signs of malicious activities that have the potential to disrupt entire network infrastructures and services. NIDS can only operate when the network traffic is available and can be extracted for analysis. However, with the growing use of encrypted networks such as Virtual Private Networks (VPNs) that encrypt and conceal network traffic, a traditional NIDS can no longer access network traffic for analysis. The goal of this research is to address this problem by proposing a detection framework that allows a commercial off-the-shelf NIDS to function normally in a VPN without any modification. One of the features of the proposed framework is that it does not compromise on the confidentiality afforded by the VPN. Our work uses a combination of Shamir’s secret-sharing scheme and randomised network proxies to securely route network traffic to the NIDS for analysis. The detection framework is effective against two general classes of attacks – attacks targeted at the network hosts or attacks targeted at framework itself. We implement the detection framework as a prototype program and evaluate it. Our evaluation shows that the framework does indeed detect these classes of attacks and does not introduce any additional false positives. Despite the increase in network overhead in doing so, the proposed detection framework is able to consistently detect intrusions through encrypted networks.

Exploring dependencies of 5.9 GHz DSRC throughput and reliability on safety applications

Dedicated Short Range Communication (DSRC) is the emerging key technology supporting cooperative road safety systems within Intelligent Transportation Systems (ITS). The DSRC protocol stack includes a variety of standards such as IEEE 802.11p and SAE J2735. The effectiveness of the DSRC technology depends on not only the interoperable cooperation of these standards, but also on the interoperability of DSRC devices manufactured by various manufacturers. To address the second constraint, the SAE defines a message set dictionary under the J2735 standard for construction of device independent messages. This paper focuses on the deficiencies of the SAE J2735 standard being developed for deployment in Vehicular Ad-hoc Networks (VANET). In this regard, the paper discusses the way how a Basic Safety Message (BSM) as the fundamental message type defined in SAE J2735 is constructed, sent and received by safety communication platforms to provide a comprehensive device independent solution for Cooperative ITS (C-ITS). This provides some insight into the technical knowledge behind the construction and exchange of BSMs within VANET. A series of real-world DSRC data collection experiments was conducted. The results demonstrate that the reliability and throughput of DSRC highly depend on the applications utilizing the medium. Therefore, an active application-dependent medium control measure, using a novel message-dissemination frequency controller, is introduced. This application level message handler improves the reliability of both BSM transmissions/receptions and the Application layer error handling which is extremely vital to decentralized congestion control (DCC) mechanisms.

High frequency high power converters for industrial applications

The main contribution of this project was to investigate power electronics technology in designing and developing high frequency high power converters for industrial applications. Therefore, the research was conducted at two levels; first at system level which mainly encapsulated the circuit topology and control scheme and second at application level which involves with real-world applications. Pursuing these objectives, varied topologies have been developed and proposed within this research. The main aim was to resolving solid-state switches limited power rating and operating speed while increasing the system flexibility considering the application characteristics. The developed new power converter configurations were applied to pulsed power and high power ultrasound applications for experimental validation.

Composite SaaS resource management in cloud computing using evolutionary computation

Cloud computing is an emerging computing paradigm in which IT resources are provided over the Internet as a service to users. One such service offered through the Cloud is Software as a Service or SaaS. SaaS can be delivered in a composite form, consisting of a set of application and data components that work together to deliver higher-level functional software. SaaS is receiving substantial attention today from both software providers and users. It is also predicted to has positive future markets by analyst firms. This raises new challenges for SaaS providers managing SaaS, especially in large-scale data centres like Cloud. One of the challenges is providing management of Cloud resources for SaaS which guarantees maintaining SaaS performance while optimising resources use. Extensive research on the resource optimisation of Cloud service has not yet addressed the challenges of managing resources for composite SaaS. This research addresses this gap by focusing on three new problems of composite SaaS: placement, clustering and scalability. The overall aim is to develop efficient and scalable mechanisms that facilitate the delivery of high performance composite SaaS for users while optimising the resources used. All three problems are characterised as highly constrained, large-scaled and complex combinatorial optimisation problems. Therefore, evolutionary algorithms are adopted as the main technique in solving these problems. The first research problem refers to how a composite SaaS is placed onto Cloud servers to optimise its performance while satisfying the SaaS resource and response time constraints. Existing research on this problem often ignores the dependencies between components and considers placement of a homogenous type of component only. A precise problem formulation of composite SaaS placement problem is presented. A classical genetic algorithm and two versions of cooperative co-evolutionary algorithms are designed to now manage the placement of heterogeneous types of SaaS components together with their dependencies, requirements and constraints. Experimental results demonstrate the efficiency and scalability of these new algorithms. In the second problem, SaaS components are assumed to be already running on Cloud virtual machines (VMs). However, due to the environment of a Cloud, the current placement may need to be modified. Existing techniques focused mostly at the infrastructure level instead of the application level. This research addressed the problem at the application level by clustering suitable components to VMs to optimise the resource used and to maintain the SaaS performance. Two versions of grouping genetic algorithms (GGAs) are designed to cater for the structural group of a composite SaaS. The first GGA used a repair-based method while the second used a penalty-based method to handle the problem constraints. The experimental results confirmed that the GGAs always produced a better reconfiguration placement plan compared with a common heuristic for clustering problems. The third research problem deals with the replication or deletion of SaaS instances in coping with the SaaS workload. To determine a scaling plan that can minimise the resource used and maintain the SaaS performance is a critical task. Additionally, the problem consists of constraints and interdependency between components, making solutions even more difficult to find. A hybrid genetic algorithm (HGA) was developed to solve this problem by exploring the problem search space through its genetic operators and fitness function to determine the SaaS scaling plan. The HGA also uses the problem's domain knowledge to ensure that the solutions meet the problem's constraints and achieve its objectives. The experimental results demonstrated that the HGA constantly outperform a heuristic algorithm by achieving a low-cost scaling and placement plan. This research has identified three significant new problems for composite SaaS in Cloud. Various types of evolutionary algorithms have also been developed in addressing the problems where these contribute to the evolutionary computation field. The algorithms provide solutions for efficient resource management of composite SaaS in Cloud that resulted to a low total cost of ownership for users while guaranteeing the SaaS performance.

Program-level support for protecting an application from untrustworthy components

Many software applications extend their functionality by dynamically loading executable components into their allocated address space. Such components, exemplified by browser plugins and other software add-ons, not only enable reusability, but also promote programming simplicity, as they reside in the same address space as their host application, supporting easy sharing of complex data structures and pointers. However, such components are also often of unknown provenance and quality and may be riddled with accidental bugs or, in some cases, deliberately malicious code. Statistics show that such component failures account for a high percentage of software crashes and vulnerabilities. Enabling isolation of such fine-grained components is therefore necessary to increase the stability, security and resilience of computer programs. This thesis addresses this issue by showing how host applications can create isolation domains for individual components, while preserving the benefits of a single address space, via a new architecture for software isolation called LibVM. Towards this end, we define a specification which outlines the functional requirements for LibVM, identify the conditions under which these functional requirements can be met, define an abstract Application Programming Interface (API) that encompasses the general problem of isolating shared libraries, thus separating policy from mechanism, and prove its practicality with two concrete implementations based on hardware virtualization and system call interpositioning, respectively. The results demonstrate that hardware isolation minimises the difficulties encountered with software based approaches, while also reducing the size of the trusted computing base, thus increasing confidence in the solution’s correctness. This thesis concludes that, not only is it feasible to create such isolation domains for individual components, but that it should also be a fundamental operating system supported abstraction, which would lead to more stable and secure applications.

Validation and consistency in the application of a trauma team activation system at a level 1 trauma centre

- The RAH was activated over 2500 trauma calls in 2009. This figure is over twice the number of calls put out by similar services. - Many trauma calls (in particular L2 trauma calls) from the existing system do not warrant activation of the trauma team - Sometimes trauma calls are activated for nontrauma reasons (eg rapid access to radiology, departmental pressures etc) - The excess of trauma calls has several deleterious effects particularly on time management for the trauma service staff: ward rounds/tertiary survey rounds, education, quality improvement, research

Multi-level neural modelling : an application of object-oriented software engineering

Neu-Model, an ongoing project aimed at developing a neural simulation environment that is extremely computationally powerful and flexible, is described. It is shown that the use of good Software Engineering techniques in Neu-Model’s design and implementation is resulting in a high performance system that is powerful and flexible enough to allow rigorous exploration of brain function at a variety of conceptual levels.

Moderation as judgement practice: Reconciling system level accountability and local level practice

Internationally, recognition of the role of assessment to inform the learning process has received much attention in recent years. Assessment for learning, not just of learning is being supported by an increasing body of literature providing strategies that teachers and their students can incorporate to support the learning process (Assessment Reform Group, 2002; Broadfoot & Black, 2004; James, 2006). Concurrently there has been an increase internationally in systemic accountability requirements of schools in terms of student results. The convergence of these two movements has resulted in some education systems promoting standards-driven reform involving authentic assessment and a re-examination of the relationship between the teacher and the student in the learning process. In this context standards are intended to be used as the basis for judgements of student achievement; while the results from assessment tasks are meant to both inform the teaching/learning process, and to report and track student progress. In such system, the role and reliability of teacher judgement takes centre stage.

The synthesis and application of novel profluorescent nitroxides as probes for polymer degradation

This PhD project has expanded the knowledge in the area of profluorescent nitroxides with regard to the synthesis and characterisations of novel profluorescent nitroxide probes as well as physical characterisation of the probe molecules in various polymer/physical environments. The synthesis of the first example of an azaphenalene-based fused aromatic nitroxide TMAO, [1,1,3,3-tetramethyl-2,3-dihydro-2-azaphenalen-2-yloxyl, was described. This novel nitroxide possesses some of the structural rigidity of the isoindoline class of nitroxides, as well as some properties akin to TEMPO nitroxides. Additionally, the integral aromatic ring imparts fluorescence that is switched on by radical scavenging reactions of the nitroxide, which makes it a sensitive probe for polymer degradation. In addition to the parent TMAO, 5 other azaphenalene derivatives were successfully synthesised. This new class of nitroxide was expected to have interesting redox properties when the structure was investigated by high-level ab initio molecular orbitals theory. This was expected to have implications with biological relevance as the calculated redox potentials for the azaphenalene ring class would make them potent antioxidant compounds. The redox potentials of 25 cyclic nitroxides from four different structural classes (pyrroline, piperidine, isoindoline and azaphenalene) were determined by cyclic voltammetry in acetonitrile. It was shown that potentials related to the one electron processes of the nitroxide were influenced by the type of ring system, ring substituents or groups surrounding the moiety. Favourable comparisons were found between theoretical and experimental potentials for pyrroline, piperidine and isoindoline ring classes. Substitution of these ring classes, were correctly calculated to have a small yet predictable effect on the potentials. The redox potentials of the azaphenalene ring class were underestimated by the calculations in all cases by at least a factor of two. This is believed to be due to another process influencing the redox potentials of the azaphenalene ring class which is not taken into account by the theoretical model. It was also possible to demonstrate the use of both azaphenalene and isoindoline nitroxides as additives for monitoring radical mediated damage that occurs in polypropylene as well as in more commercially relevant polyester resins. Polymer sample doped with nitroxide were exposed to both thermo-and photo-oxidative conditions with all nitroxides showing a protective effect. It was found that isoindoline nitroxides were able to indicate radical formation in polypropylene aged at elevated temperatures via fluorescence build-up. The azaphenalene nitroxide TMAO showed no such build-up of fluorescence. This was believed to be due to the more labile bond between the nitroxide and macromolecule and the protection may occur through a classical Denisov cycle, as is expected for commercially available HAS units. Finally, A new profluorescent dinitroxide, BTMIOA (9,10-bis(1,1,3,3- tetramethylisoindolin-2-yloxyl-5-yl)anthracene), was synthesised and shown to be a powerful probe for detecting changes during the initial stages of thermo-oxidative degradation of polypropylene. This probe, which contains a 9,10-diphenylanthracene core linked to two nitroxides, possesses strongly suppressed fluorescence due to quenching by the two nitroxide groups. This molecule also showed the greatest protective effect on thermo-oxidativly aged polypropylene. Most importantly, BTMIOA was found to be a valuable tool for imaging and mapping free-radical generation in polypropylene using fluorescence microscopy.

EMI issues in high power and high level diode-clamped converters

Planar busbar is a good candidate to reduce interconnection inductance in high power inverters compared with cables. However, power switching components with fast switching combined with hard switched-converters produce high di/dt during turn off time and busbar stray inductance then becomes an important issue which creates overvoltage. It is necessary to keep the busbar stray inductance as low as possible to decrease overvoltage and Electromagnetic Interference (EMI) noise. In this paper, the effect of different transient current loops on busbar physical structure of the high-voltage high-level diode-clamped converters will be highlighted. Design considerations of proper planar busbar will also be presented to optimise the overall design of diode-clamped converters.

Self-commutated current source converter with multi-level current reinjection

The multi-level current reinjection concept described in literature is well-known to produce high quality AC current waveforms in high power and high voltage self-commutating current source converters. This paper proposes a novel reinjection circuitry which is capable of producing a 7-level reinjection current. It is shown that this reinjection current effectively increases the pulse number of the converter to 72. The use of PSCAD/EMTDC simulation validates the functionality of the proposed concept illustrating its effectiveness on both AC and DC sides of the converter.

Virtual reality or virtually real : blended teaching and learning in a Master's level research methods class

This paper examines the enabling effect of using blended learning and synchronous internet mediated communication technologies to improve learning and develop a Sense of Community (SOC) in a group of post-graduate students consisting of a mix of on-campus and off-campus students. Both quantitative and qualitative data collected over a number of years supports the assertion that the blended learning environment enhanced both teaching and learning. The development of a SOC was pivotal to the success of the blended approach when working with geographically isolated groups within a single learning environment.