Estimating buffer overflows in three stages using cross-entropy

In this paper we propose a fast adaptive Importance Sampling method for the efficient simulation of buffer overflow probabilities in queueing networks. The method comprises three stages. First we estimate the minimum Cross-Entropy tilting parameter for a small buffer level; next, we use this as a starting value for the estimation of the optimal tilting parameter for the actual (large) buffer level; finally, the tilting parameter just found is used to estimate the overflow probability of interest. We recognize three distinct properties of the method which together explain why the method works well; we conjecture that they hold for quite general queueing networks. Numerical results support this conjecture and demonstrate the high efficiency of the proposed algorithm.

Detecting and characterising malicious executable payloads

Buffer overflow vulnerabilities continue to prevail and the sophistication of attacks targeting these vulnerabilities is continuously increasing. As a successful attack of this type has the potential to completely compromise the integrity of the targeted host, early detection is vital. This thesis examines generic approaches for detecting executable payload attacks, without prior knowledge of the implementation of the attack, in such a way that new and previously unseen attacks are detectable. Executable payloads are analysed in detail for attacks targeting the Linux and Windows operating systems executing on an Intel IA-32 architecture. The execution flow of attack payloads are analysed and a generic model of execution is examined. A novel classification scheme for executable attack payloads is presented which allows for characterisation of executable payloads and facilitates vulnerability and threat assessments, and intrusion detection capability assessments for intrusion detection systems. An intrusion detection capability assessment may be utilised to determine whether or not a deployed system is able to detect a specific attack and to identify requirements for intrusion detection functionality for the development of new detection methods. Two novel detection methods are presented capable of detecting new and previously unseen executable attack payloads. The detection methods are capable of identifying and enumerating the executable payload’s interactions with the operating system on the targeted host at the time of compromise. The detection methods are further validated using real world data including executable payload attacks.

An Alternative Approach To Computer System Security Monitoring And Enhancement Through System Call Sequence Analysis

Modern computer systems are plagued with stability and security problems: applications lose data, web servers are hacked, and systems crash under heavy load. Many of these problems or anomalies arise from rare program behavior caused by attacks or errors. A substantial percentage of the web-based attacks are due to buffer overflows. Many methods have been devised to detect and prevent anomalous situations that arise from buffer overflows. The current state-of-art of anomaly detection systems is relatively primitive and mainly depend on static code checking to take care of buffer overflow attacks. For protection, Stack Guards and I-leap Guards are also used in wide varieties.This dissertation proposes an anomaly detection system, based on frequencies of system calls in the system call trace. System call traces represented as frequency sequences are profiled using sequence sets. A sequence set is identified by the starting sequence and frequencies of specific system calls. The deviations of the current input sequence from the corresponding normal profile in the frequency pattern of system calls is computed and expressed as an anomaly score. A simple Bayesian model is used for an accurate detection.Experimental results are reported which show that frequency of system calls represented using sequence sets, captures the normal behavior of programs under normal conditions of usage. This captured behavior allows the system to detect anomalies with a low rate of false positives. Data are presented which show that Bayesian Network on frequency variations responds effectively to induced buffer overflows. It can also help administrators to detect deviations in program flow introduced due to errors.

Channel Adaptive MAC Protocol with Traffic-Aware Distributed Power Management in Wireless Sensor Networks-Some Performance Issues

In Wireless Sensor Networks (WSN), neglecting the effects of varying channel quality can lead to an unnecessary wastage of precious battery resources and in turn can result in the rapid depletion of sensor energy and the partitioning of the network. Fairness is a critical issue when accessing a shared wireless channel and fair scheduling must be employed to provide the proper flow of information in a WSN. In this paper, we develop a channel adaptive MAC protocol with a traffic-aware dynamic power management algorithm for efficient packet scheduling and queuing in a sensor network, with time varying characteristics of the wireless channel also taken into consideration. The proposed protocol calculates a combined weight value based on the channel state and link quality. Then transmission is allowed only for those nodes with weights greater than a minimum quality threshold and nodes attempting to access the wireless medium with a low weight will be allowed to transmit only when their weight becomes high. This results in many poor quality nodes being deprived of transmission for a considerable amount of time. To avoid the buffer overflow and to achieve fairness for the poor quality nodes, we design a Load prediction algorithm. We also design a traffic aware dynamic power management scheme to minimize the energy consumption by continuously turning off the radio interface of all the unnecessary nodes that are not included in the routing path. By Simulation results, we show that our proposed protocol achieves a higher throughput and fairness besides reducing the delay

1st Kassel Student Workshop on Security in Distributed Systems

With this document, we provide a compilation of in-depth discussions on some of the most current security issues in distributed systems. The six contributions have been collected and presented at the 1st Kassel Student Workshop on Security in Distributed Systems (KaSWoSDS’08). We are pleased to present a collection of papers not only shedding light on the theoretical aspects of their topics, but also being accompanied with elaborate practical examples. In Chapter 1, Stephan Opfer discusses Viruses, one of the oldest threats to system security. For years there has been an arms race between virus producers and anti-virus software providers, with no end in sight. Stefan Triller demonstrates how malicious code can be injected in a target process using a buffer overflow in Chapter 2. Websites usually store their data and user information in data bases. Like buffer overflows, the possibilities of performing SQL injection attacks targeting such data bases are left open by unwary programmers. Stephan Scheuermann gives us a deeper insight into the mechanisms behind such attacks in Chapter 3. Cross-site scripting (XSS) is a method to insert malicious code into websites viewed by other users. Michael Blumenstein explains this issue in Chapter 4. Code can be injected in other websites via XSS attacks in order to spy out data of internet users, spoofing subsumes all methods that directly involve taking on a false identity. In Chapter 5, Till Amma shows us different ways how this can be done and how it is prevented. Last but not least, cryptographic methods are used to encode confidential data in a way that even if it got in the wrong hands, the culprits cannot decode it. Over the centuries, many different ciphers have been developed, applied, and finally broken. Ilhan Glogic sketches this history in Chapter 6.

Failure-Oblivious Computing and Boundless Memory Blocks

Memory errors are a common cause of incorrect software execution and security vulnerabilities. We have developed two new techniques that help software continue to execute successfully through memory errors: failure-oblivious computing and boundless memory blocks. The foundation of both techniques is a compiler that generates code that checks accesses via pointers to detect out of bounds accesses. Instead of terminating or throwing an exception, the generated code takes another action that keeps the program executing without memory corruption. Failure-oblivious code simply discards invalid writes and manufactures values to return for invalid reads, enabling the program to continue its normal execution path. Code that implements boundless memory blocks stores invalid writes away in a hash table to return as the values for corresponding out of bounds reads. he net effect is to (conceptually) give each allocated memory block unbounded size and to eliminate out of bounds accesses as a programming error. We have implemented both techniques and acquired several widely used open source servers (Apache, Sendmail, Pine, Mutt, and Midnight Commander).With standard compilers, all of these servers are vulnerable to buffer overflow attacks as documented at security tracking web sites. Both failure-oblivious computing and boundless memory blocks eliminate these security vulnerabilities (as well as other memory errors). Our results show that our compiler enables the servers to execute successfully through buffer overflow attacks to continue to correctly service user requests without security vulnerabilities.

Opportunistic Routing for Multi-flow Video Dissemination over Flying Ad-Hoc Networks

A reliable and robust routing service for Flying Ad-Hoc Networks (FANETs) must be able to adapt to topology changes. User experience on watching live video sequences must also be satisfactory even in scenarios with buffer overflow and high packet loss ratio. In this paper, we introduce a Cross-layer Link quality and Geographical-aware beaconless opportunistic routing protocol (XLinGO). It enhances the transmission of simultaneous multiple video flows over FANETs by creating and keeping reliable persistent multi-hop routes. XLinGO considers a set of cross-layer and human-related information for routing decisions, as performance metrics and Quality of Experience (QoE). Performance evaluation shows that XLinGO achieves multimedia dissemination with QoE support and robustness in a multi-hop, multi-flow, and mobile network environments.

A Comparative Analysis of Beaconless Opportunistic Routing Protocols for Video Dissemination over Flying Ad-Hoc Networks

A reliable and robust routing service for Flying Ad-Hoc Networks (FANETs) must be able to adapt to topology changes, and also to recover the quality level of the delivered multiple video flows under dynamic network topologies. The user experience on watching live videos must also be satisfactory even in scenarios with network congestion, buffer overflow, and packet loss ratio, as experienced in many FANET multimedia applications. In this paper, we perform a comparative simulation study to assess the robustness, reliability, and quality level of videos transmitted via well-known beaconless opportunistic routing protocols. Simulation results shows that our developed protocol XLinGO achieves multimedia dissemination with Quality of Experience (QoE) support and robustness in a multi-hop, multi-flow, and mobile networks, as required in many multimedia FANET scenarios.

Context-aware Adaptation Mechanism for Video Dissemination over Flying Ad-Hoc Networks

The user experience on watching live video se- quences transmitted over a Flying Ad-Hoc Networks (FANETs) must be considered to drop packets in overloaded queues, in scenarios with high buffer overflow and packet loss rate. In this paper, we introduce a context-aware adaptation mechanism to manage overloaded buffers. More specifically, we propose a utility function to compute the dropping probability of each packet in overloaded queues based on video context information, such as frame importance, packet deadline, and sensing relevance. In this way, the proposed mechanism drops the packet that adds the minimum video distortion. Simulation evaluation shows that the proposed adaptation mechanism provides real-time multimedia dissemination with QoE support in a multi-hop, multi-flow, and mobile network environments.

Performance of slotted ALOHA satellite channels with finite buffer

The behaviour of the slotted ALOHA satellite channel with a finite buffer at each of the user terminals is studied. Approximate relationships between the queuing delay, overflow probabilities and buffer size are derived as functions of the system input parameters (i.e. the number of users, the traffic intensity, the transmission and the retransmission probabilities) for two cases found in the literature: the symmetric case (same transmission and retransmission probabilities), and the asymmetric case (transmission probability far greater than the retransmission probability). For comparison, the channel performance with an infinite buffer is also derived. Additionally, the stability condition for the system is defined in the latter case. The analysis carried out in the paper reveals that the queuing delays are quite significant, especially under high traffic conditions.

Performance of slotted ALOHA satellite channels with finite buffer

The behaviour of the slotted ALOHA satellite channel with a finite buffer at each of the user terminals is studied. Approximate relationships between the queuing delay, overflow probabilities and buffer size are derived as functions of the system input parameters (i.e. the number of users, the traffic intensity, the transmission and the retransmission probabilities) for two cases found in the literature: the symmetric case (same transmission and retransmission probabilities), and the asymmetric case (transmission probability far greater than the retransmission probability). For comparison, the channel performance with an infinite buffer is also derived. Additionally, the stability condition for the system is defined in the latter case. The analysis carried out in the paper reveals that the queuing delays are quite significant, especially under high traffic conditions.

Development of a sewerage infrastructure buffer assessment tool for local authorities

Urban expansion continues to encroach on existing or newly implemented sewerage infrastructure. In this context, legislation and guidelines, both national and international, provide limited direction to the amenity allocation of appropriate buffering distances for land use planners and infrastructure providers. A review of published literature suggests the dominant influences include topography, wind speed and direction, temperature, humidity, existing land uses and vegetation profiles. A statistical criteria review of these factors against six years of sewerage odour complaint data was undertaken to ascertain their influence and a complaint severity hierarchy was established. These hierarchical results suggested the main criteria were: topographical location, elevation relative to the odour source and wind speed. Establishing a justifiable criterion for buffer zone allocations will assist in analytically determining a basis for buffer separations and will assist planners and infrastructure designers in assessing lower impact sewerage infrastructure locations.

Catalyst-free growth and optical properties of vertically aligned ZnO Nanorod Arrays on Si substrates covered with thin buffer layers

Vertically aligned ZnO nanorods have been grown on silicon substrates pre-coated with thin, less than 10 nm, textured ZnO seeding layers via a vapor-solid mechanism. The ZnO seeding layers, which were essential for vertical alignment of ZnO nanorods without using any metal catalyst, were prepared by decomposing zinc acetate. The structure and the luminescence properties of the ZnO nanorods synthesized onto ZnO seeding layers were investigated and their morphologies were compared with those of single-crystalline GaN substrates and silicon substrates covered with sputtered ZnO flms. Patterning of ZnO seed layers using photolithography allowed the fabrication of patterned ZnO-nanorod arrays.