Center for High Assurance Computer Systems

Sun City Center, United States

Center for High Assurance Computer Systems

Sun City Center, United States
Time filter
Source Type

News Article | April 11, 2016

Paul Syverson, a mathematician at the U.S. Naval Research Laboratory (NRL), has been named a Fellow by the Association for Computing Machinery (ACM). Syverson is recognized for his "contributions to and leadership in the theory and practice of privacy and security." ACM will recognize Syverson at the ACM Awards Banquet held in June 2015. ACM, the world's largest educational and scientific computing society, recognizes the top 1% of ACM members with its most prestigious member grade for their outstanding accomplishments in computing and information technology and/or outstanding service to ACM and the larger computing community. Syverson is the first NRL researcher to be named an ACM Fellow. Syverson's primary research interest is traffic-secure communications: basic theory, system design, protocols, incentives, trust, threat models, performance, usability, and applications. His research in this area began with and continues to focus on onion routing, an approach to traffic-secure communications invented by David Goldschlag, Michael Reed, and Syverson at NRL in 1995. It includes Tor, an instance of onion routing designed by Roger Dingledine, Nick Mathewson, and Syverson in 2002 as part of one of Syverson's onion routing projects. Tor is the largest deployed and used network of its kind in existence (millions of users and over 6000 network servers worldwide). Syverson is also recognized for his service to ACM and leadership in the computer security and privacy community, for example as a creator of the Privacy Enhancing Technologies Symposium and the ACM Workshop on Privacy in the Electronic Society. Syverson received his bachelor's degree in Philosophy from Cornell University in 1981. He received his master's degrees in Philosophy and Mathematics from Indiana University in 1988. He came to work at NRL's Center for High Assurance Computer Systems in 1989, and in 1993, he received his doctorate in Philosophy from Indiana University with a dissertation drawing on game theory and distributed computing to set out an epistemic foundation for logic. Syverson has authored more than 100 publications. He holds three patents, including the patent for "Onion routing network for securely moving data through communication networks," issued in 2001. Syverson's awards include the Edison Invention Award, for invention of Onion Routing, NRL, 2001; Service Award, Association for Computing Machinery, 2008; Award for Projects of Social Benefit, Free Software Foundation, 2010; Pioneer Award, Electronic Frontier Foundation, 2012; Top 100 Global Thinkers, Foreign Policy, 2012; and the Test of Time Award, USENIX Security Symposium, 2014. About the U.S. Naval Research Laboratory The U.S. Naval Research Laboratory provides the advanced scientific capabilities required to bolster our country's position of global naval leadership. The Laboratory, with a total complement of approximately 2,500 personnel, is located in southwest Washington, D.C., with other major sites at the Stennis Space Center, Miss., and Monterey, Calif. NRL has served the Navy and the nation for over 90 years and continues to advance research further than you can imagine. For more information, visit the NRL website or join the conversation on Twitter, Facebook, and YouTube.

Moskowitz I.S.,Center for High Assurance Computer Systems | Cotae P.,University of the District of Columbia | Kang M.H.,Center for High Assurance Computer Systems | Safier P.N.,SandJ Solutions LLC
Advances in Electrical and Computer Engineering | Year: 2011

In this paper, we derive closed form approximations for the capacity of a point-to-point, deterministic Gaussian MIMO communication channel. We focus on the behavior of the inverse eigenvalues of the Gram matrix associated with the gain matrix of the MIMO channel, by considering small variance and large power assumptions. We revisit the concept of deterministic MIMO capacity by pointing out that, under transmitter power constraint, the optimal transmit covariance matrix is not necessarily diagonal. We discuss the water filling algorithm for obtaining the optimal eigenvalues of the transmitter covariance matrix, and the water fill level in conjunction with the Karush-Kuhn-Tucker optimality conditions. We revise the Telatar conjecture for the capacity of a non-ergodic channel. We also provide deterministic examples and numerical simulations of the capacity, which are discussed in terms of our mathematical framework. © 2011 AECE.

Cotae P.,University of the District of Columbia | Kang M.,Center for High Assurance Computer Systems | Velazquez A.,Center for High Assurance Computer Systems
IEEE International Conference on Communications | Year: 2016

We focus on the detection of Low Rate Denial of Service Attacks (LR DoS) based on their spectral properties. Fisher g-statistics test for one time series was used to detect low frequency periodic bursts of Shrew and New Shrew attacks. The main contribution of this paper is the extension of Fisher g-statistic test to multiple time series. We developed an algorithm based on Fisher G-statistics test that identifies all attackers of the Distributed New Shrew attacks. Numerical examples of Fisher g-statistics test for one time series and of Fisher G-statistics test for multiple time series are provided. We have simulated the Shrew, New Shrew and Distributed New Shrew attacks with an NS-3 simulator. © 2016 IEEE.

Goldschlag D.M.,Trust Digital Inc. | Stubblebine S.G.,Stubblebine Consulting LLC | Syverson P.F.,Center for High Assurance Computer Systems
International Journal of Information Security | Year: 2010

This paper describes various types of commitment functions that maintain a secret for a predictable time delay or until a moderate and predictable amount of computation has occurred. The properties we set out for such functions are based on their usefulness for various applications, such as publicly verifiable lotteries, rather than for cryptologic investigation of the functions. In these lotteries, winners are chosen fairly using only internal information. Since all this information may be published (even before the lottery closes), anyone can do the calculation and therefore verify that the winner was chosen correctly. Since the calculation uses a delaying or similar function, neither ticket purchasers nor the lottery organizer can take advantage of this information. We describe several such lotteries and the security requirements they satisfy, assuming that functions with the properties we state are used. © Springer-Verlag 2009.

Gorantla S.K.,Urbana University | Kadloor S.,Urbana University | Kiyavash N.,Urbana University | Coleman T.P.,Urbana University | And 2 more authors.
IEEE Transactions on Information Forensics and Security | Year: 2012

The Naval Research Laboratory (NRL) Network Pump, or Pump, is a standard for mitigating covert channels that arise in a multilevel secure (MLS) system when a high user (HU) sends acknowledgements to a low user (LU). The issue here is that HU can encode information in the timings of the acknowledgements. The Pump aims at mitigating the covert timing channel by introducing buffering between HU and LU, as well as adding noise to the acknowledgment timings. We model the working of the Pump in certain situations, as a communication system with feedback and use then this perspective to derive an upper bound on the capacity of the covert channel between HU and LU in the Pump. This upper bound is presented in terms of a directed information flow over the dynamics of the system. We also present an achievable scheme that can transmit information over this channel. When the support of the noise added by Pump to acknowledgment timings is finite, the achievable rate is nonzero, i.e., infinite number of bits can be reliably communicated. If the support of the noise is infinite, the achievable rate is zero and hence a finite number of bits can be communicated. © 2011 IEEE.

Syverson P.,Center for High Assurance Computer Systems
ACM International Conference Proceeding Series | Year: 2011

Onion routing was invented more than fifteen years ago to separate identification from routing in network communication. Since that time there has been much design, analysis, and deployment of onion routing systems. This has been accompanied by much confusion about what these systems do, what security they provide, how they work, who built them, and even what they are called. Here I give an overview of onion routing from its earliest conception to some of the latest research, including the design and use of Tor, a global onion routing network with about a half million users on any given day.

Martin K.,Center for High Assurance Computer Systems | Moskowitz I.S.,Center for High Assurance Computer Systems | Allwein G.,Center for High Assurance Computer Systems
Theoretical Computer Science | Year: 2010

We study the algebraic structure of the monoid of binary channels and show that it is dually isomorphic to the interval domain over the unit interval with the operation from Martin (2006) [4]. We show that the capacity of a binary channel is Scott continuous as a map on the interval domain and that its restriction to any maximally commutative submonoid of binary channels is an order isomorphism onto the unit interval. These results allows us to solve an important open problem in the analysis of covert channels: a provably correct method for injecting noise into a covert channel which will reduce its capacity to any level desired in such a way that the practitioner is free to insert the noise at any point in the system.

Jeffords R.D.,Center for High Assurance Computer Systems | Heitmeyer C.L.,Center for High Assurance Computer Systems | Archer M.M.,Center for High Assurance Computer Systems | Leonard E.I.,Center for High Assurance Computer Systems
Formal Methods in System Design | Year: 2010

This article introduces a new model-based method for incrementally constructing critical systems and illustrates its application to the development of fault-tolerant systems. The method relies on a special form of composition to combine software components and a set of proof rules to obtain high confidence of the correctness of the composed system. As in conventional component-based software development, two (or more) components are combined, but in contrast to many component-based approaches used in practice, which combine components consisting of code, our method combines components represented as state machine models. In the first phase of the method, a model is developed of the normal system behavior, and system properties are shown to hold in the model. In the second phase, a model of the required fault-handling behavior is developed and "or-composed" with the original system model to create a fault-tolerant extension which is, by construction, "fully faithful" (every execution possible in the normal system is possible in the fault-tolerant system). To model the fault-handling behavior, the set of states of the normal system model is extended through new state variables and new ranges for some existing state variables, and new fault-handling transitions are defined. Once constructed, the fault-tolerant extension is shown, using a set of property inheritance and compositional proof rules, to satisfy both the overall system properties, typically weakened, and selected fault-tolerance properties. These rules can often be used to verify the properties automatically. To provide a formal foundation for the method, formal notions of or-composition, partial refinement, fault-tolerant extension, and full faithfulness are introduced. To demonstrate and validate the method, we describe its application to a real-world, fault-tolerant avionics system. © Springer Science+Business Media, LLC 2010.

Paxton N.,Center for High Assurance Computer Systems | Mathews J.,Center for High Assurance Computer Systems
CollaborateCom 2014 - Proceedings of the 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing | Year: 2015

A translational boundary is any computer network system which performs network address translation in order to act as an intermediary between client requests and server responses. Since boundaries essentially hide networks from the world by acting on their behalf, a sensor monitoring traffic for malicious activity outside of a boundary would attribute the boundary itself as the target of an attack rather than the actual host affected behind the boundary. This challenge is exacerbated inside of tiered network architectures and drives the need for a capability to track network communications across boundaries. While several attempts have been made at addressing this problem space, existing approaches are often difficult to implement or fundamentally problematic. We propose a novel method for tracking communications across boundaries based on the fact that the message being transmitted must remain constant and intact in order for it to be successfully interpreted by a server. The proposed method leverages cryptographic hashing techniques applied towards the application layer payload of network packets from two different perspectives on the network, enabling correlation before and after the packet headers are modified by the boundary. The technique can be implemented atop open source technology on commodity hardware, and provides a stable foundation for building tiered enterprise network architectures with an inherent capability for pinpointing malicious activity. © 2014 ICST.

Martin K.,Center for High Assurance Computer Systems | Feng J.,Center for High Assurance Computer Systems | Krishnan S.,Center for High Assurance Computer Systems
Electronic Notes in Theoretical Computer Science | Year: 2010

We consider three examples of affine monoids. The first stems from information theory and provides a natural model of image distortion, as well as a higher-dimensional analogue of a binary symmetric channel. The second, from physics, describes the process of teleporting quantum information with a given entangled state. The third is purely a mathematical construction, the free affine monoid over the Klein four group. We prove that all three of these objects are isomorphic. © 2010 Elsevier B.V. All rights reserved.

Loading Center for High Assurance Computer Systems collaborators
Loading Center for High Assurance Computer Systems collaborators