@article{kim_reeves_dutta_2021, title={Advanced Secure DNS Name Autoconfiguration with Authentication for Enterprise IoT Network}, ISSN={["2576-6813"]}, DOI={10.1109/GLOBECOM46510.2021.9685237}, abstractNote={Internet of Things (IoT) is an intelligent infrastructure and service technology that connects objects to people for monitoring and control. The number of IoT devices is rapidly increasing in various environments. Although the DNS protocol is being applied to IoT networks to create unique identifiers, it is burdensome for users to manually create and configure a globally unique name for each device. DNS Name Autoconfiguration (DNSNA) was proposed to register the DNS name of IoT devices automatically and utilize IoT devices globally. However, DNSNA without secure authentication and authorization leads to potential threats, such as the registration of malicious IoT devices, and other IoT security attacks. In this paper, we propose an Advanced Secure DNS name autoconfiguration with Authentication and Authorization for enterprise IoT network (ASDAI). Especially, we provide the first model using the convergence of extended OAuth 2.0 and Kerberos v5. The proposed protocol supports (1) reliable device / administrator registration, (2) secure DNS name autoconfiguration, and (3) user / service authentication and authorization procedure for the heterogeneity and scalability of enterprise IoT networks.}, journal={2021 IEEE GLOBAL COMMUNICATIONS CONFERENCE (GLOBECOM)}, author={Kim, Tae Hyun and Reeves, Douglas and Dutta, Rudra}, year={2021} } @article{bushouse_reeves_2018, title={Furnace: Self-service Tenant VMI for the Cloud}, volume={11050}, ISBN={["978-3-030-00469-9"]}, ISSN={["1611-3349"]}, DOI={10.1007/978-3-030-00470-5_30}, abstractNote={Although Virtual Machine Introspection (VMI) tools are increasingly capable, modern multi-tenant cloud providers are hesitant to expose the sensitive hypervisor APIs necessary for tenants to use them. Outside the cloud, VMI and virtualization-based security's adoption rates are rising and increasingly considered necessary to counter sophisticated threats. This paper introduces Furnace, an open source VMI framework that outperforms prior frameworks by satisfying both a cloud provider's expectation of security and a tenant's desire to run their own custom VMI tools underneath their cloud VMs. Furnace's flexibility and ease of use is demonstrated by porting four existing security and monitoring tools as Furnace VMI apps; these apps are shown to be resource efficient while executing up to 300x faster than those in previous VMI frameworks. Furnace's security properties are shown to protect against the actions of malicious tenant apps.}, journal={RESEARCH IN ATTACKS, INTRUSIONS, AND DEFENSES, RAID 2018}, author={Bushouse, Micah and Reeves, Douglas}, year={2018}, pages={647–669} } @article{bushouse_reeves_2018, title={Hyperagents: Migrating Host Agents to the Hypervisor}, DOI={10.1145/3176258.3176317}, abstractNote={Third-party software daemons called host agents are increasingly responsible for a modern host's security, automation, and monitoring tasks. Because of their location within the host, these agents are at risk of manipulation by malware and users. Additionally, in virtualized environments where multiple adjacent guests each run their own set of agents, the cumulative resources that agents consume adds up rapidly. Consolidating agents onto the hypervisor can address these problems, but places a technical burden on agent developers. This work presents a development methodology to re-engineer a host agent in to a hyperagent, an out-of-guest agent that gains unique hypervisor-based advantages while retaining its original in-guest capabilities. This three-phase methodology makes integrating Virtual Machine Introspection (VMI) functionality in to existing code easier and more accessible, minimizing an agent developer's re-engineering effort. The benefits of hyperagents are illustrated by porting the GRR live forensics agent, which retains 89% of its codebase, uses 40% less memory than its in-guest counterparts, and enables a 4.9x speedup for a representative data-intensive workload. This work shows that a conventional off-the-shelf host agent can be feasibly transformed into a hyperagent and provide a powerful, efficient tool for defending virtualized systems.}, journal={PROCEEDINGS OF THE EIGHTH ACM CONFERENCE ON DATA AND APPLICATION SECURITY AND PRIVACY (CODASPY'18)}, author={Bushouse, Micah and Reeves, Douglas}, year={2018}, pages={212–223} } @inbook{albanese_cooke_coty_hall_healey_jajodia_liu_mcneese_ning_reeves_et al._2017, title={Computer-Aided Human Centric Cyber Situation Awareness}, ISBN={9783319611518 9783319611525}, ISSN={0302-9743 1611-3349}, url={http://dx.doi.org/10.1007/978-3-319-61152-5_1}, DOI={10.1007/978-3-319-61152-5_1}, abstractNote={In this chapter, we provide an overview of Cyber Situational Awareness, an emerging research area in the broad field of cyber security, and discuss, at least at a high level, how to gain Cyber Situation Awareness. Our discussion focuses on answering the following questions: What is Cyber Situation Awareness? Why is research needed? What are the current research objectives and inspiring scientific principles? Why should one take a multidisciplinary approach? How could one take an end-to-end holistic approach? What are the future research directions?}, booktitle={Theory and Models for Cyber Situation Awareness}, publisher={Springer International Publishing}, author={Albanese, Massimiliano and Cooke, Nancy and Coty, González and Hall, David and Healey, Christopher and Jajodia, Sushil and Liu, Peng and McNeese, Michael D. and Ning, Peng and Reeves, Douglas and et al.}, year={2017}, pages={3–25} } @article{bushouse_reeves_2018, title={Goalkeeper: Comprehensive process enforcement from the hypervisor}, volume={73}, ISSN={["1872-6208"]}, DOI={10.1016/j.cose.2017.11.020}, abstractNote={Controlling when and how a process runs is essential to the security of a system. In virtualized environments, an out-of-guest approach to process control is attractive because it allows fine-grained in-guest inspection and enforcement from the relative safety of the hypervisor, which makes in-guest misconfiguration by users or deliberate interference by malware more difficult. However, prior work in this area is incomplete, either lacking policy enforcement, missing certain types of malicious code due to insufficient coverage, or being unable to scale to many simultaneous guests. This work introduces Goalkeeper, a hypervisor-based security system that focuses on asynchronous, stateless, and lightweight Virtual Machine Introspection (VMI) techniques to enforce comprehensive guest process security policies at scale across tens to hundreds of guests per hypervisor. Running beneath each guest, Goalkeeper uses policy rules to ensure only whitelisted guest processes are allowed to execute, and terminates policy violators using a customizable set of VMI-based process termination techniques. In an evaluation across a population of 100 Linux virtual desktops, Goalkeeper is shown to catch malicious code that is missed by prior work while imposing a comparable performance overhead.}, journal={COMPUTERS & SECURITY}, author={Bushouse, Micah and Reeves, Douglas}, year={2018}, month={Mar}, pages={459–473} } @article{shin_joe-wong_ha_yi_rhee_reeves_2017, title={T-Chain: A General Incentive Scheme for Cooperative Computing}, volume={25}, ISSN={["1558-2566"]}, DOI={10.1109/tnet.2017.2685560}, abstractNote={In this paper, we propose a simple, distributed, but highly efficient fairness-enforcing incentive mechanism for cooperative computing. The proposed incentive scheme, called Triangle Chaining (T-Chain), enforces reciprocity to minimize the exploitable aspects of other schemes that allow free-riding. In T-Chain, symmetric key cryptography provides the basis for a lightweight, almost-fair exchange protocol, which is coupled with a pay-it-forward mechanism. This combination increases the opportunity for multi-lateral exchanges and further maximizes the resource utilization of participants, each of whom is assumed to operate solely for his or her own benefit. T-Chain also provides barrier-free entry to newcomers with flexible resource allocation, providing them with immediate benefits, and therefore is suitable for dynamic environments with high churn (i.e., Turnover). TChain is distributed and simple to implement, as no trusted third party is required to monitor or enforce the scheme, nor is there any reliance on reputation information or tokens.}, number={4}, journal={IEEE-ACM TRANSACTIONS ON NETWORKING}, author={Shin, Kyuyong and Joe-Wong, Carlee and Ha, Sangtae and Yi, Yung and Rhee, Injong and Reeves, Douglas S.}, year={2017}, month={Aug}, pages={2122–2137} } @article{park_reeves_stamp_2013, title={Deriving common malware behavior through graph clustering}, volume={39}, ISSN={["1872-6208"]}, DOI={10.1016/j.cose.2013.09.006}, abstractNote={Detection of malicious software (malware) continues to be a problem as hackers devise new ways to evade available methods. The proliferation of malware and malware variants requires new advanced methods to detect them. This paper proposes a method to construct a common behavioral graph representing the execution behavior of a family of malware instances. The method generates one common behavioral graph by clustering a set of individual behavioral graphs, which represent kernel objects and their attributes based on system call traces. The resulting common behavioral graph has a common path, called HotPath, which is observed in all the malware instances in the same family. The proposed method shows high detection rates and false positive rates close to 0%. The derived common behavioral graph is highly scalable regardless of new instances added. It is also robust against system call attacks.}, journal={COMPUTERS & SECURITY}, author={Park, Younghee and Reeves, Douglas S. and Stamp, Mark}, year={2013}, month={Nov}, pages={419–430} } @inproceedings{so_reeves_2012, title={AntiLiar: Defending against cheating attacks in mesh based streaming}, DOI={10.1109/p2p.2012.6335791}, abstractNote={Peer-to-peer (P2P) mesh based streaming systems have gained widespread use for multicasting of audio and video. In approaches based on BitTorrent, members of the swarm share their content availability through gossiping, and redistribute file pieces cached locally. However, such systems are vulnerable to cheating attacks such as fake reporting, selective omission, fake block attack, and neighbor selection attack. These attacks will severely impact quality of service, waste resources, and discourage cooperation among participants. A defense mechanism, called AntiLiar, is proposed for defending against cheating attacks in mesh based streaming. AntiLiar uses a secure progress log that consists of commitments and one-time signatures, and maintains consistency for an expanded neighbor view. Experimental results demonstrate that AntiLiar minimizes required costs, and improves service quality over alternatives in the face of cheating attacks.}, booktitle={2012 IEEE 12th international conference on peer-to-peer computing (p2p)}, author={So, J. K. and Reeves, D. S.}, year={2012}, pages={115–125} } @article{pyun_park_reeves_wang_ning_2012, title={Interval-based flow watermarking for tracing interactive traffic}, volume={56}, ISSN={["1872-7069"]}, DOI={10.1016/j.comnet.2012.01.017}, abstractNote={Tracing interactive attack traffic that traverses stepping stones (i.e., intermediate hosts) is challenging, as the packet headers, lengths, and contents can all be changed by the stepping stones. The traffic timing (delays between packets) has therefore been studied as a means of tracing traffic. One such technique uses traffic timing as a side channel into which a watermark, or identifying tag, can be embedded to aid with tracing. The effectiveness of such techniques is greatly reduced when the packet count of the traffic is changed at the stepping stone. Such transformations may occur as a result of either active countermeasures (e.g. chaff packets, flow splitting) by an adversary attempting to defeat tracing, or by incidental repacketization of the traffic by network interfaces. This paper presents a new method of embedding a watermark in traffic timing, for purposes of tracing the traffic in the presence of flow splitting, chaff packets, timing perturbation, and repacketization. This method uses an invariant characteristic of two connection flows which are part of the same stepping stone chain, namely, the elapsed time of the flows. The duration of each flow is sliced into short fixed-length intervals. Packet timing is adjusted to manipulate the packet count in specific intervals (without adding or deleting any packets), for purposes of embedding the watermark. The method is self-synchronizing and does not require clock synchronization between the watermark encoder and decoder. A statistical analysis of the method, with no assumptions or limitations concerning the distribution of packet times, proves the effectiveness of the method given a sufficient number of packets, despite natural and/or deliberate repacketization and countermeasures by an adversary. The method has been implemented and tested on a large number of SSH traffic flows. The results demonstrate that 100% detection rates and very low false positive rates are achieved under conditions of multiple countermeasures, and using only a few hundred packets.}, number={5}, journal={COMPUTER NETWORKS}, author={Pyun, Young June and Park, Younghee and Reeves, Douglas S. and Wang, Xinyuan and Ning, Peng}, year={2012}, month={Mar}, pages={1646–1665} } @article{shin_reeves_2012, title={Winnowing: Protecting P2P systems against pollution through cooperative index filtering}, volume={35}, ISSN={["1084-8045"]}, DOI={10.1016/j.jnca.2011.02.015}, abstractNote={Pollution (i.e., sharing of corrupted files, or contaminating index information with bogus index records) is a de facto problem in many file sharing peer-to-peer (P2P) systems in use today. Pollution squanders network resources and frustrates users with unprofitable downloads (due to corrupted files) and unproductive download trials (due to bogus index records). In this paper, we propose a novel distributed hash table (DHT)-based anti-pollution scheme called winnowing. Winnowing aims to reduce or eliminate decoy index records (pointing to nonexisting or corrupted files) held by DHT (i.e., index) nodes in the system, so that download attempts based on the remaining (clean) index records are more likely to yield satisfactory results. To achieve this goal, two techniques are used: (1) publish verification is performed by index nodes to counteract index pollution and (2) privacy-preserving object reputation is integrated into the DHT to reduce the impact of content and metadata pollution. By integrating these techniques, winnowing converges quickly to a near-optimal solution. Winnowing has the added benefit that it does not reveal a peer's download history to other downloading peers. The publish verification of winnowing has been implemented on top of the latest eMule client, and extensive data has been collected from the Kad network using this modified client. The measurement results are summarized, and the findings from the measurement study are incorporated into an analytical model. The model demonstrates the robustness of the privacy-preserving object reputation of winnowing to a variety of pollution attacks, and to attacks on winnowing itself. The results of analysis are confirmed by means of event-driven simulations.}, number={1}, journal={JOURNAL OF NETWORK AND COMPUTER APPLICATIONS}, author={Shin, Kyuyong and Reeves, Douglas S.}, year={2012}, month={Jan}, pages={72–84} } @inbook{so_reeves_2011, title={Defending against Sybil Nodes in BitTorrent}, ISBN={9783642207976 9783642207983}, ISSN={0302-9743 1611-3349}, url={http://dx.doi.org/10.1007/978-3-642-20798-3_3}, DOI={10.1007/978-3-642-20798-3_3}, abstractNote={BitTorrent and its derivatives contribute a major portion of Internet traffic due to their simple and scalable operation. However, the lack of security mechanisms makes them vulnerable to attacks such as file piece pollution, connection slot consumption, and bandwidth exhaustion. These effects are made worse by the ability of attackers to manufacture new identities, or Sybil nodes, at will. The net effect of Sybil nodes and weak security leads to inefficient BitTorrent operation, or collapse. In this paper, we present defenses against threats from Sybil attackers in BitTorrent. A simple, direct reputation scheme called GOLF fosters peer cooperation to exclude potential attackers. Locality filtering tentatively identifies Sybil nodes based on patterns in IP addresses. Under the proposed scheme, Sybil attackers may still continue malicious behaviors, but their effect sharply decreases. Comparison to existing reputation models shows GOLF effectively detects and blocks potential attackers, despite false accusation.}, booktitle={NETWORKING 2011}, publisher={Springer Berlin Heidelberg}, author={So, Jung Ki and Reeves, Douglas S.}, year={2011}, pages={25–39} } @article{wang_reeves_2011, title={Robust Correlation of Encrypted Attack Traffic through Stepping Stones by Flow Watermarking}, volume={8}, ISSN={["1941-0018"]}, DOI={10.1109/tdsc.2010.35}, abstractNote={Network-based intruders seldom attack their victims directly from their own computer. Often, they stage their attacks through intermediate “stepping stones” in order to conceal their identity and origin. To identify the source of the attack behind the stepping stone(s), it is necessary to correlate the incoming and outgoing flows or connections of a stepping stone. To resist attempts at correlation, the attacker may encrypt or otherwise manipulate the connection traffic. Timing-based correlation approaches have been shown to be quite effective in correlating encrypted connections. However, timing-based correlation approaches are subject to timing perturbations that may be deliberately introduced by the attacker at stepping stones. In this paper, we propose a novel watermark-based-correlation scheme that is designed specifically to be robust against timing perturbations. Unlike most previous timing-based correlation approaches, our watermark-based approach is “active” in that it embeds a unique watermark into the encrypted flows by slightly adjusting the timing of selected packets. The unique watermark that is embedded in the encrypted flow gives us a number of advantages over passive timing-based correlation in resisting timing perturbations by the attacker. In contrast to the existing passive correlation approaches, our active watermark-based correlation does not make any limiting assumptions about the distribution or random process of the original interpacket timing of the packet flow. In theory, our watermark-based correlation can achieve arbitrarily close to 100 percent correlation true positive rate (TPR), and arbitrarily close to 0 percent false positive rate (FPR) at the same time for sufficiently long flows, despite arbitrarily large (but bounded) timing perturbations of any distribution by the attacker. Our paper is the first that identifies 1) accurate quantitative tradeoffs between the achievable correlation effectiveness and the defining characteristics of the timing perturbation; and 2) a provable upper bound on the number of packets needed to achieve a desired correlation effectiveness, given the amount of timing perturbation. Experimental results show that our active watermark-based correlation performs better and requires fewer packets than existing, passive timing-based correlation methods in the presence of random timing perturbations.}, number={3}, journal={IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING}, author={Wang, Xinyuan and Reeves, Douglas S.}, year={2011}, pages={434–449} } @inbook{rowe_wood_reeves_2010, title={How the Public Views Strategies Designed to Reduce the Threat of Botnets}, ISBN={9783642138683 9783642138690}, ISSN={0302-9743 1611-3349}, url={http://dx.doi.org/10.1007/978-3-642-13869-0_25}, DOI={10.1007/978-3-642-13869-0_25}, abstractNote={Botnets pose a growing threat to the nation's critical digital infrastructure and general level of cybersecurity. Several strategies for reducing the threat of botnets have been outlined in the cyber security literature. These strategies typically call for both Internet Service Providers (ISPs) and home Internet users to adopt a greater share of the responsibility for overall security. However, to date no study has attempted to determine how accepting the public would be of these strategies. This study takes the first step in filling that gap. The results of this pilot survey suggest that, in general, individuals would be willing to spend additional time each month meeting security requirements set by their ISPs. The results also suggest that although only 50% of respondents would be willing to pay their ISP more per month to protect themselves from cyber threats, more people would be willing to do so if they perceived ISPs as being effective or very effective at reducing such threats. The findings provide important guidance for policy makers and ISPs seeking to gain support for such strategies.}, booktitle={Trust and Trustworthy Computing}, publisher={Springer Berlin Heidelberg}, author={Rowe, Brent and Wood, Dallas and Reeves, Douglas}, year={2010}, pages={337–351} } @article{karmous-edwards_vishwanath_reeves_battestilli_vegesna_rouskas_2009, title={Edge-Reconfigurable Optical Networks (ERONs): Rationale, Network Design, and Evaluation}, volume={27}, ISSN={0733-8724 1558-2213}, url={http://dx.doi.org/10.1109/jlt.2009.2021279}, DOI={10.1109/JLT.2009.2021279}, abstractNote={To bridge the gap between the current practice of setting up expensive, dedicated, lightpath connections (i.e., static topologies), and the distant future vision of inexpensive access to dynamically switched end-to-end lightpaths, we propose a medium term solution in the form of edge-reconfigurable optical networks (ERONs). An ERON is an overlay-control network created by installing readily available MEMS optical switches, and implementing a GMPLS control plane at sites interconnected by static lightpaths. The switches and control software are deployed at the edge of the network and operated by the organization-user (i.e., outside the network provider's control), hence the term ldquoedge-reconfigurablerdquo. By providing dynamic, automated control of end-to-end lightpaths, ERONs enable the sharing of expensive network resources among multiple users and applications that require sporadic access to these resources. We develop an algorithm for creating an ERON from an existing topology of static lightpaths. We also present simulation results that quantify the benefits of ERONs, in terms of the number of lightpaths that are needed when compared to a static configuration of independent and dedicated circuits.}, number={12}, journal={Journal of Lightwave Technology}, publisher={Institute of Electrical and Electronics Engineers (IEEE)}, author={Karmous-Edwards, G. and Vishwanath, A. and Reeves, D.S. and Battestilli, L. and Vegesna, P.B. and Rouskas, G.N.}, year={2009}, month={Jun}, pages={1837–1845} } @inproceedings{park_reeves_2009, title={Identification of bot commands by run-time execution monitoring}, DOI={10.1109/acsac.2009.37}, abstractNote={Botnets pose serious threats to the Internet. In spite of substantial efforts to address the issue, botnets are dramatically spreading. Bots in a botnet execute commands under the control of the botnet owner or controller. A first step in protecting against botnets is identification of their presence, and activities. In this paper, we propose a method of identifying the high-level commands executed by bots. The method uses run- time monitoring of bot execution to capture and analyze run- time call behavior. We find that bots have distinct behavior patterns when they perform pre-programmed bot commands. The patterns are characterized by sequences of common API calls at regular intervals. We demonstrate that commands aiming to achieve the same result have very similar API call behavior in bot variants, even when they are from different bot families. We implemented and evaluated a prototype of our method. Run-time monitoring is accomplished by user-level hooking. In the experiments, the proposed method successfully identified the bot commands being executed with a success rate of 97%. The ability of the method to identify bot commands despite the use of execution obfuscation is also addressed.}, booktitle={25th Annual Computer Security Applications Conference}, author={Park, Y. and Reeves, D. S.}, year={2009}, pages={321–330} } @inbook{wang_ning_reeves_2005, title={Network Access Control for Mobile Ad-Hoc Networks}, ISBN={9783540309345 9783540320999}, ISSN={0302-9743 1611-3349}, url={http://dx.doi.org/10.1007/11602897_30}, DOI={10.1007/11602897_30}, abstractNote={In this paper, we propose to enforce network access control in Mobile Ad Hoc Networks (MANETs) using cryptographic techniques. In the proposed approach, packets are authenticated by means of a network-wide symmetric (session) key. Because nodes are mobile and communication paths may change rapidly, timely distribution of new session keys is challenging (particularly if keys change frequently). Nodes wishing to communicate may therefore hold different session keys, which must somehow be synchronized. We present a fully distributed key synchronization method based on stateless group key distribution, and localized packet retransmission. If nodes A and B wish to communicate securely over a path P, all nodes on this path must synchronize keys with their immediately adjacent neighbors in the path. Any node which is unable to synchronize keys will not be allowed to forward packets. Simulations and a functioning prototype demonstrate the proposed system is practical and effective.}, booktitle={Information and Communications Security}, publisher={Springer Berlin Heidelberg}, author={Wang, Pan and Ning, Peng and Reeves, Douglas S.}, year={2005}, pages={350–362} } @article{wang_ning_reeves_2005, title={Network access control for mobile ad-hoc networks}, volume={3783}, journal={Information and Communications Security}, author={Wang, P. and Ning, P. and Reeves, D. S.}, year={2005}, pages={350–362} } @article{fulp_reeves_2004, title={Bandwidth provisioning and pricing for networks with multiple classes of service}, volume={46}, ISSN={["1872-7069"]}, DOI={10.1016/j.comnet.2004.03.018}, abstractNote={Network service providers purchase large point-to-point connections from network owners, then offer individual users network access at a price. Appropriately provisioning (purchasing) and allocating (pricing) connections remains a difficult problem due to increasing demands and network dynamics. However, connection management is more complex with the deployment of Quality of Service (QoS). This paper describes a scalable connection management strategy for QoS-enabled networks. The management technique maximizes profit, while reducing blocking experienced by users. Important issues regarding demand estimation, connection duration, and pricing intervals, are addressed and analyzed. Simulation results are also provided to demonstrate the viability of the proposed system.}, number={1}, journal={COMPUTER NETWORKS}, author={Fulp, EW and Reeves, DS}, year={2004}, month={Sep}, pages={41–52} } @article{wu_reeves_2004, title={Capacity planning of DiffServ networks with best-effort and Expedited Forwarding traffic}, volume={25}, ISSN={["1572-9451"]}, DOI={10.1023/B:TELS.0000014781.92903.7f}, abstractNote={For networks providing a specific level of service guarantees, capacity planning is an imperative part of network management. Accurate dimensioning is especially important in DiffServ networks, where no per-flow signaling or control exists. In this paper, we address the problem of capacity planning for DiffServ networks with only Expedited Forwarding (EF) and best effort (BE) traffic classes. The problem is formulated as an optimization problem, where the total link cost is minimized, subject to the performance constraints of both EF and BE classes. The edge to edge EF demand pairs and the BE demands on each link are given. The variables to be determined are the non-bifurcated routing of EF traffic, and the discrete link capacities. We show that Lagrangian relaxation and subgradient optimization methods can be used to effectively solve the problem. Computational results show that the solution quality is verifiably good while the running time remains reasonable on practical-sized networks. This represents the first work for capacity planning of multi-class IP networks with non-linear performance constraints and discrete link capacity constraints.}, number={3-4}, journal={TELECOMMUNICATION SYSTEMS}, author={Wu, KH and Reeves, DS}, year={2004}, pages={193–207} } @inbook{jiang_reeves_ning_2004, title={Certificate recommendations to improve the robustness of web of trust}, volume={3225}, ISBN={3540232087}, DOI={10.1007/978-3-540-30144-8_25}, abstractNote={Users in a distributed system establish webs of trust by issuing and exchanging certificates amont themselves. This approach does not require a central, trusted keyserver. The distributed web of trust, however, is susceptible to attack by malicious users, who may issue false certificates. In this work, we propose a method for generating certificate recommendations. These recommendations guide the users in creating webs of trust that are highly robust to attacks. To accomplish this we propose a heuristic method of graph augmentation for the certificate graph, and show experimentally that it is close to optimal. We also investigate the impact of user preferences and non-compliance with these recommendations, and demonstrate that our method helps identify malicious users if there are any.}, booktitle={Information security: 7th international conference, ISC 2004, Palo Alto, CA, USA, September 27-29, 2004: Proceedings}, publisher={Berlin; New York: Springer}, author={Jiang, Q. L. and Reeves, D. S. and Ning, P.}, editor={K. Zhang and Zheng, Y.Editors}, year={2004}, pages={292–303} } @inbook{jiang_reeves_ning_2004, title={Improving robustness of PGP keyrings by conflict detection}, volume={2964}, ISBN={3540209964}, DOI={10.1007/978-3-540-24660-2_16}, abstractNote={Secure authentication frequently depends on the correct recognition of a user’s public key. When there is no certificate authority, this key is obtained from other users using a web of trust. If users can be malicious, trusting the key information they provide is risky. Previous work has suggested the use of redundancy to improve the trustworthiness of user-provided key information. In this paper, we address two issues not previously considered. First, we solve the problem of users who claim multiple, false identities, or who possess multiple keys. Secondly, we show that conflicting certificate information can be exploited to improve trustworthiness. Our methods are demonstrated on both real and synthetic PGP keyrings, and their performance is discussed.}, booktitle={Topics in cryptology, CT-RSA 2004}, publisher={Berlin; New York: Springer}, author={Jiang, Q. L. and Reeves, D. S. and Ning, P.}, year={2004}, pages={194–207} } @inbook{wang_ning_reeves_2004, title={Storage-efficient stateless group key revocation}, volume={3225}, ISBN={3540232087}, DOI={10.1007/978-3-540-30144-8_3}, abstractNote={Secure group communication relies on secure and robust distribution of group keys. A stateless group key distribution scheme is an ideal candidate when the communication channel is unreliable. Several stateless group key distribution schemes have been proposed. However, these schemes require all users store a certain number of auxiliary keys. The number of such keys increases as the group size grows. As a result, it is quite challenging to use these schemes when the users in a relatively large group have memory constraints. Thus, it is desirable to develop new schemes that can reduce the memory requirement. This paper introduces two novel stateless group key revocation schemes named key-chain tree (KCT) and layered key-chain tree (LKCT), which combine one-way key chains with a logical key tree. These schemes reduce the user storage requirements by trading off it with communication and computation costs. Specifically, these schemes can revoke any R users from a user group of size N by sending a key update message with at most 4R keys, while only requiring each user to store 2log N keys.}, booktitle={Information security: 7th international conference, ISC 2004, Palo Alto, CA, USA, September 27-29, 2004: Proceedings}, publisher={Berlin; New York: Springer}, author={Wang, P. and Ning, P. and Reeves, D. S.}, editor={K. Zhang and Zheng, Y.Editors}, year={2004}, pages={25–38} } @inbook{ning_cui_reeves_2002, title={Analyzing intensive intrusion alerts via correlation}, volume={2516}, ISBN={3540000208}, DOI={10.1007/3-540-36084-0_5}, abstractNote={Traditional intrusion detection systems (IDSs) focus on low-level attacks or anomalies, and raise alerts independently, though there may be logical connections between them. In situations where there are intensive intrusions, not only will actual alerts be mixed with false alerts, but the amount of alerts will also become unmanageable. As a result, it is difficult for human users or intrusion response systems to understand the alerts and take appropriate actions. Several complementary alert correlation methods have been proposed to address this problem. As one of these methods, we have developed a framework to correlate intrusion alerts using prerequisites of intrusions. In this paper, we continue this work to study the feasibility of this method in analyzing real-world, intensive intrusions. In particular, we develop three utilities (called adjustable graph reduction, focused analysis, and graph decomposition) to facilitate the analysis of large sets of correlated alerts. We study the effectiveness of the alert correlation method and these utilities through a case study with the network traffic captured at the DEF CON 8 Capture the Flag (CTF) event. Our results show that these utilities can simplify the analysis of large amounts of alerts, and also reveals several attack strategies that were repeatedly used in the DEF CON 8 CTF event.}, booktitle={Recent advances in intrusion detection, 5th international symposium, RAID 2002, Zurich, Switzerland, October 16-18, 2002: Proceedings}, publisher={Berlin; New York: Springer}, author={Ning, P. and Cui, Y. and Reeves, D. S.}, editor={A. Wespi, G. Vigna and Deri, L.Editors}, year={2002}, pages={74–94} } @inproceedings{wang_reeves_wu_2002, title={Inter-packet delay based correlation for tracing encrypted connections through stepping stones}, volume={2502}, ISBN={0750306114}, booktitle={Computer security--ESORICS 2002: 7th European Symposium on Research in Computer Security, Zurich, Switzerland, October 14-16, 2002: proceedings (Lecture notes in computer science ; 2502)}, publisher={New York: Springer}, author={Wang, X. Y. and Reeves, D. S. and Wu, S. F.}, editor={D. Gollmann, G. Karjoth and Waidner, M.Editors}, year={2002}, pages={244–263} } @inbook{fulp_reeves_2002, title={The economic impact of network pricing intervals}, volume={2511}, ISBN={3540443568}, DOI={10.1007/3-540-45859-x_30}, abstractNote={Interval pricing can provide an effective means of congestion control as well as revenue generation. Using this method, prices are fixed over intervals of time, providing adaptability and predictability. An important issue is the interval duration associated with price updates. While previous research has discussed the effect of interval lengths on congestion control, this paper investigates the economic impact of price interval duration. Smaller intervals yield higher profits since prices are more responsive to changing demands. However, experimental results indicate only a modest profit gain (no more than 5%) is achieved when smaller intervals are used as opposed to larger intervals (for example 100 times longer). Given users preferences toward fewer price changes, smaller price intervals may hold few economic benefits.}, booktitle={Burkhard Stiller ...[et al.] (Eds.), From QoS provisioning to QoS charging: Third COST 263 International Workshop on Quality of Future Internet Services, QofIS 2002 and second International Workshop on Internet Charging and QoS Technologies, ICQT 2002, Zurich, Switzerland, October 16-18, 2002}, publisher={Berlin; New York: Springer}, author={Fulp, E. W. and Reeves, D. S.}, year={2002}, pages={315–324} } @inbook{fulp_reeves_2001, title={Optimal provisioning and pricing of Internet differentiated services in hierarchical markets}, volume={2093}, ISBN={3540423028}, DOI={10.1007/3-540-47728-4_40}, abstractNote={Network service providers contract with network owners for connection rights, then offer individual users network access at a price. Within this hierarchy, the service provider must carefully provision and allocate (price) network resources (e.g. bandwidth). However, determining the appropriate amount to provision and allocate is problematic due to the unpredictable nature of users and market interactions. This paper introduces methods for optimally provisioning and pricing differentiated services. These methods maximizes profit, while maintaining a low blocking probability for each service class. The analytical results are validated using simulation under variable conditions. Furthermore, experimental results will demonstrate that higher profits can be obtained through shorter connection contracts.}, booktitle={Networking-ICN 2001: First international conference, Colmar, France, July 9-13, 2001: Proceedings}, publisher={Berlin; New York: Springer}, author={Fulp, E. W. and Reeves, D. S.}, year={2001}, pages={409–418} } @article{reeves_salama_2000, title={A distributed algorithm for delay-constrained unicast routing}, volume={8}, ISSN={["1063-6692"]}, DOI={10.1109/90.842145}, abstractNote={We study the NP-hard delay-constrained least cost (DCLC) path problem. A solution to this problem is needed to provide real-time communication service to connection-oriented applications, such as video and voice. We propose a simple, distributed heuristic solution, called the delay-constrained unicast routing (DCUR) algorithm, DCUR requires limited network state information to be kept at each node: a cost vector and a delay vector. We prove DCUR's correctness by showing that it is always capable of constructing a loop-free delay-constrained path within finite time, if such a path exists. The worst case message complexity of DCUR is O(|V|/sup 2/) messages, where |V| is the number of nodes. However, simulation results show that, on the average, DCUR requires much fewer messages. Therefore, DCUR scales well to large networks. We also use simulation to compare DCUR to the optimal algorithm, and to the least delay path algorithm. Our results show that DCUR's path costs are within 10% of those of the optimal solution.}, number={2}, journal={IEEE-ACM TRANSACTIONS ON NETWORKING}, author={Reeves, DS and Salama, HF}, year={2000}, month={Apr}, pages={239–250} } @article{alexander_reeves_gloster_2000, title={Parallel image processing with the block data parallel architecture (Reprinted from Proceedings of the IEEE, vol 84, pg 947-968, 1996)}, volume={44}, ISSN={["0018-8646"]}, DOI={10.1147/rd.445.0681}, abstractNote={Many digital signal and image processing algorithms can be speeded up by executing them in parallel on multiple processors. The speed of parallel execution is limited by the need for communication and synchronization between processors. In this paper, we present a paradigm for parallel processing that we call the block data flow paradigm (BDFP). The goal of this paradigm is to reduce interprocessor communication, and relax the synchronization requirements for such applications. We present the block data parallel architecture which implements this paradigm, and we present methods for mapping algorithms onto this architecture. We illustrate this methodology for several applications including two-dimensional (2-D) digital filters, the 2-D discrete cosine transform, QR decomposition of a matrix, and Cholesky factorization of a matrix. We analyze the resulting system performance for these applications with regard to speedup and efficiency as the number of processors increases. Our results demonstrate that the block data parallel architecture is a flexible, high-performance solution for numerous digital signal and image processing algorithms.}, number={5}, journal={IBM JOURNAL OF RESEARCH AND DEVELOPMENT}, author={Alexander, WE and Reeves, DS and Gloster, CS}, year={2000}, month={Sep}, pages={681–702} } @inbook{fulp_reeves_2000, title={QoS rewards and risks: A multi-market approach to resource allocation}, volume={1815}, ISBN={354067506X}, DOI={10.1007/3-540-45551-5_79}, abstractNote={A large number of network applications require a particular Quality of Service (QoS), that can be provided through proper network resource allocation. Furthermore, certain applications (multimedia oriented) may require guarantees of resource availability for predictable QoS. This paper introduces a distributed multi-market approach to network resource allocation. In this approach link bandwidth is bought and sold in two types of markets: the reservation market and the spot market. Together, these markets provide bandwidth guarantees and immediate availability. In addition, users have more flexibility when purchasing bandwidth that will maximize their individual QoS. Experimental results, using actual MPEG-compressed traffic, will also demonstrate the rewards and risks associated with purchasing various amounts in the reservation and spot markets.}, booktitle={Networking 2000: Broadband communications, high performance networking, and performance of communication networks / IFIP-TC6/European Commission International Conference, Paris, France, May 2000, proceedings}, publisher={Berlin; New York: Springer}, author={Fulp, E. W. and Reeves, D. S.}, year={2000}, pages={945–956} } @article{izquierdo_reeves_1999, title={A survey of statistical source models for variable-bit-rate compressed video}, volume={7}, ISSN={["0942-4962"]}, DOI={10.1007/s005300050122}, abstractNote={It is predicted that, in the near future, the transport of compressed video will pervade computer networks. Variable-bit-rate (VBR) encoded video is expected to become a significant source of network traffic, due to its advantages in statistical multiplexing gain and consistent video quality. Both systems analysts and developers need to assess and study the impact these sources will have on their networks and networking products. To this end, suitable statistical source models are required to analyze performance metrics such as packet loss, delay and jitter. This paper provides a survey of VBR source models which can be used to drive network simulations. The models are categorized into four groups: Markov chain/linear regression, TES, self-similar and i.i.d/analytical. We present models which have been used for VBR sources containing moderate-to-significant scene changes and moderate-to-full motion. A description of each model is given along with corresponding advantages and shortcomings. Comparisons are made based on the complexity of each model.}, number={3}, journal={MULTIMEDIA SYSTEMS}, author={Izquierdo, MR and Reeves, DS}, year={1999}, month={May}, pages={199–213} } @article{salama_reeves_viniotis_1997, title={Evaluation of multicast routing algorithms for real-time communication on high-speed networks}, volume={15}, ISSN={["1558-0008"]}, DOI={10.1109/49.564132}, abstractNote={Multicast (MC) routing algorithms capable of satisfying the quality of service (QoS) requirements of real-time applications will be essential for future high-speed networks. We compare the performance of all of the important MC routing algorithms when applied to networks with asymmetric link loads. Each algorithm is judged based on the quality of the MC trees it generates and its efficiency in managing the network resources. Simulation results over random networks show that unconstrained algorithms are not capable of fulfilling the QoS requirements of real-time applications in wide-area networks. Simulations also reveal that one of the unconstrained algorithms, reverse path multicasting (RPM), is quite inefficient when applied to asymmetric networks. We study how combining routing with resource reservation and admission control improves the RPM's efficiency in managing the network resources. The performance of one semiconstrained heuristic, MSC, three constrained Steiner tree (CST) heuristics, Kompella, Pasquale, and Polyzos (1992), constrained adaptive ordering (CAO), and bounded shortest multicast algorithm (BSMA), and one constrained shortest path tree (CSPT) heuristic, the constrained Dijkstra heuristic (CDKS) are also studied. Simulations show that the semiconstrained and constrained heuristics are capable of successfully constructing MC trees which satisfy the QoS requirements of real-time traffic. However, the cost performance of the heuristics varies. The BSMA's MC trees are lower in cost than all other constrained heuristics. Finally, we compare the execution times of all algorithms, unconstrained, semiconstrained, and constrained.}, number={3}, journal={IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS}, author={Salama, HF and Reeves, DS and Viniotis, Y}, year={1997}, month={Apr}, pages={332–345} }