College of Engineering

Tanglegrams are a tool to infer joint evolution of species. Tanglegrams are widely used in ecology to study joint evolution history of parasitic or symbiotically linked species.  Visually, a tanglegram is a pair of evolutionary trees drawn with the leaves facing at each other. One species at the leaf of one trees is related ecologically to a species at a leaf of another tree. Related species from the two trees are connected by an edge. The number of crossings between the edges joining the leaves indicate the relatedness of the trees.        Earlier work on tanglegrams considered the same number of leaves on both the trees and one edge between the leaves of the two trees. In this paper we consider multiple edges from a leaf in the trees. These edges correspond to ecological events like duplication, host switching etc. We generalize the definition of tanglegrams to admit multiple edges between the leaves. We show integer programs for optimizing the number of crossings. The integer program has an XOR formulation very similar to the formulation for the tanglegrams. We also show how the ideas for distance minimization on tanglegrams can be extended for the generalized tanglegrams.  We show that the tanglegram drawings used in ecology can be improved to have fewer crossings using our integer programs.

Performance bottlenecks across distributed nodes, such as in high performance computing grids or cloud computing, have raised concerns about the use of Non-Uniform Memory Access (NUMA) processors and high-speed commodity interconnects. Performance engineering studies have investigated this with varying degrees of success. However, with continuous evolution in end-system hardware, along with changes in the Linux networking stack, this study has become increasingly complex and difficult due to the many tightly-coupled performance tuning parameters involved. In response to this, we present the Networked End- System Characterization and Adaptive Tuning tool, or NESCAT, a partially automated performance engineering tool that uses machine learning to study high-speed network connectivity within end-systems. NESCAT exploits several novel techniques for systems performance engineering. These include using k-means clustering and Artificial Neural Networks (ANNs) to effectively learn and predict network throughput performance and resource utilization for end-system networks.NESCAT is a unique tool, different from other previously designed applications. It is based on of machine learning and clustering techniques on NUMA core-binding cases. This work focuses on predicting optimal Network Interface Controller (NIC) parameters for performance predictability, which is a necessity for complex science applications. Through experiments, we are able to demonstrate the uniqueness of this technique by achieving high accuracy rates in predicted and actual performance metrics such as throughput, data rate efficiency, and frame rates. Our system is able to ingest large amounts of data to produce results within 2 hours for a machine with an 8-core end-systems. The root mean square error of the designed model is around 10^-1 and thus predicts output efficiently when compared to live run data on an actual machine.

Critical infrastructure systems continue to foster predictable communication patterns and static configurations over extended periods of time.  The static nature of these systems ease the process of gathering reconnaissance information that can be used to design, develop and launch attacks by adversaries.  In this research effort, the early phases of an attack vector will be disrupted by randomizing port numbers, IP addresses, and communication paths dynamically through the use of overlay networks.  These protective measures convert static systems into "moving targets," adding an additional layer of defense.  Moving Target Defense (MTD) is an active area of research that periodically changes the attack surface of a system to create uncertainty and increase the workload for an adversary.  To assess the effectiveness of MTD strategies within a critical infrastructure environment, performance metrics have been captured to quantify the impacts introduced to the opera- tional network and to the adversary.  The MTD strategies have been designed to be crash tolerant and Byzantine fault tolerant to improve their resilience in an operational setting.  Optimizing the parameters of network based MTD techniques, such as the frequencies of reconfiguration, while minimizing the impact to the operational network is the focus of this research.

Critical infrastructure systems continue to foster predictable communication patterns and static configurations over extended periods of time. The static nature of these systems eases the process of gathering reconnaissance information that can be used to design, develop, and launch attacks by adversaries. In this research effort, the early phases of an attack vector will be disrupted by randomizing application port numbers, IP addresses, and communication paths dynamically through the use of overlay networks within Industrial Control Systems (ICS). These protective measures convert static systems into "moving targets," adding an additional layer of defense. Moving Target Defense (MTD) is an active area of research that periodically changes the attack surface of a system to create uncertainty and increase the workload for an adversary. To assess the effectiveness of MTD strategies within an ICS environment, performance metrics have been captured to quantify the impacts introduced to the operational network and to the adversary. Our MTD strategies are implemented using Software Defined Networking (SDN) to provide a scalable and transparent solution to the end devices within the network. We show that our MTD techniques are feasible within an ICS environment and that they can improve the resiliency of ICS systems. Our MTD strategies meet the real-time constraints of ICS systems and incur latency impacts of less than 50 ms and in most cases, well under 20 ms. Resiliency is improved by introducing crash tolerant and Byzantine fault tolerant algorithms to detect and prevent attacks against the SDN controller. We also evaluate the success rates of individual adversaries, distributed adversaries, and those attempting side-channel attacks to learn the frequencies at which the MTD techniques reconfigure the system. We demonstrate the effectiveness of our approaches in simulated, virtualized, and representative ICS environments.

Resilience is a relatively new concept in computer security that is continuing to evolve. The research community has not settled on an exact definition for resilience, but most agree that this security property should include resistence to attack, damage recovery, and the ability for a system to learn and better resist such an attack in the future. Much of the existing research has focused on resilience solely in terms of availability, or in defining metrics to describe and compare the resilience of systems. The goal of this dissertation is to not only explore the possibility of a more general framework for resilience, but to also analyze the effectiveness of methods and technologies that can be used to measure and provide resilience.

The dissertation begins by covering common elements of computer security, providing exam- ples, addressing vulnerabilities and exploits, and suggesting potential solutions. In later sections, we examine the feasibility of the proposed solutions. Alternative solutions are compared in the context of a network’s priorities, abilities, and dependencies. Our work is inspired by the need for better security metrics in order to quantitatively evaluate and compare different systems and networks. A robust set of metrics that describe the security and recovery features of systems can provide a foundation for at least two key concepts: a network resilience communication protocol and a resilience testing framework. The communication protocol could help network administrators maintain and improve the resilience of their networks. It would facilitate communication between systems on the network so that potential threats can be quickly identified and so that changes can be made autonomously to reduce the impact of a threat without the need for human intervention. The testing framework can be used to test a system’s resilience to specific attacks, packaged as portable modules. Network administrators can use data and visualization results of this framework to make informed decisions about how to improve their resilience. The communication protocol may be able to analyze results from the testing framework to improve a network’s resilience. The goal of these two projects would be to develop solutions that can improve the resilience of networks in general, taking into account their size, security requirements, and critical functions.

Side channel analysis is the process of examining information leaked by a computing device during use, and leveraging such data to make inferences about various aspects of the system. Historically, side channels have been exploited for malicious purposes, from inferring sensitive data to infringing on the privacy of users. For example, power consumption has been exploited to reveal secret cryptographic keys, and features of wireless network traffic have been leveraged to reveal web browsing activity of a user. The goal of this dissertation is not only to explore the potential of using side channels to determine what types of activity a computing system is engaged in but also study the relationship between the operations performed by the system and the side channel.

In this dissertation we present two key concepts: the application of side channel analysis for security and privacy purposes, particularly for monitoring systems, and the development of a model for defining the relationship between side channel information and the operations performed by the system. The empirical studies presented in this dissertation demonstrate that side channel information can be leveraged to monitor the behavior of systems and describe advantages for doing so over alternative methods. In addition, we outline a model that describes how the operations performed by a system are represented in side channel information and how the information loss can be estimated. The goal of these two directions is to expand the understanding of side channels, their benefits and drawbacks, from both a practical point of view as well as theoretical. Our work shows how the outlined model can measure the information loss in side channels while our empirical studies show that despite information being lost, in many cases, side channels contain enough information to successfully monitor the behavior of systems and provide a non-intrusive, minimal impact method for doing so.

Electronic voting machines are becoming an increasingly popular alternative to paper ballots. With this increase in use we must analyze how well these machines adhere to voting requirements, including those relating to security, privacy, and anonymity. This paper includes analysis of the security and auditing mechanisms of the open-source electronic voting system Scantegrity. We focus on Scantegrity, not to single it out as a vulnerable system, but because it is a popular system that has actually been used in practice. It may contain design flaws and vulnerabilities that might exist in other systems of similar designs, current or future. Therefore, it is our hope that the vulnerabilities that we bring to light will be considered by current and future designers of electronic voting systems, and that the solutions that we propose will also be considered as possible remediations.

NetSage is a project to develop a unified open, privacy-aware network measurement, and visualization service to address the needs of today’s international networks. Modern science is increasingly data-driven and collaborative in nature, producing petabytes of data that can be shared by tens to thousands of scientists all over the world. The National Science, Foundation-supported International Research Network Connections (IRNC) links, have been essential to performing these science experiments. Recent deployment of Science DMZs [Dart, E. et al., 2013], both in the US and other countries, is starting to raise expectations for data throughput performance for wide-area data transfers. New capabilities to measure and analyze the capacity of international wide-area networks are essential to ensure end-users are able to take full advantage of such infrastructure.

NetSage will provide the network engineering community, both US domestic and international, with a suite of tools and services to more deeply understand: 1) the current traffic patterns across IRNC links, and anticipate growth trends for capacity-planning purposes; 2) the main sources and sinks of large, elephant flows to know where to focus outreach and training opportunities; and 3) the cause of packet losses in the links and how they impact end-to-end performance.

One of many major issues that plagues Internet voting is the potential for a distributed denial of service attack on the voting servers. These denial of service attacks are harmful because they block voting during the downtime. In addition, most current online voting protocols are centralized with only one voting server, making such an attack likely to disenfranchise some voters. The question is how to combat these attacks. One solution is to distribute the servers in a parallel manner, so in case one server goes down, the others can still provide service to voters. Whereas many online voting systems assume the constant availability of the voting infrastructure, we focus on the event that a server becomes unavailable. We extend a previously established online voting protocol, Helios, by adding multiserver capability. These servers communicate using the Paxos protocol, an algorithm for fault tolerant distributed environments. An analysis of this solution concludes that a multi-server Helios network communicating through the Paxos protocol promises safety and robustness.