Information assurance dependability and security in networked systems

Beaumont Network Algorithmics: An Interdisciplinary Approach to Designing Fast Networked Devices George Varghese Network Recovery: Protection and Restoration of Optical, SONET-SDH, IP, a

Information Assurance

The Morgan Kaufmann Series in Networking

Series Editor, David Clark, M.I.T.

Information Assurance: Dependability and

Security in Networked Systems

Yi Qian, James Joshi, David Tipper, and

Ethernet Networking for the Small Office and

Professional Home Office

Jan L Harrington

IPv6 Advanced Protocols Implementation

Qing Li, Tatuya Jinmei, and Keiichi Shima

Computer Networks: A Systems Approach,

Fourth Edition

Larry L Peterson and Bruce S Davie

Network Routing: Algorithms, Protocols, and

Architectures

Deepankar Medhi and Karthikeyan Ramaswami

Deploying IP and MPLS QoS for Multiservice

Networks: Theory and Practice

John Evans and Clarence Filsfils

Traffic Engineering and QoS Optimization of

Integrated Voice & Data Networks

Gerald R Ash

IPv6 Core Protocols Implementation

Qing Li, Tatuya Jinmei, and Keiichi Shima

Smart Phone and Next-Generation Mobile

Computing

Pei Zheng and Lionel Ni

GMPLS: Architecture and Applications

Adrian Farrel and Igor Bryskin

Network Security: A Practical Approach

Jan L Harrington

Content Networking: Architecture, Protocols, and Practice

Markus Hofmann and Leland R Beaumont

Network Algorithmics: An Interdisciplinary Approach to Designing Fast Networked Devices

George Varghese

Network Recovery: Protection and Restoration

of Optical, SONET-SDH, IP, and MPLS

Jean Philippe Vasseur, Mario Pickavet, and Piet Demeester

Routing, Flow, and Capacity Design in Communication and Computer Networks

Michal Pióro and Deepankar Medhi

Wireless Sensor Networks: An Information Processing Approach

Feng Zhao and Leonidas Guibas

Communication Networking: An Analytical Approach

Anurag Kumar, D Manjunath, and Joy Kuri

The Internet and Its Protocols: A Comparative Approach

Adrian Farrel

Modern Cable Television Technology: Video, Voice, and Data Communications, Second Edition

Walter Ciciora, James Farmer, David Large, and Michael Adams

Bluetooth Application Programming with the Java APIs

C Bala Kumar, Paul J Kline, and Timothy J Thompson

Policy-Based Network Management: Solutions for the Next Generation

John Strassner

MPLS Network Management: MIBs, Tools, and Techniques

Thomas D Nadeau

Monique Morrow and Kateel Vijayananda

Telecommunications Law in the Internet Age

Sharon K Black

Optical Networks: A Practical Perspective,

Second Edition

Rajiv Ramaswami and Kumar N Sivarajan

Internet QoS: Architectures and Mechanisms

Zheng Wang

TCP/IP Sockets in Java: Practical Guide for

Programmers

Michael J Donahoo and Kenneth L Calvert

TCP/IP Sockets in C: Practical Guide for

Programmers

Kenneth L Calvert and Michael J Donahoo

Multicast Communication: Protocols,

Programming, and Applications

Ralph Wittmann and Martina Zitterbart

MPLS: Technology and Applications

Bruce Davie and Yakov Rekhter

High-Performance Communication Networks,

Second Edition

Jean Walrand and Pravin Varaiya

Understanding Networked Applications: A First Course

David G Messerschmitt

Integrated Management of Networked Systems: Concepts, Architectures, and their Operational Application

Heinz-Gerd Hegering, Sebastian Abeck, and Bernhard Neumair

Virtual Private Networks: Making the Right Connection

For further information on these books and for a list

of forthcoming titles, please visit our Web site athttp://www.mkp.com

The Morgan Kaufmann Series in Computer Security

Information Assurance: Dependability and

Security in Networked Systems

Yi Qian, James Joshi, David Tipper, and

Prashant Krishnamurthy

Digital Watermarking and Steganography,

Second Edition

Ingemar Cox, Matthew Miller, Jeffrey Bloom,

Jessica Fridrich, and Ton Kalker

Network Recovery: Protection and Restoration of Optical, SONET-SDH, IP, and MPLS

Jean-Philippe Vasseur, Mario Pickavet, and Piet Demeester

For further information on these books and for a list

of forthcoming titles, please visit our Web site athttp://www.mkp.com

Information Assurance

Dependability and Security

in Networked Systems

Yi Qian James Joshi David Tipper Prashant Krishnamurthy

AMSTERDAM•BOSTON•HEIDELBERG•LONDON

NEW YORK•OXFORD•PARIS•SAN DIEGO

SAN FRANCISCO•SINGAPORE•SYDNEY•TOKYO

Assistant Editor Gregory Chalson

Production Assistant Lianne Hong

Cover Design Eric Decicco

Composition diacriTech

Interior printer Sheridan Books, Inc.

Cover printer Phoenix Color Corporation

Morgan Kaufmann Publishers is an imprint of Elsevier.

30 Corporate Drive, Suite 400, Burlington, MA 01803, USA

This book is printed on acid-free paper.

Copyright c 2008 by Elsevier, Inc All rights reserved.

Designations used by companies to distinguish their products are often claimed as trademarks or registered trademarks In all instances in which Morgan Kaufmann Publishers is aware of a claim, the product names appear in initial capital or all capital letters Readers, however, should contact the appropriate companies for more complete information regarding trademarks and registration.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means—electronic, mechanical, photocopying, scanning, or otherwise—without prior written permission of the publisher.

Permissions may be sought directly from Elsevier’s Science & Technology Rights Department in Oxford,

UK: phone: (+44) 1865 843830, fax: (+44) 1865 853333, E-mail: permissions@elsevier.com You may also complete your request online via the Elsevier homepage (http://elsevier.com), by selecting “Support & Contact” then

“Copyright and Permission” and then “Obtaining Permissions.”

Library of Congress Cataloging-in-Publication Data

Information assurance : dependability and security in networked systems / Yi Qian [et al.].

p cm – (The Morgan Kaufmann series in networking)

Includes bibliographical references and index.

ISBN 978-0-12-373566-9 (pbk : alk paper) 1 Computer networks–Security measures 2 Computer

networks–Reliability 3 Computer security I Qian, Yi, 1962–

TK5105.59.I5247 2007

005.8–dc22

2007033726 ISBN: 978-0-12-373566-9

For information on all Morgan Kaufmann publications,

visit our Web site at www.mkp.com or www.books.elsevier.com

Printed in the United States of America

07 08 09 10 11 12 13 10 9 8 7 6 5 4 3 2 1

To my wife Melodee, son Joshua and daughter Michelle

To my parents, Krishnamurthy and Shantha whose blessings

I count as my fortune every day

—Prashant Krishnamurthy

1.1 Introduction 1

1.2 Information Assurance: Dependability and Security of Networked

Information Systems 3

1.3 Book Organization 7

1.3.1 The Three Parts of the Book 7

1.3.2 Chapter 2: Network Security 8

1.3.3 Chapter 3: Security for Distributed Systems: Foundations ofAccess Control 8

1.3.4 Chapter 4: Network Survivability 9

1.3.5 Chapter 5: System Survivability 9

1.3.6 Chapter 6: Taxonomy and Framework for IntegratingDependability and Security 9

1.3.7 Chapter 7: Stochastic Models/Techniques for Secure andSurvivable Systems 10

1.3.8 Chapter 8: Integrated Dependability and Security EvaluationUsing Game Theory and Markov Models 10

1.3.9 Chapter 9: Scenario Graphs Applied to Network Security 11

1.3.10 Chapter 10: Vulnerability-Centric Alert Correlation 11

1.3.11 Chapter 11: Monitoring and Detecting Attacks in All-OpticalNetworks 11

1.3.12 Chapter 12: Robustness Evaluation of Operating Systems 12

1.3.13 Chapter 13: Intrusion Response Systems: A Survey 12

1.3.14 Chapter 14: Secure and Resilient Routing: A Framework for ResilientNetwork Architectures 13

1.3.15 Chapter 15: Wireless Systems Security and Survivability 13

1.3.16 Chapter 16: Integrated Fault and Security Management 14

1.4 Conclusion 14 References 14

Part I: Foundational Background on Security and Dependability

2.2.2 Some Example Security Attacks 23

2.2.3 Security Attacks, Services, and Architecture 26

2.3 Protection and Prevention 27

2.3.1 Firewalls and Perimeter Security 27

2.3.2 Cryptographic Protocols 30

2.4 Detection 34

2.5 Assessment and Response 36

2.6 Conclusion 37 References 37

3 Security for Distributed Systems: Foundations of Access Control 39

by Elisa Bertino, Purdue University, USA, and Jason Crampton, University of London, UK

3.1 Introduction 39

3.3.2 Protection Matrix Model 48

3.3.3 An Information Flow Policy for Confidentiality 53

3.3.4 Bell-LaPadula Model 55

3.3.5 Clark-Wilson Model 56

3.3.6 Role-Based Access Control 59

3.4 Access Control in Distributed Systems 60

3.4.1 Overview of Relevant Standards 61

4.1 Introduction 81

4.2 Prevention Techniques 83

4.3 Survivable Network Design and Traffic Restoration Concepts 84

4.3.1 Typical Network Architecture 84

4.3.2 Basic Survivability Concepts 86

4.3.3 Basic Network Management Concepts 87

4.3.4 Protection versus Restoration 88

4.3.5 Other Issues 89

4.4 Transport Network Recovery Techniques 91

4.4.1 Automatic Protection Switching 91

4.4.2 Ring-Based Survivability 93

4.4.3 Span Restoration 95

4.4.4 Shared Path Protection 96

4.4.5 Shared Path Restoration 97

by Axel Krings, University of Idaho, USA

5.1 Introduction and Background 113

5.2 Survivability and the Impact of Fault Models 115

5.2.1 Dependability Considerations 116

5.2.2 Survivability Considerations 118

5.3 Design for Survivability 119

5.3.1 Identification of Essential Functionalities 121

5.3.2 Tolerating Faults 123

5.3.3 Dealing with Common-Mode Faults 124

5.3.4 Applying the Notion of Optimality 125

5.4 Decentralized Storage 126

5.5 Survivability of Large Distributed Systems 128

5.6 Borrowing from Well-established Fields 133

5.6.1 Problem Transformation 133

5.6.2 Scheduling Problems 136

5.6.3 Case Study: Autonomous Mobile Agents 139

5.7 Conclusion 141 References 142

xv

Part II: Modeling the Interaction between Dependability and Security 147

6.2.2 Integration of Dependability and Security 152

6.3 Proposed Taxonomy and Framework 154

6.3.1 Key Notations of the Feedback Control System Model 154

6.3.2 Definitions of Basic Concepts of Dependability and Security within theProposed Framework 155

6.4 Dependability, Security, and their Attributes 155

7.1.1 Survivability and Security 172

7.2 Analytical Modeling Techniques 173

7.2.1 Markov Models 174

8 Integrated Dependability and Security Evaluation Using Game

by Bjarne E Helvik, Karin Sallhammar, and Svein J Knapskog, University of Science and Technology, Norway

8.2.2 Modeling Intrusion as Transitions 216

8.2.3 Modeling the System 217

8.2.4 Obtaining System Measures 218

8.2.5 Model Parametrization 220

8.3 Predicting Attacker Behavior 221

8.3.1 Reward and Cost Concept 222

8.3.2 Modeling Interactions as a Game 223

8.3.3 Stochastic Game Model 224

8.4 Defining and Solving the Game 225

8.5 Tuning the Game Parameters 230

8.5.1 One Possible Attack Action 231

8.5.2 Two Possible Attack Actions 233

8.5.3 Attacker Profiling 235

8.6 Case Study: DNS Service 236

8.6.1 Stochastic Model 237

8.6.2 Stochastic Game 237

by Jeannette M Wing, Carnegie Mellon University, USA

9.1 Introduction 247

9.2 Algorithms for Generating Scenario Graphs 248

9.2.1 Symbolic Algorithm 248

9.2.2 Explicit-State Algorithm 250

9.3 Attack Graphs are Scenario Graphs 251

9.4 Network Attack Graphs 253

9.4.1 Network Attack Model 253

9.4.2 Network Components 254

9.5 Example Network 257

9.5.1 Example Network Components 259

9.5.2 Sample Attack Graphs 264

9.6 Attack Graph Analysis 266

9.6.1 Single Action Removal 267

9.6.2 Critical Action Set Minimization 267

by Lingyu Wang, Concordia University, Canada, and Sushil Jajodia, George Mason University, USA

10.1 Introduction 279

10.2 Review of Alert Correlation and Related Techniques 282

10.3 Attack Graph 284

10.4 Alert Correlation, Hypothesis, Prediction, and Aggregation 287

10.4.1 Alert Correlation in Offline Applications 287

10.4.2 Vulnerability-Centric Alert Correlation 289

10.4.3 Alert Hypothesis and Prediction 292

10.4.4 Alert Aggregation 296

10.4.5 Empirical Results 298

10.5 Conclusion 300

10.6 Acknowledgments 300 References 301

Part III: Design and Architectural Issues for Secure and Dependable

by Arun K Somani and Tao Wu, Iowa State University, USA

11.1 Introduction 307

11.1.1 Security Problems in All-Optical Networks 308

11.1.2 Possible Attacks 308

11.1.3 All-Optical Network Attack Types 309

11.1.4 Issues in Crosstalk Attack Diagnostic Algorithms 310

11.2 Crosstalk Attack Features and Monitoring Techniques 311

11.2.1 Crosstalk Attack Features 311

11.2.2 Security Consideration 312

11.2.3 Overview of Current Monitoring Methods 313

11.3 Node, Attack, and Monitor Models 315

11.3.1 Node Model 315

11.3.2 Crosstalk Attack Model 315

11.3.3 Monitor Node Model 318

11.4 Necessary and Sufficient Conditions for Crosstalk Attack Detection 320

11.4.1 Single Crosstalk Attack in a Network 320

11.4.2 Monitoring Relationship 320

11.5 One-crosstalk Attack Diagnosable Conditions 325

11.5.1 Detecting the Status of a Connection under One–Original Attack FlowConditions 327

11.5.2 Computational Complexity 329

xix

11.6 k-Crosstalk Attacks in the Network 329

11.6.1 k-Crosstalk Attack Diagnosable Condition 330

11.6.2 Detecting Global Status of Connections 334

11.6.3 Computational Complexity 335

11.7 Sparse Monitoring and Routing Algorithms 336

11.7.1 Sparse Monitoring, Test Connection, and Routing for a Single OriginalAttack Flow Policy I 336

11.7.2 Examples 337

11.7.3 Sparse Monitoring, Test Connection, and Routing Policy II 338

11.7.4 Connection Routing Algorithm in One–Original Attack FlowNetworks 340

by Andréas Johansson and Neeraj Suri, Technische Universität

12.6 Presentation and Interpretation of Results 365

12.7 Conclusion 369 References 370

by Bingrui Foo, Matthew W Glause, Gaspar M Howard, Yu-Sung Wu, Saurabh Bagchi, and Eugene H Spafford, Purdue University, USA

13.1 Introduction 377

13.2 Static Decision-making Systems 381

13.2.1 Generic Authorization and Access Control—Application ProgrammingInterface 381

13.2.2 Snort Inline 384

13.2.3 McAfee Internet Security Suite 385

13.2.4 Other Systems 386

13.3 Dynamic Decision-making Systems 387

13.3.1 Broad Research Issues 387

13.3.2 Adepts 388

13.3.3 ALPHATECH Light Autonomic Defense System 390

13.3.4 Cooperating Security Managers and Adaptive, Agent-BasedIntrusion Response Systems 392

13.3.5 Emerald 394

13.3.6 Other Dynamic Intrusion Response Systems 396

13.4 Intrusion Tolerance through Diverse Replicas 397

13.4.1 Broad Research Issues 398

13.4.2 Building Survivable Services Using Redundancy and Adaptation 398

13.4.3 Scalable Intrusion-Tolerant Architecture 399

13.4.4 Survival by Defense Enabling 400

13.4.5 Implementing Trustworthy Services Using Replicated StateMachines 401

13.4.6 Distributing Trust on the Internet 402

13.5 Responses to Specific Kinds of Attacks 403

13.5.1 Primitives for Responding to DDoS 404

13.5.2 CITRA 404

13.5.3 Cooperative Counter-DDoS Entity 406

13.6 Benchmarking Intrusion Response Systems 407

13.7 Thoughts on Evolution of IRS Technology 410

14.3 Components of a Resilient Network Architecture 423

14.4 Threats and Countermeasures in Link-State Routing 424

14.4.1 Link-State Routing Model and Threat Model 424

14.4.2 Preventive Cryptographic Countermeasures against Attacks 428

14.5 Resilient Architecture: Virtualization and Routing 435

14.5.1 An Enabling Framework for Adaptive and Secure VirtualizedNetworking 435

14.5.2 Routing Protocol Extension: OSPF-E 440

14.5.3 Network Analysis: Preliminary Results 444

14.6 Conclusion 446

References 446

14.A Secure Group Communication 449

14.A.1 Using One-Way Function Chain to Build Key Chain 449

14.A.2 Key Distribution 451

14.A.3 Key Agreement Protocol 454

14.A.4 Assessment 456

by Yi Qian, University of Puerto Rico at Mayaguez, Puerto Rico, and Prashant Krishnamurthy and David Tipper, University of Pittsburgh, USA

15.1 Introduction 459

15.2 Background 460

15.3 Current Security Approaches in Wireless Networks 463

15.4 Current Survivability Approaches in Wireless Networks 465

15.5 Framework for Wireless Network Survivability and Security 467

15.6 Interaction between Survivability and Security in Wireless Networks 470

15.6.1 Extending the Framework to Include Interactions between Security andSurvivability 472

15.6.2 Case Study I: Idle Handoffs 475

15.6.3 Case Study II: Key Management in Heterogeneous Sensor Networks 476

15.7 Conclusion 484 References 485

by Ehab Al-Shaer, DePaul University, USA, and Yan Chen, Northwestern University, USA

16.1 Introduction 489

16.2 Active Integrated Fault Identification Framework 490

16.2.1 Background 490

16.2.2 Related Work 491

16.2.3 Challenges and Problem Formalization 492

16.2.4 Integrated Fault Intrusion Reasoning 495

WHY THIS BOOK IS NEEDED

About five years back, we initiated an information assurance program at the versity of Pittsburgh under the flagship of Laboratory of Education and Research

Uni-in Information Assurance Education (LERSAIS), which was created for thatpurpose We had to often explore and discuss issues related to security, depend-ability, survivability, etc., with respect to what could be accommodated within thearea of IA, while planning for (a) the curricular content that aligns with theNational Security Agency’s center of excellence in information assurance educa-tion (CAEIAE) program and it’s Committee on National Security Systems (CNSS)information assurance (IA) standards (now considered the US national IA educa-tion standards), and (b) the long term research agenda for LERRSAIS Comingfrom different research background including that of security, dependability andothers, we often found it difficult to reconcile the different perspectives related to

the notion of IA and more specifically that of assurance which roughly appears to have brought together the notion of integrating security and dependability aspects of

networked information systems We realized that there is no well established

def-inition of assurance, and more importantly, there is a lack of interaction between

the security and the dependability communities At the same time, our interest inresearch related to integrated approach to addressing security and dependabilityaspects grew and we were convinced that such an approach would help generatemore wholesome solutions to trustworthy and high assurance systems

With the rapid developments in information technologies (IT) over last severalyears, our global society has embarked in a path where we are critically depen-dent on IT infrastructures Infrastructural failures, cyber attacks and cyberwarsare now looming realities that can have catastrophic effects on the global societyand each individual’s life With the growing complexity and interconnectedness

of information systems, even simple disruptive event can have dire consequences

Securing and ensuring the dependability of such IT environment is a growingchallenge and there is a critical need for pragmatic solutions that can accom-modate known and unknown disruptive events and enable systems to adopt andsurvive any type of disruptions We are convinced that only through the involve-ment of both the dependability and security communities can such a singular goal

of developing highly assured, survivable information systems can be achieved.While there have been some efforts towards this direction, it has not been verysuccessful We planned this book with a hope to generate the needed momentumthat matches the criticality of this need

ACKNOWLEDGMENTS

We are sincerely indebted to the contributors of this book for their support anddiligent work, without which this book would not have been possible We expressour deep appreciation for their understanding and bearing with our organiza-tional weaknesses We would like to thank the reviewers of proposal for this bookfor their comments and suggestions In particular, we were highly motivated bytheir support for the view that “interaction” aspect of our goal for the book is acrucial component; their “cautionary note” with regards to the challenge of appro-priately hitting the “interaction” note helped us take extra measure to ensure that

we achieve that goal We hope that we have done that

We express our thanks to the staff of Elsevier Inc for their support for thisundertaking In particular, we would like to thank Rick Adams, Senior Acquisi-tions Editor at Elsevier, for all the support and guidance, as well as for providing

We believe that we (the authors and the editors) have given our best to ensurethe readability, completeness and accuracy of each chapter However, it is possiblethat some errors and omissions may still have remained undetected We appreci-ate any feedback intended to correct such errors And finally, we believe manymore chapters could have been relevant for our book, however, we had to remainwithin the constraints of the publication process.

Ehab Al-Shaer is an associate professor and the director of the Multimedia Networking

Research Lab (MNLAB) in the School of Computer Science, Telecommunications,and Information Systems at DePaul University, Chicago, IL since 1998 His primaryresearch areas are network security, Internet monitoring, fault management, and mul-timedia protocols He is coeditor of a number of books in the area of multimedia man-agement and end-to-end monitoring Professor Al-Shaer was also the program cochairfor IEEE Integrated Management (IM), 2007, Management of Multimedia Networksand Services (MMNS), 2001, and End-to-End Monitoring (E2EMON), 2003–2005

Professor Al-Shaer was a guest editor for number of journals, including Journal of Speed Networking and Journal of Computer Communications He has served as TPC member,

High-workshop chair, session chair, and tutorial presenter for many IEEE/ACM/IFIP ferences, including INFOCOM, ICNP, IM, NOMS, DOSM, MMNS, and others Hereceived Best Paper Awards in IM’03 and MMNS’04, and fellowship awards from NASAand USENIX in 1997 and 1992, respectively

con-Saurabh Bagchi is an assistant professor in the School of Electrical and Computer

Engi-neering at Purdue University, West Lafayette, IN He is a faculty fellow of the CyberCenter and has a courtesy appointment in the Department of Computer Science atPurdue University

He received his M.S and Ph.D degrees from the University of Illinois at Urbana–Champaign in 1998 and 2001, respectively At Purdue, he leads the DependableComputing Systems Lab (DCSL) where he and a set of wildly enthusiastic studentstry to make and break distributed systems for the good of the world His work issupported by NSF, Indiana 21st Century Research and Technology Fund, Avaya,and Purdue Research Foundation, with equipment grants from Intel and Motorola.His papers have been runner up for the best paper in HPDC (2006), DSN (2005),and MTTS (2005) He has been an Organizing Committee member and ProgramCommittee member for the Dependable Systems and Networks Conference (DSN)and the Symposium on Reliable Distributed Systems (SRDS)

Elisa Bertino is professor of Computer Sciences and Electrical and Computer Engineering

at Purdue University, West Lafayette, IN, and serves as research director of the ter for Education and Research in Information Assurance and Security (CERIAS).Previously, she was a faculty member at the Department of Computer Science andCommunication of the University of Milan where she directed the DB&SEC lab-oratory She has been a visiting researcher at the IBM Research Laboratory (nowAlmaden) in San Jose, CA, Microelectronics and Computer Technology Corporation

Cen-at Rutgers University, and Telcordia Technologies Her main research interests includesecurity, privacy, digital identity management systems, database systems, distributedsystems, and multimedia systems In those areas, Professor Bertino has publishedmore than 250 papers in all major refereed journals and in proceedings of interna-

tional conferences and symposia She is coauthor of the books Object-Oriented Database Systems: Concepts and Architectures (Boston: Addison-Wesley International, 1993), Index- ing Techniques for Advanced Database Systems (New York: Kluwer Academic Publishers, 1997), Intelligent Database Systems (Boston: Addison-Wesley International, 2001), and Security for Web Services and Service Oriented Architectures (New York: Springer, 2007,

in press) She is a coeditor-in-chief of the Very Large Database Systems (VLDB)

jour-nal She serves also on the editorial boards of several scientific journals, including

IEEE Internet Computing, IEEE Security & Privacy, ACM Transactions on Information and System Security, ACM Transactions on Web, Acta Informatica, Parallel and Distributed Database Journal, Journal of Computer Security, Data & Knowledge Engineering, and Sci- ence of Computer Programming She has been consultant to several companies on data

management systems and applications and has given several courses to industries.She has served as A Program Committee member of several international confer-ences, such as ACM SIGMOD, VLDB, ACM OOPSLA, as program cochair of the

1998 IEEE International Conference on Data Engineering (ICDE), and as gram chair of the 2000 European Conference on Object-Oriented Programming(ECOOP 2000), the 7th ACM Symposium of Access Control Models and Tech-nologies (SACMAT 2002), the EDBT 2004 Conference, and the IEEE Policy 2007Workshop Her research has been sponsored by several organizations and compa-nies, including the USA National Science Foundation, the U.S Air Force Office forSponsored Research, the I3P Consortium, the European Union (under the fifth andsixth IST research programs), IBM, Microsoft, and the Italian Telecom She is a fel-low member of IEEE and ACM and has been named a Golden Core Member forher service to the IEEE Computer Society She received the 2002 IEEE ComputerSociety Technical Achievement Award “for outstanding contributions to databasesystems and database security and advanced data management systems,” and the

pro-2005 IEEE Computer Society Tsutomu Kanai Award “for pioneering and innovativeresearch contributions to secure distributed systems.”

Peter Bertok is an academic staff member at the School of Computer Science, Royal

Mel-bourne Institute of Technology, Australia He received his Ph.D from the University

of Tokyo, Japan, and master’s degree from the Technical University of Budapest,Hungary He has authored more than 80 refereed publications His main researchareas are networked and distributed computing, web services, and computer security

Yan Chen is an assistant professor and the director of the Lab for Internet and

Secu-rity Technology (LIST) in the Department of Electrical Engineering and Computer

xxix

Science at Northwestern University, Evanston, IL He got his Ph.D in computer science

at the University of California at Berkeley in 2003 His research interests includenetwork security, network measurement and monitoring, and wireless networks Pro-fessor Chen is the organization and TPC cochair for the 15th IEEE InternationalWorkshop on Quality of Service (IWQoS), 2007 He also served on the Techni-cal Program Committee of several major networking conferences, including ACMMobiCom, IEEE INFOCOM, IEEE ICNP, IEEE ICDCS, etc Professor Chen won theDepartment of Energy Early CAREER award in 2005, the U.S Air Force of ScientificResearch (AFOSR) Young Investigator Award in 2007, and the Microsoft TrustworthyComputing Awards in 2004 and 2005 with his colleagues

Jason Crampton is a reader in information security in the Information Security Group

at Royal Holloway, University of London, U.K His primary research interests are

in role-based access control, particularly focusing on the use of mathematical malisms to study administration and separation of duty He is also interested in theuse of cryptographic mechanisms for access control He has served on a number ofprogram committees, including the ACM Symposium on Access Control Models andTechnologies in 2006 and 2007, the European Symposium on Research in ComputerSecurity in 2006, and the 21st Annual IFIP WG 11.3 Working Conference on Data andApplications Security He has recently received grants from the Engineering and Phys-ical Sciences Research Council (U.K ) and Microsoft Research He is also a researchassociate at Birkbeck, University of London

for-S Dharmaraja received Ph.D in mathematics from Indian Institute of Technology Madras,

India, in 1999 and is currently working at the Indian Institute of Technology Delhi,India Before joining this institute, he was a postdoctoral fellow at the Department

of Electrical and Computer Engineering, Duke University, Durham, NC, and thenwas a research associate at TRLabs, Winnipeg, Canada His current research inter-ests include queuing theory, Markov modeling, and performance issues of wirelessnetworks and dependability analysis of communication systems His work has beenpublished in several international journals and conference proceedings

John Doucette completed a B.Sc in mathematics from Dalhousie University, Halifax, Nova

Scotia, in 1992, a B.Eng in industrial engineering from the Technical University ofNova Scotia (TUNS, now Dalhousie University), Halifax, in 1996, and a Ph.D in electri-cal and computer Engineering from the University of Alberta, Edmonton, Canada, in

2004 He is currently an assistant professor of engineering management in the ment of Mechanical Engineering at the University of Alberta, where he conductsresearch in network restoration and protection, network reliability and availability,network design and optimization, and eHealth networks He also holds an AdjunctScientist appointment at TRLabs, Edmonton, Alberta, where he conducts part ofhis research program Prior to his current positions, he held staff research scientistand research engineer positions at TRLabs from 2000–2005, was an instructor in theDepartment of Electrical and Computer Engineering at the University of Alberta from1998–2001, and was an industrial engineer at Syncrude Canada Ltd., Fort McMur-ray, Alberta, from 1996–1997 In 2000 and in 2001, he was one of three finalists forthe Alberta Science and Technology (ASTech) Leaders of Tomorrow Award He hasauthored or coauthored over 20 peer-reviewed journal and conference publications

Depart-and approximately 20 technical reports, Depart-and is coinventor of four patents granted orpending.

Bingrui Foo is a Ph.D student in the School of Electrical and Computer Engineering at

Pur-due University in West Lafayette, IN Presently, he is involved in two research projects.The first is in the field of network security, specifically the design of intrusion-tolerantsystems and automated response mechanisms The second is in the field of statisticalmodeling, consisting of extending mixture models by adding hierarchal structure toimages and videos His papers have appeared in DSN and ACSAC

Bjarne E Helvik received his Siv.ing degree (M.Sc in technology) from the

Norwe-gian Institute of Technology (NTH), Trondheim, Norway in 1975 He was awardedthe degree Dr Techn from NTH in 1982 Since 1997, he has been professor inthe Department of Telematics at the Norwegian University of Science and Tech-nology (NTNU) He is principal academic at the Norwegian Centre of Excellence(CoE) for Quantifiable Quality of Service in Communication Systems (Q2S) Hehas previously held various positions at ELAB and SINTEF Telecom and Infor-matics In the period of 1988–1997 he was appointed as adjunct professor at theDepartment of Computer Engineering and Telematics at NTH His field of inter-ests includes QoS, dependability modeling, measurements, analysis and simulation,fault-tolerant computing systems and survivable networks, as well as related com-munication system architectural issues His current research focus is on distributed,autonomous, and adaptive fault management in telecommunication systems, net-works, and services Professor Helvik has been active in RACE, ACTS, IST, andEURESCOM collaborations, and in a number of program committees, among themcommittees for the International Symposium on Fault-Tolerant Computing (FTCS),the European Dependable Computing Conferences (EDCC), the ITC SpecialistSeminars, the International Teletraffic Congress (ITC), GlobeCom, and the Inter-national Conference on Dependable Systems and Networks (DSN), and recentlyco-chaired the EURO-NGI 2007 conference on Next-Generation Internet Networks

He has authored/coauthored a number of research papers and textbooks

Jianku Hu is a senior lecturer at the School of Computer Science and IT, RMIT

University, Australia He has obtained his bachelor’s degree in industrial tion in 1983 from Hunan University P.R China; Ph.D degree in engineering in

automa-1993 from the Harbin Institute of Technology, P.R China; and a master’s degree

of research in computer science and software engineering from Monash sity, Australia, in 2000 He was a research fellow of the Alexander von Hum-boldt Foundation at the Department of Electrical and Electronic Engineering,Ruhr University, Germany, during 1995–1997 He worked as a research fellow

Univer-in the Department of Electrical and Electronic EngUniver-ineerUniver-ing, Delft University ofTechnology, The Netherlands, in 1997 Before he moved to the RMIT Univer-sity, Australia, he was a research fellow in the Department of Electrical and

xxxi

Electronic Engineering, the University of Melbourne, Australia His major researchinterest is in computer networking and computer security Dr Hu has about 80referred publications, including top IEEE transactions Dr Hu has been listed

in MARQUIS Who’s Who in Science and Engineering More details can be found at

http://goanna.cs.rmit.edu.au/∼jiankun/.

Dijang Huang is an assistant professor at the Department of Computer Science and

Engi-neering in the School of Computing Informatics, Arizona State University, Tempe,

AZ since 2005 His primary research areas are computer networking, network cols and mobility simulation, security and privacy, key management, authenticationprotocol, attack analysis, privacy preserving, and attack-resilient network design

proto-Bjorn Jager is an associate professor in informatics in the Department of Economics,

Infor-matics, and Social Science at Molde University College in Norway Prior to joiningMolde University in 1993 he was a group leader in Department of TelecommunicationManagement Networks at ABB Nera, Norway He received an M.S degree in nuclearphysics, and a Ph.D degree in informatics from the University of Bergen, Norway Hewas the head of the Department of Informatics, Molde University College, from 2004–

2005 His current research interests are traffic restoration, reliable distributed systems,and virtualization in value chains and clusters He was a visiting researcher at the Cen-tre of Excellence: Centre of Quantifiable and Quality of Service in CommunicationSystems, Trondheim, Norway, in summer 2004 Professor Jager’s research has beensupported by several grants from the Norwegian Research Council, the University ofBergen, the Norwegian Centre for International Cooperation in Higher Education,and other government and corporate sources

Sushil Jajodia is university professor, BDM International Professor of Information

Technol-ogy, and the director of Center for Secure Information Systems at the George MasonUniversity, Fairfax, VA His research interests include information security, temporaldatabases, and replicated databases He has authored 6 books, edited 27 books andconference proceedings, and published more than 300 technical papers in the ref-ereed journals and conference proceedings He received the 1996 Kristian Beckmanaward from IFIP TC 11 for his contributions to the discipline of information security,and the 2000 Outstanding Research Faculty Award from GMU’s School of InformationTechnology and Engineering He has served in different capacities for various journals

and conferences He is the founding editor-in-chief of the Journal of Computer Security and is on the editorial boards of IEE Proceedings on Information Security, International Jour- nal of Cooperative Information Systems, and International Journal of Information and Computer Security More information can be found at http://csis.gmu.edu/faculty/jajodia.html.

Vaneeta Jindal received her M.Sc in mathematics from the Indian Institute of Technology

Delhi, India, in 2003 She is currently a Ph.D student in the Department of ics at the Indian Institute of Technology Delhi, India Her research interests includequeuing theory, Markov modeling, and performance issues of wireless networks anddependability analysis of communication systems

Mathemat-Andr´eas Johansson received his M.Sc in Computer Engineering from Chalmers,

Gothen-burg, Sweden He is currently a Ph.D student at the Technical University in Darmstadt,Germany His research primarily targets issues of error propagation and impact

in Operating Systems This entails development of quantifiable and repeatable

experimental fault injection technologies, focusing on errors in device drivers Otherresearch interests include software fault tolerance, failure analysis, dependabilitybenchmarking and threat modeling.

James Joshi is an assistant professor in the School of Information Sciences at the University

of Pittsburgh, PA He is a cofounder and the director of the Laboratory of tion and Research on Security Assured Information Systems (LERSAIS) At Pitt, heteaches several information assurance (IA) courses and coordinates the IA program.His research interests include access control models, security and privacy of distributedmultimedia systems, trust management, and information survivability His researchhas been supported by the National Science Foundation and he is a recipient of theNSF-CAREER award in 2006 He received his M.S degree in computer science and

Educa-a Ph.D degree in electricEduca-al Educa-and computer engineering from Purdue University, WestLafayette, IN, in 1998 and 2003, respectively

Svein J Knapskog received his Siv.ing degree (M.S.E.E.) from the Norwegian Institute

of Technology (NTH), Trondheim, Norway, in 1972 Since 2001, he has been fessor in the Department of Telematics at the Norwegian University of Science andTechnology (NTNU) He is presently principal academic at the Norwegian Centre

pro-of Excellence (CoE) for Quantifiable Quality pro-of Service in Communication Systems(Q2S) He has previously held various positions in the Norwegian public sector, SIN-TEF, and industry From 1982–2000, he was associate professor in the Department

of Computer Science and Telematics at NTH (later NTNU), where he also served athree-year term as head of the department In the academic year 2005–2006 he hasbeen acting head of the Department of Telematics His field of interests include infor-mation security and QoS as well as related communication system architectural issues.His current research focus is on information security primitives, protocols, and services

in distributed autonomous telecommunication systems and networks, and securityevaluation thereof

Professor Knapskog has been active in a number of conference program tees and has authored/coauthored a number of technical reports, research papers,and a textbook (in Norwegian)

commit-Axel Krings is a professor of computer science at the University of Idaho, Moscow, ID.

He received his Ph.D (1993) and M.S (1991) degrees in computer science from theUniversity of Nebraska–Lincoln, and his M.S (1982) in electrical engineering fromthe FH-Aachen, Germany Dr Krings has published extensively in the area of computerand network survivability, security, fault tolerance, and real-time scheduling He hasorganized and chaired conference tracks in the area of system survivability and hasbeen on numerous conference program committees In 2004/2005 he was a visitingprofessor at the Institut d’Informatique et Math´ematiques Appliqu´ees de Grenoble, atthe Institut National Polytechnique de Grenoble, France His work has been funded

by DoE/INL, DoT/NIATT, DoD/OST, and NIST His current research in survivability

of ad hoc networks is funded by the Idaho National Laboratory

Prashant Krishnamurthy is an associate professor with the Graduate Program in

Telecom-munications and Networking at the University of Pittsburgh, PA At Pitt, he regularlyteaches courses on wireless communication systems and networks, cryptography, andnetwork security His research interests are wireless network security, wireless data net-works, position location in indoor wireless networks, and radio channel modeling for

xxxiii

indoor wireless networks He has had funding for his research from the National ence Foundation and the National Institute of Standards and Technology He is the

Sci-coauthor of the books Principles of Wireless Networks: A Unified Approach and Physical Layer

of Communication Systems (Prentice Hall; 1st edition, December 11, 2001) He served as

the chair of the IEEE Communications Society, Pittsburgh Chapter, from 2000–2005

He obtained his Ph.D in 1999 from Worcester Polytechnic Institute, Worcester, MA

Deep Medhi is professor of computer networking in the Computer Science and Electrical

Engineering Department at the University of Missouri–Kansas City Prior to joiningUMKC in 1989, he was a member of the technical staff in the traffic network rout-ing and design department at the AT&T Bell Laboratories He was an invited visitingprofessor at the Technical University of Denmark and a visiting research fellow at theLund University, Sweden He is currently a Fulbright Senior Specialist He serves as

a senior technical editor of the Journal of Network & Systems Management, and is on the editorial board of Computer Networks, Telecommunication Systems, and IEEE Commu- nications Magazine He has served on the technical program committees of numerous

conferences including IEEE INFOCOM, IEEE NOMS, IEEE IM, ITC, and DRCN Hisresearch interests are resilient multilayer networks architecture and design; dynamicquality-of-service routing; Internet routing protocols; network design, optimization,management, performance, and security; and next-generation Internet architecture.His research grants have been funded by DARPA, NSF, Doris Duke Charitable Foun-dation, and various industries He has published more than 70 peer-reviewed papers,

and is coauthor of the books Routing, Flow, and Capacity Design in Communication and Computer Networks (San Francisco: Morgan Kaufmann, 2004) and Network Routing: Algorithms, Protocols, and Architectures (San Francisco: Morgan Kaufmann, 2007) He

received a B.Sc (Hons.) in mathematics from Cotton College, Gauhati University,India, an M.Sc in Mathematics from the University of Delhi, India, and an M.S andPh.D in computer sciences from the University of Wisconsin–Madison

Gaspar Modelo-Howard is a Ph.D student in the Department of Electrical and Computer

Engineering and a member of the Center for Education and Research in InformationAssurance and Security (CERIAS) at Purdue University, West Lafayette, IN He came

to Purdue after spending seven years as an information security officer for the PanamaCanal Authority and five years as a college professor for network security courses Hiscurrent research interests include machine-learning techniques for intrusion responseand the convergence between security and dependability He has an M.S in infor-mation security from Royal Holloway, University of London, and a B.S in electricalengineering from Universidad Tecnol´ogica de Panam´a

Yi Qian is an assistant professor in the Department of Electrical and Computer

Enginee-ring, University of Puerto Rico at Mayaguez At UPRM, Dr Qian regularly teachescourses on wireless networks, network design, network management, and net-work performance analysis Prior to joining UPRM in July 2003, he worked as atechnical advisor and senior consultant for several start-up companies and con-sulting firms in the areas of voiceover IP, fiber-optical switching, Internet packetvideo, network optimizations, and network planning He has also worked as asenior member of scientific staff and a technical advisor for the Wireless Sys-tems Engineering Department, Nortel Networks in Richardson, TX Professor Qian

received a Ph.D degree in electrical engineering with a concentration in munication networks from Clemson University, Clemson, South Carolina His cur-rent research interests include information assurance, network security, networkdesign, network modeling, simulations and performance analysis for next-generationwireless networks, wireless sensor networks, broadband satellite networks, opticalnetworks, high-speed networks, and the Internet He has publications and patents inall these areas He has been on numerous conference technical committees, includ-ing serving as the general chair of the International Symposium on Wireless PervasiveComputing, 2007, the technical program cochair of the IEEE GLOBECOM 2006 Sym-posium on Wireless Communications and Networking, and the technical programcochair of the Workshop on Information Assurance, 2006 and 2007 Dr Qian is amember of Sigma Xi, ACM, IEICE, and a senior member of IEEE.

telecom-Karin Sallhammar received her Civ.ing degree (M.S.) in media technology and

engineer-ing from the Link¨opengineer-ing University, Sweden, in 2003 She is currently a Ph.D candidate

in the Department of Telematics at the Norwegian University of Science and nology (NTNU), and is associated with the Norwegian Centre of Excellence (CoE)for Quantifiable Quality of Service in Communication Systems (Q2S) Her field ofinterests include information security primitives and protocols, network monitoringand intrusion detection, as well as dependability modeling and analysis Her currentresearch focus is on stochastic models for security and dependability evaluation

Tech-Arun K Somani is currently the Anson Marston Distinguished Professor at Iowa State

Uni-versity, Jerry R Junkins Endowed Chair Professor, and chair of electrical and computerengineering He earned his M.S.E.E and Ph.D degrees in electrical engineering fromthe McGill University, Montreal, Canada, in 1983 and 1985, respectively He worked

as scientific officer for the government of India, New Delhi, from 1974–1982 and as

a faculty member in the electrical engineering and computer science and ing departments at the University of Washington, Seattle, from 1985–1997 ProfessorSomani’s research interests are in the area of fault-tolerant computing, computerinterconnection networks, WDM-based optical networking, and reconfigurable andparallel computer system architecture He has taught courses in these areas and pub-lished more than 250 technical papers, several book chapters, and has supervisedmore than 60 master’s and more than 25 Ph.D students He is the chief archi-tect of an anti-submarine warfare system (developed for the Indian navy), Meshkinfault-tolerant computer system architecture (developed for the Boeing Company),and architected, designed, and implemented a 46-node multicomputer cluster-basedsystem, Proteus, using a large grain message-passing model with separate data (fiber-optic) and control (electronic) planes during 1990–1992 His current research is

engineer-in developengineer-ing scalable architectures and algorithms to manage, control, and deliverdependable service efficiently for network employing optical fiber technology, wave-length division multiplexing, wavelength conversion, wavelength sharing, trafficgrooming, access network design, and fault and attack management (FAM) in opticalnetworking He has served on several leadership roles in IEEE conference organiza-tions, as IEEE distinguished visitor, and as IEEE distinguished tutorial speaker He hasdelivered several keynote speeches, tutorials, and distinguished and invited talks allover the world He has been elected a fellow of IEEE for his contributions to theory

xxxv

and applications of computer networks He was awarded the Distinguished Scientistmember grade of ACM in 2006

Eugene H Spafford is one of the most senior and recognized leaders in the field of

computing He has an on-going record of accomplishments as a senior advisor andconsultant on issues of security, education, cyber crime, and computing policy to

a number of major companies, law enforcement organizations, and academic andgovernment agencies, including Microsoft, Intel, Unisys, the U.S Air Force, theNational Security Agency, the GAO, the Federal Bureau of Investigation, the NationalScience Foundation, the Department of Energy, and for two presidents of the UnitedStates With nearly three decades of experience as a researcher and instructor, Dr.Spafford has worked in software engineering, reliable distributed computing, hostand network security, digital forensics, computing policy, and computing curriculumdesign He is responsible for a number of “firsts” in several of these areas Dr Spafford

is a professor with a joint appointment in computer science and electrical and puter engineering at Purdue University, West Lafayette, IN, where he has served onthe faculty since 1987 He is also a professor of philosophy (courtesy) and a professor

com-of communication (courtesy) He is the executive director com-of the Purdue UniversityCenter for Education and Research in Information Assurance and Security (CERIAS)

As of 2007, Dr Spafford is also an adjunct professor of computer science at the sity of Texas at San Antonio, and is executive director of the Advisory Board of the newInstitute for Information Assurance there Dr Spafford serves on a number of advisoryand editorial boards, and has been honored several times for his writing, research, andteaching on issues of security and ethics

Univer-Neeraj Suri received his Ph.D from the University of Massachusetts at Amherst He

currently holds the TU Darmstadt Chair Professorship in “Dependable EmbeddedSystems and Software” at TU Darmstadt, Germany His earlier academic appoint-ments include the Saab Endowed Professorship and faculty at Boston University Hisresearch interests span design, analysis and assessment of dependable and secure sys-tems/software His group’s research activities have garnered support from DARPA,NSF, ONR, EC, NASA, Boeing, Microsoft, Intel, Saab among others He is also arecipient of the NSF CAREER award He serves as an editor for IEEE Trans onDependable and Secure Computing, IEEE Trans on Software Engineering, ACMComputing Surveys, Intl Journal on Security & Networks, and has been an editorfor IEEE Trans on Parallel and Distributed Systems He is a member of IFIP WG10.4 on Dependability, and a member of Microsoft’s Trustworthy Computing Aca-demic Advisory Board More professional and publication details are available at:http://www.deeds.informatik.tu-darmstadt.de/suri

Zahir Tari is a full professor at RMIT University, Australia He is the director of the

DSN (Distributed Systems and Networking) discipline at the School of ComputerScience and IT at RMIT His main areas of expertise are on performance, reliabil-ity, and mobility Professor Tari has published in reputable conferences and journals,

such as ACM/IEEE Transactions He also acted as the program committee chair as

well as general chair of more than 20 international conferences (e.g., DOA, CoopIS,ODBASE, GADA, and IFIP DS 11.3 on Database Security) Professor Tari is thecoauthor of a few books More details about him and his team can be found athttp://www.cs.rmit.edu.au/eCDS

David Tipper is an associate professor of telecommunications, with a secondary

appoint-ment in electrical engineering, at the University of Pittsburgh, PA Prior to joining Pitt

in 1994, he was an associate professor of electrical and computer engineering at son University He is a graduate of the University of Arizona and Virginia Tech Hiscurrent research interests are network design and traffic restoration proceduresfor survivable networks, infrastructure protection, network control techniques, andperformance analysis Professor Tipper’s research has been supported by grants fromvarious government and corporate sources, such as NSF, DARPA, NIST, AT&T, andIBM He is a senior member of IEEE He served as the coguest editor of the specialissue on “Designing and Managing Optical Networks and Services for High Reliabil-

Clem-ity,” Journal of Network and Systems Management, March 2005, and the special issue on

“Fault Management in Communication Networks,” Journal of Network and Systems agement, June 1997 He was technical program chair of the Fourth International IEEE

Man-Design of Reliable Communication Networks Workshop He is the coauthor of the

textbook The Physical Layer of Communication Systems (Artech House, 2006) He can be

reached at tipper@mail.sis.pitt.edu

Kishor Trivedi holds the Hudson Chair in the Department of Electrical and Computer

Engineering at Duke University, Durham, NC He has been on the Duke faculty since

1975 He is the author of the well-known text Probability and Statistics with Reliability, Queuing and Computer Science Applications (Englewood Cliffs, NJ: Prentice-Hall), this

text was reprinted as an Indian edition, and a thoroughly revised second edition(including its Indian edition) was published by John Wiley, New York He has also pub-

lished two other books entitled Performance and Reliability Analysis of Computer Systems (New York: Kluwer Academic Publishers,) and Queuing Networks and Markov Chains

(New York: John Wiley) He is a fellow of the Institute of Electrical and ElectronicsEngineers and a Golden Core Member of IEEE Computer Society During a sabbaticalyear 2002–2003, he was the Poonam and Prabhu Goel Professor in the Department ofComputer Science and Engineering at IIT Kanpur while at the same time he was a Ful-bright Visiting Lecturer to India He has published over 350 articles and has supervised

39 Ph.D dissertations He is on the editorial boards of IEEE Transactions on Dependable and Secure Computing, Journal of Risk and Reliability, International Journal of Performability Engineering, and International Journal of Quality and Safety Engineering.

Lingyu Wang joined the Concordia Institute for Information Systems Engineering as an

assistant professor in 2006 He received a Ph.D in 2006 in information technologyfrom George Mason University, Fairfax, VA From 2000–2006, he worked as a researchassistant in the Center for Secure Information Systems at George Mason University.His specific area of research interest is in information security and electronic privacy.His areas of expertise include database security, data privacy, access control, networksecurity, intrusion detection, and vulnerability analysis Dr Wang has published in topjournals, conferences, and workshops in these areas

Jeannette M Wing is the President’s professor of computer science and the head of the

Computer Science Department at Carnegie Mellon University, Pittsburgh, PA StartingJuly 1, 2007, she will head the Computer and Information Science and EngineeringDirectorate at the National Science Foundation Professor Wing’s general researchinterests are in the areas of specification and verification, concurrent and distributedsystems, and programming languages Her current focus is on the foundations of

xxxvii

trustworthy computing Professor Wing has been a member of many advisory boards,including the Networking and Information Technology (NITRD) Technical AdvisoryGroup to the President’s Council of Advisors on Science and Technology (PCAST), theNational Academies of Sciences’ Computer Science and Telecommunications Board,the ACM Council, the DARPA Information Science and Technology (ISAT) Board,NSF’s CISE Advisory Board, Microsoft’s Trustworthy Computing Academic AdvisoryBoard, and the Intel Research Pittsburgh’s Advisory Board She was or is on the edito-rial board of ten journals She is a member of AAAS, ACM, IEEE, Sigma Xi, Phi BetaKappa, Tau Beta Pi, and Eta Kappa Nu Professor Wing is an ACM fellow and an IEEEfellow

Tao Wu

Dependable Computing and Networking LabDepartment of Electrical and Computer EngineeringIowa State University

Yu-Sung Wu is a Ph.D student in the School of Electrical and Computer Engineering

at Purdue University, West Lafayette, IN, since 2004 His primary research areas areinformation security and fault tolerance in computer systems He is a member of theDependable Computing Systems Laboratory at Purdue, where he participates in theresearch projects for ADEPTS (an intrusion response system) and CIDS (a correla-tion framework for intrusion detection) Yu-Sung also has been working closely withresearchers at Avaya Labs on building the IDS/IPS solutions for voiceover IP systems

C H A P T E R

Information Assurance

Yi Qian University of Puerto Rico at Mayaguez, Puerto Rico

James Joshi University of Pittsburgh, USA

David Tipper University of Pittsburgh, USA

Prashant Krishnamurthy University of Pittsburgh, USA

1.1 INTRODUCTION

Recent advances in computer networks and information technology (IT) andthe advent and growth of the Internet have created unprecedented levels ofopportunities for the connectivity and interaction of information systems at

a global level This has provided significant new possibilities for advancingknowledge and societal interactions across the spectrum of human endeav-ors, including fundamental scientific research, education, engineering designand manufacturing, environmental systems, health care, business, entertain-ment, and government operations As a result, our society has already becomeintrinsically dependent on IT In fact, networked information systems havebeen recognized as one of the basic critical infrastructures of society [1] Aconsequence of the increasing dependence on networked information systems

has been the significantly heightened concerns regarding their security and

dependability In particular, the interconnections, interactions, and

dependen-cies among networked information systems and other critical infrastructure tems (e.g., electric power grids) can dramatically magnify the consequence ofdamages resulting from even simple security violations and/or faults Hence,there is an urgent need to ensure that we have in place a solid foundation tohelp us justify the trust that we place on these information technologies andinfrastructures

sys-Research and development activities focused on ensuring that a networkedinformation system (a) functions correctly in various operational environments,