You are here:

• Macquarie Home »
• Faculty of Science

Some Specific Projects

For all these projects, if you require any further information, contact Professor Vijay Varadharajan (vijay@science.mq.edu.au).

Distributed Authorization in Service Oriented Architectures

The service-oriented architecture (SOA) can be used to build new solutions leveraging services, to cleave together existing applications, or to cleave apart existing applications. The SOA provides many benefits such as cost saving to organizations by increasing the speed of implementation of any application(s) required and reducing the expenditure on integration technologies. However, security is one of the main roadblocks for enterprises when it comes to the development and deployment of their services oriented architectures. In this work, we address the area of authorization policy specification for the SOA. We present a detailed analysis of the research work in the area of authorization policy specification, and propose a set of principles in modeling and designing an authorization policy language for the SOA. Then we design a comprehensive authorization framework for the SOA. The proposed authorization framework comprises the Web Services Authorization Architecture (WSAA) built for the Web services layer of the SOA, and the Business Process Authorization Architecture (BPAA) built for the business processes layer of the SOA. The architecture is able to support legacy applications exposed as Web services as well as the new Web service based applications built to leverage the benefits offered by the SOA; it supports multiple access control models and mechanisms and is decentralized and distributed, and provides facilities for management of the Web service objects and the authorization information.

Trust Enhanced Secure Distributed Applications

The notion of trust has been around for many decades (if not for centuries) in different disciplines in different disguises. In particular, the concept of trust has been studied extensively in various disciplines such as psychology, philosophy, sociology as well as in technology. This project carries out a thorough and systematic investigation of existing notions of trust in security leading to a new approach to trust enhanced security which will form the foundation of the new architecture and solutions being proposed in this project. It will design of a comprehensive trust model that can capture relevant trust assumptions and properties, which in turn enhances the security of distributed applications. The trust model will incorporate the mechanisms of the trusted platform as well as will capture both “hard” and “soft” aspects of trust. This leads to a decentralized security and trust management architecture which will then be integrated in the middleware of the distributed system architecture.

Secure Virtualization Systems

Distributed information services such as Grid computing, utility computing and on-demand software services rely strongly on the security of the underlying computing infrastructure. The computing infrastructure components such as execution environments, databases, web servers and browsers have not only varying but often conflicting security requirements. Hence the need to achieve secure isolation between such components is critical to enforce different security requirements, while at the same time enabling components with similar security requirements to share information efficiently. Virtualization, which provides a basis for strong isolation, has been around now for several decades; in the past, often it has been deployed in standalone mainframe systems, whose hardware was explicitly designed with virtualized operation in mind. However until recently it has not been feasible to build systems out of commodity PC hardware that meet security guarantees. The core of the proposed research involves theory and design of a policy based secure virtual machine model and architecture that is enhanced with trusted computing, which can achieve secure and dynamic sharing of virtual resources among co-operating virtual machines in a distributed environment. The new security model and architecture will, on the one hand, exploit the benefits of the trusted hardware platform underneath, while on the other hand will support a range of security and trust policies for virtual machines and applications above. The model will address dynamic changes in system state and help to reason better about the security properties and hence provide higher level of security guarantees. The secure virtual machine model will also provide an improved capability for detecting malware attacks and preventing them. Such secure virtualized distributed system architecture can help to achieve trust enhanced secure applications, such as Grid computing and online collaborations. A unique feature of the proposed research is that it aims to combine the advantages of secure virtualization and trusted computing technologies to develop novel distributed security architecture for virtualized systems.

Trust Management in Distributed Systems

Trust management is an important issue in the analysis and design of secure information systems. In this project, we build up a comprehensive trust management approach that covers the analysis/modelling of trust relationships and the development of trust management systems in a consistent manner. We develop a formal model of trust relationship with a strict mathematical structure that can not only reflect many of the commonly used notions of trust, but also provide a solid basis for a unified taxonomy framework of trust where a range of useful properties of trust relationships can be expressed and compared. We propose a general methodology for analysis and modelling of trust relationships in distributed information system is presented. The general methodology includes a range of major concerns in the whole lifecycle of trust relationships, and provides practical guidelines for analysis and modelling of trust relationships in the real world. We propose a unified framework for trust management is proposed addressing trust evidence collection, trust evaluation and trust consumption. A variety of trust mechanisms including reputation, credentials, local data, and environment parameters are covered under the same framework. Trust management architecture is then developed which is used to demonstrate security and trust in healthcare applications.

Distributed Denial of Service Attacks in Networks

Today distributed denial of service (DDoS) attacks are causing major problems to conduct online business over the Internet. Recently several schemes have been proposed on how to prevent some of these attacks, but they suffer from a range of problems, some of them being impractical and others not being effective against these attacks. In this project we propose a range of techniques that can be used to counteract DDoS attacks efficiently in wired, wireless and mobile networks. We have proposed new packet marking techniques and developed models to counteract denial of service attacks. Security architectures have been developed and integrated with network management platforms such as Hewlett-Packard’s OpenView Network Management Platform Our model is able to identify the approximate source of attack (nearest router) with a single packet even in case of attack with spoofed source addresses. Our scheme is invoked only during attack times, is able to process the victims traffic separately without disturbing other traffic, is able to establish different attack signatures for different attacking sources, can prevent the attack traffic at the nearest router to the attacking system, has fast response time, is simple in its implementation and can be incrementally deployed.

Security and Trust in Mobile Ad hoc Networks

A mobile ad hoc network (MANET) is a self-configuring network in which nodes rely on intermediate nodes to establish multi-hop communications. Security is paramount in such networks as they are not conducive to centralized trusted authorities. Furthermore, the security solutions that have been deployed for wired networks are not directly portable to ad hoc networks for reasons such as sporadic wireless communication, dynamically changing topology, and constrained battery energy. Since multi-hop communications between any nodes is reliant on intermediary nodes, the security of higher layer protocols is conditioned by the security of communication path.

This research is developing security and trust models and architectures to meet the following security requirements: (a) delivery of information securely in a promiscuous wireless medium, (b) enlist only authenticated and trustworthy nodes for communication, (c) detect tampered control headers and information, (d) ensure the availability of network services such as packet forwarding and bandwidth sharing, (e) detect compromised nodes and include repenting malicious nodes, and (f) enhance security decisions dynamically using evolving evidence and hence trust decisions.

Trusted Secure Sensor Networks

Recent advances in wireless communications and computing devices have led to the development of low-cost, low-power and multi-functional sensor nodes resulting in wireless sensor networks emerging as a new tier in the information infrastructure ecosystem. Sensor networks provide a promising approach for a variety of applications ranging from monitoring and security of buildings and spaces to measuring traffic flows to tracking environment pollutants to water resource usage and environment management to healthcare. Security issues are critical in sensor networks as they often have mission critical tasks and deal with sensitive information; these arise not only due to sensor nodes’ limited power, memory and computational capacity but also due to the susceptibility of wireless communications and the physical vulnerability of sensor nodes; furthermore the sensitivity of information collected by these nodes has significant influence in the decision making, which make the design and management of security services vital. This research project develops a trust enhanced security framework that incorporates – a threat model with intrusion detection techniques to identify and discard malicious nodes, a reputation based trust model to evaluate a node’s trustworthiness and efficient light-weight key management schemes in dynamic sensor networks. This research integrates security and trust in the design of sensor networks and applications and will also provide a systematic basis for analyzing the various design choices for securing sensor networks.

Security and Trust in Mobile Agent based Systems

Mobile agents are emerging to be a significant technology in networked computing and pose some fundamental challenges in security. This research project addresses the theory, architecture and design of secure mobile agents systems. It has proposed a comprehensive security model and security architecture for security enhanced mobile agents in a roaming distributed environment, with new schemes for dynamic privilege management. A new approach to mobile agent security referred to as trust enhanced security is introduced, which advocates a shift in security solutions from security-centric to trust-centric. This extends the traditional security mechanisms by enabling trust decisions through explicit specification and management of security related trust relationships. We also demonstrate that the integration of the trust decisions into security decision making process leads to improved security performance. The work has developed a formal trust model and has incorporated this into the development of a novel trust management architecture – MobileTrust - for mobile agent based Internet applications.

Security and Trust in Peer to Peer Computing Applications

Peer to Peer (P2P) computing poses challenging security problems, due to its dynamic, decentralized and large scale characteristics, operating over untrusted internet, for which no adequate solutions exit today. This research will achieve conceptual advances in terms of comprehensive new trust model and metric, propose a decentralized trust management architecture and a novel scheme to evaluate peer trust in large scale federated environments. It will also develop new techniques for mitigating denial of service attacks in P2P systems. It will demonstrate them by building a practical secure agent based P2P e-commerce system, integrating results in security, information systems, networking and Internet applications.