Electrical and Computer Engineering ETDs

Maria Khater

Publication Date

9-3-2013

Abstract

This thesis introduces and details the effort of modeling and control design of an information tracking system for computer security purposes. It is called Dynamic Information Flow Tracking (DIFT) system. The DIFT system is developed at the Computer Science Department at the University of New Mexico, works by tagging data and tracking it to measure the information flow throughout the system. DIFT can be used for several security applications such as securing sensor networks and honeypot - which is a trap set to detect, deflect, or counteract attempts at unauthorized use of information systems. Existing DIFT systems cannot track address and control dependencies, therefore, their applicability is currently very limited because important information flow dependencies are not tracked for stability reasons. A new approach is taken, aimed at stabilizing DIFT systems and enabling it to detect control dependencies at the assembly-level, through control theory. Modern control has been used to model several cyber-physical, computing, networking, economical... systems. In an effort to model a computing system using control theory, this thesis introduces a general hybrid systems framework to model the flow of information in DIFT when control dependencies are encountered. Information flow in DIFT is represented by a numeric vector called "taint vector". The model suggested benefits from the characteristics of hybrid systems and its ability to represent continuous variables and discrete events occurring. The system is stabilized by making sure that the taint vectors represent the true information flow in control dependencies. This problem is solved by designing a PID and model predictive controller which guarantee that system does not over taint, while allowing information to flow properly. The modeling framework is validated by comparing simulations of the hybrid models against. This research provides a new approach to solve the DIFT over-tainting problems through modeling it as a hybrid system and forcing the constraints to be obeyed by the taint values.'

Keywords

Computer security, Computer networks--Security measures, Anomaly detection (Computer security)--Computer simulation, Intrusion detection systems (Computer security)--Computer simulation, Predictive control, Hybrid computer simulation.

Document Type

Thesis

Language

English

Degree Name

Electrical Engineering

Level of Degree

Masters

Department Name

Electrical and Computer Engineering

First Committee Member (Chair)

Crandall, Jedidiah

Second Committee Member

Abdallah, Chaouki

Download

Share

COinS