Results 1  10
of
160
Two Formal Analyses of Attack Graphs
 IN PROCEEDINGS OF THE 15TH COMPUTER SECURITY FOUNDATION WORKSHOP
, 2002
"... An attack graph is a succinct representation of all paths through a system that end in a state where an intruder has successfully achieved his goal. Today Red Teams determine the vulnerability of networked systems by drawing gigantic attack graphs by hand. Constructing attack graphs by hand is tedio ..."
Abstract

Cited by 86 (2 self)
 Add to MetaCart
An attack graph is a succinct representation of all paths through a system that end in a state where an intruder has successfully achieved his goal. Today Red Teams determine the vulnerability of networked systems by drawing gigantic attack graphs by hand. Constructing attack graphs by hand is tedious, errorprone, and impractical for large systems. By viewing an attack as a violation of a safety property, we can use offtheshelf model checking technology to produce attack graphs automatically: a successful path from the intruder's viewpoint is a counterexample produced by the model checker. In this paper we present an algorithm for generating attack graphs using model checking as a subroutine. Security analysts use attack graphs for detection, defense and forensics. In this paper we present a minimization analysis technique that allows analysts to decide which minimal set of security measures would guarantee the safety of the system. We provide a formal characterization of this problem: we prove that it is polynomially equivalent to the minimum hitting set problem and we present a greedy algorithm with provable bounds. We also present a reliability analysis technique that allows analysts to perform a simple costbenefit tradeoff depending on the likelihoods of attacks. By interpreting attack graphs as Markov Decision Processes we can use the value iteration algorithm to compute the probabilities of intruder success for each attack the graph.
Opportunistic Spectrum Access via Periodic Channel Sensing
 IEEE Trans. Sig. Proc
, 2008
"... Abstract—The problem of opportunistic access of parallel channels occupied by primary users is considered. Under a continuoustime Markov chain modeling of the channel occupancy by the primary users, a slotted transmission protocol for secondary users using a periodic sensing strategy with optimal dy ..."
Abstract

Cited by 76 (14 self)
 Add to MetaCart
(Show Context)
Abstract—The problem of opportunistic access of parallel channels occupied by primary users is considered. Under a continuoustime Markov chain modeling of the channel occupancy by the primary users, a slotted transmission protocol for secondary users using a periodic sensing strategy with optimal dynamic access is proposed. To maximize channel utilization while limiting interference to primary users, a framework of constrained Markov decision processes is presented, and the optimal access policy is derived via a linear program. Simulations are used for performance evaluation. It is demonstrated that periodic sensing yields negligible loss of throughput when the constraint on interference is tight. Index Terms—Constrained Markov decision processes, dynamic spectrum access, resource allocation. I.
Security in multiagent systems by policy randomization
"... Security in multiagent systems is commonly defined as the ability of the system to deal with intentional threats from other agents. This paper focuses on domains where such intentional threats are caused by unseen adversaries whose actions or payoffs are unknown. In such domains, action randomizatio ..."
Abstract

Cited by 47 (25 self)
 Add to MetaCart
(Show Context)
Security in multiagent systems is commonly defined as the ability of the system to deal with intentional threats from other agents. This paper focuses on domains where such intentional threats are caused by unseen adversaries whose actions or payoffs are unknown. In such domains, action randomization can effectively deteriorate an adversary’s capability to predict and exploit an agent/agent team’s actions. Unfortunately, little attention has been paid to intentional randomization of agents ’ policies in singleagent or decentralized (PO)MDPs without significantly sacrificing rewards or breaking down coordination. This paper provides two key contributions to remedy this situation. First, it provides three novel algorithms, one based on a nonlinear program and two based on linear programs (LP), to randomize singleagent policies, while attaining a certain level of expected reward. Second, it provides Rolling Down Randomization (RDR), a new algorithm that efficiently generates randomized policies for decentralized POMDPs via the singleagent LP method.
Cognitive Medium Access: Constraining Interference based on Experimental Models
 IEEE Journal, Selected Areas Comm. Vol.26 No.1
"... Abstract — In this paper we design a cognitive radio that can coexist with multiple parallel WLAN channels while abiding by an interference constraint. The interaction between both systems is characterized by measurement and coexistence is enhanced by predicting the WLAN’s behavior based on a contin ..."
Abstract

Cited by 43 (4 self)
 Add to MetaCart
(Show Context)
Abstract — In this paper we design a cognitive radio that can coexist with multiple parallel WLAN channels while abiding by an interference constraint. The interaction between both systems is characterized by measurement and coexistence is enhanced by predicting the WLAN’s behavior based on a continuoustime Markov chain model. Cognitive Medium Access (CMA) is derived from this model by recasting the problem as one of constrained Markov decision processes. Solutions are obtained by linear programming. Furthermore, we show that optimal CMA admits structured solutions, simplifying practical implementations. Preliminary results for the partially observable case are presented. The performance of the proposed schemes is evaluated for a typical WLAN coexistence setup and shows a significant performance improvement.
Survivability Analysis of Networked Systems
 Submitted to International Conference on Software Engineering
, 2001
"... Survivability is the ability of a system to continue operating despite the presence of abnormal events such as failures and intrusions. Ensuring system survivability has increased in importance as critical infrastructures have become heavily dependent on computers. In this paper we present a systema ..."
Abstract

Cited by 38 (7 self)
 Add to MetaCart
(Show Context)
Survivability is the ability of a system to continue operating despite the presence of abnormal events such as failures and intrusions. Ensuring system survivability has increased in importance as critical infrastructures have become heavily dependent on computers. In this paper we present a systematic method for performing survivability analysis of networked systems. An architect injects failure and intrusion events into a system model and then visualizes the effects of the injected events in the form of scenario graphs. Our method enables further global analyses, such as reliability, latency, and costbenefit analyses, where mathematical techniques used in different domains are combined in a model of the United States Payment System. 1
Decentralized Stochastic Control of Delay Tolerant Networks
"... Abstract—We study in this paper optimal stochastic control issues in delay tolerant networks. We first derive the structure of optimal 2hop forwarding policies. In order to be implemented, such policies require the knowledge of some system parameters such as the number of mobiles or the rate of con ..."
Abstract

Cited by 37 (12 self)
 Add to MetaCart
Abstract—We study in this paper optimal stochastic control issues in delay tolerant networks. We first derive the structure of optimal 2hop forwarding policies. In order to be implemented, such policies require the knowledge of some system parameters such as the number of mobiles or the rate of contacts between mobiles, but these could be unknown at system design time or may change over time. To address this problem, we design adaptive policies combining estimation and control that achieve optimal performance in spite of the lack of information. We then study interactions that may occur in the presence of several competing classes of mobiles and formulate this as a costcoupled stochastic game. We show that this game has a unique Nash equilibrium such that each class adopts the optimal forwarding policy determined for the single class problem.
Optimal Dynamic Spectrum Access via Periodic Channel Sensing
 Proc. of WCNC
, 2007
"... Abstract — The problem of dynamically accessing a set of parallel channels occupied by primary users is considered. The secondary user is allowed to sense and to transmit in a single channel. By exploiting idle periods between bursty transmissions of primary users, and by using a periodic sensing st ..."
Abstract

Cited by 34 (12 self)
 Add to MetaCart
(Show Context)
Abstract — The problem of dynamically accessing a set of parallel channels occupied by primary users is considered. The secondary user is allowed to sense and to transmit in a single channel. By exploiting idle periods between bursty transmissions of primary users, and by using a periodic sensing strategy, optimal dynamic access is achieved by maximizing the throughput of the secondary user while constraining collision probability with the primary user. The optimal dynamic spectrum access problem can then be formulated within the framework of Constrained Markov Decision Processes (CMDPs). The optimal control policy is identified via a linear program, and its performance is analyzed numerically and through Monte Carlo simulations. Finally, we compare the optimal scheme to an ideal benchmark case when simultaneous sensing of all channels is assumed. I.
A Queueing Model for Call Blending in Call Centers
 IEEE Transactions on Automatic Control
, 2000
"... In this paper we study the scheduling of jobs with a constraint on the average waiting time in the presence of background jobs. The objective is to schedule to s servers such that the throughput of the background traffic is maximized while satisfying the response time constraint on the foreground tr ..."
Abstract

Cited by 32 (5 self)
 Add to MetaCart
In this paper we study the scheduling of jobs with a constraint on the average waiting time in the presence of background jobs. The objective is to schedule to s servers such that the throughput of the background traffic is maximized while satisfying the response time constraint on the foreground traffic. A typical application of this model is call blending in call centers. Here the servers are called agents, the foreground traffic are the incoming calls and the background traffic are the outgoing calls. The arrivals are determined by a Poisson process and the service times of the jobs are independent exponentially distributed. We consider both the situation where service requirements by both types of jobs are equal and unequal. The first situation is solved to optimality, for the second situation we find the best policy within a certain class of policies. Optimal schedules always keep part of the service capacity free for arriving foreground jobs. 1
MultiUAV dynamic routing with partial observations using restless bandit allocation indices
 in American Control Conference
, 2008
"... Motivated by the type of missions currently performed by unmanned aerial vehicles, we investigate a discrete dynamic vehicle routing problem with a potentially large number of targets and vehicles. Each target is modeled as an independent twostate Markov chain, whose state is not observed if the ta ..."
Abstract

Cited by 32 (3 self)
 Add to MetaCart
(Show Context)
Motivated by the type of missions currently performed by unmanned aerial vehicles, we investigate a discrete dynamic vehicle routing problem with a potentially large number of targets and vehicles. Each target is modeled as an independent twostate Markov chain, whose state is not observed if the target is not visited by some vehicle. The goal for the vehicles is to collect rewards obtained when they visit the targets in a particular state. This problem can be seen as a type of restless bandits problem, although we operate here under partial information. We compute an upper bound on the achievable performance and obtain in closed form an index policy proposed by Whittle. Simulation results provide evidence for the outstanding performance
Approximate dynamic programming for communicationconstrained sensor network management
 IEEE TRANSACTIONS ON SIGNAL PROCESSING
, 2007
"... Resource management in distributed sensor networks is a challenging problem. This can be attributed to the fundamental tradeoff between the value of information contained in a distributed set of measurements versus the energy costs of acquiring measurements, fusing them into the conditional probabi ..."
Abstract

Cited by 30 (0 self)
 Add to MetaCart
Resource management in distributed sensor networks is a challenging problem. This can be attributed to the fundamental tradeoff between the value of information contained in a distributed set of measurements versus the energy costs of acquiring measurements, fusing them into the conditional probability density function (pdf) and transmitting the updated conditional pdf. Communications is commonly the highest contributor among these costs, typically by orders of magnitude. Failure to consider this tradeoff can significantly reduce the operational lifetime of a sensor network. While a variety of methods have been proposed that treat a subset of these issues, the approaches are indirect and usually consider at most a single time step. In the context of object tracking with a distributed sensor network, we propose an approximate dynamic programming approach that integrates the value of information and the cost of transmitting data over a rolling time horizon. We formulate this tradeoff as a dynamic program and use an approximation based on a linearization of the sensor model about a nominal trajectory to simultaneously find a tractable solution to the leader node selection problem and the sensor subset selection problem. Simulation results demonstrate that the resulting algorithm can provide similar estimation performance to that of the common most informative sensor selection method for a fraction of the communication cost.