One widely-used technique by which network attackers attain anonymity and complicate their apprehension is by employing stepping stones: they launch attacks not from their own computer but from intermediary hosts that they previously compromised. We develop an efficient algorithm for detecting stepping stones by monitoring a site’s Internet access link. The algorithm is based on the distinctive characteristics (packet size, timing) of interactive traffic, and not on connection contents, and hence can be used to find stepping stones even when the traffic is encrypted. We evaluate the algorithm on large Internet access traces and find that it performs quite well. However, the success of the algorithm is tempered by the discovery that large sites have many users who routinely traverse stepping stones for a variety of legitimate reasons. Hence, stepping-stone detection also requires a significant policy component for separating allowable stepping-stone pairs from surreptitious access.

Individual machines are no longer sufficient to handle the offered load to many Internet sites. To use multiple machines for scalable performance, load balancing, fault transparency, and backward compatibility with URL naming must be addressed. A number of approaches have been developed to provide transparent access to multi-server Internet services includingHTTP redirect, DNS aliasing, Magic Routers, and Active Networks. Recently however, portable Java code and lightly loaded client machines allow the migration of certain service functionality onto the client. In this paper, we argue that in many instances, a client-side approach to providing transparent access to Internet services provides increased flexibility and performance over the existing solutions. We describe the design and implementation of Smart Clients and show how our system can be used to provide transparent access to scalable and/or highly available network services, including prototypes for: telnet, FTP, and an Internet chat application. 1

product, having over a million lines of Erlang code. This product (the AXD301) is thought to be one of the most reliable products ever made by Ericsson.

Low-latency anonymity systems such as Tor, AN.ON, Crowds, and Anonymizer.com aim to provide anonymous connections that are both untraceable by “local ” adversaries who control only a few machines, and have low enough delay to support anonymous use of network services like web browsing and remote login. One consequence of these goals is that these services leak some information about the network latency between the sender and one or more nodes in the system. We present two attacks on low-latency anonymity schemes using this information. The first attack allows a pair of colluding web sites to predict, based on local timing information and with no additional resources, whether two connections from the same Tor exit node are using the same circuit with high confidence. The second attack requires more resources but allows a malicious website to gain several bits of information about a client each time he visits the site. We evaluate both attacks against two low-latency anonymity protocols – the Tor network and the MultiProxy proxy aggregator service – and conclude that both are highly vulnerable to these attacks. Categories and Subject Descriptors: C.2.0 [Computer Networks]: General—Security and protection;

We provide a collection of minor results on the area of Instant Messaging (IM) worms, which has received relatively little attention in the formal literature. We review selected IM worms and summarize their main characteristics, motivating a brief overview of the network formed by IM contact lists, and a discussion of theoretical consequences of worms in such networks. Existing methods to restrict an IM worm epidemic are analyzed in terms of usability and e#ectiveness, leading to the suggestion of two minor variations to limit IM worm propagation. We believe these variations are more user-friendly and e#ective than existing published methods. We also provide brief results of a three and a half year user study of IM text messaging and file transfer frequency in a moderate-size public IM network -- the largest such study to date -- which is of independent interest, but also supports in part the preceding claim regarding user-friendliness.

We provide a survey on security features and threats to existing Instant Messaging (IM) networks and discuss how currently available systems fail to provide adequate security in light of existing threats. Our discussion and analysis provide a starting point from which to advance academic research in the area of secure IM systems, enabling security improvement in the longer term.

nt and migration. At the application layer, the existence of network multicast does not guarantee that an application can take advantage of it. We demonstrate the adaptation of a traditionally unicast application -- database sharing -- to multicast, thus achieving scaling in network and processor performance. For the transport layer, there is a growing consensus in the research community that relying on generic protocols can significantly reduce the efficiency of many applications. This effect seems to be even more pronounced for multicast transport protocols; consequently, protocols may need to be constructed for different types of applications iii to achieve increased efficiency. We propose a reliable multicast transport protocol tuned specifically for bulk-data applications, such as our multicast-adapted database sharing application. In developing this new transport protocol, we employ a synergy of new and existing techniques in multicast transport. We propose a new sender s

How should Erlang talk to the outside world? - this question becomes interesting if we want to build distributed applications where Erlang is one of a number of communicating components.

In the paper a concept of a secure distributed application for holding meetings over a computer network is presented. The application, entitled Secure Desktop Meeting System, provides a set of tools to fulfill some common meeting jobs (e.g. agenda reviewing, action points processing, discussion, voting etc.) which can be formally described. This set of tools presents a basic functionality of the meeting system, which (set) is enhanced to satisfy some security requirements as well. The endto -end security services of the Meeting System enable the meeting participants to securely communicate over an insecure communication network. The overall system architecture is client-server, whereby the participants use client programs to contact the set of cooperating servers to establish a meeting session. 1 Introduction The office environment of many companies and institutions has evolved from a simple room with filing folders to a computer network. Computer Supported Cooperative Work (CSCW) is ...

Abstract not found