Research and Education

Research, Education

This section contains academic research and education material that I've produced for a variety of purposes.




Miscellaneous

Title: A Build Document for a Robot Sheldon
Type: Technical
Date: 2014/02/12
Abstract: If recent events have demonstrated that your body is too fragile to endure the vicissitudes of the world, then this is the project for you! It is essenstially a build document for making a cheap telepresence robot similar to the one that Sheldon built on the Big Bang Theory.


Title: A Review of Virtualization Architectures with a Sprinkling of Security (Presentation)
Type: Technical Briefing
Date: 2009
Abstract: This is a presentation given to a mixed audience (technical, managerial, executive) on what virtualization means, the fundamental components of the technology,and some of the key security and performance aspects that need consideration prior to implementation.

Title: Trusted Computing
Type: Technical Briefing
Date: 2009
Abstract: This is a presentation given to a technical audience on the background behind "Trusted Computing", Intel's "Safer Computing" initiative, and other items such as TPM and Lagrande.

Academic Papers

Title: A Short Review of Multi-Criteria Decision Making Techniques
Type: Technical Report
Date: 2013/11/12
Abstract: This technical report provides an overview of theoretical and practical aspects of Multi-Criteria Decision Analysis (MCDA). This work was performed as a breadth study in support of using MCDA techniques as an element of measuring information system securitythrough expert preference elicitation. In MCDA, one or more decision makers (DMs) are faced with the task of choosing a best single alternative from a set of possible alternatives. This selection process can be performed by ranking the alternatives directly against each other with respect to some criteria (e.g. two cars with respect to cost) or they can be scored individually with respect to criteria whose levels have been already been ranked (e.g. the comfort level of the car where high=1.0, medium=0.5, and low=0.0).

A number of MCDA techniques are reviewed including those that are derived from the Analytic Hierarchy Process (AHP) and those originating from value and utility theory. MCDA techniques involving the aggregation of expert judgements are also reviewed.

Title: A Research Agenda for Security Engineering
Type: Journal Paper - Technology Innovation Management Review (Special Issue on Cybersecurity)
Date: 2013
Abstract: Despite nearly 30 years of research and application, the practice of information system security engineering has not yet begun to exhibit the traits of a rigorous scientific discipline. As cyberadversaries have become more mature, sophisticated, and disciplined in their tradecraft, the science of security engineering has not kept pace. The evidence of the erosion of our digital security upon which society is increasingly dependent appears in the news almost daily.

In this article, we outline a research agenda designed to begin addressing this deficit and to move information system security engineering toward a mature engineering discipline. Our experience suggests that there are two key areas in which this movement should begin. First, a threat model that is actionable from the perspectives of risk management and security engineering should be developed. Second, a practical and relevant security-measurement framework should be developed to adequately inform security-engineering and risk-management processes. Advances in these areas will particularly benefit business/government risk assessors as well as security engineers performing security design work, leading to more accurate, meaningful, and quantitative risk analyses and more consistent and coherent security design decisions.

Title: Using AHP/TOPSIS with Cost and Robustness Criteria for Virtual Network Node Assignment
Type: Conference Paper (DOI: 10.1109/ICC.2012.6364792 )
Date: 2011
Abstract: Network virtualization is a concept in which a Virtual Network Provider constructs logical virtual networks for various clients on a common, virtualized infrastructure substrate. However, there is currently no general framework or benchmark for assessing the security properties of these logical networks within the context of network virtualization.

In this paper, we describe a virtual network security assessment process in which a preference model is constructed over a select set of network element attributes. This preference model reflects the knowledge and experience of one or more security experts. The relevant attribute values are exposed during virtual network composition. Our process answers the question: how does the security of my virtual network compare to an equivalent topology whose attribute values are most preferred by security experts?
Presentation: ICC Ottawa, ON, Canada

Title: A Virtual Network Topology Security Assessment Process
Type: Conference Paper (DOI: 10.1109/IWCMC.2011.5982533)
Date: 2011
Abstract: Network virtualization is a concept in which a Virtual Network Provider constructs logical virtual networks for various clients on a common, virtualized infrastructure substrate. However, there is currently no general framework or benchmark for assessing the security properties of these logical networks within the context of network virtualization.

In this paper, we describe a virtual network security assessment process in which a preference model is constructed over a select set of network element attributes. This preference model reflects the knowledge and experience of one or more security experts. The relevant attribute values are exposed during virtual network composition. Our process answers the question: how does the security of my virtual network compare to an equivalent topology whose attribute values are most preferred by security experts?
Presentation: IWCMC 2011, Istanbul, Turkey

Title: A dynamic model building process for virtual network security assessment
Type: Conference Paper (DOI: 10.1109/PACRIM.2011.6032941)
Date: 2011
Abstract: Network virtualization – in which network topologies and protocols are tailor-made for individual service providers across multiple infrastructure providers – is a concept that holds great promise for the future internet. However, security in this context is difficult to assess and understand because service providers have no visibility into the infrastructure over which their networks operate.

In this paper, we introduce DS-MACBETH which is both a tool and a methodology. DS-MACBETH provides a mechanism for measuring the relative security of a virtual network by combining the expertise of multiple security practitioners. It combines Dempster-Shafer theory (DST) with the multi-criteria decision making process MACBETH (Measuring Attractiveness by a Categorical Based Evaluation Technique). We integrate DS-MACBETH into a previously developed VNet security assessment process to achieve a way of develing dynamic security models of arbitrary virtual networks.
Presentation: PACRIM 2011, Vancouver, BC, Canada

General Interest and Courses

Title: A Review of "vTPM: Virtualizaing the Trusted Platform Module."
Type: Course Project Deliverable (ELG 7178D, Network Security and Cryptography, Fall 2007)
Date: 2007
Abstract: This document looks very specifically at a single paper with the aim of offering some critique of the content. Therefore, the format is somewhat different from a traditional domain review. The requirement was to select several items within the paper that I thought could be improved, suggest an improvement, and then provide a critique of that improvement. In this case, I selected IBM's virtual TPM implementation (which has been incorporated in XEN) and identified what I see as potential pitfalls.

Title: XACML 2.0 Policy and SAML Assertion for Submit and Retrieve Access to SomeCompany.Com
Type: Course Project Deliverable (ELG 7178D, Network Security and Cryptography)
Date: 2007
Abstract: This assignment required the construction of a XACML policy set and a SAML assertion for a coder-monkey in a fictitious company. While simply including one XACML policy and one SAML assertion in schema-correct format was all that was required, I found it necessary to include considerations for the entire infrastructure that would be put in place to support XACML and SAML assertions. This was a very instructive endeavor and I thought it might be useful for those wondering how it all ties together.

Title: An Analysis and Description of the Inner Workings of the FreeRTOS Kernel.
Annex A
Type: Course Project Deliverable (SYSC 5701, Operating System Methods for Real-Time Applications)
Date: 2007
Abstract: An Analysis and Description of the Inner Workings of the FreeRTOS Kernel. This document is an analysis and functional decomposition of FreeRTOS version 4.1.3. FreeRTOS is a real-time, preemptive operating system targeting embedded devices. The FreeRTOS scheduling algorithm is dynamic and priority based. Interprocess communication is achieved via message queues and basic binary semaphores. Deadlocks are avoided by forcing all blocking processes to timeout with the result that application developers are required to set and tune timeouts and deal with resource allocation failures. Basic memory allocation schemes are provided but more complex schemes can be directly coded and incorporated. FreeRTOS provides some unique capabilities. Cooperative instead of preemptive scheduling can be used and the scheduler can be suspended by any task for any duration of time. No mechanisms to counter priority inversion are implemented. Overall, FreeRTOS was determined to be slightly too feature-rich for limited resource embedded devices. A simplified version may be beneficial to certain communities.

Title: Overview of the CELL Broadband Engine Memory Architecture: Implications for Real Time Operating Systems
Type: Course Project Deliverable (SYSC 5701, Operating System Methods for Real-Time Applications)
Date: 2007
Abstract: This document is a high level study of the memory architecture found on the CELL Broadband Engine (CELL BE, CBE). The motivation behind this study was to review the latest specifications and literature concerning the CELL BE and draw some conclusions concerning its suitability for running a real-time operating system (RTOS).

Title: Reliability as a Component of Security for Multiple Independent Levels of Security (MILS) High Assurance Platforms.
Type: Course Project Deliverable (CSI5134, Fault Tolerant Systems )
Date: 2006
Abstract: In this paper we examine fault tolerance in the context of Multiple Independent Levels of Security (MILS) High Assurance Platforms (HAP). Specifically, we seek to determine whether fault tolerance techniques are relevant and, if so, what classes within the fault tolerance taxonomy should be (or need to be) addressed.We then examine what affect the unique constraints of the application space have on the choice and implementation of fault tolerance technique. Finally, we examine several case studies that have been proposed in the literature and critique them against the application space constraints.
Presentation: Reliability Presentation

Title: A Review of Very Recent Research into Location Services for Position-Based Routing
Type: Course Project Deliverable (ELG 7178F, Wireless Networking)
Date: 2005
Abstract: Position-based routing protocols use position information supplied through GPS, multilateration, etc. to assist mobile ad-hoc and sensor networks in the routing task while reducing control traffic and memory overhead when compared to traditional position-less protocols. However, position-based routing requires a location service to assist in the maintenance and dissemination of location information and the success of position-based protocols rests on the ability of the location service to be both effective and efficient. In this paper, we review four very recent developments in this area of research.
Presentation: Location Services Presentation

Title: Multimedia Content Protection in the 21st Century.
Type: Course Project Deliverable (ELG 5199, Multimedia Database Applications)
Date: 2004
Abstract: In this paper, we review techniques and processes for securing multimedia content. Specifically, we examine encryption and watermarking techniques as these are currently seen as the most effective (yet complementary) approaches to content security. We consider three approaches for providing confidentiality services (through encryption) in conditional access system applications and examine the difficulties and issues arising out of combining encryption with varying bandwidth and end-user device capabilities. Since key management is generally not covered in literature dealing with encryption, we examine some interesting key management and distribution architectures. A basic key management approach is examined, followed by a system based on key graphs. We finish with an examination of a system using shared secrets instead of symmetric or asymmetric keys. Watermarking definitions and properties are reviewed and the field of watermarking is examined in a general way. We research some attacks on watermarks since these tend to drive research efforts. We conclude this paper with a high level examination of Digital Rights Management (DRM). This examination includes elements that comprise a DRM system, some of the grass-roots (OMA MDRM) and top down (MPEG-21) approaches towards implementing open and interoperable DRM, and some legal approaches that have been enacted to address digital rights.
Presentation: Multimedia Security Presentation

Title: Security Mechanisms for Mobile Agent Based Vulnerability Analysis Tools
Type: Course Project Deliverable (ELG 5199, Distributed Agent Technology)
Date: 2002
Abstract: Agent-based technology has several areas of security to shore up before it can enter mainstream usage. Some of these areas will be explored in this work. In order to explore the security issues related to agent technology, it is often helpful to view agents in the context of an application.In the present setting, we look at applying agent based technology to the performance of network vulnerability analysis. In short, this is the process of scouring a network and examining each host to see if there are vulnerabilities that could allow unauthorized access. As will be shown, this is an application that is particularly stringent on the security of the mobile agents that will be used as the underlying mechanism. This must be so. Vulnerability scanning and analysis is a very privileged operation that, if compromised, could open an entire network to hazard or damage. Like electronic commerce, it must therefore be very secure.

Masters Thesis

"A Development Environment for Experiments in Autonomous Robotics Control"


* Title Page
* Front Matter
* Chapter 1: Introduction
* Chapter 2: Background Material
* Chapter 3: Application Description
* Chapter 4: Behaviour Analysis
* Chapter 5: Specification
* Chapter 6: Training
* Chapter 7: Behaviour Assessment
* Chapter 8: Discussion and Conclusions
* Attachment: Matlab Obstacle Avoidance and Light Seeking Functions


Matlab-Khepera Toolbox (Old)

* Table of Contents
* Chapter 1: Installation
* Chapter 2: Overview
* Chapter 3: Sensor Modeling and Calibration
* Chapter 4: Reference
* Annex A: Source Code for MEX Commands
* Annex B: Matlab Source Code for MK Toolbox