Showing papers by "National Security Agency published in 2008"

Learning to analyze binary computer code

Abstract: We present a novel application of structured classification: identifying function entry points (FEPs, the starting byte of each function) in program binaries. Such identification is the crucial first step in analyzing many malicious, commercial and legacy software, which lack full symbol information that specifies FEPs. Existing pattern-matching FEP detection techniques are insufficient due to variable instruction sequences introduced by compiler and link-time optimizations. We formulate the FEP identification problem as structured classification using Conditional Random Fields. Our Conditional Random Fields incorporate both idiom features to represent the sequence of instructions surrounding FEPs, and control flow structure features to represent the interaction among FEPs. These features allow us to jointly label all FEPs in the binary. We perform feature selection and present an approximate inference method for massive program binaries. We evaluate our models on a large set of real-world test binaries, showing that our models dramatically outperform two existing, standard disassemblers.

Attestation: Evidence and Trust

Abstract: Attestation is the activity of making a claim about properties of a target by supplying evidence to an appraiser. We identify five central principles to guide development of attestation systems. We argue that (i) attestation must be able to deliver temporally fresh evidence; (ii) comprehensive information about the target should be accessible; (iii) the target, or its owner, should be able to constrain disclosure of information about the target; (iv) attestation claims should have explicit semantics to allow decisions to be derived from several claims; and (v) the underlying attestation mechanism must be trustworthy. We propose an architecture for attestation guided by these principles, as well as an implementation that adheres to this architecture. Virtualized platforms, which are increasingly well supported on stock hardware, provide a natural basis for our attestation architecture.

Method of establishing and updating master node in computer network

Abstract: A method of establishing and updating a master node in a computer network by scoring each node in the network as a function of its physical attributes, designating the highest scoring node as the master node, sending a periodic message by the master node with its score and a request for non-master node scores, sending a message by a non-master node to the master node requesting relinquishment of master node status if the non-master node has a higher score, relinquishing master node status to a non-master node with a higher score and returning to the third step, and declaring by a non-master node that it is a master node if it has not received a message from the previously designated master node in a user-definable period of time and returning to the third step.

Effectively Planning for and Managing Major Disasters

Abstract: The impact of recent major disasters has driven home the need for psychologist managers to incorporate disaster planning and planning for continuity of operations into their organizations' strategic planning. As a result, the Society of Psychologists in Management (SPIM) has included key sessions on this topic on the agendas of their annual conferences. This article summarizes a session from the 2007 conference that included a keynote talk by John Cavanaugh, PhD, based on an article previously published in this journal (Cavanaugh, 2006) and his subsequent additional disaster preparation and response experience. The session also included a panel discussion that explored applying and adapting lessons learned from hurricane disasters to other types of disaster situations. Gilbert Reyes, PhD, was invited to participate on this panel because of his renowned expertise in international disaster planning and response. His four volume book on international disaster psychology (Reyes & Jacobs, 2005) provides a thor...

4.2.3 A Systems Approach to the Transition of Emergent Technologies into Operational Systems – Herding the Cats, the Road to Euphoria and Planning for Success

Abstract: The prosecution of the National Security Agency's mission has evolved from the relatively static, industrial age, Cold War communications environment to the ubiquitous, high speed, and multi-functional technologies of today's information age. In an Agency whose success depends on acquiring and deploying the latest technologies for collecting and protecting information, a system engineering approach is mandated to successfully transition and manage the complexity of new technologies. Using such a systems approach, this paper proposes a model and a process for technology transition. The development of the technology transition model is based upon NSA's need to establish a repeatable, reliable and predictable technology transition process at an enterprise level. The model is established using a systems view, is based on the principles of systems life cycle planning, a business case, and critical decision points for any technology transition activity. The latter part of the paper demonstrates how the principles of Portfolio Management can be used in conjunction with the technology transition model to enable strategic systems planning, ensure technology readiness, and guarantee a focus on technology relevance and feasibility. Effective methods, such as the one proposed in this paper, for the transition and infusion of new technologies into mission will enable NSA to maintain its preeminence in a global environment of rapid technology change.

Automorphisms of higher‐dimensional Hadamard matrices

Abstract: This article derives from first principles a definition of equivalence for higher-dimensional Hadamard matrices and thereby a definition of the automorphism group for higher-dimensional Hadamard matrices. Our procedure is quite general and could be applied to other kinds of designs for which there are no established definitions for equivalence or automorphism. Given a two-dimensional Hadamard matrix H of order ν, there is a Product Construction which gives an order ν proper n-dimensional Hadamard matrix P(n)(H). We apply our ideas to the matrices P(n)(H). We prove that there is a constant c > 1 such that any Hadamard matrix H of order ν > 2 gives rise via the Product Construction to cν inequivalent proper three-dimensional Hadamard matrices of order ν. This corrects an erroneous assertion made in the literature that ”P(n)(H) is equivalent to “P(n)(H′) whenever H is equivalent to H′.” We also show how the automorphism group of P(n)(H) depends on the structure of the automorphism group of H. As an application of the above ideas, we determine the automorphism group of P(n)(Hk) when Hk is a Sylvester Hadamard matrix of order 2k. For ν = 4, we exhibit three distinct families of inequivalent Product Construction matrices P(n)(H) where H is equivalent to H2. These matrices each have large but non-isomorphic automorphism groups. © 2008 Wiley Periodicals, Inc. J Combin Designs 16: 507–544, 2008

Tamper evident cargo seal

Abstract: A tamper-evident cargo seal is disclosed, comprising a pin that is passed through a hasp on a shipping container, a body member, a pair of parallel guide members, at least one security label blank, and a cover. One end of the pin is keyed. The body member has a slot through a side surface extending into the interior, and is keyed to receive the pin. Abutting the top surface of the body member are two parallel guide members, bounding an area comprising the top surface of the body member. One of the guide members also has a slot to allow the pin to engage the slot in the body member. One or two removable security label blanks are inserted between the guides after the pin is inserted into the slot, and a security label is affixed over the blanks. A cover engages the body and guide members to protect the label.

Method of assessing security of an information access system

Abstract: A method of assessing security of an information access system by selecting at least one verification mechanism, estimating an error tradeoff plot showing false acceptance rate versus false rejection rate for each verification mechanism, selecting a corresponding false acceptance rate and false rejection rate pair from each error plot, combining the false acceptance rates to determine intrusion protection, combining the false rejection rates to determine denial protection, and combining intrusion protection and denial protection as the assessment of the information access system.

Secure manhole accessway

Abstract: An enhanced security manhole cover is disclosed, comprising a frame, outer cover, inner cover, crossbar, saddle, eyebolt, and padlock. The inner cover, which closes the lower opening in a manhole, includes a detent in the top surface for receiving the eyebolt. The crossbar is positioned above the inner cover and engages the walls of the frame. The crossbar includes a threaded hole that aligns with the detent. The saddle, an upside down U-shaped member, is positioned over the crossbar and includes a slot for the eyebolt to partially extend through. The saddle may include a shoulder on the base, to protect the eyebolt. The eyebolt passes partially through the saddle and crossbar and threads into the bore. The shackle of the padlock passes through holes in the upright of the U-shaped saddle below the crossbar, locking the saddle in place. The upper cover closes the top of the frame.

Method of fabricating a patterned device using sacrificial spacer layer

Abstract: A method of creating a patterned device by selecting a substrate; depositing a mask layer on the substrate; forming a first step on the mask layer; depositing a sacrificial layer along the first step and the mask layer; depositing a blocking layer on the sacrificial layer; removing a portion of the blocking layer, where a portion of the blocking layer remains such that no gap exists between the blocking layer and the sacrificial layer and the remaining blocking layer is adhered to the mask layer; removing a portion of the sacrificial layer such that a gap is created between the blocking layer and the first step, where a portion of the sacrificial layer remains such that the blocking layer adhered to the mask layer remains; etching the mask layer beneath the gap; and processing the substrate through the gap in the mask layer.

Rainbow surface tension analysis

Abstract: In this paper we outline a new all-optical non-contact technique for measurement of the surface tension of a Newtonian fluid. It is based on the accurate measurement of the spacing of the supernumerary fringes produced by the diffraction pattern of a laser beam transmitted through or reflected by a thin vertically-draining film of the liquid. We discuss the basic theory and application of this technique, and several issues which must be addressed before it can be used commercially.

More DD difference sets

Abstract: Dillon and Dobbertin proved that if L := GF(2 m ), gcd(k, m) = 1, d := 4 k ? 2 k + 1 and Δ k (x) := (x + 1) d + x d + 1, then B k := L\Δ k (L) is a difference set in the cyclic multiplicative group L × of L. Used in the proof were the auxiliary functions $$c_k^{\gamma}(x) := b_k(\gamma x^{2^k+1})$$ , where ? is in L × and b k is the characteristic function of B k on L. When m is odd $$c_k^{\gamma}$$ is itself the characteristic function of a cyclic difference set which is equivalent to B k . In this paper we point out that when m is even and ? is not a cube in L then $$c_k^{\gamma}$$ is the characteristic function of a difference set in the elementary abelian additive group of L; i.e. $$c_k^{\gamma}$$ is a bent function.

Method of locating a transmitter

Abstract: A method of locating a transmitter is disclosed. A communications link is established between multiple receiving stations and a control station, and used with a calibration signal to calibrate out the time delay of the communications link. A radiated signal from an unknown transmitter is received at a receiving station and sent to the control station over the communications link. The time of arrival is recorded. Upon receiving a user input, the communication link switches from transmitting the received radiated signal to transmitting the calibration signal. The start of calibration signal is timed to begin at the same time across all of the receiving stations. The communication link time delay for each link is calculated by subtracting the start time from the received time, and the communication link time delay is subtracted from the received time recorded for the radiated signal. TDOA calculations are made to locate the transmitter.

On an online random k-SAT model

Abstract: Given n Boolean variables x1,…,xn, a k-clause is a disjunction of k literals, where a literal is a variable or its negation. Suppose random k-clauses are generated one at a time and an online algorithm accepts or rejects each clause as it is generated. Our goal is to accept as many randomly generated k-clauses as possible with the condition that it must be possible to satisfy every clause that is accepted. When cn random k-clauses on n variables are given, a natural online algorithm known as Online-Lazy accepts an expected (1 - ${{1}\over {2^{k}}}$)cn + akn clauses for some constant ak. If these clauses are given offline, it is possible to do much better, (1 - ${{1}\over {2^{k}}}$)cn + Ω($\sqrt{c}$)n can be accepted whp. The question of closing the gap between ak and Ω($\sqrt{c}$) for the online version remained open. This article shows that for any k ≥ 1, any online algorithm will accept less than (1 - ${{1}\over {2^{k}}}$)cn + (ln 2)n k-clauses whp, closing the gap between the constant and Ω($\sqrt{c}$). Furthermore we show that this bound is asymptotically tight as k → ∞. © 2007 Wiley Periodicals, Inc. Random Struct. Alg., 2008

Device for determining a coherence measurement for a digital signal that does not require spectral estimation

Abstract: A device for and method of determining a coherence measurement for a signal that includes a digitizer for digitizing the signal, a transformer connected to the digitizer, a first squarer connected to the transformer, a second squarer connected to the digitizer, an adder connected to the first squarer and the second squarer, a subtractor connected to the first squarer and the second squarer, a standard-deviation function block connected to the subtractor, a mean generator connected to the adder, a first multiplier connected to the standard-deviation function block, and a divider connected to the output of the mean generator and the first multiplier.

Mining Unstructured Text at Gigabyte per Second Speeds

Abstract: Humans communicate with text in thousands of languages, in dozens of scripts, in a variety of binary codes, on millions of topics. There is a need, for both government and commercial applications, to identify these text characteristics to enable follow-on processing such as transcoding, translation, transliteration, routing and prioritization. This paper deals with the implementation of real-time mining of unstructured text on high-speed hardware capable of processing network data streams at gigabyte per second speeds.