An Open Electronic Information Commerce System

The commercialization of the Internet has led to the rapid development and growth of many services, such as electronic commerce, that attempt to capture the attention of a user community that is expected to be large and growing. Services are being developed and provided in many different ways. There is no underlying theory, concepts, or principles to guide the development of such services. As a result, the Internet has become a chaotic environment where network bandwidth is wasted, users are frustrated because of the difficulty of finding and accessing services, and service providers are unable to reach potential users of their services. This situation threatens to defeat the many potential benefits of the Internet to society. The purpose of this project is to investigate and develop concepts, principles and protocols for the systematic design and creation of Internet services. The focus of the project is on the provision of information as a service and commodity. Protocols are the fundamental glue that make distributed services work both individually and in combination with other services. Protocols determine whether services will scale to large numbers of users, such as on the Internet, and whether the service makes efficient use of the network resources. With the increasing bit density of documents being provided on the Internet, e.g. images and video, the importance of scalable protocols has increased dramatically. This project will develop and specify protocols that enable the creation of an envisioned electronic information marketplace consisting of providers, vendors, brokers, and buyers of information. The project will investigate the use of a combination of mobile agents on the user side, push technology on the provider side, and payment systems for the selling and buying of information as a commodity. In addition to concepts, principles, and protocols, the project will develop a prototype software environment in which the protocols will be evaluated empirically.

The focus of this project was on researching better ways of securing computer systems against attacks. The research has been concentrated in the fields of intrusion detection, intrusion response and event based systems. The first achievement is in the field of detecting attack scenarios that can only be found by correlating information from different hosts. A decentralized correlation-algorithm could be constructed, that is resistant against single points of failure. The second achievement has been made in increasing the performance of sensors, which is one of the most severe problems of current intrusion detection systems. The taken approach applies a modified method for comparing events to attack signatures. Instead of comparing events in a serialized way (which is the commonly used method), a decision tree is constructed from the individual signatures using clustering algorithms. Snort-NG is a publicly available implementation of this decision-tree based approach. The third achievement of this project is an improvement in detecting unknown attacks against systems. Usually the exact shape of an attack is specified in signatures, which causes that unknown attacks cannot be identified, as they are not listed in the signature database. We introduced the concept of Abstract Signatures, and constructed two of them. Abstract Signatures characterize the commonalities of whole attack classes, therefore they are able to detect variants of attacks belonging to a known attack class. A buffer overflow detector (for the Apache webserver) and a worm detection module (a Snort plugin) have been realized. The fourth contribution dealt with self-defending computer networks. Current systems do not take into account the effects of launched response mechanisms. We created a network-model that takes the mission and the dependencies of a network to simulate the exact effects, allowing the system to choose the response with the least impact on the usability of a system. The fifth and last contribution has been made in the field of event-based systems. Event-based systems are concurrent systems, as nodes can announce events to its subscribers, which all together form a parallel system. It is very important that such parallel systems are deadlock-free, which is a non-trivial task. We show that the usual concepts such as mutual exclusion and synchronization can be applied to event-based systems by defining a semantics on a programing language for event-based systems. We show that deadlock-free event-based systems can be created.