Domain: ieeecomputersociety.org
Stories and comments across the archive that link to ieeecomputersociety.org.
Comments · 8
-
Not new, not new at all.
In my recent psychology class, our 2004 textbook as well as a few VHS tapes discussed the use of augmented reality as a treatment for various phobias. One example is this article from 2005.
-
Dijkstra
Take an example from Edsger Dijkstra. He was originally a theoretical physicist, but insisted on being called a "programmer".
From this article:
What struck me 30 years ago and still
resonates in my mind today is how
Dijkstra was proud to be a programmer instead of a theoretical physicist. -
Re:mathml support and full unicode
>What is an ``h&j algorithm''?
hyphenation and justification --- instead of just setting one line at a time, the system should consider the entire paragraph and set it so that all lines are as nice as possible w/ the best possible breaks.
See the Knuth and Plass paper on it:
http://doi.ieeecomputersociety.org/10.1109/SFCS.1979.46
Or look at Knuth's book _Digital Typography_
William
-
Photo Auth on Untrusted Terminals
Consider photographic authentication. http://doi.ieeecomputersociety.org/10.1109/MPRV.2003.1186723
-
Re:passphrase
Totally agree - Hell, just exposing people to an explicitly multi-user system that strictly enforces least-privilege is a good thing! I'm sure that the majority of your headaches with security issues are due to the fact that most people (myself included) have developed some bad security habits when using their home PCs.
The scary thing is nowadays, your home PC is basically an alternate vault door to your damn bank account(s). If I didn't know better, didn't have an account password, and just clicked "Remember my Password," all the time because it was convenient, any thief breaking into my house, unattended repair/cleaning person, malicious visitor, asshole uncle, etc. would be able to basically send the contents of my checking account to wherever they wanted. They could sell my entire stock portfolio and make me buy a billion shares of pets.com (or whatever). They could max out my credit cards on Amazon and send themselves (or worse, *me*) a billion copies of "I Know Who Killed Me". I mean, if you think about it, the *best* thing that could happen in the case of someone breaking in to steal your stuff would be if they just *took* your computer (and all your other stuff, of course) to fence!
Crap. I just scared myself.
Anyway, back to the original issue (response to OP): This article is kind of older (2002). Japanese CS-types evaluated the use of a mouse-driven icon-based password for elementary school-aged children. I know it's not a simple answer, but if you're (really) bored some time maybe you could look around for a current implementation of this, or even code it up yourself.
Barring that, I'm a fan of the sentence-mnemonic idea. And if this girl is motivated enough to not want anyone to be able to screw with her computer, I think she'll be able to handle it. -
He's basically correctIt IS possible to create secure hypervisors and secure virtualization (see significant research results summarized in P.A. Karger, M.E. Zurko, D.W. Bonin, A.H. Mason, C.E. Kahn, "A Retrospective on the VAX VMM Security Kernel," IEEE Transactions on Software Engineering, vol. 17, no. 11, pp. 1147-1165, Nov., 1991. The abstract and the opportunity to purchase a PDF of the full paper are at http://doi.ieeecomputersociety.org/10.1109/32.106971 ).
But they're rare, and the current raft of hypervisors don't rate as being possibly secure.
One area in which they fail to pass muster is in regard to their layering. From the DEC paper:
"Strict levels of abstraction . . . as a means of reducing complexity and providing precise and understandable specifications. Each layer of the design implements some abstraction in part by making calls on lower layers. In no case does a lower layer invoke of depend upon high layer abstractions."
One noted security practioner (not me) has opined in private correspondence that, while "[c]learly much more than this is required (as reflected in the rest of the DEC paper), but without such a strict layering a VMM design cannot be considered a serious candidate, and is probably not worth spending time and energy on. The precise number of layers will depend on the particular design, but consistent experience over several decades indicates that for the kind of functionality in a VMM something on the order of the 16 layers in the DEC design are essential to "minimizing the complexity". A small integer number of layers is an immediate tip-off that something "smells rotten" in the design."
Such minimization of complexity is necessary to support the formal modeling and analysis that would allow you to verify that, for instance, there is no unnecessary code in the hypervisor that might be exploited by an attacker (whether deliberately inserted or not).
...sarcasm on
But, in today's world, who cares? These lessons were learned decades ago - they couldn't be relevant today...
...sarcasm off -
MDA908 is much more interesting
Search for "MDA908", the "Virginia Contracting Activity". Much more interesting items come up.
- Black Excursions.
"The Virginia Contracting Activity on behalf of the Defense Intelligence Agency, request for quotations to purchase and install items listed on the RFQ (emergency response equipment) on black excursions." -
Buying missiles from Venezuelan general.
A covert missile deal went bad, and the payment issue ended up in court. A good read. -
Video Grammar for Locating Named People
One of many research papers associated with digesting audio and video content into useful forms. -
A Bayesian network for identifying suspicious visitors
Published in 2004. A reasonable project to be working on at that point.
- Black Excursions.
-
Been There Done That
Statistical analysis of word (token) frequency works great in a closed domain set, such as the Enron corpus. But once you scale up to the ISP level it falls down horribly.
Why ? The size of the token database increases massively to the point where it becomes un maintainable. Every spelling mistake, word variant, not to mention foreign language, gets included. Eventually you are unable to separate the wood from the trees. Let alone make statistically significant assertions about a single message.
And lets not mention the fact that all the work on detecting deception in correspondance hase been done on English language text. Those pesky al-Qaeda types tend to speak Arabic. So before you can even begin to detect dodgy emails written by al-Qaeda, you need to construct a written arabic parser. Then you need access to a large corpus of Arabic emails (if you have one I'd be very interested too). Then you need to research the lexical rules that tend to signify deceptive arabic.
Its an interesting problem, but not even trained and experienced intelligence operatives are able to routinely detect deceptive correspondance, so coding that algorithm is quite tricky.
This is a good place to start :
http://doi.ieeecomputersociety.org/10.1109/HICSS.2 004.1265082