Shostack + Friends Blog Archive


This Friday is “Take an Academic Friend to Work Day”

(or maybe “Let an Academic Friend Take YOU to Their Work Day”)

One of my goals is to promote more cross-disciplinary and cross-sector collaboration for information security research.  While there are various efforts to organize this on a large scale, I would like to offer a creative idea on how to do it on a small scale – grass roots – starting with you!

In my opinion, one fertile area of research and collaboration is to apply the latest research in non-standard logic and formal reasoning (a.k.a. AI) to InfoSec risk management problems.  The problem is that most of these research papers read like Sanskrit unless you are an academic and a specialist.

Rather than simply post links to various academic papers and ask you to read them, I want to approach this in another way. In the spirit of “Take Your Child to Work Day”, I would like to challenge you to use these papers as a vehicle to start a dialog with an academic friend in your professional network, or a friend-of-friends.

If you are willing to participate, here’s what I’d like you to do (read on…):

 Step 1: Take a glance at the following two academic papers.  If you aren’t interested in these, you can search the Web for research papers that do catch your interest.   I chose these papers because they either focused primarily on InfoSec problems (the first paper) or had an explicit application to InfoSec (the second paper).  These papers are related and they both come from Cornell under Joseph Halpern.

  • Secrecy And Anonymity In Interactive Systems” (PhD dissertation) – from p. 158: “We have defined general notions of secrecy for systems with which multiple agents interact over time, and have given syntactic characterizations of our definitions that connect them to logics of knowledge and probability. We have applied our definitions to the problem of characterizing the absence of information flow, and have shown how our definitions can be viewed as a generalization of a variety of information-flow definitions that have been proposed in the past. We have also given general definitions of anonymity for agents acting in multiagent systems, and have compared and contrasted our definitions to other similar definitions of anonymity.”  From p. 11-12: “We describe [a] state-based approach for representing the local states of different agents in a multiagent system and an epistemic logic for reasoning about the knowledge of such agents. We also describe how to add probability to the runs-and-systems framework […].  Chapter 3 presents definitions of secrecy in the context of the runs-and-systems framework. […].  We provide several syntactic characterizations using the epistemic logic […], and we prove several results establishing equivalences between the semantic and logic-based definitions. […] We also give probabilistic definitions of secrecy […] and generalize many of the definitions using plausibility measures.”
  • Probabilistic Algorithmic Knowledge” – from p. 20: “The goal of this paper is to understand what the evidence provided by a knowledge algorithm tells us. To take an example from security, consider an enforcement mechanism used to detect and react to intrusions in a system. Such an enforcement mechanism uses algorithms that analyze the behavior of users and attempt to recognize intruders. While the algorithms may sometimes be wrong, they are typically reliable, in our sense, with some associated probabilities. Clearly the mechanism wants to make sensible decisions based on his information. How should it do this? What actions should the system take based on a report that a user is an intruder?”

Step 2: Reach out to your professional network to find someone you know or a friend-of-a-friend who might understand the theoretical/academic content of these papers.  This should be a piece of cake for any power users of LinkedIn, Twitter, Facebook, etc.  Even if you still use email primarily, it might only take three or four hops before you find someone.

Step 3:  Once you find a qualified person, send them links to the papers, along with your initial impressions, and ask them to participate in a dialog with you.

Step 4:  Then both of you read the papers, write some notes and questions, and then have some conversations to see if you can come to some joint understanding and conclusions.  You can educate them on InfoSec and they can educate you on the formal logic stuff.  Learn from each other!

Step 5: Post your reactions and conclusions as comments to this blog post, or in your own blog with trackback here.

Maybe there are some breakthrough ideas in these papers.  Maybe not.  Either way, you will have an interesting experience in cross-discipline collaboration on a small scale.

Thanks for participating in this experiment!  Let us know how it goes and what you discover I the process.

One comment on "This Friday is “Take an Academic Friend to Work Day”"

Comments are closed.