| |
| Current Topic: Technology |
|
Automated Whitebox Fuzz Testing |
|
|
|---|
| Topic: Technology |
11:11 am EST, Feb 9, 2008 |
Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally, fuzz testing tools apply random mutations to well-formed inputs and test the program on the resulting values. We present an alternative whitebox fuzz testing approach inspired by recent advances in symbolic execution and dynamic test generation. Our approach records an actual run of a program under test on a well-formed input, symbolically evaluates the recorded trace, and generates constraints capturing how the program uses its inputs. The generated constraints are used to produce new inputs which cause the program to follow different control paths. This process is repeated with the help of a code-coverage maximizing heuristic designed to find defects as fast as possible. We have implemented this algorithm in SAGE Scalable, Automated, Guided Execution, a new tool employing x86 instruction-level tracing and emulation for whitebox fuzzing of arbitrary file-reading Windows applications. We describe key optimizations needed to make dynamic test generation scale to large input files and long execution traces with hundreds of millions of instructions. We then present detailed experiments with several Windows applications. Notably, without any format-specific knowledge, SAGE detects the MS07-017 ANI vulnerability, which was missed by extensive blackbox fuzzing and static analysis tools. Furthermore, while still in an early stage of development, SAGE has already discovered 20 new bugs in large shipped Windows applications including image processors, media players, and file decoders. Several of these bugs are potentially exploitable memory access violations.
Work by Patrice Godefroid; Michael Y. Levin; David Molnar. Automated Whitebox Fuzz Testing |
|
Governing Lethal Behavior: Embedding Ethics in a Hybrid Deliberative/Reactive Robot Architecture |
|
|
|---|
| Topic: Technology |
7:07 am EST, Feb 7, 2008 |
Ronald Arkin, Georgia Tech: This article provides the basis, motivation, theory, and design recommendations for the implementation of an ethical control and reasoning system potentially suitable for constraining lethal actions in an autonomous robotic system so that they fall within the bounds prescribed by the Laws of War and Rules of Engagement. It is based upon extensions to existing deliberative/reactive autonomous robotic architectures, and includes recommendations for (1) post facto suppression of unethical behavior, (2) behavioral design that incorporates ethical constraints from the onset, (3) the use of affective functions as an adaptive component in the event of unethical action, and (4) a mechanism in support of identifying and advising operators regarding the ultimate responsibility for the deployment of such a system.
Governing Lethal Behavior: Embedding Ethics in a Hybrid Deliberative/Reactive Robot Architecture |
|
Born Digital: Understanding the First Generation of Digital Natives |
|
|
|---|
| Topic: Technology |
7:07 am EST, Feb 7, 2008 |
Due out in August. Two leading experts explain the brave new world inhabited by "digital natives"--the first generation born and raised completely wired. The most enduring change wrought by the digital revolution is neither the new business models nor the new search algorithms, but rather the massive generation gap between those who were born digital and those who were not. The first generation of "digital natives"--children who were born into and raised in the digital world--is now coming of age, and soon our world will be reshaped in their image. Our economy, our cultural life, even the shape of our family life will be forever transformed. But who are these digital natives? How are they different from older generations, and what is the world they're creating going to look like? In Born Digital, leading Internet and technology experts John Palfrey and Urs Gasser offer a sociological portrait of this exotic tribe of young people who can seem, even to those merely a generation older, both extraordinarily sophisticated and strangely narrow. Based on original research and advancing new theories, Born Digital explores a broad range of issues, from the highly philosophical to the purely practical: What does identity mean for young people who have dozens of online profiles and avatars? Should we worry about privacy issues? Or is privacy even a relevant value for digital natives? How does the concept of safety translate into an increasingly virtual world? Is "stranger-danger" a real problem, or a red herring? A smart, practical guide to a brave new world and its complex inhabitants, Born Digital will be essential reading for parents, teachers, and the myriad of confused adults who want to understand the digital present--and shape the digital future.
Born Digital: Understanding the First Generation of Digital Natives |
|
Movement (Schulze & Webb) |
|
|
|---|
| Topic: Technology |
7:07 am EST, Feb 7, 2008 |
Two metaphors have been used successfully in designing for and thinking about the Web: the Web as a physical space, and websites as extensions of the body. The synthesis of these is what we could call Web 2.0. But now we have to contend with the importance of experience, in addition to utility, and the increasing demands on the attention of our users. A third metaphor may be reached by regarding users as trajectories, flowing through our websites. By considering the Web in motion, an approach which uses a ‘motivations flowchart’ is demonstrated, where the states of a user are used to derive features regardless of the interaction medium. And an interaction pattern is demonstrated: Snap is syndicated interactions, bringing choices users have to make away from websites and together on their desktop. Finally some challenges for the Web in 2008 are posed: other devices; groups; the future—how does Web design itself become open to amateur creativity, and what new tools should be built?
Movement (Schulze & Webb) |
|
DNI McConnell on 'The Cyber Threat' |
|
|
|---|
| Topic: Technology |
12:43 pm EST, Feb 6, 2008 |
We assess that nations, including Russia and China, have the technical capabilities to target and disrupt elements of the US information infrastructure and for intelligence collection. Nation states and criminals target our government and private sector information networks to gain competitive advantage in the commercial sector. Terrorist groups—including al-Qa’ida, HAMAS, and Hizballah—have expressed the desire to use cyber means to target the United States. Criminal elements continue to show growing sophistication in technical capability and targeting, and today operate a pervasive, mature on-line service economy in illicit cyber capabilities and services available to anyone willing to pay. Each of these actors has different levels of skill and different intentions; therefore, we must develop flexible capabilities to counter each. It is no longer sufficient for the US Government to discover cyber intrusions in its networks, clean up the damage, and take legal or political steps to deter further intrusions. We must take proactive measures to detect and prevent intrusions from whatever source, as they happen, and before they can do significant damage. At the President’s direction, an interagency group reviewed the cyber threat to the US and identified options regarding how best to integrate US Government defensive cyber capabilities; how best to optimize, coordinate and de-conflict cyber activities; and how to better employ cyber resources to maximize performance. This tasking was fulfilled with the January 2008 issuance of NSPD-54/HSPD-23, which directs a comprehensive national cybersecurity initiative. These actions will help to deter hostile action in cyber space by making it harder to penetrate our networks.
DNI McConnell on 'The Cyber Threat' |
|
|
|---|
| Topic: Technology |
7:06 am EST, Feb 6, 2008 |
A 2002 paper by Andrei Broder, now at Yahoo Research, then at AltaVista. Classic IR (information retrieval) is inherently predicated on users searching for information, the so-called "information need". But the need behind a web search is often not informational -- it might be navigational (give me the url of the site I want to reach) or transactional (show me sites where I can perform a certain transaction, e.g. shop, download a file, or find a map). We explore this taxonomy of web searches and discuss how global search engines evolved to deal with web-specific needs.
A taxonomy of web search |
|
The History of Visual Communication |
|
|
|---|
| Topic: Technology |
8:21 pm EST, Feb 4, 2008 |
This website attempts to walk you through the long and diverse history of a particular aspect of human endeavour: The translation of ideas, stories and concepts that are largely textual and/or word based into a visual format, i.e., visual communication.
The History of Visual Communication |
|
Mother Earth Mother Board |
|
|
|---|
| Topic: Technology |
11:54 am EST, Feb 2, 2008 |
In the aftermath of the cable cuts this week, it's worth revisiting a Wired classic. The hacker tourist ventures forth across the wide and wondrous meatspace of three continents, chronicling the laying of the longest wire on Earth.
Mother Earth Mother Board |
|
