The new dynamics of strategy: Sense-making in a complex and complicated world Kurtz & Snowden et al., IBM Systems Journal, 2003 Tomorrow we’ll be taking a look at a paper recommended by Linda Rising during her keynote at GOTO Copenhagen earlier this month. Today’s choice provides the necessary background to the Cynefin (Kin-eh-vun) framework on … Continue reading The new dynamics of strategy: sense-making in a complex and complicated world
Month: October 2017
“A Rail of One’s Own” – Creating spaces for women in IT
“A Rail of One’s Own” - Creating Spaces for Women in IT Laugwitz, GenderIT 2014 I had the good fortune of chatting with Laura Laugwitz over breakfast on my last day before leaving the GOTO Copenhagen conference. She studied both anthropology and computer science, which must be a pretty rare but very interesting combination! “A … Continue reading “A Rail of One’s Own” – Creating spaces for women in IT
BadNets: Identifying vulnerabilities in the machine learning model supply chain
BadNets: Identifying vulnerabilities in the machine learning model supply chain Gu et al., ArXiv 2017 Yesterday we looked at the traditional software packages supply chain. In BadNets, Gu et al., explore the machine learning model supply chain. They demonstrate two attack vectors: (i) if model training is outsourced, then it’s possible for a hard to … Continue reading BadNets: Identifying vulnerabilities in the machine learning model supply chain
CHAINIAC: Proactive software update transparency via collectively signed skipchains and verified builds
CHAINIAC: Proactive software-update transparency via collectively signed skipchains and verified builds Nikitin et al., USENIX Security ‘17 So hopefully you’ve put in place some kind of software supply chain management process that will pick up the availability of new package versions, particularly of course those with fixes for discovered vulnerabilities, and ensure those updates are … Continue reading CHAINIAC: Proactive software update transparency via collectively signed skipchains and verified builds
TrustBase: an architecture to repair and strengthen certificate-based authentication
TrustBase: an architecture to repair and strengthen certificate-based authentication O’Neill et al., USENIX Security 2017 We recently saw that the sorry state of DNSSEC makes it comparatively easy to be sent to the wrong address when looking up a hostname. If certificate-based authentication is messed up as well, then it’s double trouble as you can … Continue reading TrustBase: an architecture to repair and strengthen certificate-based authentication
Pretzel: email encryption and provider-supplied functions are compatible
Pretzel: email encryption and provider-supplied functions are compatible Gupta et al., SIGCOMM’17 While emails today are often encrypted in transit, the vast majority of emails are exposed in plaintext to the mail servers that handle them. Given the sensitive information often contained in email correspondence, why is this? Publicly, email providers have stated that default … Continue reading Pretzel: email encryption and provider-supplied functions are compatible
Detecting credential spearphishing attacks in enterprise settings
Detecting credential spearphishing attacks in enterprise settings Ho et al., USENIX Security 2017 The Lawrence Berkeley National Laboratory (LBNL) have developed and deployed a new system for detecting credential spearphishing attacks (highly targeted attacks against individuals within the organisation). Like many anomaly detection systems there are challenges of keeping the false positive rate acceptable (not … Continue reading Detecting credential spearphishing attacks in enterprise settings
A century of science: globalization of scientific collaborations, citations, and innovations
A century of science: globalization of scientific collaborations, citations, and innovations Dong et al., KDD’17 This is more of a general interest paper as a light-hearted way to end the week. A team at Microsoft conducted analyses on the Microsoft Academic Graph to understand the changing nature of science over the course of the last … Continue reading A century of science: globalization of scientific collaborations, citations, and innovations
HoTTSQL: Proving query rewrites with univalent SQL semantics
HoTTSQL: Proving query rewrites with univalent SQL semantics Chu et al., PLDI’17 Query rewriting is a vital part of SQL query optimisation, in which rewrite rules are applied to a query to transform it into forms with (hopefully!) a lower execution cost. Clearly when a query is rewritten we still want it to mean the … Continue reading HoTTSQL: Proving query rewrites with univalent SQL semantics
ActiveClean: Interactive data cleaning for statistical modeling
ActiveClean: Interactive data cleaning for statistical modeling Krishnan et al., VLDB 2016 Yesterday we saw that one of the key features of a machine learning platform is support for data analysis, transformation and validation of datasets used as inputs to the model. In the TFX paper, the authors reference ActiveClean as an example of data … Continue reading ActiveClean: Interactive data cleaning for statistical modeling
the morning paper 