CHAINIAC: Proactive software update transparency via collectively signed skipchains and verified builds

October 12, 2017 ~ Adrian Colyer ~ 1 Comment

CHAINIAC: Proactive software-update transparency via collectively signed skipchains and verified builds Nikitin et al., USENIX Security ‘17 So hopefully you’ve put in place some kind of software supply chain management process that will pick up the availability of new package versions, particularly of course those with fixes for discovered vulnerabilities, and ensure those updates are ... Continue Reading

TrustBase: an architecture to repair and strengthen certificate-based authentication

October 11, 2017 ~ Adrian Colyer ~ 1 Comment

TrustBase: an architecture to repair and strengthen certificate-based authentication O’Neill et al., USENIX Security 2017 We recently saw that the sorry state of DNSSEC makes it comparatively easy to be sent to the wrong address when looking up a hostname. If certificate-based authentication is messed up as well, then it’s double trouble as you can ... Continue Reading

Pretzel: email encryption and provider-supplied functions are compatible

October 10, 2017 ~ Adrian Colyer ~ Leave a comment

Pretzel: email encryption and provider-supplied functions are compatible Gupta et al., SIGCOMM’17 While emails today are often encrypted in transit, the vast majority of emails are exposed in plaintext to the mail servers that handle them. Given the sensitive information often contained in email correspondence, why is this? Publicly, email providers have stated that default ... Continue Reading

Detecting credential spearphishing attacks in enterprise settings

October 9, 2017 ~ Adrian Colyer ~ 2 Comments

Detecting credential spearphishing attacks in enterprise settings Ho et al., USENIX Security 2017 The Lawrence Berkeley National Laboratory (LBNL) have developed and deployed a new system for detecting credential spearphishing attacks (highly targeted attacks against individuals within the organisation). Like many anomaly detection systems there are challenges of keeping the false positive rate acceptable (not ... Continue Reading

A century of science: globalization of scientific collaborations, citations, and innovations

October 6, 2017 ~ Adrian Colyer ~ Leave a comment

A century of science: globalization of scientific collaborations, citations, and innovations Dong et al., KDD’17 This is more of a general interest paper as a light-hearted way to end the week. A team at Microsoft conducted analyses on the Microsoft Academic Graph to understand the changing nature of science over the course of the last ... Continue Reading

HoTTSQL: Proving query rewrites with univalent SQL semantics

October 5, 2017 ~ Adrian Colyer ~ Leave a comment

HoTTSQL: Proving query rewrites with univalent SQL semantics Chu et al., PLDI’17 Query rewriting is a vital part of SQL query optimisation, in which rewrite rules are applied to a query to transform it into forms with (hopefully!) a lower execution cost. Clearly when a query is rewritten we still want it to mean the ... Continue Reading

ActiveClean: Interactive data cleaning for statistical modeling

October 4, 2017 ~ Adrian Colyer ~ 4 Comments

ActiveClean: Interactive data cleaning for statistical modeling Krishnan et al., VLDB 2016 Yesterday we saw that one of the key features of a machine learning platform is support for data analysis, transformation and validation of datasets used as inputs to the model. In the TFX paper, the authors reference ActiveClean as an example of data ... Continue Reading

TFX: A TensorFlow-based production scale machine learning platform

October 3, 2017 ~ Adrian Colyer ~ 6 Comments

TFX: A TensorFlow-based production scale machine learning platform Baylor et al., KDD'17 What world-class looks like in online product and service development has been undergoing quite the revolution over the last few years. The series of papers we've been looking at recently can help you to understand where the bar is (it will have moved ... Continue Reading

Google Vizier: A service for black-box optimization

October 2, 2017 ~ Adrian Colyer ~ 3 Comments

Google Vizier: a service for black-box optimization Golovin et al., KDD'17 We finished up last week by looking at the role of an internal (or external) experimentation platform. In today's paper Google remind us that such experimentation is just one form of optimisation. Google Vizier is an internal Google service for optimising pretty much anything. ... Continue Reading

The evolution of continuous experimentation in software product development

September 29, 2017 ~ Adrian Colyer ~ 14 Comments

The evolution of continuous experimentation in software product development Fabijan et al., ICSE'17 (Author personal version here) If you've been following along with the A/B testing related papers this week and thinking "we should probably do more of that in my company," then today's paper choice is for you. Anchored in experiences at Microsoft, the ... Continue Reading

the morning paper

a random walk through Computer Science research, by Adrian Colyer
Made delightfully fast by strattic

Uncategorized