Posts

Showing posts from February, 2006

Quantifying Security

My colleague Satya has an intriguing idea for quantifying security:

http://csdl.computer.org/comp/mags/pc/2005/03/b3004.pdf


[B]etween the first and second editions, Knuth had become very famous. For many people, his autograph was worth more than $2, so many saved the check as a souvenir rather than cashing it.

This suggests a metric for that elusive attribute we call fame: what is the largest amount Knuth could have offered such that some fixed fraction of the checks (say, 50 percent) would never be cashed? That dollar figure is a reasonable metric of fame.

...

An operational approach to [security] might proceed as follows: Use software package A to guard some secret (such as a large random number), and welcome Internet attacks on the package for some time period (say, a week). Offer a reward of $X to the first person who discovers and reports the secret. If someone reports the secret, the package is clearly not usable.

The interesting case is when no one reports the secret within the speci…

"Maybe I can be a scientist"

. . . . anyone can be a scientist. I saw people walking around in sweatshirts and jeans. Who knows? Maybe I can be a scientist.


Drawings and notions of scientists by seventh graders, before and after a visit to Fermilab. Very cool.

http://www-ed.fnal.gov/projects/scientists/amanda.html