-
From Lemons to Peaches: Improving Security ROI through Security Chaos Engineering
Authors:
Kelly Shortridge
Abstract:
Traditional information security presents a poor ROI: payoffs only manifest when attacks are successfully prevented. In a reality where attacks are inevitable, subpar returns are therefore inevitable. The emerging paradigm of Security Chaos Engineering offers a more remunerative and reliable ROI by minimizing attack impacts and generating valuable evidence to inform continuous improvement of syste…
▽ More
Traditional information security presents a poor ROI: payoffs only manifest when attacks are successfully prevented. In a reality where attacks are inevitable, subpar returns are therefore inevitable. The emerging paradigm of Security Chaos Engineering offers a more remunerative and reliable ROI by minimizing attack impacts and generating valuable evidence to inform continuous improvement of system design and operation.
△ Less
Submitted 7 July, 2023;
originally announced July 2023.
-
Sludge for Good: Slowing and Imposing Costs on Cyber Attackers
Authors:
Josiah Dykstra,
Kelly Shortridge,
Jamie Met,
Douglas Hough
Abstract:
Choice architecture describes the design by which choices are presented to people. Nudges are an aspect intended to make "good" outcomes easy, such as using password meters to encourage strong passwords. Sludge, on the contrary, is friction that raises the transaction cost and is often seen as a negative to users. Turning this concept around, we propose applying sludge for positive cybersecurity o…
▽ More
Choice architecture describes the design by which choices are presented to people. Nudges are an aspect intended to make "good" outcomes easy, such as using password meters to encourage strong passwords. Sludge, on the contrary, is friction that raises the transaction cost and is often seen as a negative to users. Turning this concept around, we propose applying sludge for positive cybersecurity outcomes by using it offensively to consume attackers' time and other resources.
To date, most cyber defenses have been designed to be optimally strong and effective and prohibit or eliminate attackers as quickly as possible. Our complimentary approach is to also deploy defenses that seek to maximize the consumption of the attackers' time and other resources while causing as little damage as possible to the victim. This is consistent with zero trust and similar mindsets which assume breach. The Sludge Strategy introduces cost-imposing cyber defense by strategically deploying friction for attackers before, during, and after an attack using deception and authentic design features. We present the characteristics of effective sludge, and show a continuum from light to heavy sludge. We describe the quantitative and qualitative costs to attackers and offer practical considerations for deploying sludge in practice. Finally, we examine real-world examples of U.S. government operations to frustrate and impose cost on cyber adversaries.
△ Less
Submitted 29 November, 2022;
originally announced November 2022.
-
Software metadata: How much is enough?
Authors:
Alice Allen,
Peter Teuben,
G. Bruce Berriman,
Kimberly DuPrie,
Keith Shortridge,
Rein Warmels
Abstract:
Broad efforts are underway to capture metadata about research software and retain it across services; notable in this regard is the CodeMeta project. What metadata are important to have about (research) software? What metadata are useful for searching for codes? What would you like to learn about astronomy software? This BoF sought to gather information on metadata most desired by researchers and…
▽ More
Broad efforts are underway to capture metadata about research software and retain it across services; notable in this regard is the CodeMeta project. What metadata are important to have about (research) software? What metadata are useful for searching for codes? What would you like to learn about astronomy software? This BoF sought to gather information on metadata most desired by researchers and users of astro software and others interested in registering, indexing, capturing, and doing research on this software. Information from this BoF could conceivably result in changes to the Astrophysics Source Code Library (ASCL) or other resources for the benefit of the community or provide input into other projects concerned with software metadata.
△ Less
Submitted 6 December, 2017;
originally announced December 2017.
-
Implementing Ideas for Improving Software Citation and Credit
Authors:
Peter Teuben,
Alice Allen,
G. Bruce Berriman,
Kimberly DuPrie,
Jessica Mink,
Thomas Robitaille,
Keith Shortridge,
Mark Taylor,
Rein Warmels
Abstract:
Improving software citation and credit continues to be a topic of interest across and within many disciplines, with numerous efforts underway. In this Birds of a Feather (BoF) session, we started with a list of actionable ideas from last year's BoF and other similar efforts and worked alone or in small groups to begin implementing them. Work was captured in a common Google document; the session or…
▽ More
Improving software citation and credit continues to be a topic of interest across and within many disciplines, with numerous efforts underway. In this Birds of a Feather (BoF) session, we started with a list of actionable ideas from last year's BoF and other similar efforts and worked alone or in small groups to begin implementing them. Work was captured in a common Google document; the session organizers will disseminate or otherwise put this information to use in or for the community in collaboration with those who contributed.
△ Less
Submitted 18 November, 2016;
originally announced November 2016.
-
Improving Software Citation and Credit
Authors:
Alice Allen,
G. Bruce Berriman,
Kimberly DuPrie,
Jessica Mink,
Robert Nemiroff,
Thomas Robitaille,
Lior Shamir,
Keith Shortridge,
Mark Taylor,
Peter Teuben,
John Wallin
Abstract:
The past year has seen movement on several fronts for improving software citation, including the Center for Open Science's Transparency and Openness Promotion (TOP) Guidelines, the Software Publishing Special Interest Group that was started at January's AAS meeting in Seattle at the request of that organization's Working Group on Astronomical Software, a Sloan-sponsored meeting at GitHub in San Fr…
▽ More
The past year has seen movement on several fronts for improving software citation, including the Center for Open Science's Transparency and Openness Promotion (TOP) Guidelines, the Software Publishing Special Interest Group that was started at January's AAS meeting in Seattle at the request of that organization's Working Group on Astronomical Software, a Sloan-sponsored meeting at GitHub in San Francisco to begin work on a cohesive research software citation-enabling platform, the work of Force11 to "transform and improve" research communication, and WSSSPE's ongoing efforts that include software publication, citation, credit, and sustainability.
Brief reports on these efforts were shared at the BoF, after which participants discussed ideas for improving software citation, generating a list of recommendations to the community of software authors, journal publishers, ADS, and research authors. The discussion, recommendations, and feedback will help form recommendations for software citation to those publishers represented in the Software Publishing Special Interest Group and the broader community.
△ Less
Submitted 24 December, 2015;
originally announced December 2015.
-
Astrophysics Source Code Library Enhancements
Authors:
Robert J. Hanisch,
Alice Allen,
G. Bruce Berriman,
Kimberly DuPrie,
Jessica Mink,
Robert J. Nemiroff,
Judy Schmidt,
Lior Shamir,
Keith Shortridge,
Mark Taylor,
Peter J. Teuben,
John Wallin
Abstract:
The Astrophysics Source Code Library (ASCL; ascl.net) is a free online registry of codes used in astronomy research; it currently contains over 900 codes and is indexed by ADS. The ASCL has recently moved a new infrastructure into production. The new site provides a true database for the code entries and integrates the WordPress news and information pages and the discussion forum into one site. Pr…
▽ More
The Astrophysics Source Code Library (ASCL; ascl.net) is a free online registry of codes used in astronomy research; it currently contains over 900 codes and is indexed by ADS. The ASCL has recently moved a new infrastructure into production. The new site provides a true database for the code entries and integrates the WordPress news and information pages and the discussion forum into one site. Previous capabilities are retained and permalinks to ascl.net continue to work. This improvement offers more functionality and flexibility than the previous site, is easier to maintain, and offers new possibilities for collaboration. This presentation covers these recent changes to the ASCL.
△ Less
Submitted 7 November, 2014;
originally announced November 2014.
-
Ideas for Advancing Code Sharing (A Different Kind of Hack Day)
Authors:
Peter Teuben,
Alice Allen,
Bruce Berriman,
Kimberly DuPrie,
Robert J. Hanisch,
Jessica Mink,
Robert Nemiroff,
Lior Shamir,
Keith Shortridge,
Mark Taylor,
John Wallin
Abstract:
How do we as a community encourage the reuse of software for telescope operations, data processing, and calibration? How can we support making codes used in research available for others to examine? Continuing the discussion from last year Bring out your codes! BoF session, participants separated into groups to brainstorm ideas to mitigate factors which inhibit code sharing and nurture those which…
▽ More
How do we as a community encourage the reuse of software for telescope operations, data processing, and calibration? How can we support making codes used in research available for others to examine? Continuing the discussion from last year Bring out your codes! BoF session, participants separated into groups to brainstorm ideas to mitigate factors which inhibit code sharing and nurture those which encourage code sharing. The BoF concluded with the sharing of ideas that arose from the brainstorming sessions and a brief summary by the moderator.
△ Less
Submitted 27 December, 2013;
originally announced December 2013.
-
Astrophysics Source Code Library: Incite to Cite!
Authors:
Kimberly DuPrie,
Alice Allen,
Bruce Berriman,
Robert J. Hanisch,
Jessica Mink,
Robert J. Nemiroff,
Lior Shamir,
Keith Shortridge,
Mark B. Taylor,
Peter Teuben,
John F. Wallin
Abstract:
The Astrophysics Source Code Library (ASCL, http://ascl.net/) is an online registry of over 700 source codes that are of interest to astrophysicists, with more being added regularly. The ASCL actively seeks out codes as well as accepting submissions from the code authors, and all entries are citable and indexed by ADS. All codes have been used to generate results published in or submitted to a ref…
▽ More
The Astrophysics Source Code Library (ASCL, http://ascl.net/) is an online registry of over 700 source codes that are of interest to astrophysicists, with more being added regularly. The ASCL actively seeks out codes as well as accepting submissions from the code authors, and all entries are citable and indexed by ADS. All codes have been used to generate results published in or submitted to a refereed journal and are available either via a download site or froman identified source. In addition to being the largest directory of scientist-written astrophysics programs available, the ASCL is also an active participant in the reproducible research movement with presentations at various conferences, numerous blog posts and a journal article. This poster provides a description of the ASCL and the changes that we are starting to see in the astrophysics community as a result of the work we are doing.
△ Less
Submitted 23 December, 2013;
originally announced December 2013.
-
Bring out your codes! Bring out your codes! (Increasing Software Visibility and Re-use)
Authors:
Alice Allen,
Bruce Berriman,
Robert Brunner,
Dan Burger,
Kimberly DuPrie,
Robert J. Hanisch,
Robert Mann,
Jessica Mink,
Christer Sandin,
Keith Shortridge,
Peter Teuben
Abstract:
Progress is being made in code discoverability and preservation, but as discussed at ADASS XXI, many codes still remain hidden from public view. With the Astrophysics Source Code Library (ASCL) now indexed by the SAO/NASA Astrophysics Data System (ADS), the introduction of a new journal, Astronomy & Computing, focused on astrophysics software, and the increasing success of education efforts such a…
▽ More
Progress is being made in code discoverability and preservation, but as discussed at ADASS XXI, many codes still remain hidden from public view. With the Astrophysics Source Code Library (ASCL) now indexed by the SAO/NASA Astrophysics Data System (ADS), the introduction of a new journal, Astronomy & Computing, focused on astrophysics software, and the increasing success of education efforts such as Software Carpentry and SciCoder, the community has the opportunity to set a higher standard for its science by encouraging the release of software for examination and possible reuse. We assembled representatives of the community to present issues inhibiting code release and sought suggestions for tackling these factors.
The session began with brief statements by panelists; the floor was then opened for discussion and ideas. Comments covered a diverse range of related topics and points of view, with apparent support for the propositions that algorithms should be readily available, code used to produce published scientific results should be made available, and there should be discovery mechanisms to allow these to be found easily. With increased use of resources such as GitHub (for code availability), ASCL (for code discovery), and a stated strong preference from the new journal Astronomy & Computing for code release, we expect to see additional progress over the next few years.
△ Less
Submitted 9 December, 2012;
originally announced December 2012.
