Winn Schwartau and Mark Carney's slideshow from RSA Conference 2018 about How to Measure the Security of Your Network Protection Devices with Analogue Network Security Architecture & Design.
This document discusses the use of probability in cryptography. It begins with introductions to cryptography and probability. Key probability terms and concepts like events, sample spaces, and Markov models are defined. Public key cryptography using Fermat's Little Theorem is explained. Applications of probability in cryptography are explored, including checksums and the birthday problem, pseudo-random number generators, and code breaking using the Metropolis-Hastings algorithm. The document concludes that probability and cryptography are important fields that help secure communications and protect society from cyber attacks.
Adaptive Honeypot Engagement through Reinforcement Learning of Semi-Markov De...Linan Huang
This document summarizes research on using adaptive honeypots to engage attackers and obtain threat intelligence. It discusses using honeypots to emulate production systems and interact with attackers to learn their tactics, techniques and procedures. The researchers propose modeling attacker engagement as a Markov decision process to find optimal long-term engagement policies that adapt to unknown attack models. Reinforcement learning is suggested to help defenders learn engagement policies based on actual honeypot interactions and gather more threat intelligence over time. Security metrics are also proposed to evaluate the effectiveness and safety of different engagement strategies.
Hacking Critical Infrastructure Like You’re Not a N00bPriyanka Aash
This presentation is targeted towards an audience that already understands how to compromise the embedded systems that run a process and now is looking at manipulating the physics of the process itself. In as much as time allows, it will cover all the things necessary to accomplish more than exercising the automatic shutdown logic of a process.
(Source: RSA USA 2016-San Francisco)
Security_Attacks_On_RSA~ A Computational Number Theoretic Approach.pptxshahiduljahid71
The document discusses various attacks on the RSA cryptosystem. It introduces factoring attacks which aim to factor the modulus N, as knowing the prime factors p and q would allow an attacker to calculate the private key. It notes that while factoring large integers remains difficult, other attacks exist that could decrypt messages without directly factoring N. The document then examines elementary attacks like common modulus and blinding attacks that could potentially extract information about encrypted messages without inverting the RSA function. Finally, it poses an open problem around whether an algorithm could efficiently factor N given access to the RSA encryption function.
This document discusses improving security by addressing issues with random number generation and timing attacks. It proposes using a random delay at the network interface level to obscure timing signals and prevent timing attacks. It also suggests revisiting an old technique called TrueRand that uses differences between a CPU's clock and other clocks/timers as a source of entropy for random number generation. The document advocates a pragmatic approach of deploying imperfect but effective defenses rather than insisting on perfection.
This document provides an introduction to probabilistic programming using PyMC3 and Edward. It discusses the differences between frequentist and Bayesian approaches. Bayesian inference accounts for prior beliefs and provides probabilities rather than binary outcomes. Markov chain Monte Carlo and variational inference are introduced as methods for approximating posterior distributions. Examples are given for Bayesian statistical analysis of coin toss data using these probabilistic programming tools.
This document discusses the use of probability in cryptography. It begins with introductions to cryptography and probability. Key probability terms and concepts like events, sample spaces, and Markov models are defined. Public key cryptography using Fermat's Little Theorem is explained. Applications of probability in cryptography are explored, including checksums and the birthday problem, pseudo-random number generators, and code breaking using the Metropolis-Hastings algorithm. The document concludes that probability and cryptography are important fields that help secure communications and protect society from cyber attacks.
Adaptive Honeypot Engagement through Reinforcement Learning of Semi-Markov De...Linan Huang
This document summarizes research on using adaptive honeypots to engage attackers and obtain threat intelligence. It discusses using honeypots to emulate production systems and interact with attackers to learn their tactics, techniques and procedures. The researchers propose modeling attacker engagement as a Markov decision process to find optimal long-term engagement policies that adapt to unknown attack models. Reinforcement learning is suggested to help defenders learn engagement policies based on actual honeypot interactions and gather more threat intelligence over time. Security metrics are also proposed to evaluate the effectiveness and safety of different engagement strategies.
Hacking Critical Infrastructure Like You’re Not a N00bPriyanka Aash
This presentation is targeted towards an audience that already understands how to compromise the embedded systems that run a process and now is looking at manipulating the physics of the process itself. In as much as time allows, it will cover all the things necessary to accomplish more than exercising the automatic shutdown logic of a process.
(Source: RSA USA 2016-San Francisco)
Security_Attacks_On_RSA~ A Computational Number Theoretic Approach.pptxshahiduljahid71
The document discusses various attacks on the RSA cryptosystem. It introduces factoring attacks which aim to factor the modulus N, as knowing the prime factors p and q would allow an attacker to calculate the private key. It notes that while factoring large integers remains difficult, other attacks exist that could decrypt messages without directly factoring N. The document then examines elementary attacks like common modulus and blinding attacks that could potentially extract information about encrypted messages without inverting the RSA function. Finally, it poses an open problem around whether an algorithm could efficiently factor N given access to the RSA encryption function.
This document discusses improving security by addressing issues with random number generation and timing attacks. It proposes using a random delay at the network interface level to obscure timing signals and prevent timing attacks. It also suggests revisiting an old technique called TrueRand that uses differences between a CPU's clock and other clocks/timers as a source of entropy for random number generation. The document advocates a pragmatic approach of deploying imperfect but effective defenses rather than insisting on perfection.
This document provides an introduction to probabilistic programming using PyMC3 and Edward. It discusses the differences between frequentist and Bayesian approaches. Bayesian inference accounts for prior beliefs and provides probabilities rather than binary outcomes. Markov chain Monte Carlo and variational inference are introduced as methods for approximating posterior distributions. Examples are given for Bayesian statistical analysis of coin toss data using these probabilistic programming tools.
This document provides an overview of symmetric and asymmetric cryptography. Symmetric cryptography uses the same key for encryption and decryption, while asymmetric cryptography uses different keys. The Merkle-Hellman knapsack cryptosystem was one of the earliest public key systems, but it was broken. The RSA algorithm uses a public/private key pair to encrypt and decrypt messages securely. DES was developed as a standard for encrypting sensitive data.
AbstractRSA cryptosystem was first discovered in 1977 by Adi Shi.docxransayo
Abstract
RSA cryptosystem was first discovered in 1977 by Adi Shimir, Ron Rivest and LEN Adleman (Dan, 1999). The RSA system is most commonly used cryptosystem for providing privacy and enabling authenticity of digital data. The RSA system is used by various commercial systems. RSA is used to secure web traffic, to ensure authenticity and privacy of Email, to secure login sessions, and the system is also the backbone of electronic credit-card payment systems.
Since it was released, the RSA system has been scrutinized for vulnerabilities, years of research illustrate some intriguing attacks, but none of them is devastating. They show the danger of the wrong usage of RSA. This report aims at exploring some of these attacks.
Discussions
RSA system encryption can be explained as follows. Let N=pq where it is the product of two large primes of the same size (n/2 bits). The size for N is n=1024 bits. Let e and d be two integers satisfying ed=1 mod (N) in this case mod (N)=(p-1) (q-1).
We call N RSA modulus, e is known as encryption exponent, and d is decryption exponent. (N, e) is the public key. (N, d) the pair is known as the secret key, and only the receiver of an encrypted message knows it (Coppersmith, Franklin, Patarin, & Reiter, 1996).
M is encrypted by computing C=Med =M (mod N)
This is based on Euler’s theorem.
Factoring large integers
Factoring large integers is known as the first attack on RSA public key (N,e). Once an attacker gets the factorization of N, he can easily construct φ(N)in which the decryption exponent d=e-1 mod φ(N) is calculated. This factoring of the modulus is called brute-force attack. Even though the factoring of modulus is improving, this attack is not risky to the security of RSA system if RSA is used properly. Currently, the fastest factoring algorithm is the General Number Field Sieve with executing time of ((c+o (1)) n1/3log 2/3n)
a) Elementary attacks
Elementary attacks involve misuse of RSA. For instance, choosing a common modulus N to serve many users. For our example, let’s assume N is used by many users, and Jane sends a Message M to John, Which is encrypted by the RSA function, C=M (eb) mod N. It emerges like Marvin cannot decrypt C because he does not know db. However, Marvin can use his own keys, dm and em, to factor N, and as a result recover John’s private key, db. So the resulting is compromised.
b) Small Private Key attacks
In our lab study we decide to improve the RSA performance in the matter of running time, Jane uses a small value of da, as compared to a large random number. This small private key dramatically improves performance; however, an attack posed by M. Wiener shows that a small d cause a total collapse of RSA cryptosystem (HASTAD, 1988). This break of RSA is based on Wiener’s Theorem, which provides lower constraints for d. The theory proves that Marvin may find d when d<1/3*N(1/4).
More to his success in RSA attack, Wiener discovered more techniques that allow fast decryption and n.
Naive Bayes is a simple probabilistic classifier that applies Bayes' theorem with strong (naive) independence assumptions. It is often effective in practice even when the assumptions are not strictly true. The document discusses spam filtering, medical diagnosis, and digit recognition as example applications of Naive Bayes classification. It then explains the Bayes classifier, the naive independence assumptions, parameter estimation in Naive Bayes from training data, and performing classification on new examples by calculating conditional probabilities.
Naive Bayes is a simple probabilistic classifier that applies Bayes' theorem with strong (naive) independence assumptions. It is often effective in practice even when the assumptions are not strictly true. The document discusses the naive Bayes classifier and its assumptions, how to estimate parameters from data, and how to classify new examples by calculating conditional probabilities. It also covers important considerations like dealing with small probabilities, evaluating performance using metrics like sensitivity and specificity, and using cross-validation to estimate accuracy on new data.
Naive Bayes is a simple probabilistic classifier that applies Bayes' theorem with strong (naive) independence assumptions. It is often effective in practice even when the assumptions are not strictly true. The document discusses Naive Bayes classification for problems like spam filtering, medical diagnosis, and digit recognition. It explains how to estimate the model parameters from training data and make predictions by calculating the probabilities of each class given features. Cross-validation is recommended for evaluating model performance to avoid overfitting.
The document discusses the RSA cryptosystem. It begins by explaining that RSA is an important public-key cryptosystem based on the difficulty of factoring large integers. It then provides examples of how RSA works, including choosing prime numbers p and q to generate the public and private keys, and using modular exponentiation to encrypt and decrypt messages. The document also discusses the importance of integer factorization for the security of RSA, and considerations for designing a secure RSA system, such as choosing sufficiently large prime numbers.
The document discusses approaches for planning in large worlds, including Monte-Carlo planning. It introduces the concept of a multi-armed bandit problem where an agent must choose between multiple actions with unknown rewards. The UniformBandit algorithm is analyzed, which pulls each arm a fixed number of times and selects the arm with the highest average reward. It is shown that by setting the number of pulls per arm appropriately, UniformBandit can be made into an efficient Probably Approximately Correct algorithm for the multi-armed bandit problem.
Naive Bayes is a simple classification technique based on Bayes' theorem that assumes independence between predictors. It works well for large datasets and is easy to build. Some key points:
- It calculates the probability of class membership based on prior probabilities of classes and predictors.
- It is commonly used for text classification like spam filtering due to its speed and accuracy.
- Variants include Gaussian, Multinomial, and Bernoulli Naive Bayes for different data types.
- Limitations include its assumptions of independence and inability to tune parameters, but it remains a popular first approach for classification problems.
Security precognition chaos engineering in incident responsePriyanka Aash
This document summarizes a presentation on security chaos engineering and incident response. The presentation discusses how complex adaptive systems are difficult to understand and failures are common. It introduces the concept of security chaos engineering, which involves experimenting with failures to build system resilience. An example is provided of how security chaos engineering could work by planning experiments, executing them during a "game day," analyzing results, and taking corrective action.
This document provides an introduction to probabilistic programming using PyMC3 and Edward. It discusses the differences between frequentist and Bayesian approaches. Bayesian inference is well-suited for problems with small datasets, where frequentist estimates have high variance. The document covers Markov chain Monte Carlo (MCMC) techniques like Metropolis-Hastings and Gibbs sampling that are used to perform Bayesian inference. It also discusses variational inference as an alternative to MCMC. Real-life examples of probabilistic modeling of climate data and education metrics are presented. The document concludes with tips for getting started with probabilistic programming.
This document provides an introduction to control flow in R, including for loops, if/else statements, and vectorization. It discusses how for loops can be slow in R and recommends using vectorized functions instead when possible. It provides examples of if/else, ifelse, while, repeat, and switch statements. It also emphasizes that matrix operations in R are very fast, and shows how to vectorize calculations rather than using for loops in order to efficiently classify US states based on crime rates.
There are many modern techniques for identifying anomalies in datasets. There are fewer that work as online algorithms suitable for application to real-time streaming data. What’s worse? Most of these methodologies require a deep understanding of the data itself. In this talk, we tour what the options are for identifying anomalies in real-time data and discuss how much we really need to know before hand to guess at the ever-useful question: is this normal?
Weather, opponents, geopolitics: so many uncertainties in such a case ? How to manage power systems in spite of these uncertainties, and how to decide investments.
Talk at Saint-Etienne in 2015; thanks to R. Leriche and to the "games and optimizations" days in Saint-Etienne.
Bias correction, and other uncertainty management techniquesOlivier Teytaud
The document discusses various sources of uncertainty in power systems, including stochastic uncertainties like weather and non-stochastic uncertainties involving scenarios without probabilities. It proposes using portfolio methods that run multiple algorithms concurrently to address uncertainties, as no single algorithm consistently performs best across different problem instances. Portfolio methods can improve robustness over running a single algorithm by selecting the best response from the set of algorithm outputs.
Introduction to Data Analytics starting with
OLS.
This is the first of a series of essays. I will share essays on unsupervised learning, dimensionality reduction and anomaly/outlier detection.
DEF CON 27 - ANDREAS BAUMHOF - are quantum computers really a threat to crypt...Felipe Prado
This document provides an overview of quantum computing and its implications for cryptography. It discusses how quantum computers could break popular asymmetric cryptographic algorithms like RSA by efficiently solving problems like integer factorization that are intractable on classical computers. The document explains Shor's algorithm, which uses quantum Fourier transforms to find the period of exponential functions and derive prime factors in polynomial time, posing a threat to RSA. It also discusses quantum computing concepts like superposition and entanglement that enable this speedup. Overall, the document serves as an introduction to how quantum computers may impact cryptography by breaking algorithms like RSA.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
This document provides an overview of symmetric and asymmetric cryptography. Symmetric cryptography uses the same key for encryption and decryption, while asymmetric cryptography uses different keys. The Merkle-Hellman knapsack cryptosystem was one of the earliest public key systems, but it was broken. The RSA algorithm uses a public/private key pair to encrypt and decrypt messages securely. DES was developed as a standard for encrypting sensitive data.
AbstractRSA cryptosystem was first discovered in 1977 by Adi Shi.docxransayo
Abstract
RSA cryptosystem was first discovered in 1977 by Adi Shimir, Ron Rivest and LEN Adleman (Dan, 1999). The RSA system is most commonly used cryptosystem for providing privacy and enabling authenticity of digital data. The RSA system is used by various commercial systems. RSA is used to secure web traffic, to ensure authenticity and privacy of Email, to secure login sessions, and the system is also the backbone of electronic credit-card payment systems.
Since it was released, the RSA system has been scrutinized for vulnerabilities, years of research illustrate some intriguing attacks, but none of them is devastating. They show the danger of the wrong usage of RSA. This report aims at exploring some of these attacks.
Discussions
RSA system encryption can be explained as follows. Let N=pq where it is the product of two large primes of the same size (n/2 bits). The size for N is n=1024 bits. Let e and d be two integers satisfying ed=1 mod (N) in this case mod (N)=(p-1) (q-1).
We call N RSA modulus, e is known as encryption exponent, and d is decryption exponent. (N, e) is the public key. (N, d) the pair is known as the secret key, and only the receiver of an encrypted message knows it (Coppersmith, Franklin, Patarin, & Reiter, 1996).
M is encrypted by computing C=Med =M (mod N)
This is based on Euler’s theorem.
Factoring large integers
Factoring large integers is known as the first attack on RSA public key (N,e). Once an attacker gets the factorization of N, he can easily construct φ(N)in which the decryption exponent d=e-1 mod φ(N) is calculated. This factoring of the modulus is called brute-force attack. Even though the factoring of modulus is improving, this attack is not risky to the security of RSA system if RSA is used properly. Currently, the fastest factoring algorithm is the General Number Field Sieve with executing time of ((c+o (1)) n1/3log 2/3n)
a) Elementary attacks
Elementary attacks involve misuse of RSA. For instance, choosing a common modulus N to serve many users. For our example, let’s assume N is used by many users, and Jane sends a Message M to John, Which is encrypted by the RSA function, C=M (eb) mod N. It emerges like Marvin cannot decrypt C because he does not know db. However, Marvin can use his own keys, dm and em, to factor N, and as a result recover John’s private key, db. So the resulting is compromised.
b) Small Private Key attacks
In our lab study we decide to improve the RSA performance in the matter of running time, Jane uses a small value of da, as compared to a large random number. This small private key dramatically improves performance; however, an attack posed by M. Wiener shows that a small d cause a total collapse of RSA cryptosystem (HASTAD, 1988). This break of RSA is based on Wiener’s Theorem, which provides lower constraints for d. The theory proves that Marvin may find d when d<1/3*N(1/4).
More to his success in RSA attack, Wiener discovered more techniques that allow fast decryption and n.
Naive Bayes is a simple probabilistic classifier that applies Bayes' theorem with strong (naive) independence assumptions. It is often effective in practice even when the assumptions are not strictly true. The document discusses spam filtering, medical diagnosis, and digit recognition as example applications of Naive Bayes classification. It then explains the Bayes classifier, the naive independence assumptions, parameter estimation in Naive Bayes from training data, and performing classification on new examples by calculating conditional probabilities.
Naive Bayes is a simple probabilistic classifier that applies Bayes' theorem with strong (naive) independence assumptions. It is often effective in practice even when the assumptions are not strictly true. The document discusses the naive Bayes classifier and its assumptions, how to estimate parameters from data, and how to classify new examples by calculating conditional probabilities. It also covers important considerations like dealing with small probabilities, evaluating performance using metrics like sensitivity and specificity, and using cross-validation to estimate accuracy on new data.
Naive Bayes is a simple probabilistic classifier that applies Bayes' theorem with strong (naive) independence assumptions. It is often effective in practice even when the assumptions are not strictly true. The document discusses Naive Bayes classification for problems like spam filtering, medical diagnosis, and digit recognition. It explains how to estimate the model parameters from training data and make predictions by calculating the probabilities of each class given features. Cross-validation is recommended for evaluating model performance to avoid overfitting.
The document discusses the RSA cryptosystem. It begins by explaining that RSA is an important public-key cryptosystem based on the difficulty of factoring large integers. It then provides examples of how RSA works, including choosing prime numbers p and q to generate the public and private keys, and using modular exponentiation to encrypt and decrypt messages. The document also discusses the importance of integer factorization for the security of RSA, and considerations for designing a secure RSA system, such as choosing sufficiently large prime numbers.
The document discusses approaches for planning in large worlds, including Monte-Carlo planning. It introduces the concept of a multi-armed bandit problem where an agent must choose between multiple actions with unknown rewards. The UniformBandit algorithm is analyzed, which pulls each arm a fixed number of times and selects the arm with the highest average reward. It is shown that by setting the number of pulls per arm appropriately, UniformBandit can be made into an efficient Probably Approximately Correct algorithm for the multi-armed bandit problem.
Naive Bayes is a simple classification technique based on Bayes' theorem that assumes independence between predictors. It works well for large datasets and is easy to build. Some key points:
- It calculates the probability of class membership based on prior probabilities of classes and predictors.
- It is commonly used for text classification like spam filtering due to its speed and accuracy.
- Variants include Gaussian, Multinomial, and Bernoulli Naive Bayes for different data types.
- Limitations include its assumptions of independence and inability to tune parameters, but it remains a popular first approach for classification problems.
Security precognition chaos engineering in incident responsePriyanka Aash
This document summarizes a presentation on security chaos engineering and incident response. The presentation discusses how complex adaptive systems are difficult to understand and failures are common. It introduces the concept of security chaos engineering, which involves experimenting with failures to build system resilience. An example is provided of how security chaos engineering could work by planning experiments, executing them during a "game day," analyzing results, and taking corrective action.
This document provides an introduction to probabilistic programming using PyMC3 and Edward. It discusses the differences between frequentist and Bayesian approaches. Bayesian inference is well-suited for problems with small datasets, where frequentist estimates have high variance. The document covers Markov chain Monte Carlo (MCMC) techniques like Metropolis-Hastings and Gibbs sampling that are used to perform Bayesian inference. It also discusses variational inference as an alternative to MCMC. Real-life examples of probabilistic modeling of climate data and education metrics are presented. The document concludes with tips for getting started with probabilistic programming.
This document provides an introduction to control flow in R, including for loops, if/else statements, and vectorization. It discusses how for loops can be slow in R and recommends using vectorized functions instead when possible. It provides examples of if/else, ifelse, while, repeat, and switch statements. It also emphasizes that matrix operations in R are very fast, and shows how to vectorize calculations rather than using for loops in order to efficiently classify US states based on crime rates.
There are many modern techniques for identifying anomalies in datasets. There are fewer that work as online algorithms suitable for application to real-time streaming data. What’s worse? Most of these methodologies require a deep understanding of the data itself. In this talk, we tour what the options are for identifying anomalies in real-time data and discuss how much we really need to know before hand to guess at the ever-useful question: is this normal?
Weather, opponents, geopolitics: so many uncertainties in such a case ? How to manage power systems in spite of these uncertainties, and how to decide investments.
Talk at Saint-Etienne in 2015; thanks to R. Leriche and to the "games and optimizations" days in Saint-Etienne.
Bias correction, and other uncertainty management techniquesOlivier Teytaud
The document discusses various sources of uncertainty in power systems, including stochastic uncertainties like weather and non-stochastic uncertainties involving scenarios without probabilities. It proposes using portfolio methods that run multiple algorithms concurrently to address uncertainties, as no single algorithm consistently performs best across different problem instances. Portfolio methods can improve robustness over running a single algorithm by selecting the best response from the set of algorithm outputs.
Introduction to Data Analytics starting with
OLS.
This is the first of a series of essays. I will share essays on unsupervised learning, dimensionality reduction and anomaly/outlier detection.
DEF CON 27 - ANDREAS BAUMHOF - are quantum computers really a threat to crypt...Felipe Prado
This document provides an overview of quantum computing and its implications for cryptography. It discusses how quantum computers could break popular asymmetric cryptographic algorithms like RSA by efficiently solving problems like integer factorization that are intractable on classical computers. The document explains Shor's algorithm, which uses quantum Fourier transforms to find the period of exponential functions and derive prime factors in polynomial time, posing a threat to RSA. It also discusses quantum computing concepts like superposition and entanglement that enable this speedup. Overall, the document serves as an introduction to how quantum computers may impact cryptography by breaking algorithms like RSA.
Similar to How to Measure the Security of Your Network Protection Devices with Analogue Network Security Architecture & Design (20)
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slackshyamraj55
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Best 20 SEO Techniques To Improve Website Visibility In SERPPixlogix Infotech
Boost your website's visibility with proven SEO techniques! Our latest blog dives into essential strategies to enhance your online presence, increase traffic, and rank higher on search engines. From keyword optimization to quality content creation, learn how to make your site stand out in the crowded digital landscape. Discover actionable tips and expert insights to elevate your SEO game.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
How to Measure the Security of Your Network Protection Devices with Analogue Network Security Architecture & Design
1. SESSION
ID:
#RSAC
Winn
Schwartau
HOW
TO
MEASURE
THE
SECURITY
OF
YOUR
NETWORK
PROTECTION
DEVICES
WITH
ANALOGUE
NETWORK
SECURITY
ARCHITECTURE
&
DESIGN
LAB2-‐W10
Security
Theoretician
@WinnSchwartau
Mark
Carney
Mathematician,
Security
Researcher,
Leeds
Univ,
UK
@LargeCardinal
3. #RSAC
The
World
As
It
Is
<Le
Sigh>
Security
is
Broken.
Abysmally
so.
TCP/IP
was
just
an
experiment.
— We
run
the
planet
on
it.
Assume
the
bad
guys
are
inside
already.
We
‘know’
newer,
faster
technology
will
protect
networks
and
data.
(Same
promises
since
1980s)
• If
You
Can’t
Measure
It,
You
Can’t
Manage
It.
4. #RSAC
This
Session
The
Theory:
1. Time-‐Based
Security
2. Trust
3. Measurement
4. Feedback
5. Two
Man
Rule
6. OODA
The
Maths:
1. Boolean
2. Why
Bayes?
3. Exercises
4. Appendix
5. Trust
Factor
Model
16. #RSAC
Why
We
Can’t Rely
on
Protection
• No Product Guarantees
• Networks are highly dynamic
• Most protection is highly static.
• The security posture changes
continuously
• Network maps are ‘iffy’. Especially
ingress/egress
• Partner networks are often security
suspects.
• Complexity breeds vulnerability
• New
hacks
&
‘0’-‐Days
• Patches
take
time
• Improper
configuration
• Insiders
(Errors
&
Intent)
How Much Protection Does
The Window Provide (Time)?
17. #RSAC
Evaluating
Exposure:
E(t)
• Assume
No
Protection:
•If
P
=
0,
• Then
E(t) =
D(t) +
R(t)
•If
P
>
0,
• Then
E(t) =
[P(t)
– (D(t) +
R(t))]
• Given
Total
Access
to
Your
Networks
-‐
•How
much
‘Value’
can
be
stolen
in
1
minute?
•How
about
10
minutes?
•What
about
2
hours?
• Cost
in
$
of
DOS/DDoS?
• Best-‐Case
Metric
of
Security
• Lim
Et =
Lim
(Dt)
+
Lim
(Rt)
t
>>
0 t
>
>0 t
>>
0
Secure
Computer
18. #RSAC
Measuring
Which
Files
Are
Targets
• P
>
D
+
R
– If
P
=
0,
then
D
+
R
=
E
• F
/
BW
=
T
– BW(mb)/~10
=
BW(MB)
• 1Gb/sec
~
(100MB/Sec)
– F
=
100MB
• If
E
>
1sec,
or
E
>
T,
F
is
Vulnerable
20. #RSAC
Exercise
#1
Given
the
above,
what
analogue-‐ish
technique
can
be
used
to
limit
the
amount
of
potential
data
exfiltration
over
time
period
‘E’?
26. #RSAC
Exercise
#2:
Alice’s
Trust
Factors
are:
.95
.901
.87
.79
.975
Which
gives
us
the
highest
overall
Trust
Factor
for
Alice:
Arithmetic
or
Geometric
Weighting?
27. #RSAC
Trust
Factors
comparison
by
Geometric
mean
27
Geometric
Mean
§ The
Geometric
mean
is
used
in
various
situations
where
trust
is
measured
– from
financial
institutions
to
dating
sites
§ The
Geometric
mean
calculated
by:
! 𝑥#
$
#%&
'
§ It
is
the
n-‐th
root
of
the
product
of
n-‐many
terms
§ See
right
for
a
comparison
between
geometric
and
arithmetic
means
31. #RSAC
Now,
Some
Bayes
“A
Bayesian
is
one
who,
vaguely
expecting
a
horse,
and
catching
a
glimpse
of
a
donkey,
strongly
believes
he
has
seen
a
mule.”
“A
frequentist
is
a
person
whose
long-‐run
ambition
is
to
be
wrong
5%
of
the
time.”
32. #RSAC
What
is
‘Bayesian’
about
Bayesian
statistics?
32
Bayesian
statistics
lets
us
compare
our
hypotheses
as
conditional
probabilities
𝑃(𝐴) – the
probability
of
an
attack;
we
will
set
this
as
1
in
1000
or
0.001
(0.1%)
𝑃(𝐷|𝐴) – the
probability
we
detect
an
attack
given
an
attack
is
occurring
– also
called
the
‘sensitivity’;
we
will
set
this
as
99%
or
0.99
𝑃(𝐷) – the
probability
we
will
have
a
detection.
NB –
𝑃 𝐷 = 𝑃(𝐷|𝐴)×𝑃 𝐴 +
(𝑃 𝐷 𝐴̅ ×𝑃(𝐴̅))
Bayes
Theorem:
𝑃 𝐴 𝐷 =
𝑃 𝐷 𝐴 ×𝑃(𝐴)
𝑃(𝐷)
33. #RSAC
A
Worked
Example
33
Bayes
Theorem:
𝑃 𝐴 𝐷 =
𝑃 𝐷 𝐴 ×𝑃(𝐴)
𝑃(𝐷)
Probability
of
an
Attack
given
a
Detection
Probability
of
a
Detection
given
an
attack
is
in
progress
Probability
of
an
Attack
Probability
of
a
Detection
41. #RSAC
The
Malicious
Email
we
need
to
detect
The
10
(1%
of
1000)
False
Positives
we
need
to
consider
this
detection
could
be
The
11
possibilities
for
1
detection
A
Worked
Example
– An
explanation
of
9%
41
Thus,
we
can
see
that
the
actual
malicious
email
is
1
of
11
possibilities,
or
1
in
11,
or
≈ 9%
NB
– Bayes
is
not
fully
using
this
logic,
but
it
is
handy
for
understanding
42. #RSAC
A
Worked
Example
– An
explanation
of
9%
42
Thus,
we
can
see
that
the
actual
malicious
email
is
1
of
11
possibilities,
or
1
in
11,
or
≈ 9%
How
we
can
improve
this
§ Note
that
we
have
indeed
one
confirmed
detection
§ Subsequent
detections
improve
the
confirmation
of
our
hypothesis
– that
there
is
some
attack
taking
place
§ We
do
this
by
using
the
derived
value
as
our
new
𝑃(𝐴)
Bayes
Theorem:
𝑃& 𝐴 𝐷 =
0.99×0.001
0.99×0.001 + (0.01×0.999)
43. #RSAC
A
Worked
Example
– An
explanation
of
9%
43
Bayes
Theorem
Iterated:
𝑃; 𝐴 𝐷 =
0.99×0.0902
0.0983
Thus,
we
can
see
that
the
actual
malicious
email
is
1
of
11
possibilities,
or
1
in
11,
or
≈ 9%
How
we
can
improve
this
§ Note
that
we
have
indeed
one
confirmed
detection
§ Subsequent
detections
improve
the
confirmation
of
our
hypothesis
– that
there
is
some
attack
taking
place
§ We
do
this
by
using
the
derived
value
as
our
new
𝑃(𝐴)
44. #RSAC
A
Worked
Example
– An
explanation
of
9%
44
Bayes
Theorem
Iterated:
𝑃; 𝐴 𝐷 = 0.9075 …
≈ 90.75%
Thus,
we
can
see
that
the
actual
malicious
email
is
1
of
11
possibilities,
or
1
in
11,
or
≈ 9%
How
we
can
improve
this
§ Note
that
we
have
indeed
one
confirmed
detection
§ Subsequent
detections
improve
the
confirmation
of
our
hypothesis
– that
there
is
some
attack
taking
place
§ We
do
this
by
using
the
derived
value
as
our
new
𝑃(𝐴)
45. #RSAC
A
Worked
Example
– An
explanation
of
9%
45
Bayes
Theorem
Iterated:
𝑃; 𝐴 𝐷 = 0.9075 …
≈ 90.75%
𝑃A 𝐴 𝐷 = 0.9990 …
≈ 99.90%
§ Thus,
our
confidence
improves
incredibly
fast
under
the
iteration
of
this
process
§ Our
hypothesis
gains
confidence
for
every
successful
detection
given
our
setup
§ We
can
now
see
how
to
deal
with
probabilities
and
intersections
thereof
with
a
view
to
confirming
our
beliefs
about
our
situation
46. #RSAC
Exercise
#3
Assume
you
have
2
detection
Black
Boxes,
made
by
different
vendors,
each
with
a
Trust
Factor
of
.9
Show:
1. The
difference
in
Trust
Factor
by
using
both
detection
product
versus
just
one
with
a
Boolean
OR
to
combine
the
two
vendor
products.
2. The
difference
in
Trust
Factor
by
using
both
detection
product
versus
just
one
with
a
Boolean
AND
to
combine
the
two
vendor
products.
49. #RSAC
Exercise
#4
Given
5 Admins,
each
with
.95
Trust
Factor,
what
is
the
overall
TF
for
this
access
point?
50. #RSAC
Exercise
#4
Answer
5
Admins
Each
TF
of
.95
(.95
+
.95
+
.95
+
.95
+
.95)/5
=
________
Or
.95
∗
.95
∗
.95
∗
.95
∗
.95
C
=______
Arith vs.
Geo?
51. #RSAC
2MR
Goal
• Ensure
that
Administrators
Do
Not
Exceed
Authority
• Ensure
They
Do
Not
Cause
Intentional
or
Accidental
Damage
• Reduce
Risk
From
Insiders
With Authority
54. #RSAC
Analogue
Boole
A
=
Set B
=
Approve B(t) Q
=
Enable
Countdown
Status
0 0 OFF 0 Before
0 0 t
>
0 0 During
0 0 t
=
0 0 After
(No
B)
1 0 OFF 1 Before
1 0 t
>
0 1 During
1 0 t
=
0 0 After
(No
B)
1 1 OFF 1 Before
1 1 t
>
0 1 During
1 1 t
=
0 1 After
(No
B)
0 1 N/A 0 Before
T=Off
0 1 N/A 0 During
T
>
0
0 1 N/A 0 After
T=0
57. #RSAC
Exercise
#5
Design
a
2-‐Man
Timed-‐Based
Admin
control,
where
either
Alice
or
Bob
can
initiate
the
process,
and
require
the
other
to
verify.
This
only
works
in
a
pure
form
where
TF
Alice
– TF
Bob.
61. #RSAC
Detection
in
Depth
Code
Granularity
Divide
by
Time
and
Bandwidth
Think
Shannon:
0
Limit-‐Function
Application
Internal
DR
Matrix
&
API
to
Reaction
Matrix
Network
Segmented
Graceful
Degradation
Internetworking
62. #RSAC
Make
Vendors
Accountable
Vendor
Promises
“Accuracy”
90%
in
1ms
(10%
Risk)
95%
in
100ms
(5%
Risk)
99%
in
1,000ms
Ask
Every
Vendor
for
Metrics!
Set:
Negative
Time
>
Vendor(t)
Knowable
Security/Risk
over
Time
Vendor
Provides:
History
&
Samples
Reviewed
Per
’Click’
Accuracy
Update
67. #RSAC
Trust
Factors
– a
proposed
methodology
67
§ ANS
requires
that
we
abandon
absolutes
of
trust,
and
instead
require
that
trust
of
some
object
A
(a
device,
or
person,
or
other)
is
strictly
some
factor
TF(A)
where
we
require
0
≤
TF(A)
≤
1
§ But
we
need
to
consider
how
to
iterate
these
values
in
time
§ We
consider
an
expansion
on
the
scheme
on
the
right
𝑇𝐹FG&(𝐴)
= 𝑇𝐹F 𝐴 ± 𝐷(𝑇𝐹F 𝐴 )
69. #RSAC
Trust
Factors
– Deriving
a
closed-‐form
model
69
Substituting,
we
get:
𝑇𝐹FG&(𝐴)
= 𝑇𝐹F 𝐴 ± 𝛿 𝑡, 𝑡 + 1 ± 𝐼(𝑇𝐹F 𝐴 , 𝑥&, 𝑥;,…)
Goal:
Value
of
our
𝑇𝐹FG& 𝐴
The
𝛿 𝑡, 𝑡 + 1 function
‘shapes’
our
curve
in
time
by
acting
as
a
default
change
of
TF 𝐴
Our
current
value
of
𝑇𝐹F 𝐴 – this
is
our
start
value
This
is
the
‘influencer’
function
that
can
read
parameters
and
push/pull
𝑇𝐹 𝐴 according
to
pre-‐defined
requirements/thresholds/etc.
NB -‐ A
similarity
to
Gottman
and
Murray’s
equations
was
unexpected,
but
is
an
interesting
line
of
inquiry
we
are
pursuing