In a tale rich with incongruities, the Communist-run government of West Bengal State invited the Tata Group, a symbol of Indian capitalism, to set up its plant in an area called Singur. It acquired 1,000 acres from farmers on the company’s behalf.
As the project advanced, some farmers who had sold their land demanded it back. The main state-level opposition party, the Trinamool Congress, led protests demanding that the land be returned. Most people sympathetic to Tata accused the opposition of inducing the farmers to protest, while Tata’s critics said the farmers had legitimate grievances.

The issue simmered for months. But in recent days, protesters began surrounding the plant, blocking roads and preventing Tata workers from reaching the plant. “The existing environment of obstruction, intimidation and confrontation has begun to impact the ability of the company to convince several of its experienced managers to relocate and work in the plant,” Tata said in a statement on Tuesday.

The halt to the plant has caused many Indian business people to warn of a chilling effect on investment in the country. It is also unclear how Tata will be able to keep the Nano’s cost so low, since part of the affordable price reflects the company’s savings on the land in Singur.

There is a fundamental asymmetry between state and markets. It is easier to create markets than it is to create state capacity or to prevent its deterioration. Creating markets is a lot about letting go, establishing a reasonable policy framework, and allowing the natural hustling instinct to take over. In other words, hustling is the natural state. Building state capacity, on the other hand, is quite different. It involves overcoming collective action problems, mediating conflict, creating accountability mechanisms where outputs are multiple and fuzzy and links between inputs and outputs murky, and contending with the deep imprints of history. In Weber’s memorable words, building public institutions is like the “slow boring of hard boards”.

In that light, China’s task of improving its private sector seems easier to accomplish than India’s task of arresting institutional decline. So, while China and India can probably both count on more years of high growth, the odds still favour China pulling off that feat than India. That, and not just the meagre medal tally, should be what India mulls over after the Beijing Olympics.

It's easier to liberalise a functional state than it is to functionalise a dysfunctional one, of any ideological stripe.

My goal at that time was to show everyone that there was a very mature (functional) reference architecture with decades of maturity that applies to (complex) event processing, adapted from the JDL model for information fusion.  Kum Bai Ya.

There is plenty of room for everyone in this model.  Kum Bai Ya.

The model is inclusine not exclusive. Kum Bai Ya.

The JDL model is based on years of operational maturity.  Kum Bai Ya.

The model is functionally and technically accurate.  Kum Bai Ya.

Everyone at the first event processing symposium (March 2006) seemed to agree with this model, at least publicly, because there was no “push back” at the symposium.  Kum Bai Ya.

Professor David Luckham did not discuss architecture in his book, The Power of Events.  Kum Bai Ya.

David’s research at Stanford, some CEP related, was funded by DARPA, who also support the JDL information fusion model.  Kum Bai Ya.

TIBCO Software adopted the JDL model (Note: I worked for TIBCO the time.) Kum Bai Ya.

We built a functional reference architecture around this mature model.  Kum Bai Ya.

We did not claim we invented it.  Kum Bai Ya.

We did not patent the model, only shared it. Kum Bai Ya.

The model is free and open for everyone to use.  Kum Bai Ya.

The folks in the military and government totally agree with this model for CEP/EP.  Kum Bai Ya.

Complex operational problems are addressed every day with this model. Kum Bai Ya.

Air traffic control uses this model.  Kum Bai Ya.

Missile defense uses this model to protect us from harm everyday.  Kum Bai Ya.

Intrusion detection and network management now use this model (Note: I published an ACM paper on adapting this model for cybersecurity 10 years ago). Kum Bai Ya.

Oh, blog-o-sphere.  Kum Bai Ya.

As a reference, you may have seen this briefing, one of many where I show these functional relationships, Mythbusters: Event Stream Processing Versus Complex Event Processing, from DEBS2007.  For example slide 23 shows the functional relationship between events, pre-processing, event tracking, situational detection, historical patterns (the output of BI tools, for example), visualization and business process management.

In Faithful Representation, Richard Veryard reminds his readers that the most challenging part is in the situation models (not the system integration).  Unfortunately, by accident, Richard incorrectly attributes Opher Etzion’s “first order situation model approximation” to both Opher and I in this quote from Richard’s post, “a simple situation model of complex events, in which events (including derived, composite and complex events) represent the “situation”.   

Actually, that simple situation model above is Opher’s, not mine.  I have offered a more general and comprehensive (first draft) situation model, in A Simple Situation Model for Complex Events based on a cognitive situation model used by researchers at the University of Notre Dame.  I do not believe that complex events and situations can be modelled accurately using Opher’s simple model of derived, composite and complex events.   This model is overly simple, in my opinion. to represent the vast majority of CEP classes of problems, perhaps explaining why Opher and I do not agree on the state-of-the-art of CEP.  Opher tends to view CEP as mostly an extension of active database technology where I see CEP as a technology that is much more closely aligned with the cognitive models represented in the art-and-science of multi-sensor data fusion (MSDF).  

Complex events represent situations, and situations must be accurately modelled if we are going to accurately detect them in real-time.  If your business cannot model a complex event (situation) then it does not matter what software you buy, how much money you spend, or what event processing and integration platform you use.   The models are hard.  The system integration is relatively easy.

The secret sauce is the situation and complex event models.

As mentioned here a few times, it does not matter how fast you process events in real-time, if your model is wrong, you just detect the wrong thing very fast.  This is very bad and quite dangerous.  You will make bad decisions fast.  You will waste time, money and resources.

This is why CEP benchmarks should be based on accuracy in situation detection, not in latency and other low-level performance metrics.   First, get the models right; then refine to detect faster, if speed is required.   What has happened in CEP to date, is that the models are so simple, they do not really detect complex events, they just process and act on simple events that are easy to model. 

Based upon talking with Microsoft customers over the past five years, they are always looking for that little bit of extra information to help make prioritization decisions.  An obvious example of this is the severity attached to the vulns.  However, as explained by Mike Reavey of the the Microsoft Security Response Center (MSRC) over on the Ecostrat blog today, customers are also very interested in which vulnerabilities already have exploit code or sample exploits available.

According to our analysis in the most recent Security Intelligence Report (SIR), only about 30 percent of the vulnerabilities we fix each year have exploit code released.  Why is it not 100% ?  Some are not interesting to attackers, sure, but some are simply more challenging to develop a consistent exploit against.  It seems like it would be practically useful if this sort of information could be analyzed and published for customers.

How does one come up with an Exploitability Index?

• The MSRC will analyze the vulnerability and explore what it would take to exploit it, with the support of our Security Vulnerability Research & Defense (SVRD) team.  This will include leveraging methodologies from the broad researcher community.
• We will also ask security researcher members of the Microsoft Active Protections Program (MAPP) (download FAQ) to review the vulnerabilities and check our analysis before releasing the index.

The idea of the Exploitability Index is to provide more information to help customers prioritize Microsoft security updates. This Index will reflect our best estimate, scrutinized by MAPP partners, of the likelihood of a functional exploit being developed for a given vulnerability.

If you are interested, I did an interview with Mike Reavey a while back, where we discuss what sort of information customers want that isn't yet in Security Bulletins.  FYI, the video is about 15 minutes long and the early part focuses on Mike, how he got into security and how he ended up at Microsoft before we get to the Security Bulletin discussion ... if you want to get right to the Security Bulletin discussion, skip forward to about 08:40.

If you like these sorts of videos, click on
SecurityGuy 001 - Interview with MSRC Leader Mike Reavey and it'll take you to the edge.technet.com site and you can check out the related videos.

Regards ~ Jeff

“I know for a fact that every major CEP vendor has several dozen paying customers.”

Somehow Mark, I don’t find a dozen paying customers by the top CEP vendors very impressive.

Then, as to somehow justify the lack of public reference clients, Mark takes the position of a Coral8 customer and says,

“We believe that the use of Coral8 gives us a strategic advantage over our competitors. Why would we want to clue them in?”

Naturally, the same thing could have been said about the first desktop computer, or the first back-office banking system, or the first calculator, or the first telephone, frankly speaking.

Of course, when the technology is mature, then it is “Hey we have lots of computers!” “Hey, look at my fully functional sexy iPhone!” “We have the best back office banking systems on the planet by <insert your favorite big vendor here>!”

Well, all this CEP Solution Secrecy (CEPSS) might just be similar to why the government keeps many IT projects a secret;  the main reason is so we don’t know how much taxpayer money they are spending!

So, folks, the debate counterpoint that there is some “Secret Life of CEP” and that the CEP solutions today are somehow changing the way C-Level executives, and corporate America, thinks is just wishful thinking.

Companies don’t need to keep their strong technical solutions a secret. Like, Wow! I am using Coral8 and it is so impressive that I have to keep it TOP SECRET.  (Sorry Mark, nothing personal, you simply gave me a big red target and painted “fire when ready” on it)

Note:  I happen to like Coral8, and Coral8 Studio, as an event stream processing platform.

Back on point, I consider my laptop and cellphone more indispensable than most of the first generation rule-based stream processing engines out there today, and I am sure most CEOs agree.

The Secret Life of CEP….   you just have to just love it

Blogger: Pete Lindstrom

On July 8th, Dan Kaminsky of IOActive announced a major DNS “vulnerability” in conjunction with a number of major DNS vendors. The announcement was off the charts in fanfare and attention, but what was the real impact on risk?

First, it is worth noting that this “bug” is more properly classified as a new attack technique invented by Dan. It combines two vulnerabilities that have been well-known for some time – the ability to guess non-random transaction IDs and the use of Additional RRs to insert new entries into the DNS cache. A fix against either of these vulnerabilities also negates the attack itself.

The fundamental question that determines the risk impact revolves around whether it is reasonable to expect fewer or more incidents that use this technique when comparing the period prior to disclosure -- or, more properly, before the date of Dan’s invention of the technique (this also assumes prior art) – with the period after invention/disclosure and into the future. If the disclosure reduces the number of those incidents, then risk is reduced; if the disclosure increases the number of those incidents, then risk is increased.

With that litmus test as our guideline, it is useful to break down the functional elements of risk and look at the impact on threats, vulnerabilities, and consequences (we will cover consequences, then vulnerabilities, and finally threat).

Consequences
Though the consequences are the same before and after disclosure, it is worth discussing the impact here, given that the implication was that the “entire web” could be taken down. The nature of the attack requires the following:

1. An attacker must convince/trick a user into making a DNS request for a domain that doesn’t already exist in their DNS server’s cache. The expectation here is that s/he can be easily tricked into doing this.
2. Then, the attacker must simultaneously attack the DNS server by guessing the transaction ID. According to Kaminsky, the request/attack phase can be done reliably in about 10 seconds.
3. The attack is DNS server-specific. Only users on the same DNS server are affected.
4. Propagation: once the cache is poisoned, anyone requesting that domain will be routed to a malicious server.

Without combining this attack with other attack techniques, there can be three results:

1. Spoofing of a single website for multiple, perhaps many, users using the same DNS server. Presumably, this would be followed by more traditional phishing and malware attacks.
2. Denial-of-service by rerouting traffic from a legitimate site thereby taking potential customers or “eyeballs” away.
3. Denial-of-service be rerouting traffic from a legitimate high volume site to a legitimate low-volume site thereby overloading the servers on the low-volume site.

Because of the point-to-point (user-to-website) nature of the attack, to do something that constitutes “taking over the entire web” is infeasible by a longshot.

The bottom line analysis for the effect on risk due to a change in consequences from pre-invention to post-invention: no change, and therefore no impact.

Vulnerabilities
These vulnerabilities have existed for years, and there have been workarounds for years. Along with this announcement, new patches were introduced in all major DNS server solutions. It is reasonable to assume that many DNS server implementations have been patched, though public accounts have suggested that number is in the 66%-75% range.

Bottom line analysis: the vulnerability level has been reduced, probably significantly, and the affect is positive for risk reduction. If 100% of DNS servers were patched, then overall risk would be reduced for this attack (assuming that there were actual attacks using this technique in the past.)

Threats
The real question regarding risk impact comes in the arena of the less-controllable manipulation of threat. The general threat equation revolves around an attacker’s willingness to attack, based on his/her own cost/benefit analysis that compares the cost to attack to the expected benefits, tempered by the potential for being caught and penalized.

Cost to attack – prior to disclosing the invention, there were likely few, if any attackers with “prior art” that mirrored this technique. It is anybody’s guess how many potential attackers might have figured it out eventually, but they would have had to come from the pool of folks with enough expertise to do so – I am going to guess 500,000 people.

After the disclosure, the hints provided in the press release, the podcast, the sorted stories, and the blog entries made it much easier to figure out. Let’s guess that 5 million people could execute the attack. With automated tools, that number goes up to 50 million.

These numbers are estimates that illustrate the nature of the exercise. You are welcome to fill in your own estimates and come to your own conclusions.

Bottom line analysis: a significant increase in threat and corresponding risk.

Net Effect
The risk manager's challenge is to weigh the decrease in vulnerable systems compared with the corresponding increase in threat, within the context of number of incidents and anticipated future incidents. Given the sheer size differential, it is difficult to conceive of a situation where risk is not increased.

Sometimes it "feels" like someone is taking action for the greater good, when that action actually creates a negative impact for all. For example, it is common for people to believe that raising prices of scarce resources during  times of trouble (e.g. gasoline in the hurricane Katrina aftermath) is unconscionable even though a majority of economists recognize that raising prices actually provides for the greater public good. Vulnerability discovery and disclosure, and attack inventions, might feel like the right thing to do, but the net result is almost always a negative impact.

To solve a complex problem in the blackboard-style, the intelligent agents cooperate as functional specialists, observing updates to the blackboard and self-actualizing in an event driven process) when there is new information to process.  Agents continually update the blackboard with partial solutions when the agents capabilities for processing match the state of the blackboard. 

The blackboard architecture is a distributed computing model for a metaphor describing how people work together to collaboratively solve a problem around a blackboard (whiteboard in todays lingo).   For example, one person is standing at the whiteboard working on a solution while three other people are sitting (or standing) around watching.   One of the observers sees new information on the whiteboard, thinks of how he (or she) can contribute, and then jumps up, takes the whiteboard marker from the person working, and adds to the solution.  This process is repeated in various scenarios.  

The blackboard architecture can be very effective in solving complex distributed computing problems, including event processing problems; however, scheduling the self-actuating agents can be a key challenge.   Another core challenge is how to model and manage the blackboard itself, especially in distributed blackboard architectures.  

John McManus, former CTO of NASA, wrote an excellent PhD dissertation in 1992,  Design and Analysis Techniques for Concurrent Blackboard Systems, at the College of William and Mary, addressing challenges in BB systems.

The table below lists two books that focus on blackboard architecture:

One of the thought leaders in blackboard architecture is Daniel D. Corkill a professor at the University of Massachusetts Amherst. 

Blackboard architecture is relevant to the field of event processing, and in particular complex event processing.   I will go into more details in future blog posts on this topic, including how blackboard architectures relate to grid computing, distributed object caching (of the blackboard), and CEP.

The same key points of that presentation are still relevant today:

1. Event-Decision Processing is Computationally Intensive

2. CEP requires a Number of Technologies:

• Distributed Computing, Publish/Subscribe and SOA
• Hierarchical, Cooperative Inference Processing
• High Speed, Real Time Processing with State Management
• Event-Decision Architecture for Complex Situations and Events
• There is no single “CEP Solution” or “CEP Product” (in the market place then, and today)

3. CEP needs a Common Vocabulary and Functional Architecture based on Mature, Industry-Standard Inference Models

4. Processing and Integration Patterns for CEP need to be Developed and Formalized

Since March of 2006 a number of other challenges has surfaced.  I will elaborate on this challenges in a future post.

They work by mounting two small infrared lights on the front. The wearer is completely inconspicuous to the human eye, but cameras only see a big white blur where your face should be. Building them is a snap: just take a pair of sunglasses, attach two small but powerful IR LEDS to two pairs of wires, one wire per LED. Then attach the LEDs to the glasses; the video suggests making a hole in the rim of the glasses to embed the LEDs. Glue or otherwise affix the wires to the temples of the glasses. At the end of the temples, attach lithium batteries. They should make contact with the black wire, but the red wires should be left suspended near the batteries without making contact. When you put them on the red wire makes contact, turning the lights on. It's functional, but we're thinking that installing an on/off switch would be more elegant and it would allow you to wear them without depleting the batteries.

]]> Mon, 07 Jul 2008 09:54:18 +0000 attach lithium batteries batteries attach black wire wire wires red wires video suggests leds Sunglasses that Hide your Face from Cameras http://securityratty.com/article/dd55671703e08b2bd6230c4559700373 http://securityratty.com/article/dd55671703e08b2bd6230c4559700373

Can You Hear Me Now? | Nemertes Research
Our brains (with functional ears) have the ability to dynamically adjust the gain control and adjust frequency sensitivity in real-time based on input from our other senses and our past experiences. The same capability is needed in SIEM/log management whe

Security and Risk Management Strategies Blog: Common Event Standard SIG Held At Catalyst

]]> Thu, 26 Jun 2008 20:00:00 +0000 adjust adjust frequency sensitivity siemlog management whe nemertes research past experiences gain control functional ears real-time based input Links for 2008-06-26 [del.icio.us]