Archive for June, 2007

Jun 23

Vulnerability and Assessment exchange

in Collection and research, In Internet and System. Comments Printable version Printable version

A key problem when working in security is the interoperability between security devices. For example it is desirable to correlate vulnerability scanner information with IDS alerts. An other scenario would be to use vulnerabililty assessment to make firewall use. However this is diffcult for many reasons.

First, there is no unified vulnerability classification of security even. For instance Snort use it own classification. Secondly there is not vulnerability unified number. For one single vulnerability you can have the CVE number, the CERT one and even the bugtrack one.

In this context the OVAL - Open Vulnerability and Assessment Language devellopped by the mitre is very interessting. It is composed of three schemas written in Extensible Markup Language (XML) to serve as the framework and vocabulary of the OVAL Language. These schemas correspond to the three steps of the assessment process: an OVAL System Characteristics schema for representing system information, an OVAL Definition schema for expressing a specific machine state, and an OVAL Results schema for reporting the results of an assessment.

Mitre also provide the OVAL Interpreter which is a freely available reference implementation created to show how information can be collected from a computer for testing, to evaluate and carry out the OVAL definitions for that platform, and to report the results of the tests.  It is very useful to see how the language work.

If you are coding or involved in any security projet, OVAL language is definitively a feature you wish to add to your tool.

Jun 07

GeoTracker: Geospatial and Temporal RSS Navigation [Article Review]

in Analysis and production, In Publications and Internet. Comments Printable version Printable version

This paper describe a system called GeoTracker. This system use geospatial representation and temporal (chronological) presentation to provide a new RSS layout that departs from traditionnal layout paper presentation.

This paper was presented at WWW2007 by Yih-Farn Chen, Giuseppe Di Fabbrizio, David Gibbon, Rittwik Jana, Serban Jora, Bernard Renger, Bin Wei.

They build a middleware plateform called, MxM that is integrated with the MIRACLE multimedia content platform.

They identify the location of the RSS post by looking at the text for know place such as USA, France, NYC. They use the first one found in the post. Once the localisation is done they present the result on a world wide map. Google map in there examples.

image009

I found the idea of using geospacial information and chronological data is useful for enhancing RSS browsing. I think that a new RSS standard that provide them in a specific field will be way more effective than looking at the text. I know that It will add complexity to the RSS standard but optionnal fields with semantic information will really help to improve navigation.

image030The best part of the paper for me is the use of chronological information to link RSS to soccer video (see the figure). It allows to put information on the video timeline in an automatic fashion. Soccer game is a perfect application of such idea. It might been applied also to conference. For example the Mr Job Keynote always generate a huge amount of posts.

I only regrets that the Miracle engine was not testable.