https://homeostasis.scs.carleton.ca/wiki/index.php?action=history&feed=atom&title=EvoSec_2025W_Lecture_18 2026-04-22T09:00:55Z Revision history for this page on the wiki MediaWiki 1.42.1 https://homeostasis.scs.carleton.ca/wiki/index.php?title=EvoSec_2025W_Lecture_18&diff=25042&oldid=prev 2025-03-18T18:36:34Z

<p>Created page with &quot;==Readings== * [https://homeostasis.scs.carleton.ca/~soma/pubs/dabbour-nspw2020.pdf Dabbour, &quot;Towards In-Band Non-Cryptographic Authentication.&quot; (NSPW 2020)] * [https://homeostasis.scs.carleton.ca/~soma/pubs/bfoster-gecco-2010.pdf Foster, &quot;Object-Level Recombination of Commodity Applications.&quot; (GECCO 2010)] ==Notes== &lt;pre&gt; Lecture 18 ---------- G1 - can be more complex to detect imposters in practice because to do so because 1) you won&#039;t consider it a possibility, and...&quot;</p> <p><b>New page</b></p><div>==Readings==<br /> * [https://homeostasis.scs.carleton.ca/~soma/pubs/dabbour-nspw2020.pdf Dabbour, &quot;Towards In-Band Non-Cryptographic Authentication.&quot; (NSPW 2020)]<br /> * [https://homeostasis.scs.carleton.ca/~soma/pubs/bfoster-gecco-2010.pdf Foster, &quot;Object-Level Recombination of Commodity Applications.&quot; (GECCO 2010)]<br /> <br /> ==Notes==<br /> &lt;pre&gt;<br /> Lecture 18<br /> ----------<br /> G1<br /> - can be more complex to detect imposters in practice because to do so because 1) you won&#039;t consider it a possibility, and 2) you&#039;d have to act weird<br /> - AI chatbots can immitate people given chat history, that could defeat detection attempts<br /> - shared history may be the strongest authenticator but isn&#039;t practical (like narrative auth)<br /> <br /> G2<br /> - What&#039;s the connection between these two? Seemed obscure<br /> - create new and identifiable contexts for security<br /> - security context from code diversity vs shared knowledge/observations<br /> - computer-to-computer is not like people-to-people communication, is it even feasible to distinguish them?<br /> - similar to encryption, shared secret, but secret is shared context<br /> - how complex of models would be required for authentication between computers?<br /> <br /> G4<br /> - doesn&#039;t computer behavior boil down to protocols, so not so much opportunity for unknown shared context?<br /> - if one host is compromised, it can be immitated using stolen data<br /> - compromised communication allows models to be built up over time<br /> - how does the link resolver work?!<br /> - is genetic recombination practical?<br /> - can you really get more complexity over many generations?<br /> - what is the similarity between the papers?<br /> <br /> G3<br /> - knowing the attacker could be there biases the conversation<br /> - if you did a more &quot;real world&quot; experiment, would people detect impersonation if not primed? suspect they won&#039;t<br /> - in the real world users, if someone knows they&#039;ve been hacked they have other ways of communicating this fact<br /> - if defender can train model, attacker can also, and your behavior is harder to change than a password<br /> - no mutation of object files, so is this evolution?<br /> - how can we do mutation here that would generate novelty?<br /> - don&#039;t we still need people? How can this be fully automated?<br /> <br /> <br /> I don&#039;t see these papers as practical, but evocative<br /> - how do people recognize each other when limited to text?<br /> - can we have programs sexually reproduce like biological organisms, without<br /> being designed for this?<br /> <br /> <br /> don&#039;t mistake the abstraction for the implementation<br /> - computer-to-computer &quot;conversational&quot; auth would have models of implementation &amp; context-specific details<br /> - precise program versions<br /> - communication details<br /> &lt;/pre&gt;</div>

Soma