https://hdl.handle.net/1721.1/141486 2026-04-08T18:21:07Z 2026-04-08T18:21:07Z Wolff, Josephine Young, William E. Smith, Evann https://hdl.handle.net/1721.1/141775 2022-04-08T03:38:18Z 2013-06-15T00:00:00Z

Cyber 9/12 student challenge Wolff, Josephine; Young, William E.; Smith, Evann On June 15, 2013, the Atlantic Council’s Cyber Statecraft Initiative, with Science Applications International Corporation (SAIC), held the first student competition devoted to high-level policy recommendations for day-after responses to a major cyber attack. Held at American University’s School of International Service, the competition brought together more than sixty-five students—from undergraduates to PhD candidates—organized into nineteen teams and representing seventeen universities. In addition, twenty-one experts drawn from the top ranks of the US Department of Defense, US Department of State, White House, and leading cyber security firms participated as judges. Congratulations to ECIR’s very own, Colonel William E. Young, Jr., Josephine Wolff and Evann Smith for winning the “Best Written Brief.”

2013-06-15T00:00:00Z Vaishnav, Chintan Choucri, Nazli Clark, David D https://hdl.handle.net/1721.1/141774 2026-02-05T21:14:59Z 2012-06-18T00:00:00Z

Cyber international relations as an integrated system Vaishnav, Chintan; Choucri, Nazli; Clark, David D International Relations (IR) – whether in pursuit of wealth or power – have been traditionally predicated upon the dominance of the State and the effectiveness of geographical boundaries. The Internet has shattered these assumptions. Consequently, the properties of information goods such as information security, control, or freedom, or those of international activities such as trade, or diplomacy must be framed in the context of emergent behaviors of a system where the Cyberspace interacts with traditional IR. The purpose of this paper is to conceptualize the hitherto separate domains of Cyberspace and International Relations into an integrated socio-technical system that we jointly call Cyber International Relations (Cyber-IR) System, and to identify and analyze its emergent properties utilizing the methods of engineering systems. Our work is an exploration in both theory and methodology. We begin by identifying important actors in Cyberspace and IR, and the core functions they perform for their respective systems. In doing so, we disambiguate important questions of system boundary. We then create a domain structure matrix (DSM) of the interdependencies among the core functions of the various actors. This method enables us to integrate the domains of Cyberspace and IR that we then examine in two ways. First, we qualitatively analyze DSM to show how Cyber-IR is characterized by the activities of multiple actors who are interdependent in various ways, and who are highly heterogeneous in their roles and capabilities. Second, we perform quantitative analysis using several matrix-based techniques to illustrate and verify how certain core functions are more important than others, and why attributes such as geographical location, economic status, etc., of the actor shape their influence in Cyber- IR. This work forms a baseline for further understanding of the nature of the heterogeneous influences of the various actors, and the various outcomes that could result from it.

2012-06-18T00:00:00Z Madnick, Stuart E. Li, Xitong Choucri, Nazli https://hdl.handle.net/1721.1/141773 2022-05-05T15:37:19Z 2009-09-01T00:00:00Z

Experiences and challenges with using CERT data to analyze international cyber security. Madnick, Stuart E.; Li, Xitong; Choucri, Nazli With the increasing interconnection of computer networks and sophistication of cyber attacks, it is important to understand the dynamics of such situations, especially in regards to cyber international relations. The Explorations in Cyber International Relations (ECIR) Data Dashboard Project is an initiative to gather worldwide cybersecurity data publicly provided by nation-level Computer Emergency Response Teams (CERTs) and to provide a set of tools to analyze the cybersecurity data. The unique contributions of this paper are: (1) an evaluation of the current state of the diverse nation-level CERT cybersecurity data sources, (2) a description of the Data Dashboard tool developed and some interesting analyses from using our tool, and (3) a summary of some challenges with the CERT data availability and usability uncovered in our research.

2009-09-01T00:00:00Z Houghton, James Siegel, Michael Goldsmith, Daniel https://hdl.handle.net/1721.1/141771 2022-04-08T03:01:35Z 2013-07-21T00:00:00Z

Modeling the influence of narratives on collective behavior Houghton, James; Siegel, Michael; Goldsmith, Daniel This paper considers the problem of understanding the influences of narratives or stories on individual and group behavior. Narrative theory describes how stories help people make sense of the world, and is being used to explain behavior in domains such as security, health care, and consumer behavior. We are interested in using narrative theory to develop better predictions of behavior and have developed a multi-methodology approach to combine narrative influence with system dynamics modeling of group behavior. Our model quantifies how individuals use narratives to understand current events and make decisions. We model the time-varying strength of cultural narratives as a degree of belief in the narrative’s explanatory power, updated heuristically in response to observations about similarity between cultural narratives and current events. We use Twitter posts to measure narrative-significant observations in the real world. Using this approach, we investigate a case study of the violent riots in London in 2011 and demonstrate how relevant narratives can be identified, monitored, and included in behavior models to predict violent activity.

2013-07-21T00:00:00Z Sechrist, Michael Vaishnav, Chintan Goldsmith, Daniel Choucri, Nazli https://hdl.handle.net/1721.1/141753 2022-05-05T15:37:19Z 2012-07-26T00:00:00Z

The dynamics of undersea cables: Emerging opportunities and pitfalls Sechrist, Michael; Vaishnav, Chintan; Goldsmith, Daniel; Choucri, Nazli Cyberspace is built on physical foundations that support the “virtual” manifestations we know of and use in everyday computing. Physical infrastructure can include wired, fiber optic, satellite and microwave links, as well as routing equipment. An often overlooked but critical part of the Internet infrastructure is undersea communication cable links. Undersea cables are the technology of choice to move large amounts of data around the world quickly. In the U.S., approximately 95% of all international Internet and phone traffic travel via undersea cables. Nearly all government traffic, including sensitive diplomatic and military orders, travels these cables to reach officials in the field. The problem, however, is that the undersea cable infrastructure is susceptible to several types of vulnerability, including: rising capacity constraints, increased exposure to disruption from both natural and mad-made sources, and emerging security risks from cable concentration in dense geographical networks (such as New York and New Jersey, and places like Egypt/Suez Canal.) Moreover, even under normal working conditions, there is a concern whether governance-as-usual can keep up with the future growth of Internet traffic. In this paper, we explore the impact of these problems on the dynamics of managing undersea cable infrastructure.

2012-07-26T00:00:00Z Madnick, Stuart E. Choucri, Nazli Li, Xitong Ferwerda, Jeremy https://hdl.handle.net/1721.1/141752 2022-05-05T16:17:59Z 2011-11-01T00:00:00Z

Comparative analysis of cybersecurity metrics to develop new hypotheses Madnick, Stuart E.; Choucri, Nazli; Li, Xitong; Ferwerda, Jeremy Few Internet security organizations provide comprehensive, detailed, and reliable quantitative metrics, especially in the international perspective across multiple countries, multiple years, and multiple categories. As common refrain to justify this situation, organizations ask why they should spend valuable time and resources collecting and standardizing data. This report aims to provide an encouraging answer to this question by demonstrating the value that even limited metrics can provide in a comparative perspective. We present some findings generated through the use of a research tool, the Explorations in Cyber Internet Relations (ECIR) Data Dashboard. In essence, this dashboard consists of a simple graphing and analysis tool, coupled with a database consisting of data from disparate national-level cyber data sources provided by governments, Computer Emergency Response Teams (CERTs), and international organizations. Users of the dashboard can select relevant security variables, compare various countries, and scale information as needed. In this paper, using this tool, we present an example of observations concerning the fight against cybercrime, along with several hypotheses attempting to explain the findings. We believe that these preliminary results suggest valuable ways in which such data could be used and we hope this research will help provide the incentives for organizations to increase the quality and quantity of standardized quantitative data available.

2011-11-01T00:00:00Z Madnick, Stuart E. Camiña, Steven Choucri, Nazli Woon, Wei Lee https://hdl.handle.net/1721.1/141751 2022-05-05T15:37:19Z 2012-12-15T00:00:00Z

Towards better understanding cybersecurity: Or are "cyberspace" and "cyber space" the same? Madnick, Stuart E.; Camiña, Steven; Choucri, Nazli; Woon, Wei Lee Although there are many technology challenges and approaches to attaining cybersecurity, human actions (or inactions) also often pose large risks. There are many reasons, but one problem is whether we all “see the world” the same way. That is, what does “cybersecurity” actually mean – as well as the many related concepts, such as “cyberthreat,” “cybercrime,” etc. Although dictionaries, glossaries, and other sources tell you what words/phrases are supposed to mean (somewhat complicated by the fact that they often contradict each other), they do not tell you how people are actually using them. If we are to have an effective solution, it is important that all the parties understand each other – or, at least, understand that there are different perspectives. For the purpose of this poster and to demonstrate our methodology, we consider the case of the words, “cyberspace” and “cyber space.” We had developed techniques and algorithms for the automated generation of taxonomies for chosen “seed terms” (such as “cyberspace” and “cyber space”) based on the co-occurrence of those words in the list of keywords of documents in large document repositories, such as Compendex and Inspec. The system that we had developed and used in this experiment employed the Heymann algorithm, closeness centrality, cosine similarity metric (which we refer to as H-CC). When we started, we assumed that “cyberspace” and “cyber space” were essentially the same word with just a minor variation in punctuation (i.e., the space, or lack thereof, between “cyber” and “space”) and that the choice of the punctuation was a rather random occurrence. With that assumption in mind, we would expect that the usage of these words would be basically the same and would produce roughly similar taxonomies. As it turned out, the taxonomies generated were quite different, both in overall shape and groupings within the taxonomy. Since the overall field of cybersecurity is so new, understanding the field and how people think about it (as evidenced by their actual usage of terminology, and how usage changes over time) is an important goal. Our approach helps to illuminate these understandings.

2012-12-15T00:00:00Z Houghton, James Siegel, Michael Wirsch, Anton Moulton, Allen Madnick, Stuart E. Goldsmith, Daniel https://hdl.handle.net/1721.1/141748 2022-04-08T03:29:40Z 2014-07-20T00:00:00Z

A survey of methods for data inclusion in system dynamics models: Methods, tools and applications Houghton, James; Siegel, Michael; Wirsch, Anton; Moulton, Allen; Madnick, Stuart E.; Goldsmith, Daniel Numerical data is experiencing a renaissance because 1) traditional data such as census and economic surveys are more readily accessible 2) new sensors are measuring things that have never been measured before, and 3) previously 'unstructured' data - such as raw text, audio, images, and videos - is becoming more amenable to quantification. Because of this explosion and the popular buzz surrounding ‘Big Data’, clients expect to see strong incorporation of data methods into dynamic models, and it is imperative that System Dynamics Modelers are fully versed in the techniques for doing so. The SD literature contains surveys that explain methods for including data in system dynamics modeling, but techniques have continued to develop. This paper attempts to bring these surveys up to date, and serve as a menu of modern techniques.

2014-07-20T00:00:00Z Reardon, Robert Choucri, Nazli https://hdl.handle.net/1721.1/141724 2022-05-05T15:37:19Z 2012-04-01T00:00:00Z

The role of cyberspace in international relations: A view of the literature Reardon, Robert; Choucri, Nazli This paper reviews the literature on cyber international relations of the previous decade. The review covers all journal articles on the role of cyberspace and information technology that appeared in 26 major policy, scholarly IR, and political science journals between the years 2001- 2010. The search yielded 49 articles, mostly from policy journals. The articles are sorted into five distinct issue areas: global civil society, governance, economic development, the effects on authoritarian regimes, and security. The review identifies, and discusses the significance of three unifying themes throughout all of the articles: efforts to define the relevant subject of analysis; cyberspace’s qualitatively transformative effects on international politics, particularly the empowerment of previously marginalized actors; and, at the highest analytic level, efforts to theoretically capture the mutually embedded relationship between technology and politics. These themes can help guide future research on cyber international relations, and focus attention on ways that debates within each of the five distinct issue areas are interconnected, and can be usefully approached using a unified conceptual framework.

2012-04-01T00:00:00Z Krakauer, Caryn E. Winston, Patrick Henry https://hdl.handle.net/1721.1/141723 2022-04-07T03:43:27Z 2012-05-26T00:00:00Z

Story retrieval and comparison using concept patterns Krakauer, Caryn E.; Winston, Patrick Henry Traditional story comparison uses key words to determine similarity. However, the use of key words misses much of what makes two stories alike. The method we have developed use high level concept patterns, which are comprised of multiple events, and compares them across stories. Comparison based on concept patterns can note that two stories are similar because both contain, for example, revenge and betrayal concept patterns, even though the words revenge and betrayal do not appear in either story, and one may be about kings and kingdoms while the other is about presidents and countries. Using a small corpus of 15 conflict stories, we have shown that similarity measurement using concept patterns does, in fact, differ substantially from similarity measurement using key words. The Goldilocks principle states that features should be of intermediate size; they should be not too big, and they should not too small. Our work can be viewed as adhering to the Goldilocks principle because concept patterns are features of intermediate size, hence not so large as an entire story, because no story will be exactly like another story, and not so small as individual words, because individual words tend to be common in all stories taken from the same domain. While our goal is to develop a human competence model, we note application potential in retrieval, prediction, explanation, and grouping.

2012-05-26T00:00:00Z Hurwitz, Roger Winston, Patrick Henry https://hdl.handle.net/1721.1/141721 2022-04-07T03:21:32Z 2011-03-16T00:00:00Z

Computational representations of high profile international cyber incidents Hurwitz, Roger; Winston, Patrick Henry Several high profile incidents have shaped both popular and government understanding of international cyber conflicts. One of the most iconic is the distributed denial of service attack (DDoS) on Estonian government, media and financial sites in April-May, 2007. The attack by “hacktivists” in Russia, perhaps supported by the Russian government, was a response to symbolic and legal moves by the Estonian government to expunge traces of Estonia’s subjugation to the Soviet Union. The disruptions from the DDoS, though temporary, were severe because Estonia by its own choice was one of the most wired countries in Europe. The shock of the attack was also felt elsewhere. NATO had to weigh a response to a cyber attack on one of its members; many governments, including the Bush administration, more sharply saw cyber vulnerability as a threat to national security.

2011-03-16T00:00:00Z Hervaś, Raquel Finlayson, Mark Alan https://hdl.handle.net/1721.1/141720 2022-04-07T03:36:27Z 2010-07-11T00:00:00Z

The prevalence of descriptive referring expressions in news and narrative Hervaś, Raquel; Finlayson, Mark Alan Generating referring expressions is a key step in Natural Language Generation. Researchers have focused almost exclusively on generating distinctive referring expressions, that is, referring expressions that uniquely identify their intended referent. While undoubtedly one of their most important functions, referring expressions can be more than distinctive. In particular, descriptive referring expressions – those that provide additional information not required for distinction – are critical to flu- ent, efficient, well-written text. We present a corpus analysis in which approximately one-fifth of 7,207 referring expressions in 24,422 words of news and narrative are descriptive. These data show that if we are ever to fully master natural language generation, especially for the genres of news and narrative, researchers will need to de- vote more attention to understanding how to generate descriptive, and not just distinctive, referring expressions.

2010-07-11T00:00:00Z Goldsmith, Daniel Siegel, Michael https://hdl.handle.net/1721.1/141718 2022-04-07T03:02:40Z 2012-08-19T00:00:00Z

Cyber politics: Understanding the use of social media for dissident movements in an integrated state stability framework Goldsmith, Daniel; Siegel, Michael Recent events in North Africa and the Gulf States have highlighted both the fragility of states worldwide and the ability of coordinated dissidents to challenge or topple regimes. The common processes of ‘loads’ generated by dissident activities and the core features of state resilience and its ‘capacity’ to withstand these ‘loads’ have been explored in the traditional “real world” view. More recently, however, there has been increased attention to the “cyber world”—the role of cyber technologies in coordinating and amplifying dissident messages, as well as in aiding regimes in suppressing anti-regime dissidents. As of yet, these two views (real and cyber) have not been integrated into a common framework that seeks to explain overall changes in regime stability over time. Further, emerging uses of social media technologies, such as Twitter have not fully been examined within an overall framework of state stability that represents the nature and dynamics of ‘loads’ generated by dissident activities in the real (i.e. protests) and cyber (i.e. planning and coordination via cyber venues) domains.

2012-08-19T00:00:00Z Clark, David D Landau, Susan https://hdl.handle.net/1721.1/141715 2026-02-05T21:21:37Z 2010-01-01T00:00:00Z

Untangling attribution Clark, David D; Landau, Susan In February 2010, former NSA Director Mike McConnell wrote that, “We need to develop an early- warning system to monitor cyberspace, identify intrusions and locate the source of attacks with a trail of evidence that can support diplomatic, military and legal options—and we must be able to do this in milliseconds. More specifically, we need to reengineer the Internet to make attribution, geolocation, intelligence analysis and impact assessment—who did it, from where, why and what was the result—more manageable.”2 This statement is part of a recurring theme that a secure Internet must provide better attribution for actions occurring on the network. Although attribution generally means assigning a cause to an action, this meaning refers to identifying the agent responsible for the action (specifically, “determining the identity or location of an attacker or an attacker’s intermediary”3). This links the word to the more general idea of identity, in its various meanings. Attribution is central to deterrence, the idea that one can dissuade attackers from acting through fear of some sort of retaliation. Retaliation requires knowing with full certainty who the attackers are. The Internet was not designed with the goal of deterrence in mind, and perhaps a future Internet should be designed differently. In particular, there have been calls for a stronger form of personal identification that can be observed in the network. A non-technical version of this view was put forward as: “Why don’t packets have license plates?” This is called the attribution problem. There are many types of attribution, and different types are useful in different contexts. We believe that what has been described as the attribution problem is actually a number of problems rolled together. Attribution is certainly not one size fits all.

2010-01-01T00:00:00Z Clark, David D Landau, Susan https://hdl.handle.net/1721.1/141711 2026-02-05T21:19:30Z 2010-11-30T00:00:00Z

The problem isn't attribution: It's multi-stage attacks Clark, David D; Landau, Susan As a result of increasing spam, DDoS attacks, cybercrime, and data exfiltration from corporate and government sites, there have been multiple calls for an Internet architecture that enables better network attribution at the packet layer. The intent is for a mechanism that links a packet to some packet level personally identifiable information (PLPII). But cyberattacks and cyberexploitations are more different than they are the same. One result of these distinctions is that packet-level attribution is neither as useful nor as necessary as it would appear. In this paper we discuss why network-level personal attribution is of limited forensic value. We analyze the different types of Internet-based attacks, and observe the role that currently available alternatives to attribution already play in deterrence and prosecution. We focus on the particular character of multi-stage network attacks, in which machine A penetrates and “takes over” machine B, which then does the same to machine C, etc. We consider how these types of attacks might be traced, and observe that any technical contribution can only be contemplated in the larger regulatory context of various legal jurisdictions. Finally we examine the costs of PLPII mechanisms.

2010-11-30T00:00:00Z Chen, Jing Micali, Silvio https://hdl.handle.net/1721.1/141710 2022-04-07T03:33:10Z 2011-10-22T00:00:00Z

Mechanism design with set-theoretic beliefs Chen, Jing; Micali, Silvio In settings of incomplete information, we put forward (1) a very conservative -- indeed, purely set-theoretic -- model of the beliefs (including totally wrong ones) that each player may have about the payoff types of his opponents, and (2) a new and robust solution concept, based on mutual belief of rationality, capable of leveraging such conservative beliefs. We exemplify the applicability of our new approach for single-good auctions, by showing that, under our solution concept, a normal-form, simple, and deterministic mechanism guarantees -- up to an arbitrarily small, additive constant -- a revenue benchmark that is always greater than or equal to the second-highest valuation, and sometimes much greater. By contrast, we also prove that the same benchmark cannot even be approximated within any positive factor, under classical solution concepts.

2011-10-22T00:00:00Z Basuchoudhary, Atin Choucri, Nazli https://hdl.handle.net/1721.1/141709 2022-05-05T15:37:19Z 2014-08-13T00:00:00Z

The evolution of network based cybersecurity norms: An analytical narrative Basuchoudhary, Atin; Choucri, Nazli We examine coordination dilemmas in cybersecurity policy by using an already developed evolutionary game theoretical model [2]. We suggest that norms to encourage network based security systems may not evolve independently of international governance systems. In fact, certain kinds of state action may actually further discourage the evolution of such norms. This paper therefore suggests that specific system-wide cybersecurity systems will be more effective than network-specific security. We build on established analytical frameworks to develop a cumulative understanding of the dynamics at hand. This would allow us, in due course, to extend the contributions of evolutionary game theory to cybersecurity problems.

2014-08-13T00:00:00Z Azar, Pablo Daniel Micali, Silvio https://hdl.handle.net/1721.1/141708 2022-04-07T03:37:31Z 2012-05-19T00:00:00Z

Rational proofs Azar, Pablo Daniel; Micali, Silvio We study a new type of proof system, where an unbounded prover and a polynomial time verifier interact, on inputs a string x and a function f , so that the Verifier may learn f (x). The novelty of our setting is that there no longer are “good” or “malicious” provers, but only rational ones. In essence, the Verifier has a budget c and gives the Prover a reward r ∈ [0, c] determined by the transcript of their interaction; the prover wishes to maximize his expected reward; and his reward is maximized only if he the verifier correctly learns f (x). Rational proof systems are as powerful as their classical counterparts for polynomially many rounds of interaction, but are much more powerful when we only allow a constant number of rounds. Indeed, we prove that if f ∈ #P, then f is computable by a one-round rational Merlin-Arthur game, where, on input x, Merlin’s single message actually consists of sending just the value f(x). Further, we prove that CH, the counting hierarchy, coincides with the class of languages computable by a constant-round rational Merlin- Arthur game. Our results rely on a basic and crucial connection between rational proof systems and proper scoring rules, a tool developed to elicit truthful information from experts.

2012-05-19T00:00:00Z Sowell, Jesse https://hdl.handle.net/1721.1/141688 2022-04-07T03:27:49Z 2012-06-04T00:00:00Z

A view of top-down internet governance Sowell, Jesse Does the audience want more government and regulatory involvement in peering and interconnection world?

2012-06-04T00:00:00Z Mallery, John C. https://hdl.handle.net/1721.1/141687 2022-04-07T03:23:21Z 2011-11-29T00:00:00Z

International data exchange and a trustworthy host: Focal areas for international collaboration in research and education Mallery, John C. A key message is the acknowledgement that international cooperation is nascent and a more global approach is urgently needed because there is ultimately just one, single global information environment, consisting of the interdependent networks of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.

2011-11-29T00:00:00Z Choucri, Nazli https://hdl.handle.net/1721.1/141686 2022-05-05T15:37:19Z 2013-10-13T00:00:00Z

Co-evolution of cyberspace and international relations: New challenges for the social sciences Choucri, Nazli Created by human ingenuity, cyberspace is a fact of daily life. Until recently, this arena of virtual interaction was considered largely a matter of low politics— the routine, background, and relatively non-contentious. Today cyberspace and its uses have vaulted into the highest realm of high politics – the most salient and contentious forms of interaction. We now appreciate that cyber capabilities are also a source of vulnerability, posing potential threats to national security, and disturbing the familiar and traditional international order. The expansion of cyber access has already influenced the Westphalian-anchored international system in powerful ways. This paper argues that the construction of cyberspace is creating new challenges for the social sciences, the full nature of still remains to be fully understood -- perhaps even calling into question some of its most basic assumptions. We frame these challenges with reference to co- evolution of the new cyber domain and the traditional international system, and then focus more specifically on the emergent synergy between two independent features of the contemporary world order -- cyberspace (an arena of interaction) and sustainability (a policy imperative), and their convergence on the global policy agenda It is no surprise that sustainability is closely connected to security – or alternatively that security is contingent on sustainability. By extension, cyber security is derivative, in that is refers to security in the cyber domain.

2013-10-13T00:00:00Z Winston, Patrick Henry https://hdl.handle.net/1721.1/141685 2022-04-08T15:33:25Z 2011-11-03T00:00:00Z

The strong story hypothesis and the directed perception hypothesis Winston, Patrick Henry I ask why humans are smarter than other primates, and I hypothesize that an important part of the answer lies in what I call the Strong Story Hypothesis, which holds that story telling and understanding have a central role in human intelligence. Next, I introduce another hypothesis, the Directed Perception Hypothesis, which holds that we derive much of our commonsense, including the commonsense required in story understanding, by deploying our perceptual apparatus on real and imagined events. Then, after discussing methodology, I describe the representations and methods embodied in the Genesis system, a story-understanding system that analyzes stories ranging from pre ́cis of Shakespeare’s plots to descriptions of conflicts in cyberspace. The Genesis system works with short story summaries, provided in English, together with low-level commonsense rules and higher-level reflection patterns, likewise expressed in English. Using only a small collection of commonsense rules and reflection patterns, Genesis demonstrates several story-understanding capabilities, such as determining that both Macbeth and the 2007 Russia-Estonia Cyberwar involve revenge, even though neither the word revenge nor any of its synonyms are mentioned. Finally, I describe Rao’s Visio-Spatial Reasoning System, a system that recognizes activities such as approaching, jumping, and giving, and answers commonsense questions posed by Genesis.

2011-11-03T00:00:00Z Sowell, Jesse https://hdl.handle.net/1721.1/141684 2022-04-07T03:26:34Z 2012-03-31T00:00:00Z

Empirical studies of bottom-up internet governance Sowell, Jesse The notion of bottom-up governance in the Internet is not new, but the precise underlying mechanisms have received little primary, empirical study. The majority of Internet governance literature is couched in contrasting familiar top-down modes of governance with the design of and subsequent critique of governance institutions such as ICANN or the WSIS processes that created the Internet Governance Forum (IGF). This paper reports on dissertation work collecting and analyzing empirical evidence of how bottom-up governance mechanisms operate in situ. Methodologically, participant-observer ethnographies are supplemented by text mining and social network analysis—the combination facilitates analysis of community-generated artifacts cross-validated against semi-structured interviews. This paper reports on ethnographic studies thus far, drawing on early interviews and private conversations. Scoping the domain, this work evaluates organizational modes at the intersection of Internet operations and security. Three categories of non-state organizational modes contribute evidence: network operator groups (NOGs) and RIRs; Internet eXchange Points (IXPs); anti-abuse organizations and communities such as the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG), Spamhaus, and the Anti-Phishing Working Group (APWG). As of this writing, the anti-abuse studiy is the least developed study and will be addressed comparatively. The author engages as a participant-observer in forums from each category, developing relationships and engaging in semi-structured interviews with participants and organizers. These studies contribute to understanding how decentralized “close-knit yet loosely organized” communities coordinate localized operational capacity (direct access to private network operations and security incidents) to achieve global operational and decisional capacity sufficient to address problems as they arise, at Internet clockspeed. Ongoing fieldwork provides early insights into these processes. Many of these governance arrangements comprise actors pursuing nominally private interests, yet they produce collateral public benefits. Important to this work is that the combination of private interests and the creation of public goods is distinct from both how open these organizational modes are and how transparent the attendant processes are. Various combinations exist within these studies and will be presented. This report will provide a preliminary comparative analysis within and across the studies. These arrangements are framed as instances of private authority. One contribution of this work is a mapping of concepts and models from international relations and political economy to the domain of bottom-up Internet governance to facilitate comparison not only within and across the studies, but also with conventional governance arrangements. Using this language, comparisons will highlight, among other factors, the variety of vetting and consensus building processes at play, trade-offs between formal and informal rules and norms, mechanisms for evaluating policies, and early evidence of the density of social networks that facilitate communication within and across differentiated policy and issue communities. Taken together, these factors will contribute to an argument that bottom-up governance (of the Internet) is not simply a varient of multistakeholder-ist or multilateralist governance confounded by a functionalist and/or corporatist flavor. Rather, bottom-up governance will be presented as a broad yet densely connected, pluralistic marketplace of governance arrangements whose continuous engagement in policy experiments allows the community as a whole to keep pace with the development of issues in and on the global Internet.

2012-03-31T00:00:00Z Sowell, Jesse https://hdl.handle.net/1721.1/141683 2022-04-07T03:28:15Z 2010-08-15T00:00:00Z

Mixed context and privacy Sowell, Jesse Users engaging online service providers (OSPs) such as Google, Amazon, and Facebook encounter environments architected by a single actor (the OSP), but comprised of content and executable elements potentially provided by multiple actors. For the ten OSPs analyzed, privacy policies only cover content provided directly by the OSP. Content provided by external (third party) content providers, such as advertising networks and third party developers, are governed by a different set of privacy policies. In effect, users face environments comprised of mixed content governed by potentially conflicting privacy policies. Reasonably unraveling these conflicting privacy guarantees confounds the process of determining whether users’ privacy preference are satisfied. The notion of a mixed context describes scenarios where a user is faced with multiple, potentially conflicting policy guarantees within a seemingly uniform, contiguous environment. This paper develops mixed context as a metaphor that informs the design of privacy policies and the attendant privacy tools. Mixed context has also led to insights into actor incentives and dependencies that shape the design of policies, online environments, and ultimately the balance between advertising (re)targeting and user privacy. The mixed context metaphor draws evidence from OSP privacy policies and builds on Nissenbaum’s notion of contextual integrity [29] as an analytic framework for valuating privacy implications. This framework describes privacy in terms of participants’ context-specific norms that are rooted in an experience-based understanding of the environment and the constraints on the behaviors of other actors in that environment. The instances of mixed context presented here confound this process because, although the environment is architected by a single actor and appears to be a single context, closer inspection reveals it is in fact governed by multiple, potentially conflicting policies. The mixed context metaphor has also helped surface institutional incentive structures that confound the development of meaningful privacy policies and tools. An immediate observation is that many of the actors contributing to the mix are invisible to the casual user. This impedes the development of reasonable expectations about a particular environment based on attributing elements of the experience to particular actors. Second, “invisible” non-OSP actors, in particular advertisers, are not directly accountable to users with regard to how they use information for (re)targeting of advertisements. OSP privacy policies provides conceptual evidence of mixed context; recent media investigations [39] have documented (observed) instances of mixed context outcomes “in the wild.” Although superficially a technical coordination problem, resolutions to mixed context problems are rooted in both technical means and the institutional arrangements of actors. The common “service-and-utility” framing identified in the privacy policy focuses on the benefits of targeting while underplaying privacy implications. Mixed context attempts to avoid interest-specific metaphors such as service-and-utility and value-laden metaphors such as those focusing on the contrast between privacy and surveillance. As applied here, the focus is to identify shared concerns that contribute to a collaborative understanding of the flow of user information that has collateral benefits for both advertising and privacy objectives. Evidence of deficiencies and mixed context have een identified via a bottom-up analysis of privacy policies. In contrast, design and policy recommendations are couched in a top-down institutional analysis that presents incentives for developing tools that convey the implications of mixed context in situ.

2010-08-15T00:00:00Z Hurwitz, Roger https://hdl.handle.net/1721.1/141682 2022-04-07T03:02:06Z 2012-03-18T00:00:00Z

Taking care: Four takes on the cyber steward Hurwitz, Roger Stewardship denotes a custodial, non-proprietary relationship to a resource or domain. The notion of a “cyber steward” resonates with those of us who regard cyberspace as a commons or domain that belongs to no one, and yet we sense some duty to protect or manage it. This essay explores possible job descriptions of “cyber steward” and what might motivate a person or organization to take the job. The job description can vary with one’s view of the commons. The motivations towards this stewardship usually involves more than the self-interested, prudential concern for future use of the commons, which drives self-organization to preserve natural resource commons. It can also involve more than a desire to reciprocate for the benefits now being enjoyed, as in the gift culture that marked the early days of the Internet. The “sense of duty” might answer to the interdependence of being in cyberspace, respond to a fear for the loss of its freedom, or harbour a utopian vision of a global society enabled by cyber networks. But it can also be a self-serving pretext to shield a ruling elite from criticism or to preserve some technological advantage over others.

2012-03-18T00:00:00Z Finlayson, Mark Alan https://hdl.handle.net/1721.1/141681 2022-04-07T03:18:35Z 2012-06-01T00:00:00Z

Sets of signals, information flow, and folktales Finlayson, Mark Alan I apply Barwise and Seligman’s theory of information flow to understand how sets of signals can carry information. More precisely I focus on the case where the information of interest is not present in any individual signal, but rather is carried by correlations between signals. This focus has the virtue of highlighting an oft-neglected process, viz., the different methods that apply categories to raw signals. Different methods result in different information, and the set of available methods provides a way of characterizing relative degrees of intensionality. I illustrate my points with the case of folktales and how they transmit cultural information. Certain sorts of cultural information, such as a grammar of hero stories, are not found in any individual tale but rather in a set of tales. Taken together, these considerations lead to some comments regarding the “information unit” of narratives and other complex signals.

2012-06-01T00:00:00Z Finlayson, Mark Alan https://hdl.handle.net/1721.1/141680 2022-04-07T03:20:00Z 2011-10-09T00:00:00Z

The Story workbench: An extensible semi-automatic text annotation tool Finlayson, Mark Alan Text annotations are of great use to researchers in the language sciences, and much effort has been invested in creating annotated corpora for an wide variety of purposes. Unfortunately, software support for these corpora tends to be quite limited: it is usually ad-hoc, poorly designed and documented, or not released for public use. I describe an annotation tool, the Story Workbench, which provides a generic platform for text annotation. It is free, open-source, cross-platform, and user friendly. It provides a number of common text annotation operations, including representations (e.g., tokens, sentences, parts of speech), functions (e.g., generation of initial annotations by algorithm, checking annotation validity by rule, fully manual manipulation of annotations) and tools (e.g., distributing texts to annotators via version control, merging doubly-annotated texts into a single file). The tool is extensible at many different levels, admitting new representations, algorithm, and tools. I enumerate ten important features and illustrate how they support the annotation process at three levels: (1) an- notation of individual texts by a single annotator, (2) double-annotation of texts by two annotators and an adjudicator, and (3) annotation scheme development. The Story Workbench is scheduled for public release in March 2012.

2011-10-09T00:00:00Z Finlayson, Mark Alan https://hdl.handle.net/1721.1/141679 2022-04-07T03:31:30Z 2011-10-09T00:00:00Z

Corpus annotation in service of intelligent narrative technologies Finlayson, Mark Alan Annotated corpora have stimulated great advances in the language sciences. The time is ripe to bring that same stimulation, and consequent benefits, to computational approaches to narrative. I describe an effort to construct a corpus of semantically annotated stories. I outline the structure of the corpus, a structure which colloquially can be described as a “handful of handfuls.” One handful of the corpus has already been constructed, viz., 18k words of Russian folktales. There are two handfuls under construction: legal cases focused on the area of probable cause, and stories from Islamist Extremist Jihadists. Four more handfuls are being planned: folktales from Chinese, English, and a West Asian culture, and stories of international conventional and cyber conflicts. There are numerous additional handfuls under discussion. The main focus of the corpus so far has been on textual materials that are annotated for their surface semantics using conventional annotation tools and techniques; nonetheless, there are numerous novel dimensions along which the corpus might grow and become useful for different communities. In particular I propose for discussion the outlines of a few novel sources, annotation schemes, and collection methodologies that could potentially make the corpus of great use to the interactive narrative or narrative generation communities.

2011-10-09T00:00:00Z Clark, David D https://hdl.handle.net/1721.1/141678 2026-02-05T21:14:18Z 2012-09-12T00:00:00Z

Control point analysis Clark, David D As the Internet becomes more and more embedded in every sector of society, more and more actors have become concerned with its character, now and in the future. The private sector actors, such as Internet Service Providers or ISPs, are motivated by profits as they shape and evolve the Internet. The public sector is driven by a range of objectives: access and uptake, competition policy, regime stability, policies with regard to controlling access to classes of content, and the like. The range of actions open to governments to shape the Internet are traditional and well-understood, including law and regulation, procurement, investment in research and development, participation in the standards process and more diffuse forms of leadership. But these actions do not directly shape the Internet. They bear on the actors that in turn have direct influence over the Internet and what happens there. Thus, as part of any conversation about the shaping of the Internet, there is a narrower question that must be answered: given the Internet as it is today, who are the actors that can exercise direct control over how it works, what options for control do they actually have, and how can they in turn be influenced?

2012-09-12T00:00:00Z