The rise in high-level programming languages in system and network administration has affected the utility of grep and diff when used on files written in these languages. We have observed this problem firsthand in our collaborations with network administrators at Dartmouth Computing and in the electic power industry. We are building context-free grep and hierarchical diff to address the limitations of grep and diff respectively. For both of our tools, we give examples of real-world problems they could address, sketch their design and evaluation, and describe their impact if built well.
More informationSecurity in large organizations is difficult because often it requires human judgment in the midst of a massive, dynamic, complex distributed system with many moving parts. Although much research has focused on security policies, less research has focused on helping humans efficiently manage security poli- cies and related policy artifacts. Related policy artifacts include configuration files that implement those policies, and logs that reflect policy implementations. In our fieldwork with real-world organizations— including those in Public Key Infrastructure (PKI), network configuration management, and the power grid—we observed that this management problem is difficult. These difficulties arise because of the large volume of security data, the changing environment of a system, the increase in organizational complex- ity, and the need to keep multiple layers of policy synchronized. During our work, however, we realized that many security policies are structured text. We therefore develop and evaluate tools that help humans manage security policies through the lens of structured text.
More informationOur work adapts and extends technologies from the Classics to construct computational tools that accelerate security processes. Prior work in the Classics (to which we contributed) provides technologies to help with analogous tasks for the texts that field studies. Specifically, Classics gives us (1) a data model for canonical texts, (2) a historical distinction between physical navigation and logical reference, and (3) a methodology for working with multiple editions of the same work. These ideas are reflected in the design of the Canonical Text Services (CTS) protocol.
In cooperation with the Archimedes Palimpsest Project we have considered new ways to interact with Ancient Greek Mathematical diagrams. Our Episteme project explores the traditional operations of navigation, production, and logical assertion on diagrams through the lens of computation. In addition, non-traditional modes of interacting with diagrams such as querying become feasible.