Dear Readers,
The TCSP flagship conference, the Security and Privacy Symposium, will
be held in San Francisco this May. The location has shifted from the
Embarcadero to Union Square. It is now a lightning-round event with
very short talks compromising a huge program. The
associated workshops are particularly cutting-edge this year:
LangSec: The 12th Workshop on Language-theoretic Security
CyberBio: First International Workshop on Cyberbiosecurity
ArtSec: Workshop on Artwork Security and Provenance in the Age of AI
SAGAI: Secure Agents for Generative Artificial Intelligence
ConPro: Workshop on Technology and Consumer Protection
MetaCRiSP: Workshop on Meta-Science and Critical Reflections
in Security & Privacy Research
Data4SoftSec: Workshop on Datasets for Software Security
Sven Dietrich has favored us with review of a book about the Dark Web. The book will be released this spring --- the early bird gets the book!
Up until a year ago, the news section of this publication usually contained several descriptions of ransomware attacks or newly revealed zero-days of recently discovered intrusions by nation-state actors. The stories appeared in mainstream media, and many of them were from SEC filings. These seem to have dried up, leading me to wonder if the true state of the nation's cybersecurity is being withheld from public view.
Last month I reported on a light-hearted attempt to use generative AI to write the Cipher Editor's letter. This month I will recount my experience in using it for the practical purpose of maintaining the Cipher Calendar of Events. There is good and bad news.
The Cipher online Calendar-of-Events is composed by processing the the calls-for-papers for research events with ad hoc software that parses freeform text. It's not perfect, and it requires some user interaction, but generally, it takes only a minute to process the call-for-papers, to generate the entry in the online calendar, and to create the supporting text file. Nonetheless, by the standards of today, that's painfully slow and tedious. Besides, it's a pain to keep the software up-to-date. People take to writing dates with silly UTF characters, location designators are highly variable, and these changes challenge software that has a more limited view of data. We also maintain a page of CFPs, separate from the Calendar, and our associate editor puts a lot of work into that. He generously converts his listing manually into Calendar entries for publication in this newsletter. I've long felt that we need a more efficient system, one that puts minimal burden on conference organizers and Cipher volunteers. Of course, I turned to AI.
I found that with only minimal prompting, the Anthropic Claude system could start with the acronym of a conference and quickly find the current call-for-papers, extract all the relevant information, and present it in a simple, condensed format, suitable for inclusion in the calendar. It could also detect that the CFP had not yet been published and tell me the approximate date on which it would appear online. That is a delightful and eminently usable result, and I quickly took advantage of it to populate the calendar. But I feared that my usage was too pedestrian given the seemingly unlimited capabilities of this new tool.
Why not generate the whole calendar at once, from one prompt? And if that worked, then we would not need an online calendar, we would only need an AI prompt to generate a calendar, and anyone could have their own, customized, up-to-date calendar, at any time. So in the dialogue with Claude, I asked for the formatted information for all security research conferences and workshops with submission deadlines within the next 180 days.
The list that I got back was a good start, but it was hardly comprehensive. Well-established conferences had been omitted, and although they could be found with further prompting (basically, "try harder"), the AI system was strangely blind to some events. So, the simple, customized index for research events is not yet available from AI, although something that is about 80% complete can be had for little effort.
This leaves me eager for a better solution, a standardized object that I'd call an Artificial Intelligence Information Prompt (AIIP). An AIIP would be a formatted string for AI queries that produce useful, very accurate results, like those for a comprehensive events calendar. But, we also need a way to get beyond the 80% mark. How can conference organizers be sure that their information can be found by AI systems? Without going back to older, cumbersome ideas for uniform data representation, I'm not sure. I do fear that 80% is good enough for most people, that AI will take over the entire process of information retrieval, and 20% of conferences will fail to thrive because they are mysteriously invisible to AI algorithms.
A Nursery Rhyme for a New Age,
A tisket, a tasket,
A green and yellow basket.
I wrote a letter to my love
And on the way I lost it.
A mascot, a miscut,
A generative mashup.
Gen AI wrote a letter to my love,
It won his heart, we made up.
A song of a wild dove,
Is AI my new love?
It wrote my letter and my vows,
Is it my ergo sum now?