Calculate your HS Value now.

[Dave Aitel <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Metrics are "important" in the kind of way that spawns many
meaningless semi-philosophical papers in basically every field. For
example, here's one I'm working on:

I personally find going out to eat with various people quite
difficult, as they all have their own dietary restrictions. To
simplify my life, I've assigned each person a number (The "HS Value")
based on their diet that encapsulates it in a way that is profoundly
useful.

First, we need a "peg" value. Since homo sapiens sapiens is the top of
the food chain, eating a homo sapiens gets you a value of 100% (1.0).
Likewise, all other foodstuffs are rated as to the percentage of DNA
they share with homo sapiens sapiens. I.E. If you dine on chimpanzee,
then you get a value of 99%. And on down the line, such that cows are
80%, broccolli is 20%, etc. Higher numbers override lower numbers,
such that if you eat a burger, you get the value of the cow, not the
wheat. This way you can assign each person a value that defines their
diet, no matter how weird it is and adjust your restaurant choice as
needed.

Of course, like any metric, some boundry issues have to be resolved.
For example, how do you define the HS Value of a cow's milk, or say,
Vegemite, which are both essentially by-products. And are babies all
HS Value 100% because of their initial diet? Should the mother's HS
Value trickle down to the baby?  If you suddenly go vegetarian, does
your HS Value drop instantly, or over a period of time? What about
multi-dimentional diatary restrictions like "Kosher" where they
sometimes eat milk, and sometimes meat, but not both at once? It's the
unicode filter of dietary law!

In any case, I'll leave the answers to these issues as a project for
implementation specialists, like any good academic. Perhaps my
unreadable LaTeX created columned text (distributed only in .ps.gz of
course) will be interrupted by some meaningless and un-reproducable
peer-reviewed graphs of some kind. Optimistically based on the initial
paper I'll get some VC funding and open a restaurant wherein you'll
enter in your HS Value and it willl automatically serve you a meal to
fit. We'll also distribute an AJAX WEB 2.0 APPLICATION to calculate
your HS Value with. (Capitalization is there for lazy VC people so
they know what to read.)

Oddly enough, these are all the same issues you have to deal with when
creating anomoly based host intrusion prevention systems! Although
Immunity has a strict rule against doing non-offensive work, I've been
trying to get some ideas for a HIDS out of my head the only way I know
how: By coding them up and seeing if they work. The results of this
are available in a paper and a tarball of code that allows you to get
the HS Value of a program and of course, to figure out if it's
suddenly turned into a cannibal for no good reason (we use a technique
called bounding boxes for this). The system works on paper, but I
haven't bothered to learn Detours and make it work in principle.
Joanna thinks it's silly to bother with a userland hook because people
can evade it - and she's right. But if every HIDS project was judged
based on potential evasions, there wouldn't be any! So I still plan to
someday do a Detours hook version. Based on my workload, likely it
will happen sometime after the sun implodes. More likely, I'll throw
some cash at someone else to do it under the GPL just so I can see it go.

You can find the paper and source tarball here:
http://www.immunityinc.com/resources-papers.shtml

Thanks,
Dave Aitel
Immunity, Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFD8LJJB8JNm+PA+iURAnzzAKCVTSNa2G7zmaYtRE7xu0pu6xqgXwCeP8Dq
TVtzEZ/poV77G45jJ7pamSE=
=x4Wn
-----END PGP SIGNATURE-----