Investigating the Distribution of Password Choices

In this paper we will look at the distribution with which passwords are chosen. Zipf's Law is commonly observed in lists of chosen words. Using password lists from four different on-line sources, we will investigate if Zipf's law is a good candidate for describing the frequency with which passwords are chosen. We look at a number of standard statistics, used to measure the security of password distributions, and see if modelling the data using Zipf's Law produces good estimates of these statistics. We then look at the the similarity of the password distributions from each of our sources, using guessing as a metric. This shows that these distributions provide effective tools for cracking passwords. Finally, we will show how to shape the distribution of passwords in use, by occasionally asking users to choose a different password

On Software Standards and Solutions for a Trusted Internet of Things

We discuss a high-level model for software applications and services that can support a minimal set of human-centric trust management capabilities. We outline the unique set of challenges we must address if we are to attain a level of trust that will be required for a robust deployment of an IoT. We discuss the role of standards and how we can maximize the effectiveness of standards and device and service certification. We suggest a set of solutions for trust management that can support the unique security, safety, and privacy requirements of a robust IoT. Prominent among these solutions is the use of an older approach for access control, viz. the reference monitor, and blockchain technologies that can record trust and policy graphs and trust-related attributes for IoT devices and supporting services. An open, but governed trust blockchain can serve as a universal trusted oracle

Embedding Defeasible Logic into Logic Programming

Defeasible reasoning is a simple but efficient approach to nonmonotonic reasoning that has recently attracted considerable interest and that has found various applications. Defeasible logic and its variants are an important family of defeasible reasoning methods. So far no relationship has been established between defeasible logic and mainstream nonmonotonic reasoning approaches. In this paper we establish close links to known semantics of logic programs. In particular, we give a translation of a defeasible theory D into a meta-program P(D). We show that under a condition of decisiveness, the defeasible consequences of D correspond exactly to the sceptical conclusions of P(D) under the stable model semantics. Without decisiveness, the result holds only in one direction (all defeasible consequences of D are included in all stable models of P(D)). If we wish a complete embedding for the general case, we need to use the Kunen semantics of P(D), instead.Comment: To appear in Theory and Practice of Logic Programmin