Search

Your search keyword '"Scheffler, Sarah"' showing total 30 results
Start Over Author "Scheffler, Sarah"

Refine your results

more »

more »

more »

more »
30 results on '"Scheffler, Sarah"'

1. Mind the Gap: Securely modeling cyber risk based on security deviations from a peer group

Author

Reynolds, Taylor, Scheffler, Sarah, Weitzner, Daniel J., and Wu, Angelina

Subjects
Computer Science - Cryptography and Security, Computer Science - Computers and Society, Economics - General Economics, Statistics - Applications
Abstract

There are two strategic and longstanding questions about cyber risk that organizations largely have been unable to answer: What is an organization's estimated risk exposure and how does its security compare with peers? Answering both requires industry-wide data on security posture, incidents, and losses that, until recently, have been too sensitive for organizations to share. Now, privacy enhancing technologies (PETs) such as cryptographic computing can enable the secure computation of aggregate cyber risk metrics from a peer group of organizations while leaving sensitive input data undisclosed. As these new aggregate data become available, analysts need ways to integrate them into cyber risk models that can produce more reliable risk assessments and allow comparison to a peer group. This paper proposes a new framework for benchmarking cyber posture against peers and estimating cyber risk within specific economic sectors using the new variables emerging from secure computations. We introduce a new top-line variable called the Defense Gap Index representing the weighted security gap between an organization and its peers that can be used to forecast an organization's own security risk based on historical industry data. We apply this approach in a specific sector using data collected from 25 large firms, in partnership with an industry ISAO, to build an industry risk model and provide tools back to participants to estimate their own risk exposure and privately compare their security posture with their peers.

Published
2024

2. SoK: Content Moderation for End-to-End Encryption

Author

Scheffler, Sarah and Mayer, Jonathan

Subjects
Computer Science - Cryptography and Security, Computer Science - Computers and Society
Abstract

Popular messaging applications now enable end-to-end-encryption (E2EE) by default, and E2EE data storage is becoming common. These important advances for security and privacy create new content moderation challenges for online services, because services can no longer directly access plaintext content. While ongoing public policy debates about E2EE and content moderation in the United States and European Union emphasize child sexual abuse material and misinformation in messaging and storage, we identify and synthesize a wealth of scholarship that goes far beyond those topics. We bridge literature that is diverse in both content moderation subject matter, such as malware, spam, hate speech, terrorist content, and enterprise policy compliance, as well as intended deployments, including not only privacy-preserving content moderation for messaging, email, and cloud storage, but also private introspection of encrypted web traffic by middleboxes. In this work, we systematize the study of content moderation in E2EE settings. We set out a process pipeline for content moderation, drawing on a broad interdisciplinary literature that is not specific to E2EE. We examine cryptography and policy design choices at all stages of this pipeline, and we suggest areas of future research to fill gaps in literature and better understand possible paths forward., Comment: To appear at PETS (Privacy Enhancing Technologies Symposium) 2023

Published
2023

3. Can the Government Compel Decryption? Don't Trust -- Verify

Author

Cohen, Aloni, Scheffler, Sarah, and Varia, Mayank

Subjects
Computer Science - Computers and Society, Computer Science - Cryptography and Security
Abstract

If a court knows that a respondent knows the password to a device, can the court compel the respondent to enter that password into the device? In this work, we propose a new approach to the foregone conclusion doctrine from Fisher v US that governs the answer to this question. The Holy Grail of this line of work would be a framework for reasoning about whether the testimony implicit in any action is already known to the government. In this paper we attempt something narrower. We introduce a framework for specifying actions for which all implicit testimony is, constructively, a foregone conclusion. Our approach is centered around placing the burden of proof on the government to demonstrate that it is not "rely[ing] on the truthtelling" of the respondent. Building on original legal analysis and using precise computer science formalisms, we propose demonstrability as a new central concept for describing compelled acts. We additionally provide a language for whether a compelled action meaningfully entails the respondent to perform in a manner that is 'as good as' the government's desired goal. Then, we apply our definitions to analyze the compellability of several cryptographic primitives including decryption, multifactor authentication, commitment schemes, and hash functions. In particular, our framework reaches a novel conclusion about compelled decryption in the setting that the encryption scheme is deniable: the government can compel but the respondent is free to use any password of her choice., Comment: 16 pages. This is the full version of a forthcoming publication in Proceedings of the 2022 Symposium on Computer Science and Law (DOI: 10.1145/3511265.3550441)

Published
2022

4. Formalizing Human Ingenuity: A Quantitative Framework for Copyright Law's Substantial Similarity

Author

Scheffler, Sarah, Tromer, Eran, and Varia, Mayank

Subjects
Computer Science - Computers and Society
Abstract

A central notion in U.S. copyright law is judging the substantial similarity between an original and an (allegedly) derived work. Capturing this notion has proven elusive, and the many approaches offered by case law and legal scholarship are often ill-defined, contradictory, or internally-inconsistent. This work suggests that key parts of the substantial-similarity puzzle are amendable to modeling inspired by theoretical computer science. Our proposed framework quantitatively evaluates how much "novelty" is needed to produce the derived work with access to the original work, versus reproducing it without access to the copyrighted elements of the original work. "Novelty" is captured by a computational notion of description length, in the spirit of Kolmogorov-Levin complexity, which is robust to mechanical transformations and availability of contextual information. This results in an actionable framework that could be used by courts as an aid for deciding substantial similarity. We evaluate it on several pivotal cases in copyright law and observe that the results are consistent with the rulings, and are philosophically aligned with the abstraction-filtration-comparison test of Altai.

Published
2022

5. Arithmetic Expression Construction

Author

Alcock, Leo, Asif, Sualeh, Bosboom, Jeffrey, Brunner, Josh, Chen, Charlotte, Demaine, Erik D., Epstein, Rogers, Hesterberg, Adam, Hirschfeld, Lior, Hu, William, Lynch, Jayson, Scheffler, Sarah, and Zhang, Lillian

Subjects
Computer Science - Computational Complexity
Abstract

When can $n$ given numbers be combined using arithmetic operators from a given subset of $\{+, -, \times, \div\}$ to obtain a given target number? We study three variations of this problem of Arithmetic Expression Construction: when the expression (1) is unconstrained; (2) has a specified pattern of parentheses and operators (and only the numbers need to be assigned to blanks); or (3) must match a specified ordering of the numbers (but the operators and parenthesization are free). For each of these variants, and many of the subsets of $\{+,-,\times,\div\}$, we prove the problem NP-complete, sometimes in the weak sense and sometimes in the strong sense. Most of these proofs make use of a "rational function framework" which proves equivalence of these problems for values in rational functions with values in positive integers., Comment: 36 pages, 5 figures. Full version of paper accepted to 31st International Symposium on Algorithms and Computation (ISAAC 2020)

Published
2020

6. PSPACE-completeness of Pulling Blocks to Reach a Goal

Author

Ani, Hayashi, Asif, Sualeh, Demaine, Erik D., Diomidova, Jenny, Hendrickson, Dylan, Lynch, Jayson, Scheffler, Sarah, and Suhl, Adam

Subjects
Computer Science - Computational Complexity
Abstract

We prove PSPACE-completeness of all but one problem in a large space of pulling-block problems where the goal is for the agent to reach a target destination. The problems are parameterized by whether pulling is optional, the number of blocks which can be pulled simultaneously, whether there are fixed blocks or thin walls, and whether there is gravity. We show NP-hardness for the remaining problem, Pull?-1FG (optional pulling, strength 1, fixed blocks, with gravity)., Comment: Full version of JCDCGGG2019 paper and now published in Journal of Information Processing 28 (2020), 22 pages, 25 figures; corrections made to Figures 10 and 15

Published
2020
Full Text
View/download PDF

7. Case Study: Disclosure of Indirect Device Fingerprinting in Privacy Policies

Author

Milligan, Julissa, Scheffler, Sarah, Sellars, Andrew, Tiwari, Trishita, Trachtenberg, Ari, and Varia, Mayank

Subjects
Computer Science - Computers and Society
Abstract

Recent developments in online tracking make it harder for individuals to detect and block trackers. Some sites have deployed indirect tracking methods, which attempt to uniquely identify a device by asking the browser to perform a seemingly-unrelated task. One type of indirect tracking, Canvas fingerprinting, causes the browser to render a graphic recording rendering statistics as a unique identifier. In this work, we observe how indirect device fingerprinting methods are disclosed in privacy policies, and consider whether the disclosures are sufficient to enable website visitors to block the tracking methods. We compare these disclosures to the disclosure of direct fingerprinting methods on the same websites. Our case study analyzes one indirect fingerprinting technique, Canvas fingerprinting. We use an existing automated detector of this fingerprinting technique to conservatively detect its use on Alexa Top 500 websites that cater to United States consumers, and we examine the privacy policies of the resulting 28 websites. Disclosures of indirect fingerprinting vary in specificity. None described the specific methods with enough granularity to know the website used Canvas fingerprinting. Conversely, many sites did provide enough detail about usage of direct fingerprinting methods to allow a website visitor to reliably detect and block those techniques. We conclude that indirect fingerprinting methods are often difficult to detect and are not identified with specificity in privacy policies. This makes indirect fingerprinting more difficult to block, and therefore risks disturbing the tentative armistice between individuals and websites currently in place for direct fingerprinting. This paper illustrates differences in fingerprinting approaches, and explains why technologists, technology lawyers, and policymakers need to appreciate the challenges of indirect fingerprinting., Comment: Appearing in STAST 2019

Published
2019

8. Age Verification Systems Will Be a Personal Identifiable Information Nightmare.

Author

Scheffler, Sarah

Subjects
*AGE verification systems, *ELECTRONIC authentication, *ACCESS control, *INTERNET privacy, *INTERNET privacy laws, *PERSONALLY identifiable information, *RIGHT of privacy, *INTERNET & children
Abstract

The article focuses on how online age verification systems will be a problem for internet privacy. The author discusses new laws that attempt to improve online child safety with an age verification system, the lawsuits that have challenged these laws in Arkansas, Texas, California, Louisiana, and Utah, and how the laws go beyond checking ID, but collecting personally identifiable information (PII).

Published
2024
Full Text
View/download PDF

9. From Soft Classifiers to Hard Decisions: How fair can we be?

Author

Canetti, Ran, Cohen, Aloni, Dikkala, Nishanth, Ramnarayan, Govind, Scheffler, Sarah, and Smith, Adam

Subjects
Computer Science - Machine Learning, Computer Science - Computers and Society, Statistics - Machine Learning
Abstract

A popular methodology for building binary decision-making classifiers in the presence of imperfect information is to first construct a non-binary "scoring" classifier that is calibrated over all protected groups, and then to post-process this score to obtain a binary decision. We study the feasibility of achieving various fairness properties by post-processing calibrated scores, and then show that deferring post-processors allow for more fairness conditions to hold on the final decision. Specifically, we show: 1. There does not exist a general way to post-process a calibrated classifier to equalize protected groups' positive or negative predictive value (PPV or NPV). For certain "nice" calibrated classifiers, either PPV or NPV can be equalized when the post-processor uses different thresholds across protected groups, though there exist distributions of calibrated scores for which the two measures cannot be both equalized. When the post-processing consists of a single global threshold across all groups, natural fairness properties, such as equalizing PPV in a nontrivial way, do not hold even for "nice" classifiers. 2. When the post-processing is allowed to `defer' on some decisions (that is, to avoid making a decision by handing off some examples to a separate process), then for the non-deferred decisions, the resulting classifier can be made to equalize PPV, NPV, false positive rate (FPR) and false negative rate (FNR) across the protected groups. This suggests a way to partially evade the impossibility results of Chouldechova and Kleinberg et al., which preclude equalizing all of these measures simultaneously. We also present different deferring strategies and show how they affect the fairness properties of the overall system. We evaluate our post-processing techniques using the COMPAS data set from 2016.

Published
2018

10. Nothing has happened? : the integration of the Lomellina into the Roman Empire

Author

Scheffler, Sarah U., Mattingly, David, Haselgrove, Colin, and Pearce, Mark

Abstract

The Italian Lomellina (province of Pavia), bordered by the rivers Ticino and Po and thus positioned at the crossroads between the Alps and the central Po valley, was firmly embedded in a network stretching beyond the Adriatic and connecting the area with the wider Mediterranean throughout the Iron Age. This PhD uses the mortuary record of the area to assess issues relating to identity change between the Late Iron Age and the period of Roman conquest. Across this period, the Lomellina was caught between indigenous resistance to and alliance with Rome, between cultural conservatism and new material developments. The results of these social, cultural and economic changes are reflected in the mortuary record of the Lomellina between the late 3rd century BC and AD 100. The quantitative and qualitative analysis for this study comprises 488 mortuary contexts from 32 individual excavation sites. Concepts such as ritual as well as practice theory and the comparison with the wider region shed light on question such as: how did the conquest and the subsequent integration into the Roman empire impact the communities of the Lomellina? How did the expression of identity through material culture and funerary rituals change? Is it possible to provide new answers to the old question of what 'becoming Roman' meant in this region? The archaeological record of the Lomellina shows that the Roman conquest of the wider region had a profound impact on the communities. Previous economic networks continued but the Lomellina experienced a boost for its local industries that was most likely facilitated by the growth of urban centres. Social relationships were transformed following the administrative and legal changes instigated by the Roman authorities. Culturally the archaeological records indicate the impact of a globalisation, an increased participation in and interconnectivity between wider economic and cultural networks.

Published
2018

12. BooLigero: Improved Sublinear Zero Knowledge Proofs for Boolean Circuits

Author

Gvili, Yaron, Scheffler, Sarah, Varia, Mayank, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Borisov, Nikita, editor, and Diaz, Claudia, editor

Published
2021
Full Text
View/download PDF

13. TurboIKOS: Improved Non-interactive Zero Knowledge and Post-quantum Signatures

Author

Gvili, Yaron, Ha, Julie, Scheffler, Sarah, Varia, Mayank, Yang, Ziling, Zhang, Xinyuan, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Sako, Kazue, editor, and Tippenhauer, Nils Ole, editor

Published
2021
Full Text
View/download PDF

14. Case Study: Disclosure of Indirect Device Fingerprinting in Privacy Policies

Author

Milligan, Julissa, Scheffler, Sarah, Sellars, Andrew, Tiwari, Trishita, Trachtenberg, Ari, Varia, Mayank, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Woeginger, Gerhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Groß, Thomas, editor, and Tryfonas, Theo, editor

Published
2021
Full Text
View/download PDF

16. The Unintended Consequences of Email Spam Prevention

Author

Scheffler, Sarah, Smith, Sean, Gilad, Yossi, Goldberg, Sharon, Hutchison, David, Series Editor, Kanade, Takeo, Series Editor, Kittler, Josef, Series Editor, Kleinberg, Jon M., Series Editor, Mattern, Friedemann, Series Editor, Mitchell, John C., Series Editor, Naor, Moni, Series Editor, Pandu Rangan, C., Series Editor, Steffen, Bernhard, Series Editor, Terzopoulos, Demetri, Series Editor, Tygar, Doug, Series Editor, Weikum, Gerhard, Series Editor, Beverly, Robert, editor, Smaragdakis, Georgios, editor, and Feldmann, Anja, editor

Published
2018
Full Text
View/download PDF

24. PSPACE-completeness of Pulling Blocks to Reach a Goal

Author

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory, Ani, Joshua, Asif, Sualeh, Demaine, Erik D, Diomidov, Yevhenii, Hendrickson, Dylan, Lynch, Jayson, Scheffler, Sarah, Suhl, Adam, Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory, Ani, Joshua, Asif, Sualeh, Demaine, Erik D, Diomidov, Yevhenii, Hendrickson, Dylan, Lynch, Jayson, Scheffler, Sarah, and Suhl, Adam

Abstract

© 2020 Information Processing Society of Japan. We prove PSPACE-completeness of all but one problem in a large space of pulling-block problems where the goal is for the agent to reach a target destination. The problems are parameterized by whether pulling is optional, the number of blocks which can be pulled simultaneously, whether there are fixed blocks or thin walls, and whether there is gravity. We show NP-hardness for the remaining problem, Pull?-1FG (optional pulling, strength 1, fixed blocks, with gravity).

Published
2022

27. Arithmetic Expression Construction

Author

Leo Alcock and Sualeh Asif and Jeffrey Bosboom and Josh Brunner and Charlotte Chen and Erik D. Demaine and Rogers Epstein and Adam Hesterberg and Lior Hirschfeld and William Hu and Jayson Lynch and Sarah Scheffler and Lillian Zhang, Alcock, Leo, Asif, Sualeh, Bosboom, Jeffrey, Brunner, Josh, Chen, Charlotte, Demaine, Erik D., Epstein, Rogers, Hesterberg, Adam, Hirschfeld, Lior, Hu, William, Lynch, Jayson, Scheffler, Sarah, Zhang, Lillian, Leo Alcock and Sualeh Asif and Jeffrey Bosboom and Josh Brunner and Charlotte Chen and Erik D. Demaine and Rogers Epstein and Adam Hesterberg and Lior Hirschfeld and William Hu and Jayson Lynch and Sarah Scheffler and Lillian Zhang, Alcock, Leo, Asif, Sualeh, Bosboom, Jeffrey, Brunner, Josh, Chen, Charlotte, Demaine, Erik D., Epstein, Rogers, Hesterberg, Adam, Hirschfeld, Lior, Hu, William, Lynch, Jayson, Scheffler, Sarah, and Zhang, Lillian

Abstract

When can n given numbers be combined using arithmetic operators from a given subset of {+,-,×,÷} to obtain a given target number? We study three variations of this problem of Arithmetic Expression Construction: when the expression (1) is unconstrained; (2) has a specified pattern of parentheses and operators (and only the numbers need to be assigned to blanks); or (3) must match a specified ordering of the numbers (but the operators and parenthesization are free). For each of these variants, and many of the subsets of {+,-,×,÷}, we prove the problem NP-complete, sometimes in the weak sense and sometimes in the strong sense. Most of these proofs make use of a rational function framework which proves equivalence of these problems for values in rational functions with values in positive integers.

Published
2020
Full Text
View/download PDF

30. Decrypting legal dilemmas

Author

Scheffler, Sarah Ann

Subjects
Computer science
Abstract

It has become a truism that the speed of technological progress leaves law and policy scrambling to keep up. But in addition to creating new challenges, technological advances also enable new improvements to issues at the intersection of law and technology. In this thesis, I develop new cryptographic tools for informing and improving our law and policy, including specific technical innovations and analysis of the limits of possible interventions. First, I present a cryptographic analysis of a legal question concerning the limits of the Fifth Amendment: can courts legally compel people to decrypt their devices? Our cryptographic analysis is useful not only for answering this specific question about encrypted devices, but also for analyzing questions about the wider legal doctrine. The second part of this thesis turns to algorithmic fairness. With the rise of automated decision-making, greater attention has been paid to statistical notions of fairness and equity. In this part of the work, I demonstrate technical limits of those notions and examine a relaxation of those notions; these analyses should inform legal or policy interventions. Finally, the third section of this thesis describes several methods for improving zero-knowledge proofs of knowledge, which allow a prover to convince a verifier of some property without revealing anything beyond the fact of the prover's knowledge. The methods in this work yield a concrete proof size reduction of two plausibly post-quantum styles of proof with transparent setup that can be made non-interactive via the Fiat-Shamir transform: "MPC-in-the-head," which is a linear-size proof that is fast, low-memory, and has few assumptions, and "Ligero," a sublinear-size proof achieving a balance between proof size and prover runtime. We will describe areas where zero-knowledge proofs in general can provide new, currently-untapped functionalities for resolving legal disputes, proving adherence to a policy, executing contracts, and enabling the sale of information without giving it away.

Published
2021

Catalog

Books, media, physical & digital resources
See catalog results