security-minded arguments, then
dismiss them as not feasible, imagining we don’t know the real situation or the true nature of an
attacker’s motivation.
They think they simply don’t
need a stronger identification
scheme. In Mexico, banks are
required to have such a scheme,
though when money is not
directly involved, users have been
known to throw tantrums so they
can keep using their everyday passwords.
Seeking to access a certain user’s
data, an attacker might try to find
vulnerabilities in the host system,
revealing data about every user in
the system, rather than guess probable passwords based on a particular user’s public profile.
GUNNAR WOLF
Mexico City, Mexico
Author’s Response:
User resistance to doing more to
secure a computer system is common. Ways to overcome it and
enforce the organization’s security
policies depend on support from
top management, including the
CEO.
Malicious hacking takes multiple forms, each involving its own
level of technical skill and preferences for attack methods. However, none can ever be ignored. A
single security breach might be
fatal to an organization, as I
described in my article.
ALFRED LOO
Hong Kong
CLARIFY OBJECT IDENTITY IN
OBJECT SCHIZOPHRENIA
The article “Patterns, Symmetry,
and Symmetry Breaking” by Lip-
ing Zhao (Mar. 2008) led me to
explore the relationship between
the object schizophrenia problem
(OSP) and the symmetry-breaking
concept it described. OSP in classical object-oriented modeling can
be understood as broken semantics
for method execution, contracts,
and other concerns. (For more on
OSP, especially in the context of
subject-oriented programming, see
www.research.ibm.com/sop/sopcp
ats.htm.)
The notion of object identity is
central to OSP, as the semantics
become clearer only when we consider object identity. An object has
a set of operations and a state that
remembers the state. OSP emerges
mainly as a result of message-for-warding mechanisms (such as consultation and delegation), leading
to “memory loss,” or broken
semantics. In delegation, the
inability to associate “self” with
the appropriate object (method
holder or originator) results in
broken delegation and (
consequently) in OSP.
In the context of the article,
OSP can also be understood as
symmetry breaking, especially in
terms of object identity. Moreover,
the notion of object identity—
crucial to OSP—might lead to a
clearer understanding (and possibly a formal approach) when
applied to design patterns and
symmetry breaking.
AGNEESWARAN VIJAY SRINIVAS
Lausanne, Switzerland
KEEP FAITH IN AMBIENT
INTELLIGENCE
Ambient intelligence (AmI) is
often promoted as a breakthrough
despite its potential drawbacks.
The article “The Illusion of Security” by David Wright et al. (Mar.
2008) analyzed ways to prevent
the fictional threat scenario it presented and if indeed the scenario
did occur ways its consequences
might be addressed. That scenario—three fraudulent insider
data administrators working in
concert and senior executives trying to conceal their attack—is not
AmI-related. Real-world scenarios
with more disastrous consequences
could occur on any given day in
any given bank or critical-infra-structure-related governmental
office.
A malicious insider group operating inside such an organization
is highly improbable, as its conspirators would be expected to be
well-screened, highly paid, and
backed up by trusted endorsers.
Meanwhile, the type of attack
described in the article is a force
majeure for any organization—
practically impossible to prevent
once the conspirators have agreed
to cooperate.
The three administrators and
the company president described
in the article fled to an undevel-oped country with no AmI infrastructure. Our hope for a secure
society with less of a chance of
AmI-related disasters shouldn’t
depend on downgrading our interest in developing vibrant AmI
technology wherever we are.
JAAK TEPANDI
Tallinn, Estonia
Please address all Forum correspondence to the
Editor, Communications of the ACM, 2 Penn
Plaza, Suite 701, New York, NY 10121-0701;
email: crawfordd@acm.org.