From: Alan F. Karr [karr@niss.org]
Sent: Monday, April 17, 2006 9:48 AM
To: ndhs-dc@samsi.info
Subject: No Meeting Tomorrow??

NDHS-DCers,

Larry and I both have a (actually, the same) conflict tomorrow (and 
Larry has a personal conflict on top of that), so unless someone else 
wants to lead a discussion, I propose that we cancel.

Here is an idea (maybe totally dumb) for discussion on the 25th. Are we 
being too narrow in reducing risk and utility to single numbers? What if 
they were measured instead by probability distributions, which could be 
compared using (Jim and Francisco know more about this than I do) 
various stochastic orderings? This would still let us define frontiers, ....

For example,

1. If we had a record-level measure of risk, then we could use the 
distribution of risk over the records.

2. Analysis-dependent measures of utility could be combined (if the 
utility values were comparable, a big if) into a distribution of risk 
over a large number of analyses.

Such distributions might also be a way to incorporate our uncertainty 
about the external knowledge possessed by intruders and/or legitimate users.

Reactions are welcome!

--- Alan

-- 
******************************************************************
* Alan F. Karr, Director                     * Tel: 919.685.9300 *
* National Institute of Statistical Sciences * FAX: 919.685.9310 *
* 19 T. W. Alexander Drive (FedEx/UPS)       * karr@niss.org     *
* P.O. Box 14006 (USPS)                      * www.niss.org      *
* Research Triangle Park, NC 27709-4006      *                   *
******************************************************************