back to article Oslo clever clogs craft code to scan di mavens and snare dodgy staff

Researchers from the University of Oslo in Norway have developed a system that tries to combat rogue employees and inside jobs – by combining cyber and real-world security knowhow. Known as PS0, the framework [PDF] combines traditional PC and network security systems with input from physical sensors and other surveillance …

  1. Giovani Tapini
    Big Brother

    Big Brother will be watching you...

    HR becomes the ministry of love I assume....

    1. GnuTzu
      Facepalm

      Re: Big Brother will be watching you... Retail Too

      There are cameras that count the number of patrons coming and going from retail establishments and food services. They've been around for quite awhile, but you have to imagine that they've been getting smarter. Yet, it just occurred to me that the level of smart for these cameras is on par with IoT, which means that not only will they be watching you, but so will the crims. Doh!

    2. Anonymous Coward
      Anonymous Coward

      HR Stasi - Guess who'll be using this to stop whistleblowers

      Google Suppresses Memo Revealing Plans to Closely Track Search Users in China

      https://theintercept.com/2018/09/21/google-suppresses-memo-revealing-plans-to-closely-track-search-users-in-china/

      _____________________

      "The memo was shared earlier this month among a group of Google employees who have been organizing internal protests over the censored search system, which has been designed to remove content that China’s authoritarian Communist Party regime views as sensitive, such as information about democracy, human rights, and peaceful protest."

      According to three sources familiar with the incident, Google leadership discovered the memo and were furious that secret details about the China censorship were being passed between employees who were not supposed to have any knowledge about it. Subsequently, Google human resources personnel emailed employees who were believed to have accessed or saved copies of the memo and ordered them to immediately delete it from their computers. Emails demanding deletion of the memo contained “pixel trackers” that notified human resource managers when their messages had been read, recipients determined."

      "The memo was first posted on an internal messaging list set up for Google employees to raise ethical concerns. But the memo was soon scrubbed from the list and individuals who had opened or saved the document were contacted by Google’s human resources department to discuss the matter. The employees were instructed not to share the memo."

      "Google reportedly maintains an aggressive security and investigation team known as “stopleaks,” which is dedicated to preventing unauthorized disclosures. The team is also said to monitor internal discussions."

      "The “stopleaks” team, which coordinates with the internal Google communications department, even began monitoring an internal image board used to post messages based on internet memes, according to one former Google employee, for signs of employee sentiment around the Project Maven contract."

    3. Anonymous Coward
      Anonymous Coward

      Re: Big Brother will be watching you...

      ...until the insiders get the idea of cloning some patsy's ID card or whatever and doing their heinous acts with those IDs instead so that everything gets passed off as other people. As for the cameras, they'll probably disguise themselves and keep their faces out of view, jam them if all else fails.

  2. Charles Calthrop

    What a pun

    just wanted to pay tribute to that pun. Oslo I have heard you've done better ones. I think that's a bergen legend, though.

    1. This post has been deleted by its author

  3. Pascal Monett Silver badge

    Just one suggestion

    Make sure the BOFH does not have any access to this system, otherwise the whole concept falls apart.

    The guy reviewing and querying the security database should not have any admin access, and the network sysadmins should not have any access to the security database.

    If you don't have that, you have a large collusion risk. And you can forget detecting admin-level insider stuff if the sysadmins are the ones controlling the security database.

  4. lafnlab
    Headmaster

    "...University of Oslo in Norway..."

    Is there a University of Oslo outside of Norway?

    1. Trygve Henriksen

      Well, I doubt there's a University in Oslo, Marshall County, Minnesota, but still...

      And Oslo Community, in Dodge, Minnesota is even less likely since they don't even have a Post office any more...

      Maybe in Oslo, Florida?

      1. wayne 8

        Don't be surprised if there is a "university" in any Small Town, USA.

        The term is applied very liberally in the States to anything beyond basic schooling.

        Marketing to get suckers to take on massive student loans for worthless degrees.

        1. Charles 9

          "The term is applied very liberally in the States to anything beyond basic schooling."

          Not true. There's a very specific definition involved. While it is true you can find colleges just about everywhere (that offer baccalaureate education), universities cannot be called such unless they offer post-graduate (masters and up) education. For example, Longwood College in central Virginia only became Longwood University when they started offering a Masters program.

      2. Anonymous Coward
        Anonymous Coward

        Well, I doubt there's a University in Oslo, Marshall County, Minnesota, but still...

        From a crossword puzzle from many years ago, I learnt that Oslo is 'a small town in Czechoslovakia'.

  5. Robert Helpmann??
    Childcatcher

    It's all academic

    First, if you use "ontology" rather than "knowledge base" you are doing it wrong. Go with something that actually means the same thing like "cognitive content". Second, the primary supposition of the cited paper is "Physical security is often overlooked when it comes to information security" which is about as vague a statement concerning security as I have heard. Perhaps more to the point is that physical and information security are typically not well integrated outside of very specific environments. Yay! The researchers came up with a simple method to do so. Will they be able to turn it into a product that can be marketed and sold? As long as they continue to confuse metaphysics with a grasp of subject matter, no.

    1. wayne 8

      Re: It's all academic

      There just focusing to cash in on early round venture capital. Then hope they get bought up by Oracle or Google before they have to deliver.

      1. CheesyTheClown

        Re: It's all academic

        The funny thing is that Norwegian law wouldn’t allow this system to be used :)

  6. EnviableOne

    Converged security

    Ok so this is a new idea, physical security has always been part of Information security, now were in a digital world how is this any different?

    So they basically added more sources to a siem and invented a new search taxonomy, exactly what all new SIEM vendors do

  7. Michael Wojcik Silver badge

    Could be simpler

    Anyone familiar with many fine television programs available in the US these days knows that the only UI control the analysts need is a button labeled "Zoom and Enhance".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like