Saturday, October 22, 2016

Confusion of terminology: exploit

From my experience, the term exploit could be very easily confusing between these four sets of actors. To a digital forensic expert, they are discussing the vector that was used to gain access to the system or how a limited user elevated to privileged access. (Govindavajhala & Appel, 2009) How did this file end up on the computer when all the user did was load a clean webpage with an ad? How did this driver get installed by the secretary?
For the potential jurors, how they process the word exploit is highly dependant on their background. Webster's Dictionary defines exploit as one noun and two verbs, but none of those three definitions will help the juror understand the connotations of a computer exploit. (Merriam Webster, 2016) To someone with a signals analysis background, exploit means to acquire intelligence from a signal or data stream. (mkroot, 2014) This is a miscommunication I have had myself talking with a vulnerability researcher in my early days of computer security, when I discussed exploiting the USB traffic between cell phone and workstation.
For folks with a more legal background, the lawyer and judge included, exploit can carry a much darker connotation. Often exploitation in legal discussions is a blanket for abuse, rape, and harassment. (Russell, 1984)
This potential issue, caused by the same vocabulary being overloaded as field-specific jargon, won't ever be able to be entirely eliminated. According to Crystal, a well educated English speaker might know between 15,000 and 23,000 words... words that will be used to convey all of the objects, ideas, emotions, and events of their entire life. (Crystal, 1987) With such a limited number of words, it is inevitable that they will be reused across fields or else the fields will use ultra-specialized words which are only accessible to the field practitioners, like the sciences use. Ultra-specialized words that are unaccessible to outsiders would fail to solve this problem too, as they must be comprehended by the outsiders that make up other jurors, judges, and lawyers.
The most significant way the issue can be reduced is for the presenter of the term to keep in mind the existance of other uses of it. That way they can be certain to address the potential conficts with the other context presented with the term, as well as clearly explain what they mean by it.

Crystal, D. (1987). How Many Words? English Today. No 12
Govindavajhala, S., & Appel, A. W. (2009). U.S. Patent Application No. 11/699,607. Identifying unauthorized privilege escalations
Merriam Webster. (2016). Exploit. http://www.merriam-webster.com/dictionary/exploit
mkroot. (2014). Sigint: definition, qualities, problems and limitations. https://blog.cyberwar.nl/2014/10/sigint-definition-intrinsic-qualities-problems-and-limitations-quotes-from-aid-wiebes-2001/
Russell, D. E. (1984). Sexual exploitation: Rape, child sexual abuse, and workplace harassment.

No comments:

Post a Comment