Email	Print Reprint
	add to:
	Del.icio.us Digg Google Furl	Slashdot Y! MyWeb Blink

Monterey, CA June 13 - Attendance was down at the 2002 USENIX Annual Technical Conference this year from last, but Dann Geer, USENIX President, was still pleased. "This year has been the strongest, content wise, that we've offered and the fact that many attendees have recognized the value to them to come on their own expense is a startling characteristic of this conference." Interestingly, the foreign representation—nearly 1/3 of attendees—has remained steady. He noted that the quality is better than it's ever been. The selection ratio, the number of papers selected to the number of papers submitted, indicates that "what you're seeing is the cream of the crop."

USENIX conferences focus on basic computer system engineering. "This is where if you've built something, bring it to show." Asked if conferences like these are sustainable, he replied, "Yes, in fact conferences like these enable us to sustain the little less known conferences, like the USENIX Security Conference in San Francisco this August."

The first three days of the conference were devoted to all-day technical tutorial sessions focused on security. Topics spanned all levels of knowledge from introductory to more advanced levels, targeting system administrators, programmers, developers, and architects. Other tutorials included system administration of various environments, kernel internals, performance tuning, networking, and so on. The three most highly attended sessions were on System and Network monitoring, Inside the Linux Kernel, and System and Network Performance Tuning.

Security guru Avi Rubin, author of the DDJ article "Kerberos Versus the Leighton-Micali Protocol" (November 2000), the book White-Hat Security Arsenal: Tackling the Threats, and the subject of the DDJ Technetcast session "Computer System Security: Is There Really a Threat?, presented the whole kitchen sink of security in a day, emphasizing computer security basics, network security and cryptography. The goal was to "establish a base of knowledge to build on later." His biological analogy to prevention stressed the importance of diversity—just as gene diversity prevents whole populations from being wiped out, diverse platforms, computer systems, applications such as mail systems, browsers, and so on, help prevent whole systems from being wiped out. In addition, randomness, avoiding buffer overflows, and the right choice of language all will help build secure programs.

Gary McGraw, Cigital Inc.'s CTO and author of Building Secure Software built upon this when he called for increased willingness among programmers to implement secure software practices, rather than relying on firewalls and patches to make applications secure. In many cases, the patches created as much damage by "giving away the problem"—so anyone who didn't install the patch was then targeted. "Software is everywhere, and it is not usually built to be secure" he told the audience. In his very animated style, he emphasized that programmers should build software right the first time. He pointed out that complexity increases with the number of lines of code, while the level of knowledge that hackers need in order to break into systems is decreasing due to a rise in sophistication of hacker tools. The process of writing secure code, which would include written specifications, code analysis and reviews, is not implemented in many company cultures and neither is it being taught in many universities today. Observing that several attendees were accessing the internet through the 802.11 in the hotel, he said, "By the way, all of you that are using your wireless computers I know for a fact that you are, right now, being hacked."

And as reflected by the program chairpersons Carla Ellis of Duke University and Chris Demetriou of Broadcom Corp., 30 percent of the attendees were from academia, 50 percent from the commercial sector and 10 percent from government. A standing ovation was given for Stanford University law professor Lawrence Lessig who delivered the keynote, "The Internet's Coming Silent Spring," in which he made the case that the Internet, originally built to enable neutral and unrestrained innovation, is now being undermined by those who were threatened by its original network architecture. The rest of the conference included a general refereed track, invited papers from systems researchers and developers, a FREENIX Track focused on open source technologies, and Guru Sessions looking at emerging technical issues and their influence on the computer industry.

RELATED ARTICLES Welcome To the World of Cryptographic Voting Klocwork Targets Productivity With Dev Tool Suite Fuzzing Security Testing Tool Released Data Aggregation and Bayes Classifiers Beware Open Source Encryption		TOP 5 ARTICLES No Top Articles.