Usenix Security '02

Sun Aug 11th, 2002 01:45:06 AM EST

Diary Entry 107
[ << Prev | Diary Index | Next >> ]

On Wednesday and Thursday I attended Usenix Security '02 in San Francisco. Besides being a good conference, it was so close to home that I had no excuse not to attend.

As usual for a Usenix conference, the format was a series of 1 1/2 hour sessions, each comprised of two parallel tracks pitting three half-hour technical talks against a single invited talk. I went to the invited talks mostly, since I was interested in them and I could always get the papers from the published proceedings.

It turned out to be rather inspiring. In particular I enjoyed John Mitchell's talk on formal methods. It made me want to go out and start proving my software correct. When on Friday afternoon I went out and started looking for actual tools for doing that, I was pretty disappointed though. Maybe I'll look into it more seriously later.

Paul Kocher's talk on evaluating and assuring software security was top-notch. His advice was practical and useful. At the end of the talk he collected business cards from everyone who wanted to be mailed a book full of best practices tips for secure software development. I dropped mine in, and I'm looking forward to receiving it.

The other thing that caught my eye was a paper on the usage of CQUAL, a tool that allows additional type qualifiers to be added to C. In case you're familiar with C, but not the jargon, the C90 "type qualifiers" are `const' and `volatile' (C99 adds `restrict'). CQUAL allows for an arbitrary lattice of additional user-defined type qualifiers. The example given in the paper is that of a system that adds `unchecked' and `checked' type qualifiers, with `checked' automatically converted to `unchecked' but not vice versa. In that way the programmer can apply taint checks statically at compile time.

At lunch on Wednesday, my part of the Stanford contingent hung out with Rik Farrow, author of books and columns on networking and security. He had a lot to say about writing and publishing, which I found interesting due to my own past forays into publishing on and off the web.

Thursday during the lunch break I went out with Seth Schoen of EFF, EFF intern Lodrina Cherne, and an freelancer whose name I have forgotten. We went to a sketchy-looking Vietnamese restaurant in a pretty run-down part of town, but the food was good and it was cheap. The conversation centered on TCPA and Palladium, which had been the subject of a BoF ("Birds of a Feather") session the previous night. I'd say more, but Seth gives a better summary of everything than I could. (He even linked back to me. Cool!)

In other news, it's been very hot the last week or so, in the high 80s Fahrenheit, so Joel and I may not bike all the way to Santa Cruz tomorrow. We're still going to go out biking on a fairly long trip, though. I'm looking forward to it. I even did a thorough job of cleaning off my bike earlier today. I got off most of the nastiest dirt and grease, then re-lubricated the moving parts. Now I can again read labels that I'd forgotten were even there.

Time to do some coding.

Last updated 03 Apr 2004 21:17. Copyright © 2004 Ben Pfaff.
May be freely redistributed, but copyright notice must be retained.