I don't attend very many conferences, mostly because I have to cover the expense myself. However, the 9th Annual Usenix Security Symposium held this past August in Denver looked too good to miss.

I wasn't disappointed. In fact, I wondered why I'd waited so long to attend a Usenix conference. It was probably because I felt that I could just read the research papers instead of actually attending, but that's like shunning a concert with backstage passes because you can buy a CD. There's so much more to the live conference than the purely technical presentations.

This article describes my view of the conference -- it's by no means a complete picture, as it's impossible for one person to attend every talk. For a complete review of the conference, I urge you to get the November 2000 issue of ;login magazine (a publication of Usenix and SAGE).

Keynote address

Dr. Blaine Burnham presented an interesting keynote address, "Design Principles of Simplicity." "Why do buffer overflow attacks still work?" he wondered. He went on to stress that security should not be an add-on. In some ways, Dr. Burnham was preaching to the choir. I know several managers and developers who refuse to accept that security needs to be designed into the architecture from the start.

As an example to illustrate his point, he referred to weeds indigenous to the American Southwest known as goatheads. These nasty little weeds produce spiked seeds that are the bane of bicyclists. Dr. Burnham pointed out that experienced cyclists quickly learned to take countermeasures to protect their tires. Why hasn't the software industry learned to take appropriate countermeasures that protect systems before they're flattened? he asked. Security must be designed into the system, not added on later. Intrusion-detection systems (IDSs) and patches are a last resort.

Tracks

The two major tracks for the Technical Sessions were invited talks and refereed papers.

"Computer System Security: Is There Really a Threat?" Dave Dittrich, University of Washington: http://www.usenix.org/publications/library/proceedings/sec2000/invitedtalks/dittrich_html/index.html

Dave Dittrich is sometimes referred to as "the DDoS guy" because of the expert analysis he provided during the infamous distributed denial-of-service attacks earlier this year. Dave's talk was perfectly timed after Dr. Burnham's keynote, as he continued to berate poor software quality that leads to security vulnerabilities. He noted that the attacker community communicates and works faster than the security industry. The security community (vendors especially) needs to work together faster, instead of posturing for commercial advantage.

Dave provided a timeline of the DDoS attacks that clearly demonstrated that there was plenty of warning about the threat of DDoS attacks in the open source community. Yet people were still unprepared to respond. Attacked sites focused on quick restoration of service, not forensics. Dave stressed the importance of preserving evidence for potential law enforcement use, and of understanding how the system was compromised.

Businesses must develop good incident response procedures and forensic skills, he pointed out.

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine