IEEE Security and Privacy Symposium
This week I am at the IEEE Security and Privacy Symposium 2015. This is in San Jose, CA. I'm creating this forum topic to post my thoughts and for others to share.
So far, successfully flew from BWI to here and navigated the train system to arrive at the hotel. Woke up early this morning, as my body isn't able to sleep too late with the 3hr time change. Breakfast was good too, and now in the main room as the opening remarks about to begin.
One other thought, when you have a big conference at a hotel. I wonder how similar everyone smells. The Fairmount has pretty scented soap, shampoo and conditioner. I have no plans or gathering data on this.
The first day began with a very quick opening remarks. <15min. And then boom, into papers. I should mention, the open remarks included thanks to the people who put it together and the sponsors including NSF, ARL and NSA. Also the reviewing process, of a little over 400 papers to the 55 accepted, 13.7% acceptance rate. The co chair of the program committee was Lujo Bauer, a SoS Researcher at CMU.
The first set of presentations were on hardware assisted security. These were research projects which used hardware features to improve security. First up was encrypting program and data for use in the cloud. None of the key or plain text is ever written to memory. everything was done on CPU only. 2nd was on CHERI, which is a MIPS platform that enables much greater ability to compartmentize code. It gets over many of the hardware limits. Third was a paper on doing more secure Mapreduce in the cloud. Fourth ability to prove things without keys, such as the temperature at a remote place. The session ended with a paper on using the system manger level of a system to run anti-malware on a level with more permissions than the hypervisor.
The 2nd morning session was on cybercrime and cryptocurrency. The first paper examined the costs associated with typosquatting and found that the per person cost is not too high. I believe it was 29c. The 2nd was given by the first SoS paper competition winner, Joseph Bonneau. He presented a systemization of knowledge (SoK) on cryptocurrencies. It focus missing research questions. The third paper was a game theory on attackers in open pools for cryptocurrency mining. It found that its always in the attackers interest to cheap, or attack, but the optimal is that there is harm to all. The consequence is to use non open pools and reduce size, which is good for other attirbutes. The final paper was presented by a research at Google. They built upon the idea that unwanted ads are one of the biggest complains. They use the google pages to examine the webpage after it was rendered compared to what google had sent. The results had about 5% of users had ad insertion. It was pretty equal on Windows and Mac a sign that the attack is browser based. It showed the superfish is a big and invasive adnetwork.
Next was lunch of salad, salmon and creme bruele.
NSA is a sponsor of so as a result there is an NSA info table. HR sent me materials to the hotel for me to setup. i wasn't sure what to expect in the boxes. The pens are popular.
edit to move picture from attachment to inline.
Two notable awards with SoS connections.
The Best reviewer award went to Joseph Bonneau (first SoS Award Winner) now of Stanford and the honorable mentionto Jonathan Katz (UMD Lablet PI)
The morning session first session was on ORAM. Two of the presentation were presented by the grad students of Elaine Shi from the UMD L
ablet. The first was GraphSC: Paralle Secure Computation Made Easy presented by Kartik Nayak. The 2nd was by Chang Liu, and he presented his paper ObliVM: A programming Framework for Secure Coputation. Chang was a winning author from last year's SoS paper competition.
Just a reminder to download the papers for free. After the conference ends today, the papers will return to a paywall for a year, then with return again.
Currently the papers are available for online access from the program page.
http://www.ieee-security.org/TC/SP2015/program.html