CCS 2007 Day 1
Tuesday, October 30th 2007
This is a report on my first ever academic conference. I'm here in Alexandria, Virginia, where I served my mission, at Computer and Communication Security 2007. My plan is not to spend hours over writing up what I've been up to here; instead, I'll just provide a few highlights - quotes or things I noticed during the presentations today. Look for more entries about the rest of the conference in the next couple of days.
- Everyone here, especially the people from Microsoft, have really awful graphics in their presentations. Chartjunk in the extreme.
- Users don't want and won't pay for "security" as it has been delivered by techies so far. "Enterprise" wants it, but won't pay for it. The reason so little consumer security software hits the mainstream is because most of it is aimed at protecting from users, instead of protecting users (i.e. DRM).
- In the Phillipines, SMS credits and phone minutes are a currency used to purchase all kinds of consumer goods. Phillipinos in the US can even send money home via the phone system.
- Security is not orthogonal to performance, usability and reliability. For example, a reliable system that requires redundant paths through a mesh is more likely than a one-path system to pick a compromised node.
- Identity assertions should decay over time - if I log in to my phone with a PIN, it's ~100% sure that I've got my phone. A few minutes later, maybe you should only be 40% sure, and if that's too low, ask me to reauthenticate.
Anyway, lots of thoughts... let's hope some good research for our lab comes out of this trip.
Tags: CCS 2007 october 30th conference security research