I’m back home. Suffice it to say it was a long day. For those who are interested, the report that was done on the conference by Hawaii Public Radio is now available as an MP3. For those that take the time to listen to it (it’s worth listening to…): How much should I razz Jeremy (mistakenly called Jeffrey in the report) for the line about us being geeks?

Share/Bookmark

Today was the last day of ACSAC 25. For me, the last day of the conference is a business day. It started with a panic when we discovered the hotel had taken down our registration area — we had to scramble to get it set up again, and for them to find out power cords. That was followed by the committee breakfast (and me running upstairs to help Marshall find his notes, which triggers an asthma attack ). After that, I sat in part of Ron Ross’ session with the CIO from PACOM — yet another person to whom I’ll be sending my document! During the second session of the morning, I began packing up the conference office. Once I had the books mostly packed, I attended part of a session until the projectors were done. With those packed, it was off to FedEx Office to get them shipped. Interesting fact: it is cheaper to ship from Hawaii to California than from California to Hawaii: Five boxes going HI to CA were around $139; Three boxes going CA to HI were $213 (and the five going HI to CA included those same three that went from CA to HI).

Once those were off and I was back at the hotel, we were done with the conference. So what did I do? What I’ve been wanting to do all week: went downstairs to the pool, went into the infinity pool for a bit, and then went back to my chaise, put on a podcast of the IgNobel awards, and watched the beautiful Hawaiian scenery (and I’m not talking just about the ocean ). After a beautiful sunset, I grabbed a quick dinner because I want to get my evening stuff done quickly and get packed. I get picked up tomorrow morning at 4:15am Hawaiian time to go to the airport (I’m sharing a shuttle with Ron Ross — always a good thing).

So this is my last post from the isles for a while. Aloha to Hawaii. Perhaps we’ll be back for ACSAC 30!

Share/Bookmark

Well, the fourth day of ACSAC in Hawaii is done. Today started off bad: I overslept after a bad headache night. But after that, things got better…

The morning started with a plenary session that featured a welcoming speech by the tallest mayor in the US, Mayor Mufi Hannemann of Honolulu, who actually discussed computer and physical security efforts in the city. This was followed by a talk from May Ann Davidson of Oracle on the importance of security metrics. I should note that the morning also featured a reporter from Hawaii Public Radio — I’ll link to the audio once we have it on the ACSAC website. Most of the day was spent in the FISMA training sessions, learning all about 800-53 rev 3 and 800-37. Although I know a lot of this stuff, it was actually useful to get the latest from Ron. We then had an interesting debate on the value of the Common Criteria with folks like Paul Karger, Wes from Symantec, Helmut from Atsec, and Chris Salter from CCEVS. I listened to a bit of the second Classic Papers session with Li Gong, which was followed by a poster session.

Dinner was the conference committee dinner at Chuck’s steakhouse. Fun dinner, but something on the walk back triggered more wheezing (which is getting damn annoying). So I think I’ll take another benedryl and go to bed. Goodnight all… and tomorrow is the last half day of the conference (and perhaps some beach time in the afternoon).

Share/Bookmark

Today was the first full technical day of the conference. It started with an excellent distinguished practitioner talk by Lori Faith Cranor about some usability testing they did in the CUPS lab at Carnegie Mellon. Quite interesting work, and it explains a lot about why the messages we get are often so poor, and interfaces are perceived so badly (and in many ways, it echoed the talk MEZ gave a few years ago). After that was a good session on government research needs — I took a lot of notes and gathered a lot of information at work. During lunch we had a short talk by Peter Neumann, filled with the requisite number of puns (if you know Peter, you know of what I speak). After lunch was more researchy stuff — this time a panel on where security should be by 2020. The late afternoon brought the first classic paper review: a look back at Matt Bishop’s paper on Unix Security. It brought back memories of the old days.

Before I turn to the dinner activities, a thought from the research panel. Doug Maughan from DHS brought up the issue of how do we get students interested in Computer Security and Computer Science in middle and high school. It’s a subject I discussed many times when I was on the IAB at CSUN. I’m wondering whether the California State Science Fair might be able to do something: if there was a small prize for the best Computer Security-focused science project, might it entice students to think about the problems? I’m curious on your thoughts, O readers of mine, on how to get our middle school and high school students interested in the area.

Dinner was a luau. I was a bit out of it, as a migraine was starting (I took my Maxalt at 630p). The food was good, although I think we should have saved the poi for tomorrow night’s poster session. As always, I look at the entertainment with a reviewers eye. The sound left a lot to be desired — it was muddied and we could hardly hear the main speaker for the music group. The hulu dancers were good dancers, but were a bit mechanical. On the other hand, the fire dancer played to the audience and had a lot of fun with it. All in all, a reasonably good show, although I still remember the luau during my honeymoon when the pig was actually buried on the beach and dug up.

Share/Bookmark

Well, the tutorial portion of the conference is now over. Today went very smoothly, with nary a complaint. The main technical portion of the conference starts tomorrow. At the reception tonight, saw at least one person I haven’t see in years: Holly Hosmer. ‘twas nice seeing her. Also had a nice talk with a student from UCLA doing computer security. Hopefully we can get him to give a talk at the ranch. I had a nice discussion with Pat Toth on validations and 800-53, and with Paul Karger (where I reminded him that the TCSEC and A1 were responsible for giving us perl). That’s what makes this conference so special: the people that come here — not only are they remarkable technical people, they are just great people.

Share/Bookmark

People keep saying, “Oh, you’re in Hawaii. Go have fun on the beach”. So I thought I would give you an idea of a typical day in the life of your tutorial chair:

• 500a Alarm goes off

• 530a Showered and dressed, I wake the computer and start checking personal and work email and taking care of work.
• 645a Go downstairs to help set up registration, and set out projectors in the rooms
• 730a Have the conference continental breakfast while networking with attendees
• 830a Tutorials start. Sit in on a tutorial to actually learn stuff, periodically going out to make sure everything else is running smoothly. Also keep working on the reviewing project I brought from work
• 1000a Break. Get more tea.
• 1030a Tutorials resume. See 830a.
• 1200p Lunch. Stand and make sure that only registered folks are getting the lunch. Network with attendees.
• 130p. Tutorials resume. See 830a.
• 300p. Break. Eat a cookie.
• 330p. Tutorials resume. See 830a.
• 500p. Tutorials end. Go collect the projectors and the cords. Make sure the rooms have all of our stuff out of them. Sort everything out back in the conference office.
• 540p. Get back in the room. Check work email.

About the only free time I get is in the evening. Tonight, for example, I walked down with Michael Franz of UCI and Sven Dietrich of Stevens to Shorebird Beach Broiler for dinner. We had a great dinner discussion about the UC admissions policies. I probably won’t have any free time until Friday afternoon. The vacation in Hawaii will need to wait until my own time, likely in 2011 (2010 is college preview on the east coast).

Share/Bookmark