Category: acsac

Today was the first full technical day of the conference. It started with an excellent distinguished practitioner talk by Lori Faith Cranor about some usability testing they did in the CUPS lab at Carnegie Mellon. Quite interesting work, and it explains a lot about why the messages we get are often so poor, and interfaces are perceived so badly (and in many ways, it echoed the talk MEZ gave a few years ago). After that was a good session on government research needs — I took a lot of notes and gathered a lot of information at work. During lunch we had a short talk by Peter Neumann, filled with the requisite number of puns (if you know Peter, you know of what I speak). After lunch was more researchy stuff — this time a panel on where security should be by 2020. The late afternoon brought the first classic paper review: a look back at Matt Bishop’s paper on Unix Security. It brought back memories of the old days.

Before I turn to the dinner activities, a thought from the research panel. Doug Maughan from DHS brought up the issue of how do we get students interested in Computer Security and Computer Science in middle and high school. It’s a subject I discussed many times when I was on the IAB at CSUN. I’m wondering whether the California State Science Fair might be able to do something: if there was a small prize for the best Computer Security-focused science project, might it entice students to think about the problems? I’m curious on your thoughts, O readers of mine, on how to get our middle school and high school students interested in the area.

Dinner was a luau. I was a bit out of it, as a migraine was starting (I took my Maxalt at 630p). The food was good, although I think we should have saved the poi for tomorrow night’s poster session. As always, I look at the entertainment with a reviewers eye. The sound left a lot to be desired — it was muddied and we could hardly hear the main speaker for the music group. The hulu dancers were good dancers, but were a bit mechanical. On the other hand, the fire dancer played to the audience and had a lot of fun with it. All in all, a reasonably good show, although I still remember the luau during my honeymoon when the pig was actually buried on the beach and dug up.

Well, the tutorial portion of the conference is now over. Today went very smoothly, with nary a complaint. The main technical portion of the conference starts tomorrow. At the reception tonight, saw at least one person I haven’t see in years: Holly Hosmer. ‘twas nice seeing her. Also had a nice talk with a student from UCLA doing computer security. Hopefully we can get him to give a talk at the ranch. I had a nice discussion with Pat Toth on validations and 800-53, and with Paul Karger (where I reminded him that the TCSEC and A1 were responsible for giving us perl). That’s what makes this conference so special: the people that come here — not only are they remarkable technical people, they are just great people.

People keep saying, “Oh, you’re in Hawaii. Go have fun on the beach”. So I thought I would give you an idea of a typical day in the life of your tutorial chair:

• 500a Alarm goes off
• 530a Showered and dressed, I wake the computer and start checking personal and work email and taking care of work.
• 645a Go downstairs to help set up registration, and set out projectors in the rooms
• 730a Have the conference continental breakfast while networking with attendees
• 830a Tutorials start. Sit in on a tutorial to actually learn stuff, periodically going out to make sure everything else is running smoothly. Also keep working on the reviewing project I brought from work
• 1000a Break. Get more tea.
• 1030a Tutorials resume. See 830a.
• 1200p Lunch. Stand and make sure that only registered folks are getting the lunch. Network with attendees.
• 130p. Tutorials resume. See 830a.
• 300p. Break. Eat a cookie.
• 330p. Tutorials resume. See 830a.
• 500p. Tutorials end. Go collect the projectors and the cords. Make sure the rooms have all of our stuff out of them. Sort everything out back in the conference office.
• 540p. Get back in the room. Check work email.

About the only free time I get is in the evening. Tonight, for example, I walked down with Michael Franz of UCI and Sven Dietrich of Stevens to Shorebird Beach Broiler for dinner. We had a great dinner discussion about the UC admissions policies. I probably won’t have any free time until Friday afternoon. The vacation in Hawaii will need to wait until my own time, likely in 2011 (2010 is college preview on the east coast).

Those of you who know me know I’m actively involved with ACSAC — the Annual Computer Security Applications Conference. I’ve been running the tutorial program since 1990, and was even conference chair for a four-year stretch a few years ago (2001, 2002, 2003, 2004). Last year I even did local arrangements when the conference was in Anaheim. [ETA: No, I don’t do this alone. We have a great conference committee.]

This year, the conference is in Honolulu HI. Even though I have a long history with the conference, I was still worried about the “boondoggle” factor — that is, the folks who think people go on conferences just to sightsee. That’s certainly not true in my case — I barely leave the hotel, making sure the conference runs smoothly. Still, I was pleased when a few weeks before the end of the fiscal year I received approval to attend. The fiscal year started afresh on Thursday, and today I put in my travel and registration request.

Now, registration for the conference can be complicated. We need to ensure we make our room nights, so we encourage people to make their hotel reservations first, and give a registration discount for providing your confirmation number. I provided all the information to my office professional, who attempted to coordinate this through our corporate travel agency. I think this was the mistake. [Correction: The mistake was that we had the wrong phone number on the conference page: the conference number went to Pleasant Hawaii Holidays instead of directly to the hotel.] They thought it was a package of airfare and hotel, and booked it like that. This gave us the wrong cancellation policy (almost having to pay the whole stay if I cancelled), plus they wanted full hotel payment up front. This could be a problem, as I don’t get reimbursed until after the conference. I contacted our local arrangements chair for this year (good thing to have pull :-)), who contacted the hotel. As I left today, the problem is being worked and I have all confidence it will be resolved. Still, it did cause a bit of excitment this morning.

So, come December 6^th (after a late night at the Pasadena Playhouse), I’ll be winging my way to Honolulu to start stuffing registration bags and making sure all my tutorial books have arrived. I get a week of running tutorials and an excellent technical program, and then fly back early Saturday morning December 12^th in time for the 2^nd night of Chanukah. Hey, shutterbug93, block off your calendar for dinner Sunday or Monday night of that week! Who knows… if I’m stuck there Friday night, maybe she can find good local theatre for me to go to….

The penultimate day of the conference was pretty good. Everyone loves the hotel and my food choices (today’s break was fruit-ice bars and red-bull — how Californian!). Sessions are going well. No surprises from the hotel. Tomorrow is the last day, with the whale watching adventure and In-n-Out Burger.