HotSec 2008 and USENIX Security 2008
Saturday, August 2, 2008
I'm back from San Jose finally and while I won't be breaking down a full review of HotSec and USENIX Security like I did for WOOT, I thought I would point out some of the more interesting presentations I was able to attend.
HotSec 2008
Panic Passwords: Authenticating under Duress
Jeremy Clark and Urs Hengartner, University of Waterloo
Some interesting duress schemes were presented such as 5-dictionary (using 5 distinct words from dictionary to prevent from invalid keys being interpreted as a duress key).
Challenges and Directions for Monitoring P2P File Sharing Networks or
Why My Printer Received a DMCA Takedown Notice
Michael Piatek, Tadayoshi Kohno, and Arvind Krishnamurthy, University
of Washington
I originally wasn't a fan of this paper since the actual spoofing attack is fairly trivial, but it raised a lot of good questions and presenter did a great job.
Towards Quantification of Network-Based Information Leaks via HTTP
Kevin Borders and Atul Prakash, University of Michigan
Interesting work from my colleague Kevin Borders aimed at reducing the noise of legitimate traffic in order to better detect information leaks.
USENIX Security 2008
Lest We Remember: Cold Boot Attacks on Encryption Keys
Alex Halderman (and a billion other people), Princeton University
Congrats to Alex! His paper won the "Best Student Paper" award. Alex will be joining the UofM faculty Winter 2009.
Political DDoS: Estonia and Beyond
Jose Nazario, Arbor Networks
Jose gave a great presentation on the various politically-motivated denial of service attacks that have occurred over the years in places such as Estonia and Georgia.
Hypervisor Support for Identifying Covertly Executing Binaries
Lionel Litty, H. Andres Lagar-Cavilla, and David Lie, University of
Toronto
A cute, OS-independent technique to detect processes that may attempt to hide or disguise themselves.
CloudAV: N-Version Antivirus in the Network Cloud
Jon Oberheide, Evan Cooke, and Farnam Jahanian, University of Michigan
Last but not least, I enjoyed my own presentation, of course! :-)