Annual Computer Security Applications Conference (ACSAC)

Latest News

Featured Speakers

Whitfield Diffie, Chief Security Officer, Sun Microsystems

O. Sami Saydjari, CEO, Cyber Defense Agency LLC

Classic Papers Presenters

Barbara Y. Fraser, Director of Corporate Consulting Engineering, Cisco Systems, and Stephen D. Crocker, CEO, Shinkuro, Inc.

Stephanie Forrest, University of New Mexico, Steven Hofmeyr, and Anil Somayaji

We had a remarkable 24^th ACSAC!

Anaheim was a perfect location – they supplied excellent facilities at the Sheraton Park hotel, great weather and even fireworks (well, in Disneyland, but we could see them from our hotel every night).

The conference week started with 4 full-day and 2 half-day tutorials held on Monday-Tuesday – they were well attended and highly educational (not to mention the continued education credits they offered as well). The Virtualization Security workshop on Tuesday was packed – both in terms of most recent information from leading experts and in terms of audience.

Sami Saydjari opened the conference with his mesmerizing keynote calling for a "Cyber Manhattan Project" – a project already featured in many national newspapers and TV segments, due to its novelty and eye-opening qualities. The talk raised high interest among ACSAC attendees and a follow-up note from Sami (on what *we* can do now) can be found below. Thursday's keynote speaker was Whitfield Diffie who presented crypto insights in a web-based world. Friday morning had two Classic Papers – Barbara Fraser and Steve Crocker gave today's view on RFC 1281, and Stephanie Forrest talked about immunology-based security and its place among today's security solutions.

The technical tracks on Wednesday – Friday included technical sessions of refereed papers, case studies sessions, and several panels, as well as the popular Works in Progress session. All presentations were well received, and their high quality and technical novelty encouraged animate discussions during (and even after) the sessions.

The 2008 ACSAC awards for Best Student Paper and Best Paper were awarded, after careful consideration by the Student Awards Committee and Program Committee respectively, to the following recipients:

Best Student Paper: Arati Baliga (Rutgers University) for the paper: Automatic Inference and Enforcement of Kernel Data Structure Invariants , Arati Baliga, Vinod Ganapathy, Liviu Iftode – Rutgers University
Best Paper: Soft-Timer Driven Transient Kernel Control Flow Attacks and Defense , Jinpeng Wei, Bryan Payne, Jon Giffin, Calton Pu – Georgia Institute of Technology

Our congratulations to the 2008 award winners!

Last but not least, a group of conference attendees took the Friday afternoon trip to Dana Point and went on a chartered catamaran on the Pacific Ocean. No whales passing by, but large pods of dolphins and sea lions delighted us at length and made the trip an unforgettable ACSAC memory.

Overall, the 2008 ACSAC was an excellent conference, and we made its materials available online. The Conference Committee thanks all attendees, authors and presenters for their participation!

The Cyber Manhattan Project – Follow-up note from Sami Saydjari:

Top 5 things people can do for the cause?

Things you can do as a responsible professional to address the strategic issues of cyber defense.

1. Educate yourself. Learn about the nature and gravity of the national strategic cyber risk and bold and effective moves that could mitigate those risks. Learn about the policy realm and what the issues are so that you can speak intelligently about good and bad cyber defense policy. Take a policy expert out to lunch. Learn about related history such as the early formation of NASA and of the (U.S. and U.K) Air Force and how these big changes were possible against the barriers that the establishment always puts up to such big changes.

2. Educate your peers. Once you educate yourself, help educate your professional peers through one-on-one debates and discussions. Give professional talks to peer group at conferences and to graduate level students about to emerge into the professional world.

3. Educate the public. Securing the national cyber vulnerability will require significant investment of resources and significant educational, legal, and cultural attitude changes. This requires that the public be educated on this issue and that a national public discussion take place. Facilitate this discussion by educating the public through lectures and talking to the press in terms that they can understand. I find that analogies like the Manhattan project and the space race are helpful to frame the debate.

4. Educate leadership. Advocate for sound public policy in strategic cyber defense. Talk to executive branch leadership at whatever level you have access to help them understand the types of actions our country needs to address these risks and encourage them to take an active role. Meet with members of the legislative branch and their staff and advocate for legal and policy changes and appropriate investments to mitigate national risk. Government has a responsibility to "provide for the common defense" as laid out in the constitution. Hold the government accountable to step up to that duty to the emerging cyber space territory in the information age.

5. Serve. This is a hard one. There are at least two important ways to serve, but both will involve your most precious asset: your time. Consider investing 10% of your career in public service. This could include joining non-profit advocacy groups that help move for change and improvement in some aspect of national cyber defense. The second major category is to serve inside the government to change things from within. This can be extremely hard because it means disrupting your normal career path and perhaps your family. It is also hard when the degree of change is great and the system resists that change with all its might. Yet, this can be one of the most effective ways to cause significant change. Try hard to answer the call, particularly in later parts of your career when you have the experience and network to be most effective.