Panel: The New Security Paradigms Experience

Moderator: Anil Somayaji, Carleton University, Canada

The New Security Paradigms Workshop provides a forum for discussing some of the most fundamental, challenging, and controversial issues in computer security. NSPW's unique character, however, arises not so much from the topics presented but from how NSPW attendees discuss them: they aggressively question presenters and provide copious amounts of constructive feedback. This friendly debate forces authors to refine their arguments, leading to better publications and, we believe, wiser authors.

We propose to bring this unusual process to ACSAC in this panel session. Specifically, we propose to discuss two NSPW 2009 papers as we would at NSPW itself. The authors of each of these two papers will give a presentation. The audience must wait for the speaker to finish the first slide or for 5 minutes (whichever comes first) to ask questions or make comments; the resulting dialogue would continue for 45 minutes. The moderator will exercise minimal control over the discussion, as well as encourage a greater level of audience engagement and mainstream participation than typically occurs in mainstream security conferences.

We expect the ACSAC audience will be fascinated by the presented papers. For example, this year NSPW will examine the following provocative hypotheses, among others:

  • File permissions should follow free market principles.
  • Users rationally reject security advice.
  • We may not be able to quantify security.

We will select the two papers for this panel based on the discussions of the papers at NSPW and on participant feedback. Several NSPW attendees will attend the session to urge audience member participation and contribute if needed. We believe that, once the session has started and the first few questions asked, the regular attendees of ACSAC will get into the spirit of the discussion and provide much of the content of the session.

We expect ACSAC attendees to learn something from the content of the presentations; just as importantly, however, we believe the audience will enjoy the intellectual stimulation - and see the value - of an unscripted, vigorous discussion of important problems and unusual proposals in security.


  • Hilary Hosmer, Data Security
    The NSPW Psychological Contract

  • Maritza Johnson, Columbia University
    Laissez-faire file sharing

  • Cormac Herley, Microsoft Research
    So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users