Keynotes

Distinguished Practitioner

Putting Basic Research To Work

Douglas Maughan, Department of Homeland Security, USA

While many agencies struggle with how to move basic research across the 'valley of death', there are many success stories. For instance, IronKey was initially funded by DHS S&T as a two employee organiziation in 2005. IronKey is now a growing company - well over 100 employees, and probably the best USB (storage) in the marketplace and it's now the standard-issue at DHS. This talk provides a view from the trenches of what works - and what doesn't - when transitioning basic research into practice.

Dr. Douglas Maughan is the Director of the Cyber Security Division in the Homeland Security Advanced Research Projects Agency (HSARPA) within the Science and Technology (S&T) Directorate of the Department of Homeland Security (DHS). Dr. Maughan has been at DHS since October 2003 and is directing and managing the Cyber Security Research and Development activities and staff at DHS S&T. His research interests and related programs are in the areas of networking and information assurance.

Prior to his appointment at DHS, Dr. Maughan was a Program Manager at the Defense Advanced Research Projects Agency (DARPA) in Arlington, Virginia. Prior to his appointment at DARPA, Dr. Maughan worked for the National Security Agency (NSA) as a senior computer scientist and led several research teams performing network security research. Dr. Maughan received Bachelor's Degrees in Computer Science and Applied Statistics from Utah State University, a Masters degree in Computer Science from Johns Hopkins University, and a PhD in Computer Science from the University of Maryland, Baltimore County (UMBC).

Invited Essayist

Barriers to Science in Security

Thomas Longstaff, Johns Hopkins University, Applied Physics Laboratory, USA

Read Paper

In the past year, there has been significant interest in promoting the idea of applying scientific principles to information security. The main point made by information security professionals who brief at conferences seems to be that our field of information security is finally mature enough to begin making significant strides towards applying the scientific approach. Audiences everywhere enthusiastically agree and thrash themselves for bypassing science all along, bemoaning the fact that we could be "so much further along" if we only did science. Of course, after the presentation is over, everyone goes back to the methods that have been used throughout our generation to generate prototypes and tools with no regard for the scientific principles involved. We explore the barriers to adopting a scientific approach to experimental information security projects, including:

time to publish as a primary driver
standard of peer reviews in conferences and journals
expectation of a breakthrough in every publication

Based on these factors, we examine a way forward – how the scientific method can allow us to understand the underlying causality of information security and addressing the problem at its most fundamental level, and the changes in attitudes and processes necessary for this to happen.

Dr. Tom Longstaff is the Chief Scientist for the Cyber Missions Branch of the Applied Physics Laboratory. APL is a University Affiliated Research Center, a division of the Johns Hopkins University. Tom joined APL in 2007 to work with a wide variety of infocentric operations projects on behalf of the US Government to include technology transition of cyber R&D, information assurance, intelligence, and global information networks.

Tom's academic publications span topics such as malware analysis, information survivability, insider threat, intruder modeling, and intrusion detection. Tom is Chair of the Computer Science, Information Assurance, and Information Systems Engineering Programs at The Johns Hopkins University Whiting School of Engineering. Tom is also a fellow of the International Information Integrity Institute and editor of the IEEE Security & Privacy journal.

Classic Paper 1

Network Intrusion Detection: Dead or Alive?

Giovanni Vigna, UC Santa Barbara, USA

Read Paper

Research on network intrusion detection has produced a number of interesting results. In this paper, I look back to the NetSTAT system, which was presented at ACSAC in 1998. In addition to describing the original system, I discuss some historical context, with reference to well-known evaluation efforts and to the evolution of network intrusion detection into a broader field that includes malware detection and the analysis of malicious behavior.

Giovanni Vigna is a Professor in the Department of Computer Science at the University of California in Santa Barbara. His current research interests include malware analysis, web security, vulnerability assessment, and intrusion detection. He also edited a book on Security and Mobile Agents and authored one on Intrusion Correlation. He has been the Program Chair of the International Symposium on Recent Advances in Intrusion Detection (RAID 2003), of the ISOC Symposium on Network and Distributed Systems Security (NDSS 2009), and of the IEEE Symposium on Security and Privacy (S&P 2010 and 2011). He is known for organizing and running an inter-university Capture The Flag hacking contest, called iCTF, that every year involves dozens of institutions around the world. Giovanni Vigna received his M.S. with honors and Ph.D. from Politecnico di Milano, Italy, in 1994 and 1998, respectively. He is a member of IEEE and ACM.

Classic Paper 2

Back to Berferd

William Cheswick, AT&T Labs—Research, USA

read paper Read Original Paper

It has been nearly twenty years since I published the Berferd paper. Much of it is quite outdated, reflecting the state of technology at the time. But it did touch a number of issues that have become quite important. I discuss some of the existing conditions around the time of the paper, and some of these issues.

Ches is an early innovator in Internet security. He is known for his work in firewalls, proxies, and Internet mapping at Bell Labs and Lumeta Corp. He is best known for the book he co-authored with Steve Bellovin and now Avi Rubin, Firewalls and Internet Security; Repelling the Wily Hacker.

Ches is now a member of the technical staff at AT&T Labs - Research in Florham Park, NJ, where he is working on security, visualization, user interfaces, and a variety of other things.