The first two sessions for the day promised some very interesting talks focusing on authentication and access control. Unfortunately, while the results of the papers discussed could have been brilliant, the presentations were dead boring and not much of value. Did manage to get some ideas down on paper on user authentication for my DRM framework - so the morning was not totally lost.
There are two tracks in the conference - the research and industry tracks; and I decided that at least one session should be in the industry track. The tutorial on secure programming in C/C++ was very interesting, especially as it was given by a member of the C standardising body. It is quite amazing how easy it is easy to screw up when coding in C/C++ but I can't really say I learned anything new - after all the overall conclusion was that secure coding in C/C++ is very difficult if not impossible ...
The last session of the day which focused on intrusion detection was by far the most interesting session today. Three of the four papers focused on detection and prevention of buffer overflow attacks and some really interesting ideas. The last paper was also very cool on a mechanism to counter DoS attacks when using overlay networks (overlay networks are similar to annonymiser proxies).
No comments:
Post a Comment