About Me

I ramble about a number of things - but travel experiences, movies and music feature prominently. See my label cloud for a better idea. All comnments and opinions on this blog are my own, and do not in any way reflect the opinions/position of my employer (past/current/future).

17 May 2007

Jo'burg Notes

So, Stephen and I was in Jo'burg for IFIP Sec 2007, for the past three days. I am not a big fan of Jo'burg, and every time I go there, I am reminded why, I am not a big fan of Jo'burg. We stayed at the Parkmore Lodge, a quiet little B & B near Sandton; definitely a place to consider next time I am in Jo'burg.

And most of the gripes is about the drivers and the roads. The traffic is horrible, but I suppose it's not anything different to the M5 in Cape Town. But, for the richest city in Africa, the road conditions are terrible, especially at night. For example, the road marking at night are hardly visible in some places, and I am not the only one who thinks that. And then there are the drivers - who all seem to be in a rush, and not care about anybody else on the roads. Everyday, there seemed to be some one who decided to turn in front of us (to cross the road), even though we (and others on the road) have the right of way, and are actually moving forward. No wonder there are so many road accidents!

On Monday night, Stephen and I met up with Siya and Reinhardt at a restaurant (the Butcher's Shop and Grill) on the Nelson Mandela Square. Phathu was also supposed to come along, but unfortunately he was feeling ill - hope he gets better soon.

Things I was hoping to see, but saw no evidence of: the intelligent highway and the Gautrain.

Things I was hoping not to experience and didn't experience: The famous Jo'burg crime.

Coincidence: Parked next to our car (a white Toyota Corolla 160i) was a white Toyota Corolla 140i whose number plate started with the same first three letters!

Oh yeah, had the most expensive ice cream at the Sandton store of Häagen-Dazs. Really worth the price!

Rustenberg

Initially, I was supposed to meet up with Sarai in Sandton on Sunday. Due to various things, that idea got canned, and I drove to Rustenberg to see her instead. and, as Sarai has commented a number of times before to me, there is nothing much to see in Rustenberg.

It's a sleepy little town, where children still play in the streets (and ride bikes in the streets), there are no walls surrounding houses, houses are pretty big in size and leafy subrubs mean exactly that. And, watching F1 in the comfort of Sarai's mom's couch (on a massive rear projection TV) was great too!

The side trip was quite good, a welcome break in fact. But, it's hardly a town that I am dying to go back to. Oh yeah, property prices are quite cheap, and with the Royal Bafokeng Stadium due to host a number of matches, 2010 prospects are good!

IFIP Sec 2007

I normally describe IFIP as the European version of the ACM, which is unfair, because it is a lot more international. However, the participants of IFIP conferences tend to be more European centric, than US centric. This year, South Africa hosted the 22ndIFIP Security Conference (2nd time in South Africa), at the Sandton ICC.

I suppose the organisation of the conference was not bad, except the Sandton ICC venue was too large for the number of delegates. I think, it would have been far better, if the venue was the Balalaika Hotel, as per the Information Security SA conferences from the last two years. Another gripe, mainly associated with the venue, was the lack of free WiFi access during the conferences - come on, a computer conference without WiFi?

There was a distinct lack of local students at the conference - yes it is marginally more expensive than ISSA last year, but it is still cheaper than SATNAC and the value of this conference far outstrips that of ISSA and SATNAC, put together.

Day 1
Judge Mervyn King delivered the opening plenary talk, and it was the only, really general talk of the entire conference, focusing on management and risk over all, rather than specifically on IT. That said, his talk was quite entertaining and informative.

The first paper I attended was an adaptation of ticket based authentication, through the use of TPM chips. This was effectively an advance on my own ISSA paper from last year, which looked at the advantages of ticket based authentication systems for DRM, although my paper was focused on a software approach.

The other notable papers discussed identity management, with a specific focus on national government level identity systems, which was the focus of a panel discussion. I think it all boils down to two things: one governments need some sort of identity system to provide services to its population in a cost effective manner. However, there are too many features, and too many requirements being hoisted on to these systems, limiting their potential success and usage.

Day 2
Prof. Ross Anderson delivered the keynote talk in the morning, focusing on the economics of security, including a discussion on monopolies, buggy Microsoft products and why many large scale government projects fail (eNatis anyone?). I have heard most of the content before, but it was still a well presented, and well thought out presentation.

Most of the talks I attended were on access control, and one of the privacy session (which was where I presented my paper). Of note, was the Deutsche Telekom lab talk focusing on role based extensions to single sign on. The concepts were great, but their current approach creates a privacy problem where the single sign on service provider, potentially knows too much about the user. A paper earlier in the day, focusing on signing e-learning material (e.g. Moodle) was also interesting, but I think the problems could be solved easily if they use a verifiable digital identity system, like the proposal I outlined in my paper at ACM-DRM last year.

My own presentation went well, and was surprisingly short. At 40 slides, I thought my presentation would be longer than the 20 minutes I did take. There was some good discussion afterwards, always a good indication. The paper before me, in my session was interesting, although the presentation was a bit dry (and it was a difficult topic): about signatures that can be used to prove integrity and non-repudiation to a target user, but such a signature would prove nothing to any other users. One problem with the presentation was a lack of a useful example; so here is mine: whistle blowing. In whistle blowing, the user (often at risk) can inform securely to the monitoring organisation, but the monitoring organisation cannot unveil the whistle blower without his/her permission.

Day 3
Prof William Caelli presented the last keynote paper, on the requirement for a newer, updated definition of MAC, or Mandatory Access Control. This is good news, because in my thesis, I propose DRM as a new form of access control, and one that could potentially cater for the requirements placed by MAC.

Another, soon to be PhD graduate, Thierry Sans, presented a paper on a DRM policy administration model, which is similar to my own approach. However, my approach does not follow his approach of resigning the data at every step of the distribution cycle, as I think that strategy is inefficient, and ultimately un-necessary. Prior to that paper, there was a paper which discussed the potential to use web counters as a means to craft covert communication channels - great idea, but incredibly difficult to follow.

Another interesting paper was a theoretical trust model that looked at the possibility of clustering crowds according to their respective trustworthiness. Interesting, because it provides possibilities for wireless mesh routing (and possibly even other routing solutions).