|
| |
Dates of Institute
 | Sunday, June 15: introductions |
| Monday, June 16: talks and discussions |
| Tuesday, June 17: talks, discussions,
town hall meeting, excursion |
| Wednesday, June 18: talks, discussions,
town hall meeting, wrap-up |
Participants are welcome to stay through breakfast
Thursday, June 19.
Tracks
We had different kinds of activities during our institute:
| Invited Talks (30-45 min. presentation + 15 min. discussion) |
| Regular Talks (20 min. presentation + 10 min. discussion) |
| Five Minute Madness (5 min. presentation/discussion per speaker)
|
| Moderated "town meetings" on various
topics |
| Work-and-play excursion (an opportunity for informal discussions
while doing something fun!) |
| 8-9 |
Breakfast |
| |
Session I: Making Security Usable [moderator: Jim Larus] |
| 9-10 |
Software and Security, Butler Lampson (Invited Speaker) |
| 10-10:30 |
Toward Speech-Generated
Cryptographic Keys on Resource Constrained Devices,
Mike Reiter |
| 10:30-11 |
Break |
| 11-11:30 |
Disappearing Security,
Dirk Balfanz |
| 11:30-12 |
A Rant about Security UI, Dan Simon |
| 12-1 |
Lunch |
| |
Session II: Language-Based Security [moderator: Jeannette
Wing] |
| 1-2 |
Attacks Against the Netscape
Browser,
Jim Roskind (Invited Speaker) |
| 2-2:30 |
Java Security: Lessons Learned, Li Gong |
| 2:30-3 |
SPADE and SABER: Improving Systems
Through Error Reduction, Larry Koved |
| 3-3:30 |
Break |
| 3:30-4 |
Security Types to the Rescue,
David Wagner |
| 4-4:30 |
Static Analysis Techniques for Identifying Malicious
Executables, Somesh Jha |
| 4:30-5 |
Using Information Flow Policies to Construct Secure
Distributed Systems, Andrew Myers |
| 5-6 |
Free time! |
| 6-7:30 |
Dinner |
| 7:30-9 |
Five Minute Madness [moderator: Jeannette Wing] |
| 8-9 |
Breakfast |
| |
Session VI: Computer Architecture and Bit-level Security
[Jim Larus] |
| 9-10 |
NGSCB: Description,
Applications, Security Model and Policy Implications,
John Manferdelli (Invited Speaker) |
| 10-10:30 |
Enabling Trusted Software Integrity,
Darko Kirovski |
| 10:30-11 |
Break |
| 11-11:30 |
Making My Code Look Like Your
Code,
Christian
Collberg |
| 11:30-12:30 |
Town Hall Discussion [moderator: Jim Larus] |
| 12:30-1:30 |
Lunch |
| |
Session VII: Beyond Code [Jeannette
Wing] |
| 1:30-2 |
Privacy Architectures, Doug Tygar |
| 2-2:30 |
Getting Past Buffer Overflows: Why Architecture is the Key
to Software Security,
Gary McGraw |
| 2:30-3 |
Software Security for Open-Source Systems,
Crispin Cowan |
| 3-3:30 |
Break |
| 3:30-4 |
Randomization Techniques for Software Security,
Dawn Song |
| 4-4:30 |
Security and Software Engineering,
Steve Bellovin |
| 4:30-5 |
Town-Hall Discussion [moderator: Jeannette Wing] |
| 5 |
Close of Institute |
Optional. Breakfast available to all participants at Skamania.
Travel home.
| 8:30-9:30 |
Breakfast |
| 9:30 |
Travel home |
| Session I: What would make good Ph.D. thesis
topics in the area of software security? (Jeannette Wing) |
| Session II: What would
be your #1 choice in doing something to get ahead in the security race? (Jim
Larus) |
| Session III: What is
the difference between engineering software for reliability and engineering
for security? (Jeannette Wing) |
| Topic not discussed: Identify concrete classes of properties that would
be most valuable to be able to verify/enforce and that are within reach of a
concerted research effort. What problems does industry find most vexing
and mission-critical? For example: verify C source code is free of
buffer overruns; enforce that MS Outlook can't send outbound except as
directed by users; verify IKE is free from protocol attacks; verify Java code
respects some information flow policy. (David Wagner) |
|