Cipher Issue 95, March 2010, Editor's Letter

Dear Readers,

Our newsletter has a detailed reviews of the Financial Cryptography conference and an interesting workshop on ethics in computer security research. No one can attend all the conferences in our field, and these detailed accounts, including questions and comments heard during the presentations, let a wide audience know what the pulse of the meeting was like. Richard Austin has also helped us keep up-to-date with his review of a recent book, "Managing the Human Factor in Information Security."

In preparation for the upcoming 30th anniversary of the Security and Privacy Symposium (by the way, registration is now open!), several people have been looking at its publication history. Our assistant editor to Cipher posed the problem of constructing a "dependency graph" showing which papers cite other Symposium papers. We have a depiction of the results at http://www.ieee-security.org/TC/citationgraph/oakcites.html, and it shows some interesting facts. In 1987, the were five highly influential papers presented: Specifications for Multi-Level Security and a Hook-Up Property; A Comparison of Commercial and Military Computer Security Policies; A Multilevel Relational Data Model; Reasoning About Security Models; and Covert Channel Capacity. Based on the dependency graph, it would seem that the ideas in these papers continue to influence researchers today. The field, though, has drifted away from these high-level concepts towards a much more adversarial and application-specific approach. In retrospect, it should not be surprising. Who would have guessed, in 1987, that computers would be retail items, the FCC would be trying to get gigabit Internet connections to homes, and that political movements would begin with "tweets"?

Speaking of tweets, the Cipher calendar of security-related events can be found on twitter.com under the name "ciphernews". There are few followers at the present time, but the experiment has minimal administrative overhead and will continue. One advantage is that deadline extensions are more likely to show up in the tweet version than in the online calendar version.