Dear Readers,
I recently attended the Security and Privacy Symposium and enjoyed the technical program and the special presentations that marked the 40th meeting of the event. Well-known figures from the early meetings, particularly Dorothy Denning, Dick Kemmerer, Gustavus Simmons, Butler Lampson, Martin Abadi, and Cathy Meadows, were in attendance. The newly established "test of time" awards went to many luminaries, some of whom were in the audience. It was good to hear many familiar names and to see familiar faces.
In 40 years, the field of computer security and privacy has changed quite a lot, but without reaching its original goals of faultless software and provably secure access controls. It is much more expansive, there are many more participants (nearly 650 registrants, an all-time high), and the topics are increasingly diverse. One major change is that attacks, which used to be considered contrary to the purpose of the field, are now a major part of the research. A surprising result this year was the demonstration of using a hard drive as a microphone. Another paper showed how to disrupt a touchscreen with a device hidden in a table top. As one of the researchers commented during a break, "Physics sucks."
There were not only a record number of participants, there were a record number of papers, and for the first time, S&P went two-track. The two rooms were adjacent, which minimized the time for audience members to listen to a different track, but for those of us who were accustomed to hearing each paper, it was a difficult adjustment. The one-minute overview videos each morning were somewhat helpful for setting one's personal schedule, but the content of the videos varied from "all my slides in one minute" to cartoons (some with unintended humor) and music.
Thursday was devoted to S&P Workshops, six of them this year. One was devoted to a fairly new topic, which was also the subject of some of the regular conference papers: security and deep learning.
The processing of submitting and revising papers has itself been revised for next year and for the years following. PC members had been required to review papers every month (with the burden increasing as the "last chance for the next conference" day loomed). To cope with this, and rising tide of submissions, the PC will have more members and fewer deadlines. [Ed. If you have been trouble finding reviewers for security papers or articles, it might be due to the very large number of people serving on the PCs for major security conferences.]
Sean Peisert, who has served 3/4 of his term as Technical Committee chair, will be succeeded by vice chair Ulfar Erlingson at the end of 2019. Brian Parno will then be the vice chair. Next year's conference general chair will be Gabriella Ciocarlie, and the program chairs will be Hovav Shacham and Alina Oprea.
The Computer Society's support of the conference's logistics and publications has been crucial to the conference's growth and success. This year some of the CS staff members were able to attend the conference and to talk to organizers and attendees about planning for future evolution of the conference and workshops.
Computer software is always broken.Hilarie Orman
Somebody's always throwing hacks,
Somebody's always heaving rootkits,
Playing ugly Yahoo tricks.
Computer software is always broken,
Something or other is going wrong.
Something is rotten -- I think, in Redmond*.
End of the software security song.
*Or Palo Alto, or Mountain View, or Ft. Meade, or ...
(with apologies to Vachel Lindsay)