Cipher Issue 173, June 3, 2023, Editor's Letter

Dear Readers,

The Security and Privacy Symposium was held in San Francisco, CA recently, and I was one of the small group of virtual attendees. In-person attendee numbers were back to pre-COVID levels, which surprised me because I found the virtual experience to be quite pleasant. At the Technical Committee business meeting there was a lively discussion about how to support in-person attendance while minimizing the registration cost, which is about twenty times higher than 20 years ago when S&P was "Oakland". The conference will be in San Francisco again next year, but further years out are TBD.

If you have input or interest on the subject of the location of future S&Ps, there is a discussion list sp-location @ lists.ieee-security.org . For other topics about S&P, contact the steering committee at sp-sc @ ieee-security.org.

As usual, the research papers covered a wide swath of topics from cryptographic attacks to machine learning privacy and onto IoT side channels. We live in an electronic ecosystem in which everything is connected to everything else, just like the ecosystem of living things. When those systems merge, as the AI pundits assure us they will, what will "security" mean?

Along the lines of AI, it seems that being as attack and defense in computer systems is an adversarial game, and being as the "moves" in the game are easily discernible from documents about network protocols and from open source software, I predict that machine learning will turn up the next generation of zero day attacks, as well as some interesting "pre-zero-day" defenses.

And we shall play a game of chess,
Opening all ports and waiting for a ping upon the wall.

(a tweaking of a tiny bit of T. S. Eliot),
      Hilarie Orman