Matthias and I currently have to pleasure to be at ACSAC, in New Orleans.
From my perspective, at ACSAC the usual conference visit side-effect of personal interaction with peers plays an even larger role than at many other events. In fact we met a number of people we hadn’t seen for quite some time and I could even clear a long unresolved debt (Hi Pastor! and thanks for those International Journal of PoC issues).
Nancy Leveson from MIT delivered a great keynote on “Applying Systems Thinking to Security and Safety“, mainly discussing how an approach she calls “System theoretic process analysis” (STPA) can be used for identifying hazard scenarios in complex systems, and laying out how the same methods can be used both for safety and security. Really inspiring stuff while at the same time highly relevant, in the age of the Internet of Things.
My personal highlight was the afternoon session on “30 Years Later: The Legacy of the Trusted Computer Systems Evaluation Criteria“. Having been exposed to Common Criteria here+there and having done some stuff in the MLS world many years ago I learned a lot from the three views & memories provided (btw: did you note that Perl was initially developed in the course of the BLACKER program? I didn’t).
We ourselves also had a little contribution today, with a short talk on “Designing State-of-the-Art Business Partner Connections” which goes back to a project described in this blog post. The slides can be found here.
Looking forward to tomorrow,
have a good one everybody
Enno