Videos are played directly in your browser by a Java applet. Parallel to this, the presentation slides are shown in sync with the video.
You can use the time slider at the bottom edge of the window to fast forward or reverse the video: the slides will stay in sync. If the video freezes when the Java applet loads, please press F5 to refresh your browser window.

Keynote Address

In the spring of 2007, the country of Estonia suffered a deluge of distributed denial of service (DDoS) attacks, coordinated to coincide with street-level protests. These attacks caused nationwide problems for the heavily wired country of Estonia and did so again when they recurred in early 2008. These attacks were not the first such politically motivated attacks and they will certainly not be the last. This talk explores the world of DDoS attacks and their growing role as an online political weapon. It also covers how Arbor Networks measured the Estonia attacks, how other attacks are measured, and what these attacks mean for the Internet at large.

Ted will discuss the security market, past and present. He will review what it takes to succeed in building a company and will look at current opportunities. Ted will also share with the audience a few of his successes.

In a field with few design principles ("defense in depth"? separate duties?), few rules of thumb, no laws named after people more influential than Murphy, no Plancks or Avogadros to hold Constant, and little quantification of any sort (we count only bad things), it appears the best we can do right now is to tell stories.

Over (enough) beer we conjure up lightly anonymized war stories about late-night phone calls, scary devices, hard-to-find bugs that exploiters somehow found, the backups that didn't, stupid criminals, craven prosecutors, cute hacks ("but don't try this at home"), and pointy-haired bosses. . . . There will be a few of these in this talk, but also some cautionary tales and parables—isomorphs of the Old Stories demonstrating human frailty and that the Law of Unexpected Consequences operates most strongly near the intersection of Bleeding Edge and Slippery Slope. Also, just a bit about the future.

Network security protocols, such as key-exchange and key-management protocols, are notoriously difficult to design and debug. Anomalies and shortcomings have been discovered in standards and proposed standards for a wide range of protocols, including public-key and Diffie-Hellman–based variants of Kerberos, SSL/TLS, and the 802.11i (Wi-Fi2) wireless authentication protocols. Although many of these protocols may seem relatively simple, security protocols must achieve their goals when an arbitrary number of sessions are executed concurrently, and an attacker may use information provided by one session to compromise the security of another.

Since security protocols form the cornerstone of modern secure networked systems, it is important to develop informative, accurate, and deployable methods for finding errors and proving that protocols meet their security requirements. This talk will summarize two methods and discuss some of the case studies carried out over the past several years. One method is a relatively simple automated finite-state approach that has been used by our research group, others, and several years of students in a project course at Stanford to find flaws and develop improvements in a wide range of protocols and security mechanisms. The second method, Protocol Composition Logic (PCL), is a way of thinking about protocols that is designed to make it possible to prove security properties of large practical protocols. The two methods are complemen- tary, since the first method can find errors, but only the second is suitable for proving their absence. The talk will focus on basic principles and examples from the IEEE and IETF standardization process.

The move to virtual machine–based computing platforms is perhaps the most significant change in how enterprise computing systems have been built in the past decade. The benefits of moving to virtual infrastructure are substantial, from ease of management and better server utilization to transparently providing a wide range of services from high availability to backup. Despite this sweeping change, the way that we secure these systems is still largely unchanged from how we secure today's physical systems. We must rethink the way we design security in virtual infrastructure, both to cope with the new challenges it introduces and to take advantage of the opportunities it offers.

I will discuss the growing pains of moving from physical to virtual infrastructure in the network and the dissonance this can cause in operational settings: why simply dropping existing firewalls and NIDS into virtual infrastructure can limit flexibility, how new mechanisms can help overcome these limitations, and why these elements are better off being virtual instead of physical. Next, I will look at how virtual machines can affect host security as techniques such as virtual machine introspection become mainstream and the line between host and network security gets increasingly blurred. Finally, I will look at some of the odder and more interesting capabilities virtual platforms will be offering in the next few years which will offer fertile ground for new research.

Security processes inside most commercial development teams haven't caught up with the growing threat from organized crime groups that are becoming better financed, are relying more on automation to find vulnerabilities, and have figured out how to drive down the cost of launching a significant attack. This talk looks at why the incentive to attack and the ability to find flaws are outpacing practiced application security techniques. It examines how the economics of software attack and defense ("hackernomics") is changing and looks at some interesting outcomes, such as making vulnerability discovery a viable business. The talk will include several live vulnerability demonstrations to illustrate the exploitation vs. prevention dynamics.

This talk describes lessons learned taking an academic tool that "worked fine" in the lab and using it to check billions of lines of code across several hundred companies. Some ubiquitous themes: reality is weird; what one thinks will matter often doesn't; what one doesn't even think to reject as a possibility is often a first-order effect.

While the Web provides information and services that enrich our lives in many ways, it has also become the primary vehicle for delivering malware. Once infected with Web-based malware, an unsuspecting user's machine is converted into a productive member of the Internet underground. This talk explores Web-based malware and the infrastructure supporting it, covering an analysis period of almost two years. It describes trends observed in Web server compromises, as well as giving an overview of the life cycle of Web-based malware. The talk shows that Web malware enables a large number of questionable activities, ranging from the exfiltration of sensitive information such as email addresses and credit card information to forming spamming botnets, which are responsible for a significant fraction of the spam currently seen on the Internet.

Nonprofits and local government have experienced more than their share of breaches and notifications over the past several years. The reasons for this are evident: lots of sensitive information, insufficient IT resources, lack of institutional discipline, etc. Clearly more time and resources at these organizations should be dedicated to security.

I discuss whether even identifying the proper balance is a good deal more difficult for public service organizations than has been widely discussed. Will security concerns affect the adoption of electronic medical records, regional health organizations, and nonprofit work? At what point do needed changes in organizational cultures undermine the public mission? What types of security controls and practices are best suited for service agencies? What kinds of research would most help public services?

The Work-in-Progress reports (WiPs) session offers short presentations about research in progress, new results, or timely topics. This is not the place to re-announce work already published, or re-advertise work already accepted at another venue. Speakers should submit a one- or two-paragraph abstract to sec08wips@usenix.org by 6:00 p.m. PDT on Wednesday, July 30, 2008. Make sure to include your name, affiliation, and the title of your talk. The schedule of presentations and accepted abstracts will be posted on the Symposium Web site. The time available will be distributed among the presenters, with each speaker allocated between 5 and 10 minutes. The time limit will be strictly enforced.