Usenix security has latest in security research.
The 11th Usenix Security Symposium, held early last month in San Francisco, provided insights into future commercial security work. The conference is largely an academic one, with refereed papers and invited talks.
The paper ìSecurity in Plan 9î was honored with the conferenceís Best Paper award for its description of the centralized credential server Factotum. (For related Factotum coverage, go to www.eweek.com/links.)
Many security research groups used Linux as a testbed. One area of work discussed was Linux Security Module, which is a thorough series of hooks incorporated in the Linux 2.5 development kernel that will allow Linux to gain trusted operating system features such as mandatory access control. This is a big step forward for any operating system, and I think the approach will be very effective. If only simple security features such as file access control lists would get put into the standard Linux kernel, too! Other papers discussed better techniques for detecting buffer overflows, static code analysis techniques to look for common programmer security errors, biometric authentication and the impact of the Digital Millennium Copyright Act on security research. (For a list of abstracts and links to full papers, go to www.eweek.com/links.)
Timothy Dyck is a Senior Analyst with eWEEK Labs. He has been testing and reviewing application server, database and middleware products and technologies for eWEEK since 1996. Prior to joining eWEEK, he worked at the LAN and WAN network operations center for a large telecommunications firm, in operating systems and development tools technical marketing for a large software company and in the IT department at a government agency. He has an honors bachelors degree of mathematics in computer science from the University of Waterloo in Waterloo, Ontario, Canada, and a masters of arts degree in journalism from the University of Western Ontario in London, Ontario, Canada.