Researchers and practitioners head to San Jose
USENIX Security 2008
The 17th Security Symposium met in San Jose, California, USA, during the week of July 28, with a refereed paper track and Invited Talks.
USENIX Security might lack the buzz surrounding DefCon, but the content more than makes up for this. The competition for getting a paper accepted is fierce, with only 27 of 174 papers getting the nod from the Program Committee this year. And you will find the research behind some of the hot topics in security in these papers.
Niels Provos delivered a paper and an invited talk, both about the work he has been doing at Google to uncover infected websites. Google, like other search engine companies, creates constantly updated caches of web pages. Provos and his associates have built software that scans tens of millions of web pages each day, selecting a million URLs to load into instrumented virtual machines running Windows and IE.
Provos said that one in a thousand URLs will direct IE to a malware download site that can result in Windows being automatically exploited – a drive-by download. The distribution of malware-infected web servers by type is roughly equivalent, so visiting a financial or social networking site is almost as dangerous as hitting sites with adult content.
Researchers like to collect new malware variants, and a team from Johns Hopkins (that included Provos) built the world's most flexible server to do just this. Sam Small explained how they used a natural language learning approach to design a server that can elicit responses from a wide range of protocols, allowing the researchers to collect malware for analysis – imagine a server that responds "correctly" as if it were running more than 500 web services.
Although MIT students were prevented from presenting their talk about getting free Mass Transit rides at DefCon, two students from the University of Virginia and two members of Chaos Computer Club Berlin wrote a paper detailing how to recover the encryption keys used in the same RFID chips (Mifare) that the MIT students wanted to describe. Their technique required both physical methods (acetone to separate the chip, then polishing to remove layers) and software techniques to identify the encryption key encoded in the revealed gates.
More recent research getting attention involved reading the DRAM of systems after they had been turned off. William Clarkson presented "Cold Boot Attacks on Encryption Keys," which was awarded best student paper, and showed how data can be extracted from memory more than half an hour after a system has been shut down – if the RAM is kept cool. Clarkson proved that he and his co-authors could recover the encryption keys used by OS X's File Vault, Vista's Bit Locker, and several schemes used in Linux to encrypt hard drives.
The best paper award went to Jian Zhang, Phillip Porras, and Johannes Ullrich, who wrote about their system for creating highly predictive blacklisting. By grouping sites both regionally and according to their attack surface, they improved on the effectiveness of both the Global Worst Offender List (GWOL) and Local Worst Offender List (LWOL).
I found comments by Dawson Engler, one of the founders of Coverity, a static code-checking tool, really incredible. During his invited talk, Engler said that many of Coverity's customers object to improvements in their tools because it finds more potential bugs – and thus makes the customers' code look worse. It seems that many organizations would prefer not to know where their bugs are.
The papers are available at http://www.usenix.org/events/sec08/tech/, and you can find video streams of invited talks courtesy of Linux Pro Magazine [1] (Figure 1).
Infos
- Linux Pro Magazine video archives: http://www.linuxpromagazine.com/usenix_sec08
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
NVIDIA Released Driver for Upcoming NVIDIA 560 GPU for Linux
Not only has NVIDIA released the driver for its upcoming CPU series, it's the first release that defaults to using open-source GPU kernel modules.
-
OpenMandriva Lx 24.07 Released
If you’re into rolling release Linux distributions, OpenMandriva ROME has a new snapshot with a new kernel.
-
Kernel 6.10 Available for General Usage
Linus Torvalds has released the 6.10 kernel and it includes significant performance increases for Intel Core hybrid systems and more.
-
TUXEDO Computers Releases InfinityBook Pro 14 Gen9 Laptop
Sporting either AMD or Intel CPUs, the TUXEDO InfinityBook Pro 14 is an extremely compact, lightweight, sturdy powerhouse.
-
Google Extends Support for Linux Kernels Used for Android
Because the LTS Linux kernel releases are so important to Android, Google has decided to extend the support period beyond that offered by the kernel development team.
-
Linux Mint 22 Stable Delayed
If you're anxious about getting your hands on the stable release of Linux Mint 22, it looks as if you're going to have to wait a bit longer.
-
Nitrux 3.5.1 Available for Install
The latest version of the immutable, systemd-free distribution includes an updated kernel and NVIDIA driver.
-
Debian 12.6 Released with Plenty of Bug Fixes and Updates
The sixth update to Debian "Bookworm" is all about security mitigations and making adjustments for some "serious problems."
-
Canonical Offers 12-Year LTS for Open Source Docker Images
Canonical is expanding its LTS offering to reach beyond the DEB packages with a new distro-less Docker image.
-
Plasma Desktop 6.1 Released with Several Enhancements
If you're a fan of Plasma Desktop, you should be excited about this new point release.