Lead or attend a BoF! Meet with your peers! Present new work! Don't miss these special activities designed to maximize the value of your time at the conference. The always popular evening Birds-of-a-Feather sessions are very informal gatherings of persons interested in a particular topic.
Want to demonstrate a new product or discuss your company's latest technologies with USENIX Security attendees? Host a Vendor BoF! These sponsored one-hour sessions give companies a chance to talk about products and proprietary technologyand they include promotional benefits. Email firstname.lastname@example.org if you're interested in sponsoring a Vendor BoF. Click here for more information about sponsorship opportunities.
Scheduling a BoF
To schedule a BoF, simply write the BoF title as well as your name and affiliation on one of the BoF Boards located in the registration area. If you have a description of our BoF you'd like posted on this Web page, please schedule your BoF on the BoF board, then send its title, the organizer's name and affiliation, and the date, time, and location of the BoF to email@example.com with "USENIX Security '11 BoF" in the subject line.
BoF Schedule (as of August 10, 2011)
For the most current schedule, please see the BoF Boards in the registration area.
|Thursday, August 11, 2011
Data Management *Plans*
University of Wisconsin-Stout;
Carl Landwehr, NSF;
and Tara Whalen,
Office of the Privacy
Commissioner of Canada
Cyber Security Decision Market
Dr. Greg Shannon, CMU CERT
Tuesday, August 9, 7:00 p.m.–8:00 p.m., California West
As described in Dan Geer's May column in the IEEE Security and Privacy Magazine, Geer, Hutton and Shannon have kicked off the alpha test/phase of their Cyber Security Decision Market project. Come hear and discuss the current status, future plans, and problems/challenges with a security-oriented decision market.
Is Large-Scale Network Security Monitoring Still Worth the Effort?
George Jones and Drew Kompanek, CMU CERT
Tuesday, August 9, 8:00 p.m.–9:00 p.m., California East
Come join us to hash out current challenges in large-scale network security monitoring. Is it still relevant and effective? What are the challenges? What are the wins? What's changing?
We may discuss some, all or none of the following: At what scale is
network security monitoring no longer effective? Who should be
"cleaning our pipes", and where? What data is available? What analysis
can we do with it? How do network architecture choices impact our
ability to monitor? How do we adapt to changes in ["users", "data",
"clients", "services", "access", "methods", "controls", "threats",
"vulnerabilities",...]? What do the latest IT buzzwords ("cloud",
"mobile","social-networks",...) really mean for network security?
What are the real technical implications? What non-technical stuff
("policy","mission","roles") do we need to understand?
Field data available at Symantec Research Labs: Benchmarking security with WINE
Tudor Dumitras, Symantec Research Labs
Wednesday, August 10, 8:30 p.m.–10:30 p.m., Elizabethan A
Oracle Solaris Security Vendor BoF
Alex Barclay, Glenn Faden, Valerie Fenwick, and more...
Thursday, August 11, 7:30 p.m.–8:30 p.m., Elizabethan A
Discussions and thoughts about how Oracle Solaris Security can help protect you in the Cloud! Oracle Solaris Security engineers will be on hand to talk about features in the up-coming Oracle Solaris 11 release and
answer questions. There will be give-a-ways for excellent questions and beer!
Data Management *Plans*
Elizabeth Buchanan, University of Wisconsin-Stout; Carl Landwehr, NSF; and Tara Whalen, Office of the Privacy Commissioner of Canada
Thursday, August 11, 8:30 p.m.–10:30 p.m., Elizabethan A
The U.S. National Science Foundation has recently instituted a rule requiring all grant proposals to include a "data management plan": how data will be preserved, shared with other researchers, etc. Preserving data for future research or reanalysis is an excellent concept; data is at the heart of science. Some data, though, is sensitive; it may include personally identifiable information, information about vulnerabilities in particular computers, access credentials such as passwords, data collected under an approved Institutional Review Board (IRB) protocol, etc. Clearly, these cannot be made available to all requesters. The NSF has offered minimal guidance about such issues, saying only that "Such data must be maintained and released in accordance with appropriate standards for protecting privacy rights and maintaining the confidentiality of respondents. Within legal constraints, what constitutes reasonable data access will be determined by the community of interest through the process of peer review and program management." In other words, each research community needs to develop its own standards. This panel will start developing a consensus in the security and privacy research community on how such data should be handled, to whom it can be released, and under what conditions.