[cap-talk] Any hope in RSA 2008?

David Wagner daw at cs.berkeley.edu
Sat Apr 5 02:07:58 CDT 2008 

John Carlson writes:
>My comment would be is  I don't know what research there is currently,
>so I "complain" to figure out if someone already has an answer.

Sounds perfectly reasonable to me.

My objection is not to asking for pointers in this area; my objection is
to anyone who dismisses the entire research area as hopeless without first
taking the time to understand the work that's been done.  Folks like Shap
and MarkM have steeped themselves in the literature enough that they're
qualified to have an opinion.  On the other hand, if you have to ask where
the best research in the field is published, then it's probably premature
to dismiss essentially all computer security research as hopeless.

This is not directed at you, John; this is general frustration and a
plea that we all be careful to avoid dismissing entire research fields
before we've taken the time to understand them.  If we're frustrated
with folks who dismiss object capabilities before they have taken the
time to understand them, and then we ought to be extra-careful to avoid
doing the same to other approaches to computer security.

For those who want to see the leading work on computer security, you can
start with conferences like Usenix Security, IEEE Security & Privacy,
ACM CCS, and ISOC NDSS.  Not all papers in those conferences are great;
but many of the best papers in computer security have appeared in those
conferences.

>In some cases, I don't see ways of downloading research papers (maybe
>I'm missing something on the ACM and IEEE sites).

This is a general problem.  If you're lucky, the authors make a copy
available, or the paper was published at Usenix.  If you're unlucky,
you're stuck: you need a good research library.  If you have access to
a good research library, the best way is to drop by and peruse the
conference proceedings in your hand, looking through the titles and
abstracts to find papers that may interest you.  Many students spend
months getting themselves up to speed on areas of the literature that
are of interest to them.

>Maybe I could test Joe-E too?  Where is the download site?

www.joe-e.org

Testers are welcome -- but be warned, there's little or no documentation,
so testing it will be a real challenge!

More information about the cap-talk mailing list