[cap-talk] "ACLs don't" paper rejected from Oakland 09
Tyler Close
tyler.close at gmail.com
Thu Jan 29 14:19:46 EST 2009
On Thu, Jan 29, 2009 at 11:53 AM, David Wagner <daw at cs.berkeley.edu> wrote:
> Toby Murray wrote:
>>I honestly don't believe that the insights assembled in this paper are
>>common knowledge, especially amongst security traditionalists. They are
>>certainly not covered by any of the mainstream general texts on computer
>>security that would be used by any University security course.
>
> I would say that the Oakland conference does not exist to educate the
> world. Just because something is not widely known is not sufficient
> reason for publication in Oakland. Also, I can think of lots of things
> in security that are not widely known -- they are known only to specialists
> -- but would not be published at Oakland. "Not widely known" is far too
> low a bar; novelty requires a much stronger condition, e.g., "not
> previously known" or "not previously published" (even in an obscure
> place) or somesuch.
The reviewer comments give the impression, and explicitly state in
some cases, that these ideas are not even understood by the reviewers
at the Oakland conference. Several Oakland reviewers have produced
recent major works that suffer from these misconceptions. My paper
documents a few of these, such as ABAC and stack introspection.
What existing papers could people read and come away with the same
level of understanding they get from "ACLs don't"? Understanding this
stuff is a big deal. As the luminaries say, this is the foundation of
our entire field:
"""
Most computer security uses the access control
model [9], which provides a basis for
secrecy and integrity security policies.
"""
--Tyler
More information about the cap-talk
mailing list