DIMACS Workshop on Software Security

January 6-7, 2003
DIMACS Center, CoRE Building, Rutgers University

Organizers:
Gary McGraw, Cigital, gem@cigital.com
Ed Felten, Princeton University, felten@cs.princeton.edu
Virgil Gligor, University of Maryland, gligor@umd.edu
Dave Wagner, University of California at Berkeley, daw@cs.berkeley.edu

Invited Speakers:
Michael Howard, Microsoft, The Microsoft Trustworthy Computing Initiative from the Inside
Brian Kernighan, Coding Excellence: Security as a Side Effect of Good Software
Dan Geer, @stake, Software Security in the Big Picture: Repeating ourselves all over again
Presented under the auspices of the Special Focus on Communication Security and Information Privacy.

Preliminary Program:

Monday, January 6th, 2003

Time

Agenda item

8:00-9:00

Breakfast (DIMACS)

9:00-10:00

Gary McGraw, Cigital (Author of Building Secure Software)

The Art and Science of Software Security

10:00-10:30

Group discussion

10:30-10:45

Morning break

10:45-12:00

Outrageous Opinions (to be submitted by attendees);

Examples to spark ideas:

  • The TCPA is good for everyone
  • Capabilities are the only way to go
  • Open source is a security panacea
  • Security does not matter to users at all

12:00-1:30

Lunch (DIMACS)

1:30-2:00

Breakout session Administration

  • Groups, group leaders, goals for sessions

2:00-3:00

Invited talk: Michael Howard, Microsoft (Author of Writing Secure Code)

The Microsoft Trustworthy Computing Initiative from the Inside

3:00-3:30

Group discussion

3:30-4:00

Break

4:00-5:00

BREAKOUT: Security Engineering

  • Requirements
  • Architecture and design
  • Coding and Testing
  • Manageability

BREAKOUT: On Architecture and Implementation

    • Design risks
    • Implementation risks
    • Technology Tradeoffs
    • Experience and expertise

5:00-7:30

Dinner (on your own)

7:30-10:00

Wine and cheese reception and poster session

Tuesday, January 7th, 2003

Time

Agenda item

8:00-9:00

Breakfast (DIMACS)

9:00-10:00

Invited talk: Brian Kernighan

Coding Excellence: Security as a Side Effect of Good Software

10:00-10:30

Group discussion

10:30-10:45

Morning break

10:45-12:00

BREAKOUT: Security Analysis

  • Role of expertise
  • Auditing design
  • Auditing code
  • Security Testing

BREAKOUT: Mobile code and Malicious Code

  • .NET and Java
  • Web services
  • Modern malicious code

12:00-1:30

Lunch (DIMACS)

1:30-2:30

Invited talk: Dan Geer, @stake

Software Security in the Big Picture: Repeating ourselves all over again

2:30-3:30

BREAKOUT: Open Research Issues

  • Hard problems

BREAKOUT: Education and Training

  • Academia
  • Industry developers

3:30-4:00

Break

4:00-5:30

Workshop wrap-up

  • Reports from breakout sessions
  • Program committee summary

Announcement and Call for Participation  |   Program  |   Papers and Slides  |   Workshop Details  |   Registration  |   Application for Financial Support  |   Other Workshops  |   DIMACS Homepage

Document last modified on October 11, 2002.
Contact the Center