Co-Author of Controversial Study Faces Off Against Microsoft Chief Trustworthy Computing Strategist Marking the First In-Person Match Up
BOSTON USENIX, the Advanced Computing Systems Association, announced today that Verdasys Chief Scientist Dan Geer, co-author of "CyberInsecurity: The Cost of Monopoly" and Microsoft's Chief Trustworthy Computing Strategist, Scott Charney, will debate the security implications of an operating system monoculture at the USENIX Annual Technical Conference (USENIX '04), June 27July 2 in Boston. The debate is open to the public and registration is available online and onsite at the conference.
Avi Rubin, security authority, of Johns Hopkins University moderates the June 30 debate, which marks the first in-person discussion on this issue that first made headlines last fall when Geer and six colleagues published a paper questioning the potential security risk posed by the domination of one operating system. The report is built on a biological principle that species with little genetic variation are the most vulnerable to catastrophic epidemics, such as viruses. Genetic diversity increases the chances that some may survive an attack. According to Geer and his colleagues, the same principle can be applied to global computer security.
"When all computers are exactly alike, an effective attack against one is an effective attack against all," said Geer. "There is no question that diversity is effective in damping out disease in the biologic frame of reference. The question is, what can we learn from that and, more important, will we learn it."
Charney's view is that the "monoculture" idea overly simplistic; it would require an incredible amount of diversity and create a new security nightmare.
"True impactful diversity would require hundreds if not thousands of different operating systems, which would make security even more difficult," said Charney. "The problem is not one of monoculture or diversity, but the lack of historical attention to security. Rather than spending finite resources to create diversity for its own sake and without evidence that security would be improved substantially, we should devote those resources to creating a more secure environment."
USENIX '04 offers groundbreaking research, open source development, and cutting-edge practices. Speakers and sessions include: Alan Nugent, VP and CTO, Novell, "Open Source and Proprietary Software: A Blending of Cultures"; Eliot Lear, Cisco Systems, "Network Complexity: How Do I Manage All of This"; Bruce Schneier, Counterpane, "Thinking Sensibly About Security in an Uncertain World"; Rob Pike, Google, Inc., "Cheap Hardware + Fault Tolerance = Web Site"; and Eric Allman, Sendmail, Inc., "The State of Spam."
In addition, USENIX '04 offers six days of training by expert instructors, five days of SIG Sessions on UseLinux, Security, UseBSD, Extreme Linux, and Advanced System Administration, and daily guru sessions with industry luminaries.
Press Badges and Registration
For complimentary press badges contact Wendy Grubow at 831-626-7503 or wendy@usenix.org.
2004 USENIX Annual Technical Conference
June 27July 2, 2004
Boston Marriott Copley Place
Boston, MA
https://www.usenix.org/usenix04/
About the USENIX Association
USENIX is the Advanced Computing Systems Association. For over 25 years, it has been the leading community for engineers, system administrators, scientists, and technicians working on the cutting edge of the computing world. USENIX conferences are the essential meeting grounds for the presentation and discussion of technical advances in all aspects of computing systems. For more information about USENIX, visit https://www.usenix.org.