Welcome to the SOSP History Day Workshop Website
Fifty years ago the first SOSP launched operating systems as a domain of fundamental principles at the core of computer science. With ten speakers and a panel we will celebrate the history of ideas that emerged over that half century and the rich inheritance of ideas, concerns, and practices we have received. Most of our speakers were active during most of these years and will give us first-hand accounts. We will review ideas that have been solidly at the core of operating systems the whole time.
We will learn about ideas that were once big and then fell out of play. We will discover that many researchers in earlier times took up the same issues that concern us today and have left a treasure-trove of work that can help us. We will examine why cyber security, something we have studied since the beginning, has eluded us and has become such a source of suffering for so many people; dare we hope we can make it better?
The workshop will be held on Sunday, October 4, 2015 in Monterey, California from 8:30am to 5:00pm.
_______________________________________________
cap-talk mailing list
cap-...@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/cap-talk
_______________________________________________
e-lang mailing list
e-l...@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/e-lang
In the list of speakers, is that the Andrew Herbert involved with the CAP Computer? Or someone else?
On 19 Aug 2015, at 19:20, Mark S. Miller <eri...@google.com> wrote:Yes, the whole thing will be recorded.On Wed, Aug 19, 2015 at 9:51 AM, Scott Moore <sdm...@fas.harvard.edu> wrote:This looks like it will be a great workshop. Do you know if there will be recordings for those not able to attend?On Sat, Aug 15, 2015 at 5:32 PM, Mark Miller <eri...@gmail.com> wrote:At <http://www.ssrc.ucsc.edu/sosp15/workshops/HistoryDay/>:Welcome to the SOSP History Day Workshop Website
Fifty years ago the first SOSP launched operating systems as a domain of fundamental principles at the core of computer science. With ten speakers and a panel we will celebrate the history of ideas that emerged over that half century and the rich inheritance of ideas, concerns, and practices we have received. Most of our speakers were active during most of these years and will give us first-hand accounts. We will review ideas that have been solidly at the core of operating systems the whole time.
We will learn about ideas that were once big and then fell out of play. We will discover that many researchers in earlier times took up the same issues that concern us today and have left a treasure-trove of work that can help us. We will examine why cyber security, something we have studied since the beginning, has eluded us and has become such a source of suffering for so many people; dare we hope we can make it better?
The workshop will be held on Sunday, October 4, 2015 in Monterey, California from 8:30am to 5:00pm.
"SOSP" is "Symposium on Operating Systems Principles". This workshop looks amazing. Check out the presenters -- many luminaries from our history all gathered in one place -- Jack Dennis, Lampson, Liskov, and more. I am honored to be included in the panel at the end of the workshop.
There should be plenty of time for audience questions and discussion. Everything to be recorded and made public.At <https://www.regonline.com/Register/Checkin.aspx?EventID=1238062> you can register for all of SOSP including this workshop. For just History Day, <http://www.ssrc.ucsc.edu/sosp15/registration.html> says "Workshop registration is $250, and allows attendees to attend any workshop on Sunday" though I do not see it on the form.
_______________________________________________
cap-talk mailing list
cap-...@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/cap-talk
Perhaps you could help me understand a little better?
I'm having trouble seeing how "any vulnerability in any software
someone like myself may invoke, for example the sqrt function, is a
threat to delete all my files or contribute to a DDOS or spear
phishing attack" is any more or less true than "insecurity anywhere is
a threat to security everywhere."
I'm not cc'ing cap-talk, but feel free to do so on your reply.
On Fri, Oct 9, 2015 at 7:52 AM, Mark S. Miller <eri...@google.com> wrote:
> Too strong and simply untrue, to the point of inviting accusations of "straw
> man".
>
>
> On Thu, Oct 8, 2015 at 9:00 PM, Dan Connolly <dc...@madmode.com> wrote:
>>
>> On Thu, Oct 8, 2015 at 9:22 AM, Mark S. Miller <eri...@google.com> wrote:
>> ...
>> > Today, when we secure systems, we assign authority to identities.
>> > When I run a program, it runs as me.
>> > The square root function in my math library can delete my files.
>> > Although it does not abuse this excess authority,
>> > if it has a flaw enabling an attacker to subvert it,
>> > then anything it may do, the attacker can do.
>> > It is this excess authority that invites most of the attacks we see in
>> > the
>> > world today.
>>
>> Borrowing from MLK, how's this for a bumper-sticker version of the
>> consequences of the conventional approach?
>>
>> Insecurity anywhere is a threat to security everywhere.
--
Dan Connolly
http://www.madmode.com/
On Sun, Oct 11, 2015 at 1:22 PM, Mark S. Miller <eri...@google.com> wrote:
> On Sun, Oct 11, 2015 at 11:14 AM, Dan Connolly <dc...@madmode.com> wrote:
>>
>> Perhaps you could help me understand a little better?
>>
>> I'm having trouble seeing how "any vulnerability in any software
>> someone like myself may invoke, for example the sqrt function, is a
>> threat to delete all my files or contribute to a DDOS or spear
>> phishing attack" is any more or less true than "insecurity anywhere is
>> a threat to security everywhere."
>>
> If the sqrt function you're running is vulnerable, you are at risk. But if
> only the sqrt function I am running is vulnerable, that does not put you at
> risk.
If there's an arbitrary code execution vulnerability in the sqrt
function you are running, then the attacker can forge network messages
from you or your machine. If that sqrt function is on enough machines,
the attacker can can reach out and put me at risk.
> Note that the vulnerability-thru-excess-authority I am focused on here is
> quite distinct from DDOS, which is a resource exhaustion attack on
> availability; or spear phishing, which is a social engineering attack
> involving further human actions.
I don't see the distinction in practice. DDOS attacks and spear
phishing are, in practice, deployed by exploiting
vulnerability-thru-excess-authority as a consequence of conventional
security choices.
It would seem to me that capability approaches don't have the same
explosive* consequences to faults and hence the economics of
propagation would be entirely different.
The other alternative I see is identity-based systems that are
sufficiently locked down to have similar economics. I don't think
botnets of iPads are very likely.
* in the sense of https://en.wikipedia.org/wiki/Principle_of_explosion
As an example from the enterprise space. A measurement of the deployments of jvms on servers in a major bank showed a mean of 6 versions per server for those computers that had java installed (which was most of them, iirc). Since the variation is not normally measured, it’s not likely to be well controlled.
Thanks, all interesting and salient points.
Not yet.