Systematic Solutions For Preventing Security-Critical Bugs
Thomas Austin, San Jose State University
News stories abound about security vulnerabilities resulting in the loss of sensitive information or in important systems being compromised by attackers. In many cases, these vulnerabilities are the results of common program logic errors. These bugs are the inevitable result of programming languages and developer tools that seem to lead developers into making mistakes rather than helping developers avoid these mistakes. In this talk, we discuss how common vulnerabilities such as buffer overflows and SQL injection can be addressed in a more systematic fashion. We review different tools being developed today that attempt to defend against more complex attacks, and show how better programming language design may lead to a more secure future.
Cs Education As A Min/Max Problem: Or My Rationale For A Under Division Cs Curriculum
Tom Murphy, Contra-Costa Community College
Students, and people in general, like to get as much value from as little work as possible. This is a great trait for CS professionals. This talk will focus on the courses that help with theory and practice, as well as fostering problem solving. It proposes coding as a necessity for all CS professionals. It further proposes that CS clubs and non-graded events, such as hackathons, foster all of the above.
Let's Encrypt: An Open Source Project To Encrypt The Entire Web
Jeremy Gillula, Electronic Frontier Foundation
Setting up an encrypted (HTTPS) website can be a challenging task for anyone who's not a professional sysadmin. Not only do you have to first obtain a certificate from a Certificate Authority (which can sometimes cost several hundreds of dollars), you then have to figure out how to properly configure it on your system. For a professional sysadmin this process can take over an hour; for an amateur who just wants to run their website in a secure way, it can be baffling to the point of impossible. And either way, it's easy to make simple configuration mistakes that will dramatically decrease the security of your site. Let's Encrypt is a joint project between the Electronic Frontier Foundation, Mozilla, Akami, Cisco, and open-source developers around the world, to fix this. Let's Encrypt is a free, automated Certificate Authority which anyone can use to quickly and automatically setup HTTPS on their web server. In this talk, I'll give a quick background on how the HTTPS and certificate infrastructure works, what technical challenges Let's Encrypt will address, and how it will do so.
Technical Considerations For Vr
Jason Shankel, CTO, Wildstop
Virtual reality headsets are poised to become the next breakthrough in human/computer interface technology. Let’s explore the unique challenges involved in supporting VR rendering and headset input.
Helping Developers Make Sense Of Distributed Systems
Ivan Beschastnikh, University of British Columbia
Distributed systems pose unique challenges for software developers. Reasoning about concurrent activities of system nodes and even understanding a system's communication topology can be difficult. In this talk I will discuss two tools that my group has developed to help developers overcome some of these challenges. Both tool allow developers to gain insight into the runtime operation of their systems. The first tool, ShiViz, lets developers visualize, explore, and query logged distributed system executions. The second tool, DInv, semi-automatically identifies the variables that comprise the distributed state of a system, and infers likely data invariants that summarize the observed concrete distributed state values.