A short note on a research-focused security conference in Cambridge last weekend. The format was traditional talks; the audience was substantially academic; the level of technical depth was higher than my usual events.
What I observed
The academic-research community continues to produce work that is several years ahead of operational deployment. Specific examples from talks:
- Formal verification techniques for cryptographic protocols, with specific examples of vulnerabilities found in widely-deployed protocols by automated checking.
- Research on covert channels in network protocols, with implications for data exfiltration that defenders have not yet started thinking about.
- Early work on hardware-level attestation that may eventually solve the kernel rootkit detection problem.
What I am taking from this
The research community continues to be ahead. What is novel research today is operational reality in 5-10 years. Practitioners who read research papers are better-positioned than those who do not.
The cross-pollination at conferences is undervalued. Several conversations at the conference produced ideas I would not have encountered through reading alone.
More as the year develops.