| 8:30 |
CLASSIC PAPERS
Session Chair: Charles Payne, Adventium Labs, USA
Looking Back on the Bell-LaPadula Model
David Elliott Bell
The Pump: A Decade of Covert Fun
Myong H. Kang, Ira S. Moskowitz, and Stanley Chincheck
Naval Research Laboratory, USA
|
| 10:00 |
BREAK |
|
TRACK A |
TRACK B |
TRACK C |
| 10:30 |
Malware
Chair: Desiree Beck, The MITRE Corporation, USA
Design and Implementation of an Extrusion-Based Break-In Detector for Personal Computers§, Weidong Cui and Randy Katz University of California, Berkeley, USA, and Wai-tian Tan, Hewlett-Packard Laboratories, USA
Detecting Intra-enterprise Scanning Worms based on Address Resolution§, David Whyte, Paul C. van Oorschot and Evangelos Kranakis, Carleton University, Canada
Stealth Breakpoints§, Amit Vasudevan and Ramesh Yerraballi, University of Texas at Arlington, USA
|
PANEL - Highlights from the 2005 New Security Paradigms Workshop
Chair: Abe Singer, San Diego Supercomputer Center, USA
The New Security Paradigms Workshop, held 20-23 September, 2005 in Lake Arrowhead, California, provides a stimulating and highly interactive forum for innovative approaches to computer security. This panel will highlight selected papers focusing on major and provocative themes that emerged from the workshop.
|
Security in Health Care
Chair: Alexis Feringa, Booz Allen Hamilton, USA
The OneHealthPort Trusted Community: Simplifying Access to Information for Healthcare [ More Slides ],
Pierangela Samarti, TriCipher Inc., USA
Curing Secure Remote Access Pains,
Zachary Grant, Sun Healthcare, USA
Enterprise Single Sign-On: How City Hospital Cured Its Password Pain,
Steve Furstenau, Imprivata, USA
|
| 12:00 |
LUNCH |
| 1:30 |
Distributed System Security
Chair: Michah Lerner, IPMetric, USA
mSSL: Extending SSL to Support Data Sharing Among Collaborative Clients§, Juni Li and Xun Kang, University of Oregon, USA
Layering a Publick-Key Distribution Service over Secure DNS§, John Jones, Daniel Berger, and Chinya Ravishankar, University of California, Riverside, USA
PorKI: Making User PKI Safe on Machines of Heterogeneous Trustworthiness§, Sara Sinclair and Sean W. Smith, Dartmouth College, USA
|
Access Control
Chair: Konstantin Beznosov, University of British Columbia, Canada
Uniform Application-Level Access Control Enforcement of Organizationwide Policies§, Tine Verhanneman, Frank Piessens, Bart De Win and Wouter Joosen, Katholieke Universiteit Leuven, Belgium
Using Continuous Biometric Verification to Protect Interactive Login Sessions§, Sandeep Kumar, Terence Sim, Rajkumar Janakiraman, and Sheng Zhang, National University of Singapore, Singapore
Improved Port Knocking With Strong Authentication§, Rennie deGraaf, John Aycock, and Michael Jacobson, University of Calgary, Canada
|
Common Criteria
Chair: Audrey Dale, NSA, USA
Writing a Protection Profile for a Security Service Package,
Don Marks and John Hale, Univ. of Tulsa, USA
MILS, Multiple Independent Levels of Security,
Carol Taylor and Jim Alves-Foss, Univ. of Idaho, USA
A Comprehensive Review of the National Information Assurance Partnership,
Ed Schneider, Institute for Defense Analyses, USA
|
| 3:00 |
BREAK |
| 3:30 |
Passwords and Applied Crypto
Chair: Richard Smith, University of St. Thomas, USA
Graphical Passwords: A Survey§, Xiaoyuan Suo and Ying Zhu, Georgia State University, USA
Have the Cake and Eat It Too -- Infusing Usability Into Password Authentication Systems§, Sundararaman Jeyaraman and Umut Topkara, Purdue University, USA
Fault Attacks on Dual-Rail Encoded Systems§, Jason Waddle and David Wagner, University of California, Berkeley, USA
|
Defense in Depth / Database Security
Chair: J. Thomas Haigh, Adventium Labs and Cyber Defense Agency LLC, USA
Survivability Architecture of a Mission Critical System: The DPASA Example§, Jennifer Chong, Partha Pal, Michael Atigetchi, Paul Rubel, and Franklin Webber, BBN Technologies, USA
Generating Policies for Defense in Depth§, Paul Rubel, BBN Technologies, USA, and Michael Ihde, University of Illinois at Urbana-Champaign, USA, and Steven Harp and Charles Payne, Adventium Labs, USA
Defensive Execution of Transactional Processes against Attacks§, Meng Yu, Monmouth University, USA, and Peng Liu, Penn State University, USA and Wanyu Zang
|
Privacy
Chair: Daniel Faigin, The Aerospace Corporation, USA
Privacy Requirements Implemented with a JavaCard§, Anas Abou El Kalam, LIFO-CNRS, France, and Yves Deswarte, LAASCNRS, France
Privacy-Preserving Alert Correlation: A Concept Hierarchy Based Approach§, Dingbang Xu and Peng Ning, North Carolina State University, USA
Securing Email Archives through User Modeling§, Yiri Li and Anil Somayaji, Carleton University, Canada
|
| 5:00 |
ADJOURN |