Keynotes
Distinguished Practitioner
Insecurity in a Web-Services World
Whitfield Diffie, Chief Security Officer, Sun Microsystems
Twice in the 20th century, we were confronted with technology too valuable to ignore but that bypassed the existing security mechanisms. When long-range radio was first demonstrated in 1904, the only applicable security measure was cryptography, whose development dominated information security for most of the 20th century. Time shared computers presented a similar challenge in the 1960s and 1970s, a challenge that has yet to be fully met. Today, the impending explosion of web services threatens to bypass all technical security measures in a more fundamental way than either of its predecessors.
Whitfield Diffie began his career in security as the inventor of the concept of public key cryptography and has made fundamental contributions to various aspects of secure communications. In the 1990s he turned his attention to public policy and played a central role in opposing both government key-escrow proposals and restrictive regulations on the export of products incorporating cryptography. He is now the Chief Security Officer at Sun Microsystems and is studying the impact of web services and grid computing on security and intelligence.
Invited Essayist
Structuring for Strategic Cyber Defense: A Cyber Manhattan Project Blueprint
O. Sami Saydjari, CEO, Cyber Defense Agency LLC
In February 2002, over 50 leaders in the information assurance field warned the President of the United States of a nation strategic vulnerability in its information infrastructure that could cause mortal damage to the nation. Six years later, some motion in the direction of a government strategic investment is beginning. This essay discusses the principles, metrics, and driving ideas that might lead to an effective program. The paper will address the key capabilities needed at a national scale and how those capabilities might drive a vigorous research and technology agenda. How might we organize a government activity where many agencies surely need to be involved yet must march in a coherent direction? What lessons can we learn from the post Sputnik era mobilization to regain leadership in the space race? Has a cyber-Sputnik been launched in cyberspace and is the U.S. behind in the cyberspace race?
Mr. O. Sami Saydjari is the founder and Chief Executive Officer of the Cyber Defense Agency LLC, where he provides vision, leadership and expertise for building a Research and Consulting concern that creates effective systematic defenses for high-value systems against aggressive cyber-attack. Before founding the Cyber Defense Agency, Mr. Saydjari was a Senior Staff Scientist in SRI International's Computer Science Laboratory, where he was the program leader of the Cyber Defense Research Center (CDRC). While at SRI, Mr. Saydjari led the survivability assessment of the DARPA UltraLog program, whose goal to improve the survivability of software agent architectures to solve large-scale distributed applications.
Prior to SRI, Mr. Saydjari was the Information Assurance Program Manager for DARPA's Information Systems Office. He created and drove the security architecture and technology for a common reference architecture for DARPA and DISA's advanced programs. His focus areas include high-assurance operating systems, network security, public-key infrastructures, and security architecture. Before his assignment at DARPA, Mr. Saydjari was the technical director of the Office of Network Security Infrastructure for the National Security Agency (NSA). In this role, Mr. Saydjari performed an advanced survivability architecture analysis of the MISSI system, including attack trees and fundamental review of required system architecture properties. At NSA, Mr. Saydjari was also the leader of several information assurance research teams in A1 INFOSEC systems design (LOCK), highly assured distributed operating systems design, and trustworthy network systems design.
Mr. Saydjari earned his M.S. in Computer Science from Purdue University. The Director of NSA named Mr. Saydjari an NSA Fellow in 1993 and 1994. He has published more than a dozen technical papers in the field of information security and has presented the results of his research at both such as the National Cryptologic Quarterly, the National Computer Security Conference, IEEE Security and Privacy Conference, and the ACM New Security Paradigms Workshop. He is based in Wisconsin Rapids, Wisconsin.
Classic Paper 1
Seventeen Years -- Network Security is even worse than a plague of locusts
Barbara Y. Fraser, Director of Corporate Consulting Engineering, Cisco Systems
Stephen D. Crocker, CEO, Shinkuro, Inc.
Seventeen years ago, writing RFC 1281 from our perches in the only CERT and the relatively young security area of the IETF, we offered some guidelines for improving network security. We aimed our advice at users, Internet service providers, operating system vendors, and the technical community designing new systems. We had seen the beginnings of the modern age of network attacks -- the Morris worm had been the wake up call three years earlier -- but we had not yet entered the era of firewalls, distributed denial of service attacks, anonymity via wi-fi and cybercafes, etc. In this talk we look back at the advice we offered and the evolution of networks and security issues since then. Some harsh lessons stand out, and we reflect on the difficulties of improving security in the more complex and fractured network environment we live in today.
Barbara Fraser is responsible for managing the direction and work related to security and, most recently, mobility at Cisco Systems, Inc. Barbara has been active in the Internet community for many years, with 20 years of experience in the area of Internet security. She was an early pioneer with the CERT Coordination Center and helped that organization evolve. She has been active in the IETF since 1989. She was editor of Site Security Handbook, contributed to a number of other RFCs. and chaired a number of working groups, including the IPsec working group. Fraser is a recognized expert in Internet security, having served on a National Research Council study panel that published Toward a Safer and More Secure Cyberspace in 2007, as a delegate to G-8 cybercrime workshops, and as an invited speaker at many events. Barbara was a Trustee of the Internet Society from 2000 to 2003 and has been a Director for Public Interest Registry (runs the .ORG top level domain) since 2005. She currently serves as Chairman of the Board.
Dr. Crocker is CEO and co-founder of Shinkuro, Inc., an Internet research and development company building tools for cooperation and collaboration across the Internet and government sponsored projects in Internet security. He is co-chair of the DNSSEC Deployment Working Group, chair of ICANN's Security and Stability Advisory Committee and serves as a Liaison on the ICANN Board.
Dr. Crocker has been involved in the Internet since its inception. In the late 1960's and early 1970's, while he was a graduate student at UCLA, he was part of the team that developed the protocols for the Arpanet and laid the foundation for today's Internet. He organized the Network Working Group, which was the forerunner of the modern Internet Engineering Task Force, initiated the Request for Comment (RFC) series of notes through which protocol designs are documented and shared, and laid the foundation for the open architectural structure of the Internet Protocols. For this work, Dr. Crocker was awarded the 2002 IEEE Internet Award. He remained active in the Internet standards work through the IETF and IAB and served as the first security area director on the Internet Engineering Steering Group from 1989 to 1994.
Dr. Crocker experience includes research management at DARPA, USC/ISI and The Aerospace Corporation, vice president of Trusted Information Systems, and co-founder of CyberCash, Inc. and Longitude Systems, Inc.
Dr. Crocker earned his BA in math and PhD in computer science at UCLA, and studied artificial intelligence at MIT.
Classic Paper 2
System-call Monitoring Revisited
Stephanie Forrest, University of New Mexico
Steven Hofmeyr
Anil Somayaji
A computer security system should protect a computer or network of computers from unauthorized intruders and unauthorized use of data. The similarities between the computer security problem and the problem of protecting a body against damage from internally and externally generated threats are compelling and were recognized as early as 1987 when the term "computer virus" was coined. The connection to immunology was made explicit in the mid 1990s, leading to a variety of prototypes, commercial products, attacks, and analyses. This paper reviews one thread of this active research area, focusing on system-call monitoring and its application to anomaly intrusion detection and response. The paper first discusses the general principles illustrated by the method, reviews how system calls were used in anomaly intrusion detection, and summarizes the results that were obtained. It then discusses the efficacy of various proposed attacks against the method and reviews some of the literature analyzing the method. Next, several important branches of research that have arisen since the original papers were published are summarized, including other data modeling methods, extensions to the basic method, program analysis techniques, and rate limiting responses. The impact of the work in the commercial sector is reviewed, and finally, the significance of this body of work and areas of possible future investigation are outlined in the conclusion.
Dr. Stephanie Forrest is Professor and Chair of the Computer Science Department at the University of New Mexico in Albuquerque. She also serves on the Science Board of the Santa Fe Institute, where she is an External Professor. Her research interests include span many adaptive systems, including computational immunology, evolutionary computation, and biological modeling. She pioneered the use of biologically inspired methods in computer security, including work in intrusion detection and response, automated diversity, and more recently in data privacy. Professor Forrest received the Ph.D. in Computer and Communication Sciences from the University of Michigan (1985).
Before joining UNM in 1990 she worked for Teknowledge Inc. and was a Director's Fellow at the Center for Nonlinear Studies, Los Alamos National Laboratory. She is currently a member of the NSF GENI Science Council, the NSF CISE Advisory Committee, and the UCLA CENS Advisory Board.