[ACSAC LOGO]

Eleventh Annual Computer Security Applications Conference

Technical Program



Technical Program Features and Organization

We continue to add diversity to the manner in which computer security applications are discussed at the conference. Paper sessions include refereed papers that describe the latest in implementations and applications-oriented research. The conference includes two types of sessions designed to allow significant time for interaction with the audience: panel sessions are designed to provoke discussion on a controversial topic; forum sessions report on the results of implementation activities. The Vendor Track proved to be valuable the last two years and is included again this year. The Vendor Track, Track C, allows providers of products and/or services an opportunity to describe the innovative ways in which their products or services are being used to implement secure systems. Track C will run concurrently with the technical sessions. Presentations will be given on capabilities and applications of INFOSEC products to realistic civil, defense, and commercial problems. Track C will feature systems integrators, designers, and architects from the government and private sector. The displays will be open during the Wednesday evening reception and Thursday (between sessions and breaks).

Conference Program
Wednesday, December 13, 1995
General Session and Technical Tracks

7:30 Registration	

8:30 General Session

GENERAL SESSION

8:30 Opening Remarks
	Ann Marmor-Squires
	Conference Chair
	TRW

8:35 Welcome to New Orleans
	Hotel Manager

8:40 Keynote Speaker
	Paul Strassmann
	SAIC

9:10 Distinguished Lecture				
	Bob Courtney
	Robert Courtney Co.

9:55 Technical Program Introduction			
	Dr. Gary Smith
	Program Chair
	ARCA Systems, Inc.



10:00 BREAK

10:30 TRACKS A/B/C BEGIN:

TRACK A TRACK B TRACK C

Firewalls


Session Chair: J. Epstein, Cordant. Inc.
  • A Network of Firewalls: An Implementation Example.
    B. McKenney, D. Woycke, W. Lazear, The MITRE Corporation
  • Sidewinder:* Combining Type Enforcement and UNIX.
    D. Thomsen, Secure Computing Corporation
  • Secure Remote Control and Administration of Uninterruptable Power Supply-Systems with SNMP.
    N. Berg, AEG Daimler Benz Industry, G. Enste, D. Kraus, debis Systemhaus GEI, Germany

Panel: Applying DoD Guidelines to Non-DoD Systems.

Moderator:
  • E. McMahon, TRW
Speakers:
  • D. Preston, IITRI
  • D. Banning, BAH
  • J. Crowley, ISSI
  • W. Riegger, IRS

Secure Network Applications

Session Chair: M. Schanken, NSA
  • DOCKMASTER II.
    C. Hash, D. Willard, NSA
  • Secure Wireless Application.
    D. Wheeler, Motorola
  • Network Security Architecture
    Tom Zmurko, NSA 

12:00	LUNCH

 1:30	TRACKS A/B/C:

TRACK A TRACK B TRACK C

Database Security


Session Chair: L. Notargiacomo, Oracle Corporation
  • Database Design With Secure DBMS Products.
    W. Wiseman & S. Lewis, Defense Research Agency, United Kingdom.
  • A Toolset for Multilevel Database Design.
    R. Burns, AGCS, Inc. & Y. Koh, Raytheon Corporation.
  • Object-Oriented Modeling of Security Semantics.
    E. Ellmer, G. Pernul, University of Vienna, and G. Kappel, University of Linz, Austria

Forum: Experiences Using the Common Criteria to Develop Protection Profiles and Security Targets


Moderator:
  • S. LaFountain, NSA

Speakers:
  • K. Elliott, Aerospace Corp.
  • B. Roussely, NATO
  • L. LaFountain, NSA

Firewalls


Session Chair: D. Cooper, DMC Co.
  • Sidewinder Challenge Site Activity.
    C. Alesso, SCC.
  • ATM Networking Security/Firewalls.
    Jim Hughes, Network Systems.
  • Using NetStalker to Monitor Firewalls.
    S. Smaha, Haystack Labs. 


 3:00	BREAK

 3:30   TRACKS A/B/C:

TRACK A TRACK B TRACK C

Trusted Distributed Systems


Session Chair: E. Siarkiewicz, Rome Laboratory
  • The Triad System: The Design of a Distributed, Real-Time, Trusted System.
    J. Sebes, P. Pasturel, T. Vickers Benzel, D. Hollingworth, E. Cohen, P. Wang, Trusted Information Systems, Inc., M. Barnett, D. Gallon, R. Zacjew, Locus Computing Corporation.
  • Immediacy in Distributed Trusted Systems.
    G. Grossman, Cordant, Inc.
  • Multilevel Security Issues in Real Time Embedded Systems.
    T. Darr, CTA, Inc.

Security Engineering


Session Chair: R. Ross, Institute for Defense Analyses
  • Trusted Software, Repositories and Reuse.
    M. Aldrich, GRC.
  • INFOSEC Metrics: Issues and Future Directions.
    D. Bodeau, The MITRE Corporation.

Solutions Initiated for the Banking Community


Session Chair: E. Keefe, IRS
  • SunScreen.
    J. Alexander, SUN.
  • Certificates to Facilitate Secure Remote Access Computer Management.
    D. Morris, CYLINK.
  • SafeKeyper, Secure Issuing of Certificates.
    S. Kent, BBN



WEDNESDAY, DECEMBER 13, 1995
CONFERENCE RECEPTION


 5:30	RECEPTION--starts promptly at 5:30 pm
The reception provides an opportunity for informal conversation and renewal of acquaintances. Continuing an innovation from last year, vendor displays will be available to provide product and service information.



THURSDAY, DECEMBER 14, 1995
PLENARY SESSION AND TECHNICAL TRACKS


 8:30 PLENARY PANEL

PLENARY PANEL

Plenary Panel: Your Applications vs. The Info-Warriors: Who's going to win?

Moderator:
  • M. Aldrich, GRC
Speakers:
  • G. Denman, GRC
  • L. Wells, OSD
  • W. Schwartau, Interpact, Inc. 


10:00	BREAK

10:30	TRACKS A/B/C:

TRACK A TRACK B TRACK C

Guards


Session Chair: T. Vickers Benzel, Trusted Information Systems.
  • Improving Inter-Enclave Information Flow for a Secure Strike Planning Application.
    J. Froscher, D. Goldschlag, M. Kang, C. Landwehr, A. Moore, I. Moskowitz, C. Payne, Naval Research Laboratory.
  • Lessons Learned During the Life Cycle of an MLS Guard Deployed at Multiple Sites.
    T. Fiorino, P. Casey, M. Easley, R. Jordan, Intermetrics, Inc.

Forum: Roads to Assurance

Moderator:
  • C. Payne, Secure Computing Corporation

Speakers:
  • D. Landoll, Arca Systems, Inc.
  • D. Ferraiolo, NIST
  • J. Filsinger, TIS
  • A. Mastranadi, NSA
  • K. Ferraiolo, Arca Systems, Inc.

Confidentiality


Session Chair: C. McBride, NSA
  • Krypton.
    J. Droge, Mykotronx.
  • Commercial Key Escrow System (CKE).
    P. Dimsmore, TIS.
  • Entrust.
    B. O'Higgins, Nortel. 


12:00	LUNCH

 1:30	TRACKS A/B/C:

TRACK A TRACK B TRACK C

Intrusion Detection


Session Chair: V. Reed, The MITRE Corporation
  • Monitoring and Controlling Suspicious Activity in Real-time With IP-Watcher.
    M. Neuman, En Garde Systems.
  • A DSS-Model For Attack Detection.
    D. Karagiannis, R. Teleska, C. Mayr, University of Vienna, Austria.
  • Addressing Threats in World Wide Web Technology.
    K. Meyer, S. Schaeffer, The Aerospace Corporation, D. Baker, SAIC.

Panel: SSE CMM -- Does it provide appropriate system assurance?

Moderator:
  • A. Cohen, CSE, Canada

Speakers:
  • R. Hefner, TRW
  • M. Kuchta, CSE
  • J. Adams, NSA
  • M. Schaefer, Arca Systems, Inc.

Data Storage & Retrevial


Session Chair: Dale Geesey, BAH
  • Data Recovery Center.
    C. Ellison, TIS.
  • International Private Key Escrow.
    N. DiTosto, Bankers Trust Co.
  • Secure Storage Across International Lines.
    K. Klemba, HP. 


 3:00	BREAK

 3:30	TRACKS A/B/C:

TRACK A TRACK B TRACK C

Cryptography


Session Chair: A. Friedman, The MITRE Corporation
  • A Secure Voting Protocol Using Threshold Schemes.
    A. Baraani-Dastjerdi, J. Pieprzyk, R. Safavi-Naini, The Centre for Computer Security Research, Australia.
  • Blind Multi-signature Scheme Based on the Discrete Logarithm Problem.
    P. Horster, M. Michels, H. Peterson, University of Technology Chemnitz-Zwickau, Germany.

Access Control


Session Chair: E. Bacic, Texar Software, Corp., Canada
  • LAFS: A Logging and Auditing File System.
    C. Wee, University of California, Davis.
  • RBAC: Features and Motivations.
    D. Ferraiolo, National Institute of Standards and Technology.
  • A New Model for Role-Based Access Control.
    L. Giuri, Fondazione Ugo Bordoni, Italy.

Guards/Network Services


Session Chair: J. Mildner, Navy (NISE East)
  • Standard Automated Guard Environment.
    K. Goertzel, Wang.
  • Secure Network Server.
    R. Smith, SCC
  • Computer Misuse Detection System.
    D. Ryan, P. Proctor, SAIC.



THURSDAY, DECEMBER 14, 1995
CONFERENCE DINNER: ABOARD THE CAJUN QUEEN


 7:00	Conference Dinner:  Aboard the Cajun Queen
	Boarding  7:00 - 8:00 pm
	Dinner Cruise  8:00 - 10:00 pm
This year we have organized a dinner cruise to take us up the Mississippi on board the Cajun Queen riverboat. Boarding will take place from 7:00 - 8:00 pm. When you come aboard, you will have your picture taken as our complimentary gift for joining us this evening. A delicious New Orleans style dinner has been chosen for this wonderful event. We will have a 3-piece jazz band for your enjoyment for the entire 2 hour cruise. The dinner cruise is included in the conference registration fee. Guest tickets for the cruise can be ordered on the pre-registration form for $35.00. Attendance will be limited to 175, so order now!

Note: Looking for something to fill that time gap between the end of the conference sessions and dinner? Why not stroll down to the Riverfront Mall and shop the shops! Most merchants will hold your purchases. You can pick them up when you go back Friday for more. The boarding ramp for the Cajun Queen is located near the shops so you will be close when the time comes to board the ship. Just watch your time!



FRIDAY, DECEMBER 15, 1995
TECHNICAL TRACKS


 8:30 TRACKS A/B/C:

TRACK A TRACK B TRACK C

Assurance


Session Chair: M. Abrams, The MITRE Corporation
  • The Trust Technology Assessment Program and the Benefits To U.S. Evaluations.
    B. Abramowitz & J. Connolly, The MITRE Corporation.
  • Understanding and Managing Risk in Software Systems.
    S. Fletcher, R. Jansma, J. Lim, M. Murphy, G. Wyss, Sandia National Laboratories.
  • A New Perspective on Combining Assurance Evidence.
    J. Kahn, The MITRE Corporation.

Panel: Aggregation -- Three Approaches in Practice


Moderator:
  • P. Boudra, DoD

Speakers:
  • D. McAllister, EDS/MCS
  • D. Peeples, NSA
  • D. Marks, NSA

Encryption


Session Chair: J. Eller, DISA
  • nTERFORT.
    Alex Nagy, Hughes.
  • ATM Encryption.
    Joyce Capell, Lockheed-Martin.
  • Proscriptor Security System.
    R. Mackenzie, Avant Guardian, LTD. 


10:00	BREAK

10:30 TRACKS A/B/C:

TRACK A TRACK B TRACK C

Formal Tools


Session Chair: K. Keus, German Information Security Agency.
  • A Semi-Formal Method for Specification of Interfaces to a C2 System.
    J. Epstein & G. Grossman, Cordant, Inc.
  • A Practical Tool for Developing Trusted Applications.
    C. Irvine & D. Volpano, Naval Postgraduate School.
  • The Formal VSE Development Method-A Way to Engineer High-Assurance Software Systems.
    F. Koob, M. Ullmann, S. Wittmann, BSI, Germany.

Panel with Papers: Two Views of Security Risk Management


Moderator: J. Heaney, The MITRE Corporation
  • A New Risk Management Paradigm for INFOSEC Assessments and Evaluation.
    G. Jelen, Consultant.
  • Risk Management and Information Security.
    D. Ryan, SAIC and Julie Ryan, BAH.

Audit & Analysis


Session Chair: N. Kunes, Motorola
  • Product Security Profiles.
    T. Losonsky, NSA.
  • Efficient On-Line Access of Large Knowledge Bases.
    H. Degrafft, Sparta, Inc.
  • Failures-Divergence Refinement.
    Jim Woodcock, Formal Systems.



FRIDAY, DECEMBER 15, 1995
OPTIONAL SOCIAL EVENT: CIRCLING THE CRESCENT CITY


 1:00	Optional Social Event:  Circling the Crescent City
	1:00-4:00 p.m.
Take this opportunity to see the city! A tour escort will take you by deluxe motorcoach for a three hour tour of the city that will take you around the historic French Quarter and beyond. You will visit Jackson Square (site of the city's founding), St. Louis Cathedral, Pontalba Apartments (oldest in the US), the Presbytere, and the Cabildo (site of the Louisiana Purchase signing in 1803).

After the French Quarter, you will proceed to City Park and Bayou Saint John. You will also make a stop at an above ground cemetery where your escort will explain the unique above-ground burial system. The tour will take you to Lake Pontchartrain to view the longest causeway bridge in the world. From there, the tour will go along the St. Charles Avenue streetcar route and pass the picturesque Tulane and Loyola Universities. The "Avenue," as it is called, is lined with old and beautifully restored homes with semi-tropical gardens and seasonal flowers which gives it the name of the "Garden District of New Orleans."

There is still much more to be seen and too long to mention, so sign up for this wonderful excursion! The cost is $25.00 per person. Pre-registration is required.





[ACSAC HOME PAGE] [ GENERAL INFORMATION] [ PROGRAM OVERVIEW]
[ TECHNICAL PROGRAM] [ TUTORIALS] [ REGISTRATION/LOGISTICS]