New Security Paradigms Workshop (NSPW'2000)
September 19-21, 2000
Review by  Brenda Timmerman

The Call for Papers & Participation for NSPW2001 has been published at 2001 is the tenth anniversary of the New Security Paradigm Workshop, a productive and interactive forum for innovative new approaches to computer security. NSPW2001 will be held September 11 - 13th at Cloudcroft, New Mexico. The deadline for submissions is March 30, 2001 by email or March 23 for hard copies.

As the deadline for submissions is rapidly approaching, a review of NSPW2000 may be of interest to CIPHER readers.

(NSPW) 2000 was held in Cork, Ireland, September 19-21, 2000. The goals of the Workshop are to provide a forum for papers that may not fit in with more traditional venues, e.g. innovative approaches to older problems and early thinking on new topics that might not be fully developed. New approaches to controversial topics are welcomed. The participants at the workshop were limited to those whose submissions were accepted, or who served on one of the Workshop committees, and included an interesting mix of representatives from industry, government, and education, both from the US and international.

The workshop was convened by the Co-Chairs Mary Ellen Zurko of Iris Associates and Steven Greenwald an Independent Consultant from Miami, Florida. The first session, Modeling for Attacks, led by Susan Pancho of Cambridge University, addressed new approaches to security threats including attack net penetration testing, keeping data on cyber adversaries from SRI International, and a requires/provides model for computer attacks.

The session on Information Hiding introduced a new paradigm from NRL for encryption hidden in stenography, the science of transmitting a message between two entities such that an intruder will not even be aware that the message exists. There was also a proposal for an innovative approach using natural language processing for information assurance presented by Victor Raskin, a prominent linguist from Purdue University.

A session that caused active debate among the participants was entitled Active Defense. It included a proposal for dynamic analysis of security protocols and a controversial proposal for disarming computers by equipping them with tools that turn off their attacking capabilities in order to disallow their being used as "zombies" in distributed denial of service attacks. The presentation was made by Danilo Bruschi and Emilia Rosti from Universita' degli Studi di Milano

The session entitled Customizing Security included an approach to security that took into account the different needs of protected systems, Quality of Security Service (QOSS), analogous to quality of service technology, from the Naval Postgraduate School, and a method for characterizing the behavior of programs using multiple length N-grams presented by Carla Marceau of ORA.

Every year NSPW features a two hour discussion session. This year the discussion entitled Apres DDOS, was a lively debate of new paradigms for incident management and discussed the different layers of identity that exist in networks.

The last session, Getting Personal, chaired by Mike Williams, included a proposal for security in Palm Pilots, Conduit Cascades and Security Synchronization, by Simon Foley of Cork University and a multilateral approach to balanced security by Kai Rannenberg of Microsoft Research at Cambridge.

Cyber readers who are thinking about innovative approaches to computer security and want some feedback on their ideas should consider submitting a paper or discussion proposal to NSPW2001.

Brenda Timmerman, California State University, Northridge
Co-Chair Program Committee, NSPW2000 and 2001