Subject: Electronic CIPHER, Issue 15, June 1, 1996 _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ==================================================================== Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 15 June 1, 1996 Carl Landwehr, Editor Hilarie Orman, Assoc. Editor ==================================================================== Contents: o Letter from the Editor [1855 lines total] Security and Privacy News Briefs: o LISTWATCH: Items from security-related lists by Mary Ellen Zurko o NRC Cryptography Policy Report: Easier Export, Wider Use for Crypto o GAO Criticizes DoD SBU Computer Security o Draft Report on U.S. Crypto Policy Surfaces o IFIP TC 11 Honors Jajodia with Beckmann Award Conference Reports o Report on IEEE CS 1996 Symposium on Security and Privacy by Christoph Schuba and Mary Ellen Zurko Commentary and Opinion o U.S. Developments in Security and Privacy in the Past Twelve Months by Willis Ware o Comment on "Enforcing the CDA Improperly May Pervert the Internet ArchitectuNew Reports available via FTP and WWW New reports available via FTP and WWW Interesting Links Who's Where: recent address changes Calls for Papers Reader's guide to recent security and privacy literature o Conference Papers: o Journal and Newsletter articles o Book [with review!] NEW: Registry of Security and Privacy Research Projects Calendar >>>>>>>>>>>>>>Data Security Letter subscription offer<<<<<<<<<<< How to join the TC on Security and Privacy Publications for sale TC officers Information for Subscribers and Contributors ____________________________________________________________________ Letter from the Editor ____________________________________________________________________ Dear Readers, Thanks to Christoph Schuba and Mary Ellen Zurko for responding to my last minute appeal for reporters for the Security and Privacy Symposium; the report in this issue is their gift to you. Thanks and congratulations also to Dale Johnson, Steve Kent, John McHugh, George Dinolt, the Program Committee, and most of all the authors and attendees who continue to make the Symposium worth the trip. For the first time, the TC is assembling a hypertext version of the proceedings; at this writing we have installed URL's to well over half the papers presented, and more should be available in a few weeks. See URL http://www.itd.nrl.navy.mil/ITD/5540/ieee/SP96proceedings.html Also this month brought an official report from the US General Accounting Office confirming that there are lots of hackers beating on the doors of Department of Defense unclassified systems (and the door is too-frequently left ajar) and the National Research Council's report on cryptographic policy. With several bills addressing this policy currently before Congress, the debate seems unlikely to cool down for a while. Cipher's research registry is off the ground, but I know there are many more projects out there; send in those URL's. Finally, amidst the new journal announcements I ran across this one: Call for Papers An International Journal on Failures and Lessons Learned in Information Technology Management has been founded. The journal will be published four times a year, starting from January 1997. The publisher is Cognizant Communication Corp., New York. Contact Dr. R Sadananda at sada@cs.ait.ac.th with your tales of woe! Carl Landwehr Editor, Cipher Landwehr@itd.nrl.navy.mil ______________________________________________________________________ SECURITY AND PRIVACY NEWS BRIEFS ______________________________________________________________________ ____________________________________________________________________ Security-Related News Items from Security-Related Mailing Lists by Mary Ellen Zurko, OSF Research Institute (zurko@osf.org) ____________________________________________________________________ This issue's highlights are from fv-users, www-security, sig-security, risks, tbtf, ietf-tls, and e$pam. The difference between technology-based controls and organizational guarantees of privacy came up when Community ConneXion (C2) explicitly posted the reasons why it would not accept First Virtual payments. First Virtual (FV) attempts to explicitly document the pros and cons of its use by sellers and buyers, and some of the reasons given by C2 are old FV issues (buyers assume full risk of non-payment, inappropriate for hard goods). The also cited the continuing issue of whether or not FV is anti-cryptography (while FV publicly always states that they support the implementation of usable crypto systems, they are in a position to continually explain why their system should be considered secure, particularly compared to systems that do use crypto). However, the privacy issue they cite was new to me. It turns out that a buyer's identity could easily be determined from her FV ID (available in all transactions) through the use of finger. CERT has put out yet another advisory warning people not to put interpreters into their Web server's CGI bin directory. A draft white paper on Clipper III has been leaked. One difference seems to be the promise that any limit on encryption key length on exports will be increased (or removed?) when escrow is used. The Java-bug hunters at Princetom found a bug in Netscape Navigator 2.02 that allows an applet to generate and execute arbitrary machine code. Netscape has hired one member of the team for the summer. Other holes announced by other people include the ability to read and write the file system (under certain configurations), Trojan horse applets that effect their servers, and learning the browser's launch path. Various vendors, including IBM, Microsoft, and Novell, are announcing plans to integrate Java into their OSes. Now anyone can "see" where you live on the map, given your address. Check out http://maps.yahoo.com/yahoo/. For some reason, I find this really creepy, even though I know there's no new information available here. Becoming an international arms traffficker has never been so easy! (Although some of us have long appreciated just how easy it can be ...) At http://online.offshore.com.ai/arms-trafficker/, clicking on a button causes three lines of perl code to be sent to an ISP in Antigua; the code implements a patented RSA encryption algorithm. A new on-line privacy initiative, called the Internet Privacy Coalition http://www.privacy.org/ipc/, is working towards the relaxation of laws banning the export of strong crypto. A new IETF working group is working on Transport Layer Security. It's rumored to be inspired by work in SSL and PCT. A member of the W3C team saw a demonstration of a successful cryptanalitic attack against a slightly modified MD5 compressor function. This attack allows an attacker to create a message that has a given MD5 value. Attacking unmodifed MD5 may merely be a matter of CPU. The demo'ed attack takes about 50 MIPS days. ____________________________________________________________________ NRC Cryptography Policy Report: Easier Export, Wider Use for Crypto ____________________________________________________________________ [30 May 1996] The long-awaited report by the National Research Council's Committee to Study National Cryptography Policy was released May 30 at the National Press Club in Washington, D.C. The overview and recommendations from the report, entitled "Cryptography's Role in Security the Information Society," are available at http://wwww.nas.edu/cstweb/28e2.html. Printed copies of the book containing the report (about 500 pages in all) are expected to be available in August, but the highlights, as summarized in the Washington Post, 30 May, 1996, p. B3, are: * Federal policy should promote widespread commercial use of technologies that can prevent unauthorized access to electronic information * The governement should allow ready export of cryptography products using 56-bit DES * The government's plan for promoting key escrow systems is premature * Debate about encryption policies should be conducted openly and does not require knowledge of classified information Although the report stops short of recommending that all export controls on cryptography be dropped, it generally resolves the argument between restricting cryptography in order to assist law enforcement or promoting cryptography in order to protect personal and corporate information against espionage in favor of the latter. The report was conducted at the request of Congress in order to inform debate on public policy for the use of cryptography. Chairing the study was Prof. Kenneth Dam, a former deputy Secretary of State and now Professor of Law at the University of Chicago. Also on the 16-member committee were former Attorney General Benjamin Civiletti and Leslie Gelb, President of the Council on Foreign Relations. Among the members of the panel with ties to the cryptography, computer security and technology communities included Martin Hellman of Stanford, Peter Neumann of SRI, Willis Ware of RAND, Ronald Graham of AT&T Bell Laboratories, and Samuel Fuller of DEC. ____________________________________________________________________ GAO Criticizes DoD SBU Computer Security ____________________________________________________________________ [22 May 1996] Testifying before the Senate Governmental Affairs Committee, General Accounting Office (GAO) representatives Keith Rhodes and Jack Brock released a report criticizing security in DoD computer systems holding sensitive but unclassified (SBU) information. According to the testimony, the DoD estimated that these systems are subjected to a total of about 250,000 "probes" each year, although this number was acknowledged to be only a guess. The testimony indicated that about 65% of in-house attempts to penetrate these systems succeeded (a somewhat lower fraction than previously reported), that only a small fraction of these penetrations were detected, and that a similarly small fraction of detected penetrations were reported. The report, entitled "Information Security: Computer Attacks at Department of Defense Pose Increasing Risks," calls for improved training of system administrators and other measures to improve the security of these systems. It is be available from GAO as document AIMD 96-84, as an ASCII or Adobe PDF file from the US Government Printing Office WAIS server (select GAO Reports and search for "[AIMD-96-84]" or "Information Security"), and as an Adobe PDF file at the GAO web site, currently in the "New Reports" section, at . http://www.gao.gov/new.items/ai96084.pdf Jim Christy of the Air Force Office of Special Investigations described an intrusion in spring 1994 into the Air Force Rome Laboratory's computer systems about two years ago by a 16-year old UK youth known as "Datastream Cowboy," who was apprehended. Another hacker involved, known as "Kuji," was never located. The reported cost of recovering from the intrustion was about $500,000. Planned testimony by Cliff Stoll, Peter Neumann, and Robert Anderson was postponed when committee members had to return to the Senate floor to vote. ____________________________________________________________________ Draft Report on U.S. Crypto Policy Surfaces ____________________________________________________________________ [22 May 1996] A draft paper from the U.S. Interagency Working Group on Cryptography Policy, entitled "Enabling Privacy, Commerce, Security and Public Safety in the Global Information Infrastructure" has been posted on the Internet. It discusses public key cryptography and the establishment of Key Management Infrastructures (KMIs) to support certification of public keys. Key escrow is discussed as a method to recover private keys; skeptics have already dubbed the proposal "Clipper III." Cipher readers can find the full paper at http://www.eff.org/pub/Privacy/Key_escrow/Clipper_III/ 960520_nist_clipper3_paper.draft An Inter@ctive Week report on the draft by Will Rodger is available at http://www.zdnet.com/intweek/daily/960518y.html. _______________________________________________________________________ IFIP TC 11 Honors Jajodia with Beckmann Award _______________________________________________________________________ [29 April 1996] Prof. Basie von Solms, chair of IFIP TC 11, announced that the TC's Kristian Beckman award is being given to Prof. Sushil Jajodia of George Mason University this year. Prof. Jajodia has been an active contributor to IFIP WG 11.3 as well as to the IEEE Security and Privacy Symposium for many years. According to the announcement, "The Kristain Beckman award, in memory of Kristian Beckman, the first Chairman of TC 11, is awarded annually by TC 11 to a person who made a significant contribution to the field of Information Security. The Award has only been awarded twice in it history - in 1993 to Prof. Harold Highland of the USA, and in 1995 to Mr Per Hoving of Sweden. ...Dr Jajodia will accept the Award in May on Samos during IFIP/Sec 96." ______________________________________________________________________ Conference Report ______________________________________________________________________ IEEE CS Symposium on Security and Privacy, Oakland, California, May 6-8, 1996 by Christoph L. Schuba Mary Ellen Zurko (schuba@parc.xerox.com, (zurko@osf.org) schuba@cs.purdue.edu) The 17th IEEE Symposium on Security and Privacy was held at the Claremont Resort in Oakland, CA on May 6-8, 1996. This one-track symposium was sponsored by the IEEE Computer Society Technical Committee on Security and Privacy in cooperation with the International Association of Cryptologic Research (IACR). The symposium was well attended with about 200 registered attendees. Monday consisted of four sessions, two of which were panel discussions that addressed the activities of the object management group's CORBA security standard, and goals for computer security education. The refereed paper session held Monday discussed new results in covert channel analysis. The final session of the day was composed of sixteen five-minute research talks. The official program closed with a reception and poster session. Tuesday consisted of four sessions, the first was a panel discussion on medical information systems. The other sessions covered topics in security protocols, database security, and biologically inspired topics in computer security. Eight additional presentations focused on modeling and networks. The focus of the symposium has shifted in the past few years, the emphasis moving from military security in the 80's to commercial security in the 90's. Rich Simon, a conference attendee in the mid-80's, pointed out that there was not a single military uniform to be seen this year (a big change). Conversely, Dan Wallach, a Princeton graduate student and co-author of the Java paper, mentioned he had never seen so many suits in one room. The program addressed application areas such as electronic commerce and medical information systems. Additionally, last year's experiment, with a complete session consisting of five-minute research talks, was so successful that the experience was repeated. Sixty-seven submissions for refereed papers, four panel proposals, and the diligent work of the program chairs and referees resulted in an interesting and diverse symposium program. MONDAY Panel: Object Management Group CORBA Security Standard Moderated by Terry Benzel (TIS) The participants included Bob Blakley (IBM), Richard Soley (OMG), Bret Hartman (Black Watch Technology), and Roger Schell (Novell). Terry Benzel's current project is exploring the use of CORBA to interoperate between trusted and untrusted systems. Soley began the presentations with an overview of the OMG. He explained the CORBA architecture and goals of the OMG standards. He emphasized that objects are only the tools to solve problems in information access, particularly in terms of interoperability between users and any information source. Bob Blakley gave an overview of the CORBA security standard. He reviewed four issues in detail: authorization management scale, object semantics, forms of delegation, and non-repudiation services. The first problem is scale; there are thousands of users and millions of objects. Users have privilege attributes, which are name/value pairs. Some attributes such as groups, roles, and clearances are defined, but attributes are also extensible. There is a defining authority for privilege attributes. The second problem is that objects are not structured any way in advance. Objects must be grouped into domains which have an access policy that maps privilege attributes to granted rights. Domains can be implemented in many different ways. A similar problem had to be addressed with object operations, since objects are heterogeneous and can have many operations. Classes are mapped to required rights. Operations such as 'get', 'set', and 'admin' are defined a priori, and the set is extensible. Finally, a policy maps privilege attributes to required rights, and the access control decision engine compares required and granted rights. Two forms of delegation are supported: a simple impersonation model (delegate all my attributes) and a compound delegation model that allows individual attributes to be delegated. There is a standard non-repudiation interface. Object reuse protection and system integrity are up to implementors. CORBA does produce guidelines for high integrity systems and for auditing. The audit guideline is motivated by auditable events occuring below the object code, e.g., in DCE. Hartman discussed building a trustworthy CORBA system. He concentrated on the question of who wants assurance, what the vulnerability trade-offs in distributed object systems are, and what conformance with the CORBA security standard means. The specification describes how to build a secure ORB, not how to give security services to users. Having a good API alone is not enough, the internal integrity of the system is critical. The security standard guidelines encourage flexibility and offer different levels of assurance. Within CORBA, there is a common security framework. Distributed object systems pose a complex security problem. They are complex to administer, dynamic systems are hard to analyze, diverse environments lead to unjustified trust, disjoint policy domains do not interoperate well, and layered security mechanisms require complex analysis. Hartman pointed out that the importance of key security issues differ across areas: the main concern of healthcare is with the integrity of patient records; the military cares strongly about confidentiality; and electronic commerce is very interested in non-repudiation. Vendors of CORBA security compliant systems have to produce a conformance statement, describing the security relevant features of their product. Hartman claims this procedure allows customers of such systems to make informed decisions about the security of their systems. Roger Schell criticized the CORBA security standard on several points. First, it is not clear what the standard is trying to accomplish. It is obviously infeasible to solve all security related problems, but there is no concrete statement in the specification that makes clear what an important subset to be solved is. Schell was concerned that users would have problems understanding what they get when purchasing CORBA security compliant systems. He also pointed out that there was very little reference to the existing body of knowledge in security (a minor theme that would turn into a full chorus at the Java evening discussion). For Schell, the relationship between security services and a more classical view of security as protection against efforts to circumvent controls was not clear. What set of security services and mechanisms is sufficient for protection? During the following discussion, Blakley pointed out that the OMG had not wanted to exclude any vendor, nor any existing standards. That is why the specification is so large and unfocused. Vendors choose what subset of security services they considered sufficient. In the competition in object-oriented systems, security might not be the determining factor. When questioned about the maturity of the system, the audience was told "not to use this system for air traffic control this year". Another important point raised was that implementations are not interoperable, and the specification does not ensure interoperability. Covert Channels Chaired by Sylvan Pinsky (NSA) The first paper presented by Ira S. Moskowitz (NRL) was "An Analysis of the Timed Z-Channel" (joint work with colleagues Stephen J. Greenwald and Myong H. Kang). This work is one of the first contributions in literature on noisy covert channel analysis. The goal is to devise a closed form for the capacity of noisy covert timing channels. Todd Fine (Secure Computing Corporation) presented "Defining Noninterference in the Temporal Logic of Actions." His motivation was to provide an intuitive statement of noninterference as well as conditions appropriate for analysis. Noninterference is a technique for analyzing a system model for covert channels. Panel: Goals for Computer Security Education Chaired by Cynthia Irvine (Naval Postgraduate School) Panelists were Stephen F. Barnett (NCSC), Jim Schindler (HP), Leslie Chalmers (Wells Fargo Bank), Karl Levitt (UC Davis), and Roger Schell (Novell). Irvine's motivation, as an educator of individuals trained for security work, was to understand what the employers are looking for. From an employer's prospective, Stephen Barnett examined the kind of training today's security practitioners require. In particular, Barnett discussed the questions: what are people currently educated to do, what should be included in a security curriculum, and what can industry do to help. He stressed the fact that not only security officers, product designers, and educators need to be educated, but also the consumers and users of computer technology. Jim Schindler based his analysis of the need for security education on a central theme: Change. Technology is changing, computer paradigms are changing, and security requirements are changing. He considers security education a must for a much larger community than security professionals, e.g., vendors, end-users, managers, and executives. Electronic commerce was his example for the latest trend in computer technology and the need for strong security. Leslie Chalmers pointed out that there is a need for credentials for security professionals without special university degrees. At Wells Fargo, junior security people have jobs that require little skill. The more senior and professional employees are assigned higher responsibility projects. Chalmers discussed the need for knowing the business, consulting skills, communication skills, and sales skills. Security is only important and viable as long as it supports the business goals. Chalmers mentioned that the banking security crowd rarely overlaps with the traditional audience of the IEEE symposium. Roger Schell stated that he was not impressed with what education provides. He needs people who can think and grow, as well as having a grounding in the fundamentals. Both Schell and Chalmers referred to the problems of people trying to work in security without any background or reading on the subject. There is a phenomenon that people think they know security, but they really do not. This occurs, because failure is not apparent. Karl Levitt emphasized the need for additional support in security education at the undergraduate level, in particular the need for a good and current textbook. He (together with Ross Anderson) stressed the role of educational institutions as providers of science, not specifics. Particular technical knowledge must come from different sources. The panel agreed that it is desirable to provide security education to a broader audience than only computer science students. However there was no consensus on the question of the appropriate place for this topic in an already filled undergraduate curriculum, or how to make time for it. Additionally, the ethics of teachers encouraging students to try to break software and systems as part of learning about security was briefly discussed. Five-minute Research Talks Session Chaired by John McHugh (Portland State University) This type of session was introduced last year. During the many presentations one can easily find out about early or on-going research. Like last year, no submission was rejected. The quality varied, though it was up from last year. A listing of the titles and authors follows. * "SSGP: the Sleepy Security Gateway Protocol for IPSEC" by Shyhtsun F. Wu (NC State University) * "Security for Mobile Agents" by Vipin Swarup (MITRE) * "Browsing the Web Safely with Domain and Type Enforcement" by Daniel F. Sterne, Terry V. Benzel, Lee Badger, Kenneth M. Walker, Karen A. Oostendorp, David L. Sherman, Michael J. Petkac (TIS) * "An Integrated Security Analysis Process with Knowledge-Based Tool Support" by R. Neely, J. Freeman (CTA) * "A Multimedia Threat in Computer Networks: Subliminal Message" by Yuko Murayama (Hiroshima City University) * "Genetic Algorithms, a Biologically Inspired Approach for Security Audit Trail Analysis" by Ludovic Me (SUPELEC) * "Defining an Adaptive Software Security Metric from a Dynamic Software Fault-Tolerance Measure" by Gary McGraw, Anup Ghosh, Jeff Voas (RST Corp.) * "The Specification of Static Security Policy in the Critical System Logic (CSL)" by Scott Knight (Royal Military College of Canada) * "A Framework for MLS Interoperability" by Myong H. Kang, Judith N. Froscher, Ira M. Moskowitz (NRL) * "Subject's Interpretation of Objects on Lower Security Levels" by N. Jukic, S.V. Vrbsky (University of Alabama) * "A Safety-Progress Composition Principle" by Heather M. Hilton, E. Steward Lee (University of Toronto) * "Access Control to Multimedia Services based on Trusted Third Parties" by Jose Guimaraes, Jean-Marc Boucqueau, Benoit Macq, Augusto de Albuquerque * "Building Chinese Walls in BSD UNIX" by Simon Foley (Univ. College Cork) * "Communicating Security Agents" by Robert Filman, Ted Linden (Lockheed) * "Towards the expression of security policies at the application level" by Christophe Bidan, Valerie Issarny (IRISA) TUESDAY Domain Specific Security Moderated by Deborah Cooper (Cooper) "Security for Medical Information Systems." was the anchor paper by Ross Anderson (University of Cambridge). It was followed by a panel, chaired by Deborah Cooper, with Don Biggar (Unisys), Thomas C. Rindfleisch (Stanford University), and Bruce Sams, a retired MD. Anderson's work was based on the British medical system. The United Kingdom government's initial approach at a security policy for computerized medical data was similar to multi-level security. This was unworkable since even low level data such as contract data can be sensitive, e.g., if it deals with psychiatric work. Anderson's approach assumes that the main threat is from insiders, i.e., someone with legitimate, but limited access to patient records, and that the inability to locate and access all of the distributed paper records is a good defense. Therefore, aggregation of data must be controlled. Anderson discussed nine principles that define his security policy model. One of the guiding principles is that access to health information is under the control of the patient, or the general physician acting as the patient's advocate. Access control lists are the mechanism of choice. Another interesting principle controls aggregation of medical information. Essentially, the patient must give his consent before a party involved that already has access to a large number of records is allowed access to the patient's records. Rindfleisch reviewed the flow of personal health information in the United States. He pointed out that in the U.S. the situation is more complex compared to the U.K. This complexity is because of legitimate interactions of direct patient care, social uses, support activities, and commercial uses. There is a patchwork of policies, many of which are contradicting each other. Medical information access is regulated on a state, not federal basis, e.g., 28 of 50 states allow patients to access their own medical records. The stewardship of medical information in the U.S. is quite different from the U.K. and other European countries. There are operational difficulties with managing access control lists. Don Biggar stated that U.S. medical records are already in an electronic format stored on mainframes. He perceives privacy concerns as a far more global problem than discussed by the previous panelists. Bruce Sams stressed the importance of the privacy problem for medical records and applauded research done in this area. He pointed out that in spite of the tremendous benefits of electronic storage and transmission to facilitate better healthcare and research, there are great dangers. Even though healthcare costs are often higher on the priority list than privacy, anonymity of medical information for research purposes, and privacy in general must be guaranteed by any technical solution proposed. There is a pilot experiment conducted by the Department of Defense in Hawaii whereby patients carry their own medical records at all times. The panel recognized that access to medical information as a basis for warfare is a tremendous threat. Rindfleisch concluded that computer systems are not ready for prime time in the healthcare system, simply because they are less usable than paper. For many, security is an even less important concern than usability. In spite of many years of research at building a usable and secure system himself, he has not yet succeeded. Protocols Chaired by Michael Reiter (AT&T) The first presentation was "Entity Authentication" by Dieter Gollmann (University of London). Gollmann investigated the question why the definition of authentication seems to be such a hard problem. There is a translation problem between "human" meaning of authentication, and the meaning of authentication in cryptographic protocols. He advocated using the language of communications protocols instead of human-to-human authentication when discussing these protocols. A second paper, "A Fair Non-repudiation Protocol", was also presented by Gollmann. This protocol uses a trusted third party to assure that neither party in the non-repudiation protocol has an advantage over the other. "Limitations on Design Principles for Public Key Protocols" by Paul Syverson of NRL took a cautionary look at the design principle approach to cryptographic protocols. He examined a handful of design principles and gave apparently secure protocols that contradicted those principles. Syverson recommended checking the design motivations when using guidelines, then checking any violated principles for problems. Databases Chaired by Mary Ellen Zurko (OSF) The session began with "Ensuring Atomicity of Multilevel Transactions", presented by Indrakshi Ray (George Mason University) (joint work with colleagues Paul Amman and Sushil Jajodia). The technique decomposes multilevel transactions into single level transactions, ordered from low to high. These transactions are then analyzed (for now, by hand) to ensure that interleaving will produce correct results. "View-Based Access Control with High Assurance", written by Xiaolei Qian (SRI), was presented by Teresa Lunt (ARPA). Specifying a level on a view is very easy and natural, and leads to content-based access control. However, the query processor is the bulk of the code in a database management system. This amount of code is considered too large to be part of the trusted computing base in a high assurance environment. In addition, there are complications from overlapping views and from overclassifying data. The technique described in the paper addresses two problems of multilevel secure databases: safety and assurance. It describes a polynomial-time label compilation algorithm that transforms view-level labeling to tuple-level labeling. A further contribution of the paper are proofs that the lowest classification and minimal upgrade problems are NP-complete. "Supporting Multiple Access Control Policies in Database Systems" was presented by Pierangela Samarati of the University of Milan (joint work with colleague Elisa Bertino and Sushil Jajodia, George Mason University). Their work uses a Directed Acyclic Graph of group memberships to determine authorization based on explicit positive and negative authorizations. An authorization can be strong or weak. Conflicting strong authorizations are not allowed, strong authorizations override weak ones, weak authorizations lower on a single group path override those higher up, and conflicting authorizations deny access. Biologically Inspired Topics In Computer Security Chaired by Lee Benzinger (Lockheed) Stephanie Forrest (University of New Mexico) presented the first paper titled "A Sense of Self for UNIX Processes" (joint work with colleagues Steven A. Hofmeyr and Anil Somayaji, and Thomas A. Longstaff, CERT). Forrest proposed a simple method for anomaly detection. The method is based on a preliminary definition of self for UNIX processes (statistical collection of short sequences of system calls) and the detection of previously unseen behavior (a sequence of unseen system calls). This approach inherits all the well understood shortcomings of anomaly intrusion detection. Forrest presented encouraging first results of this work in progress. Secondly, Patrik D'Haeseleer (University of New Mexico) described "An Immunological Approach to Change Detection: Algorithms, Analysis, and Implications", (joint work with colleagues Stephanie Forrest and Paul Helman). D'Haeseleer's work also addresses the question of how to detect changes. His work takes an immunological approach by generating a set of detectors as the complement of detectors that detect "self". The generation of detectors is more efficient than previously published algorithms and runs in linear time. A further advantage of this approach is the fact that the detectors are in fact distributable. "Cryptovirology: Extortion Based Security Threats and Countermeasures" Adam Young (Columbia University), (joint work with Moti Yung, IBM) The approach uses encryption to hide information, and then to extort money or goods from the victims. The point was that encryption could be used as a force for evil as well as good. Good backups are the best defense. IEEE Technical Committee on Security and Privacy Meeting [Note: Look for an Deb Cooper's account of the meeting and other TC business in the next issue of Cipher--CEL] TC Chair Deb Cooper mentioned that the IEEE web site can now be used to add and change membership information (http://www.computer.org/). The Cipher security newsletter recently began a research project registry. After discussion about whether Cipher could support information on job hunting, the group settled on researching if a registry would be enough help to college students looking for a job. Carl Landwehr requested assistance in maintaining the Cipher reader's guide (list of security-related publications). A discussion of alliances with other conferences developed. The Oakland conference attendance averaged 200 attendees over the last 3 years. At the peak it got over 300 attendees ('89). The number of submissions has been going down, and this caused concern. Many people postulated that the growing number of security conferences has begun to dillute their quality. An alliance with the ISOC symposium on network and distributed system security will be discussed at future meetings. Sushil Jajodia suggested the addition of tutorials. Several people liked the idea of advanced tutorials in areas to cross-fertilize their research. (Jajodia also suggested a vendor track, for which he received strong criticism). Hilarie Orman brought up the issue of electronic publishing. It is highly likely that next year's proceedings will be available on-line. Secure Mobile Agents (BOF) The final event of the evening was a discussion session on Secure Mobile Agents. It was primarily about Java, with a Telescript person in attendance. Sun representatives gave an outline on Java. Sun believes that the problem of secure mobile agents is full of subtle difficulties, but that it is a a reasonable thing to try to do. The Princeton authors presented their recommendations on how Java should proceed. There was concern during the meeting that there was no defined policy, and that putting assurance before policy is unworkable. George Dinolt implied that users do not set security policies, systems set security policies. Telescript never looked so good. For any issue, the panelists were able to discuss their approach to a problem, even if they did not have all the answers. In discussing authentication, it was pointed out that the Microsoft model was to emulate COTS software with digital signatures. John McHugh pointed out that the number of applets will be substantially larger than the number of COTS software packages, and what would that imply about level of testing? Dan Wallach brought up points concerning the user interface design of security features. He wished to use "Do not bother the user" as a guiding principle, which would be a refreshing change. Telescript is exploring having every regional server apply digital signatures to endorse mobile agents, but considers it a heavyweight mechanism. WEDNESDAY Modeling Chaired by Richard Neely (CTA) The first paper was "A Security Model of Dynamic Labeling Providing a Tiered Approach to Verification", presented by Simon Foley (University College, Cork), (joint work with Li Gong and Xiaolei Qian, both SRI). Foley described a verified TCB with security requirements specified on top of it. The tiered system has the advantage that for a new application only the security requirements need to be reverified. Martin Roescheisen of Stanford presented "A Communication Agreement Framework of Access Control" (joint work with colleague Terry Winograd). This model uses communication agreements to establish peer-to-peer relationships, called commpacts. These agreements are the focus of a framework for access/action control. The primary concerns are usability and social acceptability. Commpacts manage relationships providing trusted shareability. Matt Blaze (AT&T Research) presented "Decentralized Trust Management" (joint work with colleagues Joan Feigenbaum and Jack Lacy). The paper identifies trust management as an important component of security in large distributed systems. The authors argue that it is important not to confuse the questions of "Whose public key was verified" with the question of "For what purpose is this public key issued?". This approach provides an architectural framework that separates generic mechanism and application-specific policies. The concrete system is called PolicyMaker and appears to applications much like a database query engine. The generic mechanism can be utilized from any application with different policies. That provides the decentralized aspect of the architecture. The approach purposefully conflates the specification of security policies and security credentials, the policy decision process, and the deferring of trust to third parties. The final paper was given by Steve Schneider (University of London) entitled "Security Properties and CSP". Schneider's work is part of a larger project dealing with problems of modeling and analysis of security protocols. The basis is that security protocols can be viewed as communicating sequential processes. CSL can be used to check safety properties (which are viewed as security properties) of protocols described as processes that interact over a medium. Networks Chaired by Paul Karger (IBM) Drew Dean (Princeton University) presented "Security Flaws in the HotJava Web Browser" (joint work with colleagues Ed Felton and Dan S. Wallach). The paper outlines a number of attacks, both potential and verified, on the HotJava Web browser. In Java, local file system applets are trusted. A security manager module needs to be called to approve dangerous operations, but there is nothing architecturally which ensures that the module is always called appropriately. Applets could contact any host (contrary to the stated security policy) through DNS, and could degrade or deny service while other applets were being run. The authors also exploited a vulnerability based on the difference between what code would compile with a legal Java compiler and how byte codes are checked. This vulnerability allowed them to run arbitrary machine code. In Java there is only a single line of defense; the class loader. Most of the vulnerabilities exposed have since been patched, however, some have not. The next paper was presented by Wenbo Mao (HP Labs, Bristol) "On Two Proposals for On-line Credit-card Payments using Open Networks: Problems and Solutions." He pointed out some missing services in the areas of protocol integrity, non-repudiation, message receipt, and message timeliness, and some misused services where non-repudiation is used where authentication would work, and real-time replay detection is done when batch would be sufficient. "Secure Network Objects" was presented by Leendert van Doorn (University in Amsterdam) (joint work with Martin Abadi, Mike Burrows, and Edward Wobber, all DEC SRC). Van Doorn described their approach to provide security for object-oriented network communication. The design takes advantage of subtyping and achieves object-level granularity. Both access control lists and capabilities are supported. The last paper of the conference was "Run-Time Security Evaluation (RTSE) for Distributed Applications" presented by Cristina Serban (University of Missouri-Rolla) (joint work with colleague Bruce McMillin). The central idea of this paper was that formal security specifications for distributed applications can be checked at runtime. This is done through executable security assertions. The symposium formally adjourned after closing remarks from Dale Johnson and the new program chair George Dinolt. ______________________________________________________________________ COMMENTARY: U.S. Developments in Security and Privacy in the Past Twelve Months by Willis Ware, RAND ______________________________________________________________________ [This is Willis Ware's annual report to IFIP TC 11 as its US representative. Willis cautions that this report was written in April, prior to the release of the Clipper III , GAO, and NRC reports released in May.] In the last 12 months, there have been major interruptions in the U.S. government process as a result of disputes about budget matters. Accordingly, things related to system security which might otherwise have happened have either dragged or have stopped completely. This discussion emphasizes U.S. export policy and U.S. encryption policy, both of which have been topics of ongoing debate, public discussion, and various initiatives. Other items are briefly summarized. Export policy. The issue of concern is the export of cryptography, whether in the form of a standalone device or integrated into a system or as technical data. The U.S. controls such exports in two ways: for products that have been adjudged readily exportable, the Department of Commerce grants a commodity jurisdiction [CJ] license. For products that have to be considered on a case-by-case basis, the Department of State controls the process and issues a single-case license. Over a year ago, the policy had been adjusted to allow CJ export of 40-bit (key length) algorithms such as RSA's RC2/RC4. Vendors asserted that this can not provide adequate strength for customer demands and various other schemes have been proposed. In particular, Lotus has negotiated commodity jurisdiction status for its Notes product incorporating 64-bit key-length cryptography. Specific details are sketchy but apparently 24-bits (of the 64) are separately signed and encrypted with a special key generated by and retained by the National Security Agency. With this arrangement, the strength against 3rd party intrusion is 64-bits but with the proper court authorization, 24-bits can be recovered from the escrow agent(s) of the U.S. Government. Hence, the arrangement is still compatible with the established 40-bit export policy. The Government itself has proposed other possibilities in the spirit of the original Clipper arrangement. The most recent is to allow export of 64-bit cryptography provided its keys are fully escrowed with organizations approved by the U.S.Government. It is not being well received. Cryptographic policy. For approximately 18 months, the National Research Council of the National Academies of Science and Engineering has sponsored a committee to examine the broad issue of national cryptographic policy. Its report is in the final phase of preparation and is expected to be published in late May, 1996. Meanwhile, the outcome of the committee's deliberations is not known. The Administration has quietly maintained the progress of the Clipper proposal insofar as its original thrust was intended; namely, a significant number of Clipper-equipped telephones have been acquired for the internal use of the government. The escrow agents for their keys are the Communications Division of the Department of the Treasury and the National Institute of Science and Technology of the Department of Commerce. A proposal nicknamed "son of Clipper" and offering alternate arrangements for escrowing of keys was also floated but did not receive good acceptance. Other proposals for handling an escrow-type process have appeared. One has been called "self-escrow" because an organization would maintain its own backup copies of cryptographic keys but be prepared to relinquish them to law enforcement authorities upon presentation of appropriate court authorization. Another is being called "commercial-key escrow" because it envisions independent business entities whose mission would be to receive cryptographic keys from clients, to maintain them securely but repond to law enforcement authority when authorized by a court procedure. Another has been called "fair escrow" because it visualizes that keys would be broken into (say) N parts, of which any K of them would be sufficient to recover encrypted traffic. Yet another is called "partial-key escrow" because only some of the key digits are escrowed. The case for assured access to encrypted material by the government or law enforcement is far from convincingly made in the U.S. The U.S. FBI is still very vocal in its requirements to have such access, but its focus of argument has broadened beyond encrypted telephony to include stored computer materials. There has not been offered any hard data to indicate the magnitude of encryption usage in secure telephony or data files, or to assess its status or rate of growth. The argument for law enforcement access is being made on the emotional basis of a safe and orderly society, in turn supported by specific anecdotal incidents which are admittedly socially reprehensible. The other side of the case generally argues against government intrusion on personal freedom and liberty, plus a deeply rooted concern about relinquishing so much power to the government. Importantly, however, Congress has become engaged in the issue and there are presently bills before both the House and Senate (the Goodlatte bill in the House and the Leahy bill in the Senate). Both address not only relaxation of export controls, but also law enforcement access and the legal obligations and responsibilities of escrow agents. The language and construction in each is slightly different, but in general both affirm positively that "it shall be legal for any person [within the U.S., its possessions, and territories] to use any encryption, regardless of encryption algorithm selected, encryption key length chosen, or implementation technique or medium used." The House bill also provides that "no person in lawful possession of a key to encrypted information may be required by Federal or State law to relinquish to another person control of that key." There is also a Burns bill, not yet introduced, which will address only the issue of export of cryptography and not the other issues in the Goodlatte and Leahy bills. Finally, the Kyl amendment amends the criminal code to broaden the penalties and actions taken against information systems. It is not clear, with an election pending in November of 1996, how rapidly encryption policy will progress, whether the bills now before Congress will make any headway, or even whether the Administration will pursue any proposals that have now been surfaced. On other matters, there continue to be cracker and penetration incidents but the cert organizations in the U.S. and worldwide, coordinated by by an organization called FIRST, seem to be dealing well with the incident response issue. There are limited signs of concern about security of systems. For example, VISA and MasterCard have announced a standard to protect bankcard data during electronic transactions; it proposes to use specially designed algorithms from RSA. On the other hand, various studies and penetration attempts support the conviction that computer and network security in government and in the private sector is overall not well implemented. Extant organizations continue to hold their conferences and workshops, but some new ones have come into being; e.g., the various conferences sponsored by NCSA, the RSA annual cryptography conference. At the national level, the National Information Infrastructure effort has organized an in-house group of studies under a body called the NII Task Force. It has issued for comment a document describing proposed guidelines on system security within the government. Other documents have also been issued; one that has created major opposition and discussion addresses the protection of intellectual property -- the generalized copyright issue. The sixth Computers, Freedom and Privacy conference has been held during March, 1995 at MIT, and this year featured a moot court with real judges presiding over a hypothetical case involving escrowed encryption. This particular annual conference has been remarkably successful in bringing together an appropriate cross section of attendees to discuss and interact on issues arising from the interplay between society and communications/computer technology. The browser known as NETSCAPE has become exceedingly popular among users of Internet and in fact has driven a huge surge of commercial interest. Everybody who is anybody now has a home page on a Web site. The growing thrust to use the Net as a means for the conduct of commerce and the sale of products led Netscape to put RSA-based encryption into its system to safeguard personal and bankcard data. There have been two rounds of events in which substantial weaknesses were discovered and quickly repaired by Netscape. A weakness was also discovered by Purdue's COAST laboratory in MIT's popular KERBEROS system, but it was not publicly announced until MIT designers had installed technical remedies. The concept of Information Warfare has become prominent and led to specialized conferences, books, and government-sponsored study. In general, it envisions deliberate clandestine covert attacks against the information systems of a country, both themselves directly and as they occur in the general national infrastructure. To the extent that this subject attains credence and standing, it will motivate better system security. There is little to be said about privacy in this period. The word itself has appeared in the title of some laws [e.g., Senator Leahy's Encrypted Communications Privacy Act of 1996] but it is really used as a synonym for confidentiality. Nothing new has been done to control the widespread use of personal information for a broad variety of commercial purposes, and many observers feel that the government has taken actions that allows such activity to be more intrusive than ever; e.g., authorized the creation of new data banks, authorized the use by states of the Social Security Number as a de facto personal identifier. Interestingly, the Digital Telephony Act, enacted in late 1994, and requiring that communications providers design systems with technical features able to assure that wire tapping by law enforcement continues to be feasible, has not yet been funded. As a reminder though, during discussions leading to the final wording of the law, important privacy protections were in fact added to the bill through the participation of civil liberties' groups and privacy advocates. The Federal Communications Commission pre-empted the actions of many states by ruling that calling-party identification (the scheme that announces the phone number of a calling party to the called party) must be made available in all interstate telephony, but it also required every telephone company to conduct an aggressive information campaign for subscribers and to offer both per-call and per-line blocking. In California where about 50% of all telephone numbers are unlisted (i.e., not in the telephone book), the tone of the information campaign almost encourages the subscriber to opt for line blocking (i.e., an outgoing call will not deliver its number to the called party but prefacing the dialing with *82 will negate call blocking for the single call). At the same time, the FCC also ruled that calling-party numbers which are provided to the called party as part of the 800-number system (so-called ANI numbers) may no longer be used for purposes other than for which collected. This will curtail some of the commercial selling of phone-number lists. ______________________________________________________________________ COMMENTARY: Comment on "Enforcing the CDA Improperly May Pervert Internet Architecture" by Fred Cohen ______________________________________________________________________ Editor: I thought it very important to comment on David P. Reed's article in EI-9604 titled "Enforcing the CDA Improperly May Pervert Internet Architecture". Mr. Reed's basic position is that technical solutions to access controls in the Internet should be done at the ends of the pipes and not in the infrastructure and that this philosophy as espoused in the "end-to-end argument" is one of the major reasons for the success of the Internet over the years. My disagreement with Mr. Reed's position is basically very simple. The Internet Protocol already has an infrastructure-based access control scheme built into it, and that scheme has been in place throughout the development of the Internet. Thus his assertion that the lack of such a scheme is responsible for the Internet's success is fundamentally flawed. The access control scheme is a part of the IP protocols, and as currently defined, it provides for about 8 different classifications of information. It also has another 8 classifications available for use with the specific use not yet specified. It would be a trivial matter for the Internet Engineering Task Force to assign one of those access control codes to CDA blocked material. No infrastructure changes are required, no substantial protocol changes are required, it does not hinder or effect non-CDA blocked material in any way, and it costs nothing. Using existing TCP stacks and the freely available widely-used TCP-wrappers software, CDA-blocked material could be limited anywhere in the infrastructure, including at the ISP, at the user's home, and at the connection between the CDA-controlled provider and their Internet connection. As a side note, the "end-to-end argument" is very similar in some ways to the "common-carrier" argument used by telephone companies to remain out of the fray when providing telephone services. The basic position of the common carrier is that if someone attacks your Internet site, it's between you and them. The common carrier won't do anything forceful to help the victim of an attack, for example, they won't cut off the perpetrator's connection to stop the attack while it's underway. In the same manner, Mr. Reed asserts that the Internet should not play traffic cop by providing access controls in the infrastructure, and that if your 10-year old child is solicited through email, that is your problem. One of the results of this "common-carrier" mentality is that IP address forgery is rampant on the Internet. The most reasonable way to prevent IP address forgery is for infrastructure elements to refuse to pass packets when the source of those packets is not authorized to control the "From" address in those packets. But most of the infrastructure providers refuse to provide this simple protection because of this common-carrier mentality, and they use the end-to-end argument to bolster their position. The net effect is that untraceable denial of service attacks are commonplace. We can't provide end-to-end protection against this sort of attack unless and until we can figure out where the other end is, and we can't do that with only end-to-end protection. One final point. When your information infrastructure provider tells you that information protection is not their job, that really means that they don't value your information, they only value the payments they get for your bandwidth. Fred Cohen -> See: Info-Sec Heaven at URL http://all.net/ Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236 _____________________________________________________________________ COMMENTARY: Rebuttal to Fred Cohen's Response, by David P. Reed _____________________________________________________________________ In rebuttal to Fred Cohen's response to my piece that you published in Cipher, I'd just like to make a few points. I think he has his facts wrong, in the first place; I know whatever 'access control' mechanism he refers to is not there in the IP design, since I was part of the original standards definition process. If Fred would like to name which IP feature, X, he thinks defines a content level access control policy, I will be happy to respond in more detail. But all of the fields in the IP header are designed to manage the resources and logic involved in routing of packets between the source and destination, not to carry content level access control policy information. In the second place, he seems to attribute to me motivations that I don't have; I personally think internet service providers ought to help users control undesired access to content - but I think that assistance is best achieved by encouraging appropriate use of well-known end-to-end mechanisms (such as content warning labels and encryption-based authentication) that enable users and suppliers of high-level content to implement workable policy choices. In the third place, he attacks my claim that the scalability of the Internet architecture has benefited from choosing to follow the end-to-end approach, by arguing that some non-end-to-end feature X has been there all along, but not implemented. Had this feature X been implemented, his argument might make sense, but I'm struggling to understand how he convinces himself that this unimplemented and possibly illusory counterexample shows that the end-to-end approach has not been a main contributor to scalability. Finally, while likening the Internet carriers attitude to the 'common carrier' principle, he characterizes 'indecent' communications as 'attacks'. This is an odd description of indecency on the Web, wherein the indecent material many are concerned with are files or web pages that are passively available, but easily discovered by an interested seeker, and perhaps easily discovered by accident. The situation seems more like the presence of 'dirty' books in a library than an 'attack'. It also seems odd to control 'attacks' by a voluntary mechanism that depends on the source of 'indecent' material to place labeling information in IP headers. Why would an 'attacker' choose to so vitiate his/her own efforts? Does a provocateur voluntarily wear a large red 'P' on their jacket? My original note was concerned with the notion of 'Exon boxes' that would enforce the CDA in routers. The problem of protecting users against attacks whose goal is sabotage, denial of service, loss of privacy, etc. is quite different. Confounding all of these issues does not help resolve them. - David ________________________________________________________________________ New Reports available via FTP and WWW ________________________________________________________________________ * Milan Kuchta writes: Now available through the FORMIS home page are HTML and Windows Help versions of three risk management documents produced for Canada's Communications Security Establishment (CSE). Also some of the tools which have been developed for or used with the CSE research effort on secure systems modelling and risk management are available. Of particular interest to CIPHER readers might be the SERAPE toolset which was developed principally for MS Windows (parts will run on UNIX or Mac). The best access point is the "What's New" menu item on the FORMIS Home Page at http://moowis.cse.dnd.ca:80/~formis/whatsnew.htm * Reports from NRL Workshop on High Assurance Computing including a research agenda. * From Carolyn Talcott, Stanford University: We are pleased to announce the availability of a new WWW home-page for mechanized reasoning. It consists of the information previously contained in Carolyn Talcott's "Mechanized Reasoning" page and Michael Kohlhase's "Deduction Worldwide" pages and will replace these. To conserve existing links and bandwidth it will be mirrored at both original sites: o Europe: http://jswww.cs.uni-sb.de/ded/mr.html o USA: http://www-formal.stanford.edu/clt/ARS/ars-db.html * U.S. NIST Computer Systems Laboratory (CSL) Bulletin, April 1996: Guidance on the Selection of Low Level Assurance Evaluated Products This bulletin has been jointly developed by NIST and the National Security Agency. It provides official guidance on C2 (TCSEC) products and relates the TCSEC levels to corresponding levels in the Canadian (CTCPEC) and European (ITSEC) criteria. U.S. NIST Computer Systems Laboratory (CSL) Bulletin 96-05: The World-Wide Web: Managing Security Risks. Helpful security guidance for Web masters. ________________________________________________________________________ Interesting Links [new entries only] ________________________________________________________________________ No new links this month! ________________________________________________________________________ Who's Where: recent address changes ________________________________________________________________________ Entered 28 May 1996: Milan Kuchta Systolics 3009 McCarthy Rd Ottawa, Ontario, Canada phone: (613) 521-6180 email: mkuchta@comnet.ca Entered 22 May 1996: Joachim Biskup Fachbereich Informatik Universitat Dortmund D-44221 Dortmund GERMANY e-mail: biskup@ls6.informatik.uni-dortmund.de +49-231-755 2569/ 2641/ 2779 (voice) +49-231-755 2405 (fax) Entered 13 May 1996: Jim Litchko Vice President of Business Development Secure Computing Corp. 4604 Saul Road Kensington, MD 20895 voice: (404) 493-8479 litchko@sctc.com Entered 29 April 1996: Todd Ulrich, Product Manager Compliance Solutions tulrich@mergent.com Lina Liberti, Product Manager Productivity and Management Solutions lliberti@mergent.com Howard Burke, Product Manager Network Solutions hburke@mergent.com 70 Inwood Road Rocky Hill, CT 06067 (860) 257-4223 _______________________________________________________________________ Calls for Papers (new listings since last issue only -- full list on Web) ________________________________________________________________________ CONFERENCES Listed earliest deadline first. See also Cipher Calendar o Fast Software Encryption Workshop 1997, Haifa, Israel, January 27-29, 1997; Conf Web page. Interested parties are invited to submit original unpublished papers on the design and analysis of fast encryption algorithms and hash functions. Preproceedings will be available at the meeting. The final proceedings is expected to be published in the Springer-Verlag Lecture Notes in Computer Science. Send submissions to biham@cs.technion.ac.il by October 11, 1996. o Enterprise Networking '97, Montreal, Quebec, June 11-12, 1997. Topics of interest include: * Integration of subsystems of enterprise networks, such as e-mail gateways, LAN switches, bridges and routers, database systems, and security and authentication mechanisms with the internets to provide "end-user" oriented services, such as video- conferencing, multi-media mails, etc., * Enterprise information resource management. Enterprise Networks Management (e.g., configuration, fault, performance, accounting, security, etc.). Submissions are due to the program chair, Bhumip Khasnabish (bhumip@gte.com) by mail by November 15, 1996. JOURNALS Regular archival computer security journals: o Journal of Computer Security (JCS) [see Cipher Web pages or EI#9]; e-mail contacts for submissions: jajodia@isse.gmu.edu or jkm@mitre.org See also Web site: http://www.jcompsec.mews.org/ o Computers & Security [see Cipher Web pages or EI#9] e-mail contact for submissions: j.meyer@elsevier.co.uk o International Journal of Digital Libraries aims to advance the theory and practice of acquisition, definition, organization, management and dissemination of digital information via global networking. In particular, the journal will emphasize technical issues in digital information production, management and use, issues in high-speed networks and connectivity, inter-operability, and seamless integration of information, people, profiles, tasks and needs, security and privacy of individuals and business transactions and effective business processes in the Information Age. The first issue will appear in Summer 1996 (see announcement). Electronic submission is encouraged to speed up the process (for details please send email to dlib@adam.rutgers.edu). For hard copy submission, please mail five copies to: Prof. Nabil R. Adam, CIMIC, Rutgers University, Newark, NJ 07102, (201) 648-5239, adam@adam.rutgers.edu. Special Issues of Journals and Handbooks: listed earliest deadline first. o JCS Special issue on WWW security. The special issue of the Journal of Computer Security will be focused on research and development efforts leading to identify requirements and viable solutions for WWW security. Two kinds of papers will be considered: regular papers presenting new research results, and short papers describing ongoing projects. Submit five copies of papers (dbl-spaced; 12 pt; 30 pages max. for regular papers, 10 pages max. for short papers) describing original unpublished results on all security aspects of the WWW and its applications; each copy should have a cover page with title, name and address (including e-mail address) of author(s), an abstract of no more than 200 words, and a list of identifying keywords, to any of the editors. Editors of the special issue: Elisa Bertino, Gianpaolo Rossi, and Pierangela Samarati, Dipartimento di Scienze dell'Informazione, Universita' di Milano, Via Comelico, 39/41, 20135-Milano, Italy; phone: +39-2-55006227/257/272; fax: +39-2-55006253; e-mail: bertino,rossi,samarati@dsi.unimi.it. More information at http://www.dsi.unimi.it/Users/jcs-www. ________________________________________________________________________ Reader's Guide to Current Technical Literature in Security and Privacy Part 1: Conference Papers ________________________________________________________________________ Papers to be presented at the IFIP WG 11.3 Working Conference on Database Security, Lake Como, Italy, July 22-24, 1996 * T. Lunt, ``Strategic Directions in Computer Security Research'' * B. Thuraisingham, ``Data Mining, Data Warehousing, and Security'' * Z. Tari and G. Fernandez, ``Security Enforcement in the DOK Federated Database System'' * M.S. Olivier, ``Integrity Constraints in Federated Databases'' * S. Castano, ``An Approach to Deriving Global Authorizations in Federated Database Systems'' * J. Hale, J. Threet and S. Shenoi, ``A Framework for High Assurance Security of Distributed Objects'' * R. van de Riet and E. Gudes, ``An Object-Oriented Database Architecture for providing High-level Security in Cyberspace'' * F. Cuppens, A. Gabillon, ``A Logical Approach to Model a Multilevel Object Oriented Database'' * S. Jajodia, L. Mancini and I. Ray, ``A Secure Locking Protocol for Multilevel Database Management Systems'' * G. Grossman and M. Schaefer, ``A Data Model for a Multilevel Replicated X.500 Server'' * J. Aisbett, ``An Information Theoretic Analysis of Architectures for Multilevel Secure Databases'' * T. Hinke, H. Delugach and R. Wolf, ``A Framework for Inference-Directed Data Mining'' * V. Atluri and W.K. Huang, ``An Extended Petri Net Model for Supporting Workflows in a MLS Environment'' * S. Osborn, L. Reid and G. Wesson, ``On the Interaction Between Role-Based Access Control and Relational Databases'' * S.A. Demurjian, T.C. Ting, M. Price and M.-Y. Hu, ``Generics and Exception Handling for Supporting User-Role Based Security in Object-Oriented Systems'' _______________________________________________________________________ Reader's Guide to Current Technical Literature in Security and Privacy Part 2: Journal and Newsletter Articles, Book Chapters ________________________________________________________________________ * Communications of the ACM, Vol. 39 (1996)Number 6 (June), Anish Bhimani. Securing the commercial Internet. pp.29-35. * IEEE Trans. on Software Engineering Vol. 22, Number 5 (May. 1996). Special section -- Best Papers of the 1995 IEEE Symposium on Security and Privacy. - C. Meadows. Guest editorial: Introduction to the Special Section. pp. 281-282. - O. Sibert, P.A. Porras, and R. Lindell. An Analysis of the Intel 80x86 Security Architecture and Implementations. pp. 283-293. - R. J. Anderson and S. J. Bezuidenhoudt. On the Reliability of Electronic Payment Systems. pp. 294-301. - M. K. Franklin and M. K. Reiter. The Design and Implementation of a Secure Austion Service. pp. 302-312. - R. Kailar. Accountability in Electronic Commerce Protocols. pp. 313-328. - M. H. Kang, I. S. Moskowitz, and D. C. Lee. A Network Pump. pp. 329-338. _______________________________________________________________________ Reader's Guide to Current Technical Literature in Security and Privacy Part 3: Book [with a review!] ________________________________________________________________________ * Simson Garfinkel and Eugene Spafford, Practical UNIX and Internet Security, Second Edition O'Reilly & Associates, Inc., 1996 1004 pages. ISBN: 1-56592-148-8. $39.95. Review by Peter Neumann (from RISKS 17 May): This book is an extraordinarily successful effort to cram into a mere thousand pages (971+xxix+ORAads) almost everything you need to know about Unix and Internet security. It is a complete rewrite of the First Edition of 1991, and contains much new material. In terms of pages per dollar or cents per page, or much more important, the amount of money it can save you by keeping you away from a horrendous array of potential security problems, it is an incredible bargain. This is a keeper -- at least until the Third Edition comes out, perhaps in 2001. By then, the authors will be able to write much more definitively about Java and web browsers, which are treated only lightly in the Second Edition. (Too much happening, too fast?) Everything else, however, seems well covered and very nicely written. This is a very readable and very useful book, and deserves to be looked at by all of you. ________________________________________________________________________ NEW: Cipher Registry of Security and Privacy Research Projects ________________________________________________________________________ (New entries only; for complete list see Cipher Web pages) Send new submissions to cipher@itd.nrl.navy.mil Entered May 8, 1996: * Name: Marty Hurley * E-mail : hurley@osf.org * Title: DCE-Web * Affiliation: The Open Group Research Institute * Description: Provide secure Web technology for enterprises with security, including fine-grained access controls, secure distributed management, location-independent naming, replication and integration of non-DCE and legacy security systems * URL for further information: http://www.osf.org/RI/PubProjPgs/DWSummary.html * Name: Marty Hurley * E-mail : hurley@osf.org * Title: Formal Methods * Affiliation: The Open Group Research Institute * Description: The Formal Methods project is focused on applying the mathematical rigor of formal methodologies to provide software of higher assurance such that they can be used by software engineers without training in formal methodologies. * URL for further information: http://www.osf.org/RI/PubProjPgs/formal.html * Name: Randy Dean * E-mail : rwd@osf.org * Title: MK++ * Affiliation: The Open Group Research Institute * Description: Add the functionality for distribution, scalability, real-time, multiprocessor support and performance to the B3-target, object-oriented MK++ microkernel. * URL for further information: http://www.osf.org/RI/PubProjPgs/MKV2o.htm Entered April 30, 1996: * Name: Mary Ellen Zurko * E-mail : zurko@osf.org * Title: Adage: Authorization for Distributed Applications and Groups * Affiliation: The Open Group Research Institute * Description: This program will develop a Distributed Group Authorization Toolkit that supports security administrators in geographically dispersed organizations in efficiently expressing, modifying, enforcing, and auditing high-level, group-based authorization policies, constraints, and requirements. * URL for further information: http://www.osf.org/www/adage/index.html * Name: Xiaolei Qian * E-mail: qian@csl.sri.com * Title: Trusted Interoperation of Healthcare Information Systems * Affiliation: Computer Science Laboratory, SRI International * Description: Developing intelligent gateways for the trusted interoperation of heterogeneous healthcare databases containing sensitive data that mismatch in security policies. * Further information: http://www.csl.sri.com/sri-csl-db.html * Names: Anup K. Ghosh, Gary E. McGraw, and Jeffrey M. Voas * e-mail: {anup,gem,jmvoas}@rstcorp.com * Title: Defining an Adaptive Software Security Metric from a Dynamic Software Failure Tolerance Measure * Affiliation: Reliable Software Technologies Corp. * Description: We are developing a prototype tool funded by DARPA that will support quantitative assessment of information security and survivability for software based on dynamic software assessment techniques. * Further information: http://www.rstcorp.com * Name: David Wagner * E-mail: daw@cs.berkeley.edu * Title: ISAAC * Affiliation: University of California, Berkeley * Description: I am studying practical network security and issues in cryptography. * Further information: (my web page): http://www.cs.berkeley.edu/~daw/ (my research group's page): http://www.cs.berkeley.edu/projects/isaac/ ________________________________________________________________________ Calendar ________________________________________________________________________ Internet Conference Calendar, URL:http://www.automatrix.com/conferences/ is also worth a look. ==================================================================== See Calls for Papers section for details on many of these listings. ==================================================================== Dates Event, Location Point of Contact/ more information ----- --------------- ---------------------------------- * 6/ 2/96: DMKD96 Montreal, Canada. Web page * 6/ 3/96- 6/ 6/96: SIGMOD/PODS '96, Montreal, Canada * 6/ 3/96- 6/ 5/96: SOC18, Kingston, Ontario, Canada. * 6/ 4/96- 6/ 6/96: SECURICOM '96, Paris, France. * 6/ 7/96: SAC '96, Kingston, Ontario, Canada. Submissions due via mail; * 6/10/96- 6/12/96: CSFW96. County Kerry, Ireland Wkshop Web page. * 6/10/96- 6/11/96: ISTCS96. Jerusalem, Israel. * 6/10/96- 6/12/96: CVDSWS, Gaithersburg, MD * 6/12/96- 6/14/96: BDBIS. Tallinn, Estonia Conf Web page * 6/12/96: registration deadline for CRYPTO '96, Santa Barbara, California * 6/13/96: ICDT97, Delphi, Greece; Conf Web page. Submissions due to afrati@cs.ece.ntua.gr; [*] * 6/16/96- 6/20/96: SFC '96, Snowbird, Utah; Conf Web page * 6/17/96- 6/21/96: COMPASS96, Gaithersburg, Maryland; Conf Web page * 6/18/96- 6/20/96: ICSSDBM '96, Stockholm; pers@sto.foa.se * 6/19/96- 6/21/96: CoopIS96, Brussels, Belgium. Conf Web page. * 6/19/96- 6/21/96: IWES. Stanford University, California Conf Web page * 6/21/96- 6/22/96: PISEE; Isaac Newton Institute, Cambridge, England * 6/24/96- 6/26/96: ACISP96, Woolongong, NSW, Australia. * 6/25/96- 6/28/96: INET96. Montreal, Canada Conf Web page * 7/ 5/96: ASIAN '96, Singapore; Conf Web page. Submissions to asian96@iscs.nus.sg; [*] * 7/15/96: ISADS97, Berlin, Germany; Conf Web page. Submissions due to by mail; [*] * 7/22/96- 7/24/96: IFIP WG 11.3, Como, Italy, samarati@dsi.unimi.it or sandhu@isse.gmu.edu * 7/22/96- 7/25/96: USENIX Sec Symp, San Jose, California; Conf Web page * 7/28/96- 7/31/96: FIRST '96, Santa Clara, California; Conf Web page * 8/ 3/96- 8/ 5/96: KDD96. Portland, Oregon Conf Web page See Web page. * 8/14/96- 8/16/96: MMDMS, Mountain Lake, NY. Conf web page. * 8/15/96- 8/16/96: SAC '96, Kingston, Ontario, Canada * 8/18/96- 8/22/96: CRYPTO96, Santa Barbara, California * 8/27/96- 8/30/96: TPHOLs '96, Turku, Finland; Conf Web page * 8/30/96: DASFAA '97; Melbourne, Australia. Conf Web page. Submissions due by email to rwt@cit.gu.edu.au; [*] * 8/31/96- 9/ 2/96: ATMA, Goa, India; Conf Web page. * 9/2/96-9/6/96: IFIP96 Mobile Commns Canberra, Australia. * 9/ 3/96- 9/ 6/96: VLDB96, Bombay, India * 9/ 3/96: DCCA6, Garmisch-Partenkirchen, Germany. * 9/ 9/96- 9/13/96: DEXA96, Zurich, Switzerland. Conf Web page * 9/16/96 - 9/19/96: NSPW '96, Lake Arrowhead, CA ; questions to newparadigms96@itd.nrl.navy.mil. Conf web page * 9/18/96- 9/20/96: SCRAPC96, Lille, France Conf Web page * 9/23/96- 9/24/96: IFIP TC6 TC11, University of Essen, Germany; Conf Web page. * 9/23/96- 9/27/96: SDSP96, Perth, Australia * 9/25/96- 9/27/96: ESORICS'96, Rome; bertino@hermes.mc.dsi.unimi.it * 9/30/96-10/ 3/96: PRAGOCRYPT '96, Prague * 9/30/96: JCS special issue on WWW security; submissions due by mail; issue page * 10/11/96: FSE4, Haifa, Israel; Conf Web page. Submissions to biham@cs.technion.ac.il; [*] * 10/16/96-10/19/96: WebNet. San Francisco, CA Conf Web page * 10/16/96-10/19/96: IC3N96, Rockville, Washington D. C. * 10/21/96-10/25/96: ICECCS96; Montreal, Quebec. Conf Web page * 10/29/96-11/ 1/96: ICNP96, Columbus, Ohio; Conf Web page * 11/ 3/96-11/ 7/96: ASIACRYPT96, Kyongju, South Korea Conf Web page * 11/11/96-11/12/96: MOBICOM96, Rye, NY; conf Web page * 11/11/96-11/13/96: CSI '96,Chicago, Illinois * 11/14/96-11/15/96: IPIC96, Cambridge, Massachusetts; Conf Web page * 11/15/96: ENM '97, Montreal, Quebec. Submissions by mail; [*] * 10/22/96: HASE96. Niagara-on-the-Lake, Canada; Conf Web page * 10/22/96-10/25/96: NISS96. Baltimore, Maryland * 10/29/96-11/ 1/96: OSDI '96 Seattle, WA; Conf web page * 12/ 2/96-12/ 4/96: ASIAN '96, Singapore. Conf Web page * 12/ 9/96-12/13/96: 12th Annual ACSAC, San Diego, CA. Conf web page. * 1/ 8/97- 1/10/97: ICDT97, Delphi, Greece; Conf Web page * 1/27/97- 1/29/97: FSE4, Haifa, Israel; Conf Web page. * 2/10/97- 2/11/97: SDNSS '97, San Diego, CA. Matt Bishop (bishop@cs.ucdavis.edu) and Cliff Neuman (bcn@isi.edu) * 2/23/97- 2/24/97: PAKDD '97, Singapore. Info hweeleng@iti.gov.sg; Conf Web page * 3/ 5/97- 3/ 7/97: DCCA6. Garmisch-Partenkirchen, Germany. * 4/ 1/97- 4/ 4/97: DASFAA '97; Melbourne, Australia Conf Web page * 4/ 9/97- 4/11/97: ISADS97, Berlin, Germany; Conf Web page * 5/ 4/97- 5/ 7/97: IEEE S&P 97; no e-mail address available * 5/13/97- 5/16/97: 9th CCSS, Ottawa; no e-mail address available * 6/11/97- 6/12/97: ENM '97, Montreal, Quebec * 5/ 3/98- 5/ 6/98: IEEE S&P 98; Oakland no e-mail address available * 5/12/98- 5/15/98: 10th CCSS, Ottawa; no e-mail address available * 5/ 2/99- 5/ 5/99: IEEE S&P 99; Oakland no e-mail address available * 5/11/99- 5/14/99: 11th CCSS, Ottawa; no e-mail address available * 4/30/00- 5/ 3/00: IEEE S&P 00; Oakland no e-mail address available * 5/16/00- 5/19/00: 12th CCSS, Ottawa; no e-mail address available Key: * ACISP = Australasian Conference on Information Security and Privacy, ACISP96 * ACSAC = Annual Computer Security Applications Conference 12th Annual. * ASIAN = Asian Computing Science Conference ASIAN '96 * ATMA = Advanced Transaction Models and Architectures ATMA * BDBIS = Baltic Workshop on DB and IS, BDBIS * CCS-3 = 3rd ACM Conference on Computer and Communications Security * CCSS = Annual Canadian Computer Security Symposium * CIKM = Int. Conf. on Information and Knowledge Management CIKM '95 * COMAD = Seventh Int'l Conference on Management of Data (India) * CISMOD = International Conf. on Information Systems and Management of Data * CFP = Conference on Computers, Freedom, and Privacy * COMPASS = Conference on Computer Assurance COMPASS'96 * CoopIS96 = First IFCIS International Conference on Cooperative Information Systems, CoopIS96. * CPAC = Cryptography - Policy and Algorithms Conference * CRYPTO = IACR Annual CRYPTO Conference CRYPTO96 * CSFW = Computer Security Foundations Workshop CSFW96 and Wkshp page * CSI = Computer Security Institute Conference CSI96 * CVDSWS = Invitational Workshop on Computer Vulnerability Data Sharing CVDSWS. * CWCP = Cambridge Workshop on Cryptographic Protocols * DASFAA = Database Systems For Advanced Applications DASFAA '97. * DCCA = Dependable Computing for Critical Applications DCCA6 * DEXA = International Conference and Workshop on Database and Expert Systems Applications, DEXA96 * DMKD96 = Workshop on Research Issues on Data Mining and Knowledge Discovery,Web page and CFP. * DOOD = Conference on Deductive and Object-Oriented Databases DOOD '95 * EdCS = Education in Computer Security EdCS * ENM = Enterprise Networking ENM '97 * ESORICS = European Symposium on Research in Computer Security ESORICS'96 * FIRST = Computer Security Incident Handling and Response FIRST '96 * FISP = Federal Internet Security Plan Workshop, FISP96. * FISSEA = Federal Information Systems Security Educators' Association * FME = Formal Methods Europe, FME '96 * FMSP = Formal Methods in Software Practice * FSE = Fast Software Encryption Workshop FSE4 * HASE = High-Assurance Systems Engineering Workshop HASE96 * HPTS = Workshop on High Performance Transaction Systems * IC3N = International Conference on Computer Communications and Networks IC3N '96 * ICDCS96 = The 16th International Conference on Distributed Computing Systems, ICDCS96 * ICDE = Int. Conf. on Data Engineering ICDE '95 * ICDT = International Conference on Database Theory ICDT97. * ICECCS = International Conference on Engineering of Complex Computer Systems ICECCS '96 * ICI = International Cryptography Institute * ICNP96 = International Conference on Network Protocols ICNP96 * ICSSDBM = Int. Conf. on Scientific and Statistical Database Management * IEEE S&P = IEEE Symposium on Security and Privacy - IEEE S&P '96 * IFIP/SEC = International Conference on Information Security (IFIP TC11) * IFIP WG11.3 = IFIP WG11.3 10th Working Conference on Database Security * IFIP96 Mobile Commns = IFIP 1996 World Conference, Mobile Communications * IH Workshop '96 = Workshop on Information Hiding * IMACCC = IMA Conference on Cryptography and Coding, 5th IMACC * IMC96 = IMC'96 Information Visualization and Mobile Computing * INET = Internet Society Annual Conference * INET96 = The Internet: Transforming Our Society Now, INET96 * IPIC = Integration of Enterprise Information and Processes, IPIC96 * IPSWG = Internet Privacy and Security Workshop IPSWG '96 * IS = Information Systems (journal) * ISADS = Symposium on Autonomous Decentralized Systems ISADS '97 * ISTCS = Fourth Israeli Symposium on Theory of Computing and Systems, ISTCS96. * IT-Sicherheit '95 = Communications and Multimedia Security: Joint Working conference of IFIP TC-6 and TC-11 and Austrian Computer Society * IWES = International Workshop on Enterprise Security IWES * JBCS = Journal of the Brazilian Computer Society * JCMS = Journal of Computer Mediated Communication * JCS = Journal of Computer Security WWW issue * JDSE = Journal of Distributed Systems Engineering; Future Directions for Internet Technology JDSE * KDD96 = The Second International Conference on Knowledge Discovery and Data Mining (KDD-96) * MCN = ACM Int. Conf. on Mobile Computing and Networking. See MOBICOM * MCDA = Australian Workshop on Mobile Computing & Databases & Applications; MCDA96. * MDS '95 = Second Conference on the Mathematics of Dependable Systems MDS-95 * METAD = First IEEE Metadata Conference METAD * MMDMS = Wkshop on Multi-Media Database Management Systems MMDMS '96 * MOBICOM = Mobile Computing and Networking MOBICOM '96. * NCSC = National Computer Security Conference * NISS = National Information Systems Security Conference NISS96 * NSPW = New Security Paradigms Workshop NSPW '96 * OOER = Fourteenth Int. Conf. on Object-Oriented and Entity Relationship Modelling OOER '95 * OSDI = Operating Systems Design and Implementation OSDI '96 * PAKDD = First Asia-Pacific Conference on Knowledge Discovery and Data Mining, PAKDD97 * PISEE = Personal Information - Security, Engineering, and Ethics PISEE * RBAC'95 = First ACM Workshop on Role-Based Access Control * RTDB'96 = First International Workshop on Real-Time Databases: Issues and Applications, RTDB96. * SAC = Workshop on Selected Areas of Cryptography SAC '96 * SCRAPC = Smart Card Research and Advanced Application Conference SCRAPC96 * SDSP = UK/Australian International Symposium On DSP For Communication Systems SDSP '96 * SECURICOM = World Congress on the Security of Information Systems and Telecommunication, SECURICOM '96 * SFC = Society and the Future of Computing SFC '96 * SFTC-VI = Symposium on Fault Tolerant Computing - VI (Brazil) * SIGMOD/PODS - ACM SIGMOD International Conference on Management of Data / ACM SIGACT SIGMOD-SIGART Symposium on Principles of Database Systems * SNDSS = Symposium on Network and Distributed System Security (Internet Society) * SOC = 18th Biennial Symposium on Communiations, SOC18. * TPHOLs = Theorem Proving in Higher Order Logics TPHOLs96 * TSMCFP96 = 4th International Conference on Telecommunication Systems * USENIX Sec Symp = USENIX UNIX Security Symposium, 6th Annual. * VLDB = 22nd International Conference on Very Large Data Bases, VLDB96. * WDAG-9 = Ninth Int. Workshop on Distributed Algorithms * WebNet = World Conference of the Web Society, WebNet96. * WWWC = International World Wide Web Conference WWWC96. ________________________________________________________________________ Data Security Letter Subscription Offer ________________________________________________________________________ A special subscription rate of $25/year for the Data Security Letter is now available to IEEE TC members. The DSL is an external, nonpartisan newsletter published by Trusted Information Systems, Inc. Eleven issues (usually 16 pages each) per year are published. The DSL welcomes reader suggestions and contributions and accepts short research abstracts (about 130 words) for publication on an ongoing basis. On occasion, the DSL will be republishing Cipher articles (with authors' approval), but such articles will constitute a small portion of DSL content (thus there will be very little duplication of Cipher material). IEEE TC members wishing to take advantage of the special subscription rate should send the following to sharon@tis.com. The information can also be faxed to 301-854-5363 (attention: DSL) phoned to 301-854-5338, or mailed to Trusted Information Systems, Inc., 3060 Washington Rd., Glenwood, MD 21738 USA. NAME: POSTAL ADDRESS: (Please indicate company name, if a business address) PHONE: (Please indicate if home or business) FAX: E-MAIL: IEEE Membership No. (if applicable): NOTE: If you are already a paying subscriber to the DSL, for the $25 you will receive a 2-year renewal; refunds, rebates, etc., on your current subscription are not available. If you have any questions about the offer or anything else pertaining to the DSL, you may contact the editor, Sharon Osuna, via E-Mail to sharon@tis.com or call her at 301-854-5338. ________________________________________________________________________ How to join the TC on Security and Privacy ________________________________________________________________________ You do NOT have to join either IEEE or the IEEE Computer Society to join the TC, and there is no cost to join the TC. All you need to do is fill out an application form and mail or fax it to the IEEE Computer Society. A copy of the form is included below (to simplify things, only the TC on Security and Privacy is included, and is marked for you) The full and complete form is available on the IEEE Computer Society's Web Server at URL: http://info.computer.org:80/tab/tcapplic.htm PLEASE NOTE THAT THE FORM IS TO BE RETURNED (BY MAIL OR FAX) TO THE IEEE COMPUTER SOCIETY, >>NOT<< TO CIPHER. --------- IEEE Computer Society Technical Committee Membership Application ----------------------------------------------------------- Please print clearly or type. ----------------------------------------------------------- Last Name First Name Middle Initial ___________________________________________________________ Company/Organization ___________________________________________________________ Office Street Address (Please use street addresses over P.O.) ___________________________________________________________ City State ___________________________________________________________ Country Postal Code ___________________________________________________________ Office Phone Fax ___________________________________________________________ Email Address (Internet accessible) ___________________________________________________________ Home Address (optional) ___________________________________________________________ Home Phone ___________________________________________________________ [ ] I am a member of the Computer Society IMPORTANT: IEEE Member/Affiliate/Computer Society Number: ____________________ [ ] I am not a member of the Computer Society* Please Note: In some TCs only current Computer Society members are eligible to receive Technical Committee newsletters. Please select up to four Technical Committees/Technical Councils of interest. TECHNICAL COMMITTEES [ X ] T27 Security and Privacy Please Return Form To: IEEE Computer Society 1730 Massachusetts Ave, NW Washington, DC 20036-1992 Phone: (202) 371-0101 FAX: (202) 728-9614 ________________________________________________________________________ TC Publications for Sale ________________________________________________________________________ Proceedings of the 1996 Conference proceedings are now available, and we have reduced prices on some of the older issues. Please help us liquidate the backlog by ordering several copies for your friends! Price by mail per volume IEEE CS Press IEEE CS Press Year from TC* IEEE member price List Price ---- ---------- ----------------- ------------- 1992 $10 Only available from TC! 1993 $10 Only available from TC! 1994 $15 $30+$4 S&H $60+$5 S&H 1995 $25 $30+$4 S&H $60+$4 S&H 1996 $30 *price includes shipping and handling For overseas delivery: -- by surface mail, please add $5 per order (3 volumes or fewer) -- by air mail, please add $10 per volume to the prices listed above. If you would like to place an order, please send a letter specifying * which issues you would like, * where to send them, and * a check in US dollars, payable to the 1995 IEEE Symposium on Security and Privacy to: Charles N. Payne Treasurer, IEEE TC on Security and Privacy Secure Computing Corp. 2675 Long Lake Rd. Roseville, MN 55113 U S A ________________________________________________________________________ TC Officer Roster ________________________________________________________________________ Chair: Vice Chair: Deborah Cooper Charles P. Pfleeger P.O. Box 17753 Trusted Information Systems, Inc. Arlington, VA 22216 3060 Washington Rd., (703)908-9312 voice and fax Glenwood, MD 21738 dmcooper@ix.netcom.com (301)854-6889 (voice) (301)854-5363 (fax) pfleeger@tis.com Newsletter Editor: Chair, Subcommittee on Academic Affairs: Carl Landwehr Prof. Karl Levitt Code 5542 University of California, Davis Naval Research Laboratory Division of Computer Science Washington, DC 20375-5337 Davis CA 95611 (202)767-3381 (916)752-0832 landwehr@itd.nrl.navy.mil levitt@iris.ucdavis.edu Standards Subcommittee Chair: Greg Bergren 10528 Hunters Way Laurel, MD 20723-5724 (410)684-7302 (410)684-7502 (fax) glbergr@missi.ncsc.mil ________________________________________________________________________ Information for Subscribers and Contributors ________________________________________________________________________ SUBSCRIPTIONS: Two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to (which is NOT automated) with subject line "subscribe". 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing or downloading from our ftp server send e-mail to (which is NOT automated) with subject line "subscribe postcard". To remove yourself from the subscription list, send e-mail to cipher-request@itd.nrl.navy.mil with subject line "unsubscribe". Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher CONTRIBUTIONS: to are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. For Calendar entries, please include an e-mail address for the point-of-contact. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. BACK ISSUES: There is an archive that includes each copy distributed so far, in ascii, in files you can download at URL http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/cipher-archive.html There is also an anonymous FTP server that contains the same files. To access the archive via anonymous FTP: 1. ftp www.itd.nrl.navy.mil 2. At prompt for ID, enter "anonymous" 3. At prompt for password, enter your actual, full e-mail address 4. Once you are logged in, change to the Cipher Directory: cd pub/cipher 5. Now you can request any of the files containing Cipher issues in ascii. Issues are named in the form: EI#N.9506 where N is the number of the issue desired and 9506 captures the year and month it first appeared. =======end of Electronic Cipher Issue #15, 1 June 1996================