News Bits

The dates for CSW 15 have been announced:   June 24-26, 2002 in Nova Scotia, Canada.  The call for papers will be out in September (watch the Cipher calls-for-papers and calendar list,

Avi Rubin's new book, White-Hat Security Arsenal: Tackling the Threats (Addison-Wesley)  is out!  See for more information.

Correspondence from IEEE:

The IEEE Computer Society Press is now sending out a monthly E-Bulletin, the CS Press Alert, that announces the latest books and proceedings releases to our subscribers. The CS Press Alert is only sent out to those who request the bulletin (after an initial trial run and opt in period). For more information, contact  Tom Fink, Press Marketing Manager. IEEE Computer Society,


Organizers for the 8th ACM Conference on Computer and Communications Security (November 5-8, 2001, Philadelphia, PA USA) have announced the conference program and registration process. See  for details.   The following papers will be presented:

  • Error Tolerant Password Recovery, Niklas Frykholm. Ari Juels, RSA Laboratories, Bedford, MA, USA

  • Twin Signatures: an Alternative to the Hash-and-Sign Paradigm. David Naccache, David Pointcheval, Jacques Stern, Dept Informatique - Ecole Normale Superieure, Paris, France

  • Events in Security Protocols. Federico Crazzolara, Glynn Winskel, Computer Laboratory, University of Cambridge, Cambridge, England

  • Formalizing GDOI Group Key Management Requirements in NPATRL. Catherine Meadows, Paul Syverson, Iliano Cervesato, Center for High Assurance Computer Systems, Naval Research Laboratory, Washington, USA

  • An Efficient Security Verification Method for Programs with Stack Inspection. Naoya Nitta, Yoshiaki Takata, Hiroyuki Seki, Graduate School of Information Science, Nara Institute of Science and Technology

  • OCB: An Authenticated-Encryption Mode for Emerging Cryptographic Standards. Phillip Rogaway, University of California at Davis, Davis, California, USA, Mihir Bellare, University of California at San Diego, La Jolla, California, USA, John Black, University of Nevada, Reno, Nevada, USA, Ted Krovetz, University of California at Davis, Davis, California, USA

  • The Performance of Public Key-Enabled Kerberos Authentication in Mobile Computing Applications. Alan Harbitter, PEC Solutions, Inc., Fairfax, VA, Daniel A. Menascé, Department of Computer Science, George Mason University, Fairfax, VA

  • Accountable-Subgroup Multisignatures. Silvio Micali, MIT LCS, Cambridge, MA, USA, Kazuo Ohta, Department of Information and Comunication Engineering, University of Electoro-Communications, Tokyo, Japan, Leonid Reyzin, MIT LCS, Cambridge, MA, USA

  • Policy Algebras for Access Control - The Propositional Case. Duminda Wijesekera, Sushil Jajodia, Center for Secure Information Systems, George Mason University, Fairfax VA, USA

  • A Chinese Wall Security Model for Decentralized Workflow Systems. Vijayalakshmi Atluri, Soon Ae Chun, Pietro Mazzoleni, MSIS Department and CIMIC, Rutgers University, Newark, NJ, USA

  • On the Relationship between Strand Spaces and Multi-Agent Systems. Joseph Y. Halpern, Riccardo Pucella, Department of Computer Science, Cornell University, Ithaca, NY, USA

  • Provably Authenticated Group Diffie-Hellman Key Exchange. Emmanuel Bresson, Ecole normale supérieure, Paris, France, Olivier Chevassut, Lawrence Berkeley National Laboratory, Berkeley, CA, USA, David Pointcheval, Ecole normale supérieure, Paris, France, Jean-Jacques Quisquater, Microelectronic laboratory, Louvain-la-Neuve, Belgium

  • Tangler - A Censorship Resistant Publishing System Based On Document Entanglements. Marc Waldman, David Mazieres, Computer Science Department, New York University, New York, NY, USA

  • Design and Implementation of a Flexible RBAC-Service in an Object-Oriented Scripting Language. Gustaf Neumann, Mark Strembeck, Department of Information Systems, New Media, Vienna University of Economics and BA, Vienna, Austria

  • Delegation of Cryptographic Servers for Capture-Resilient Devices. Philip MacKenzie, Michael K. Reiter, Bell Labs, Lucent Technologies, Murray Hill, NJ, USA

  • Distributed Credential Chain Discovery in Trust Management. Ninghui Li, Department of Computer Science, Stanford University, Stanford, CA, USA, William H. Winsborough, NAI Labs, Glenwood, MD, USA, John C. Mitchell, Department of Computer Science, Stanford University, Stanford, CA, USA

  • Bounded-Process Cryptographic Protocol Analysis. Jonathan Millen, Vitaly Shmatikov, Computer Science Laboratory, SRI International, Menlo Park, CA, USA

  • A New Approach to DNS Security (DNSSEC). Giuseppe Ateniese, Stefan Mangard, Department of Computer Science, The Johns Hopkins University, Baltimore, MD, USA

  • On the Abuse-Freeness of the Garay-Jakobsson-MacKenzie Two-Party Protocol. Rohit Chadha, Department of Mathematics, University of Pennsylvania, Philadelphia, PA, USA, Max Kanovich, Andre Scedrov, Department of Computer and Information Science, University of Pennsylvania, Philadelphia, PA, USA

  • Flexible Authentication of XML documents. Prem Devanbu, Michael Gertz, April Kwong, Chip Martel, Glen Nuckolls, Department of Computer Science, University of California, Davis, California, CA, USA, Stuart G. Stubblebine, CertCo, New York, NY, USA

  • Securely Combining Public-Key Cryptosystems. Stuart Haber, InterTrust STAR Lab, Santa Clara, CA, Benny Pinkas, InterTrust STAR Lab, Princeton, NJ, USA

  • Interoperable Strategies in Automated Trust Negotiation. Ting Yu, Marianne Winslett, Department of Computer Science, University of Illinois at Urbana-Champaign, Urbana, IL, USA, Kent Seamons, Department of Computer Science, Brigham Young Univeristy, Provo, Utah, USA

  • The Faithfulness of Abstract Encryption. Joshua D. Guttman, F. Javier Thayer Fabrega, MITRE, Bedford, MA, USA, Lenore D. Zuck, Department of Computer Science, Yale University, New Haven, CT, USA

  • Verifiable, Secret Shuffles of ElGamal Encrypted Data for Secure Multi-Authority Elections. C. Andrew Neff, VoteHere, Inc., Bellevue, WA, USA

  • A Practical Forward Secure Group Signature Scheme. Dawn Song, University of California, Berkeley, Berkeley, CA, USA

  • BiBa: A New Signature Scheme for Broadcast Authentication. Adrian Perrig, SIMS - UC Berkeley, Berkeley, CA, USA

  • Paillier's Cryptosystem Revisited. Dario Catalano, Università di Catania, Italy, Rosario Gennaro, Nick Howgrave-Graham, IBM Research, Yorktown Heights, NY, USA, Phong Q. Nguyen, Ecole Normale Superieure, Paris, France


2002 TC Officers

At the Technical Committee on Security and Privacy meeting at the 2001 S&P symposium, the following folks were elected, drafted, or otherwise volunteered:

( effective January 2002)

         Michael Reiter
Past Chair: 
         Thomas A. Berson
Vice Chair: 
         Heather Hinton 
Chair, Subcommittee on Academic Affairs:
         Cynthia Irvine
Newsletter Editor:
         Jim Davis
Chair, Subcommittee on Standards:
         David Aucsmith
Chair, Subcomm. on Security Conferences:
         Jonathan Millen

2002 IEEE Symposium on Security and Privacy:

General Chair:
         Heather Hinton
         Bob Blakley
Program Chair: 
         Martín Abadi
Program Co-Chair:
         Steve Bellovin

Correspondence to Cipher:


NIST Seeks Comments on Security Risk Management Guide

One of the greatest computer security challenges faced by government agencies and businesses is figuring out how much is too much.

Doing nothing in the age of hackers and viruses is unwise. Still, spending too much time and money trying to thwart every conceivable computer security threat simply drains resources.

Computer scientists at the National Institute of Standards and Technology have drafted a risk management guide that helps managers sort out all the issues and set priorities. The document gives suggestions about how to approach risk assessment and mitigation in a computer security context.

It is organized by the three phases of an ongoing risk management process: performing a risk assessment, addressing the mitigation of that risk and evaluating the results. The guide also contains two appendices: a glossary of terms and a sample outline to use in documenting results.

A draft of the guide is available at A final version of the guide is expected by the end of the year.

NIST's Computer Security Division is accepting public comments on the document until August 15, 2001. These should be sent to Gary Stoneburner, NIST, 100 Bureau Dr., Stop 8930, Gaithersburg, Md. 20899-8930; .

The National Science Foundation awarded $8.6 million in fellowships for 200 students studying in Information Assurance.  The "CyberCorps" fellowships support US citizens who are working towards an undergraduate or Masters degree in Information Assurance with the requirement that students work for a federal agency upon graduation.  Six Universities were selected to participate in the first year of the program:  Carnegie Mellon University, Iowa State University, Purdue University, the University of Idaho, the University of Tulsa, and the Naval Postgraduate School.  See Colleen O'Hara's articles in Federal Computing Week (5/23/01, 5/28/01):  and


News Bits contains correspondence, interesting links, non-commercial announcements and other snippets of information the editor thought that Cipher readers might find interesting.  And, like a UCITA protected product, by reading the above page you have already agreed to not hold the editor accountable for the correctness of its contents.