Papers to be presented at the 19th National Information Systems Security Conference, Baltimore, MD, Oct. 21-25

• Keynote Address
  August Bequai
• E4 ITSEC Evaluation of PR/SM on ES/9000 Processors
  Naomi Htoo-Mosher, Robert Nasser, Nevenko Zunic, International Business Machines Julian Straw, Syntegra, UK
• A High-Performance Hardware-Based High Assurance Trusted Windowing System
  Jeremy Epstein, Cordant, Inc.
• WWW Technology in the Formal Evaluation of Trusted Systems
  E.J. McCauley, Silicon Graphics Computer Systems, Inc.
• The Certification of the Interim Key Escrow System
  Ellen Flahavin, Ray Snouffer, National Institute of Standards and Technology
• Configuration Management in Security related Software Engineering Processes
  Klaus Keus, Thomas Gast, Bundesamt fur Sicherheit in der Informationstechnik, Germany
• The Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP)
  Jack Eller, DISA
  Mike Mastrorocco, Computer Security Consulting
  Barry C. Stauffer, CORBETT Technologies, Inc.
• Trusted Process Classes
  William L.Steffan, Tracor Applied Science, Inc.
  Jack D. Clow, SenCom Corporation
• Design Analysis in Evaluations Against the TCSEC C2 Criteria
  Frank Belvin, Deborah Bodeau, Shaan Razvi, The MITRE Corporation
• System Security Engineering Capability Maturity Model and Evaluations: Partners within the Assurance Framework
  Charles G. Menk III, Department of Defense
• Applying the TCSEC Guidelines to a Real-Time Embedded System Environment
  Jim Alves-Foss, Deborah Frincke, Gene Saghi, University of Idaho
• EDI Moves from the VAN to the Internet
  Brian Bradford, University of Maryland
• An International Standard for the Labeling of Digital Products
  Viktor E. Hampel, Hampel Consulting
• The Business-LED Accreditor - OR.How to Take Risks and Survive
  Michael E J Stubbings, Government Communications Headquarters, UK
• Integration of Digital Signatures into the European Business Register
  Helmut Kurth, Industrieanlagen Betriebsgesellschaft mbH, Germany
• Industrial Espionage Today and Information Wars of Tomorrow
  Paul M. Joyal, INTEGER Inc.
• B is for Business: Mandatory Security Criteria & the OECD Guidelines for Information Systems Security
  Prof. William J. Caelli, Queensland University of Technology, Australia
• Marketing & Implementing Computer Security
  Mark Wilson, National Institute of Standards and Technology
• Secure Internet Commerce - - Design and Implementation of the Security Architecture of Security First Network Bank, FSB
  Nicolas Hammond, NJH Security Consulting, Inc.
• Automatic Formal Analyses of Cryptographic Protocols
  Stephen H. Brackin, Arca Systems, Inc.
• Surmounting the Effects of Lossy Compression on Steganography
  Daniel L. Currie, III, Fleet Information Warfare Center
  Cynthia E. Irvine, Naval Postgraduate School
• Key Escrowing Systems and Limited One Way Functions
  William T. Jennings, Southern Methodist University & Raytheon E-Systems
  James G. Dunham, Southern Methodist University
• The Keys to a Reliable Escrow Agreement
  Richard Sheffield
• The Advanced Intelligent Network _ A Security Opportunity
  Thomas A. Casey, Jr., GTE Laboratories, Inc.
• Security Issues in Emerging High Speed Networks
  Vijay Varadharajan, University of Western Sydney, Australia
  Panos Katsavos, Hewlett Packard sponsored student, UK
• A Case Study of Evaluating Security in an Open Systems Environment
  Daniel L. Tobat, TASC
  Errol S. Weiss, Science Applications International Corporation
• Internet Firewalls Policy Development and Technology Choices
  Leonard J. D'Alotto, GTE Laboratories, Inc.
• A Case for Avoiding Security-Enhanced HTTP Tools to Improve Security for Web-Based Applications
  Bradley J. Wood, Sandia National Laboratories
• Applying the Eight Stage Risk Assessment Methodology to Firewalls
  David L. Drake, Katherine L. Morse, Science Applications International Corporation
• Lessons Learned: An Examination of Cryptographic Security Services in a Federal Automated Information System
  Jim Foti, Donna Dodson, Sharon Keller, National Institute of Standards and Technology
• Intellectual Property Rights and Computer Software
  Dawn E. Bowman, University of Maryland
• Case Study of Industrial Espionage Through Social Engineering
  Ira S. Winkler, National Computer Security Association
• Legal Aspects of Ice-Pick Testing
  Dr. Bruce C. Gabrielson, Kaman Sciences Corp.
• Security Through Process Management
  Jennifer L. Bayuk, Price Waterhouse, LLP.
• Malicious Data and Computer Security
  W. Olin Sibert, InterTrust Technologies Corporation
• Security Issues for Telecommuting
  Lisa J. Carnahan, Barbara Guttman, National Institute of Standards and Technology
• An Isolated Network for Research
  Matt Bishop, L. Todd Heberlein, University of California, Davis
• GrIDS-A Graph-Based Intrusion Detection System for Large Networks
  S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, D. Zerkle, University of California, Davis
• Attack Class: Address Spoofing
  L. Todd Heberlein, Net Squared
  Matt Bishop University of California, Davis
• Generic Model Interpretations: POSIX.1 and SQL
  D. Elliott Bell, Mitretek Systems
• The Privilege Control Table Toolkit: An Implementation of the System Build Approach
  Thomas R. Woodall, Roberta Gotfried, Hughes Aircraft Company
• Use of the Zachman Architecture for Security Engineering
  Ronda Henning, Harris Corporation
• Developing Secure Objects
  Deborah Frincke, University of Idaho
• Deriving Security Requirements for Applications on Trusted Systems
  Raymond Spencer, Secure Computing Corporation
• Security Implications of the Choice of Distributed Database Management System Model: Relational vs. Object-Oriented
  Stephen Coy, University of Maryland
• Management Model for the Federal Public Key Infrastructure
  Noel A. Nazario, William E. Burr, W. Timothy Polk, National Institute of Standards and Technology
• Security Policies for the Federal Public Key Infrastructure
  Noel A. Nazario, National Institute of Standards and Technology
• A Proposed Federal PKI using X.509 V3 Certificates
  William E. Burr, Noel A. Nazario, W. Timothy Polk, National Institute of Standards and Technology
• A Security Flaw in the X.509 Standard
  Santosh Chokhani, CygnaCom Solutions, Inc.
• Computer Virus Response Using Autonomous Agent Technology
  Christine M. Trently, Mitretek Systems
• Security Across the Curriculum: Using Computer Security to Teach Computer Science Principles
  Major Gregory White, Ph.D., Captain Gregory Nordstrom (ret), USAF Academy
• U.S. Government Wide Incident Response Capability
  Marianne Swanson, National Institute of Standards and Technology
• MLS DBMS Interoperability Study
  Rae K. Burns, AGCS, Inc.
  Yi-Fang Koh, Raytheon Electronic Systems
• MISSI Compliance for Commercial-Off-The-Shelf Firewalls
  Michael Hale, Tammy Mannarino, National Security Agency
• Designing & Operating a Multilevel Security Network Using Standard Commercial Products
  Richard A. Griffith, Mac E. McGregor, Air Force C4 Technology Validation Office
• Real World Anti-Virus Product Reviews and Evaluations - The Current State of Affairs
  Sarah Gordon, Richard Ford, Command Systems, Inc.
• Security Proof of Concept Keystone (SPOCK)
  James McGehee, COACT, Inc.
• Use of a Taxonomy of Security Faults
  Taimur Aslam, Ivan Krsul, Eugene H. Spafford, Purdue University
• Protecting Collaboration
  Gio Wiederhold, Michel Bilello, Stanford University
  Vatsala Sarathy, Oracle Corp.
  XiaoLei Qian, SRI International
• Design and Management of a Secure Networked Administration System: A Practical Solution
  Vijay Varadharajan, University of Western Sydney, Australia
• Information Warfare, INFOSEC and Dynamic Information Defense
  J.R. Winkler, C.J. O'Shea, M.C. Stokrp, PRC Inc.
• Security for Mobile Agents: Issues and Requirements
  William M. Farmer, Joshua D. Guttman, Vipin Swarup, The MITRE Corporation
• Extended Capability: A Simple Way to Enforce Complex Security Policies in Distributed Systems
  I-Lung Kao, IBM Corporation
  Randy Chow, University of Florida
• IGOR: The Intelligence Guard for ONI Replication
  R.W. Shore, The ISX Corporation

  Invited Papers

• Ethical and Responsible Behavior for Children to Senior Citizens in the Information Age
  Gale S. Warshawsky, International Community Interconnected Computing eXchange
• Privacy Rights in a Digital Age
  William Galkin, Esq., Law Office of William S. Galkin

  Panels

• Trust Technology Assessment Program
  Chair: Tom Anderson, National Security Agency
  Panelists:
  Pat Toth, National Institute of Standards and Technology
• Alternative Assurance: There's Gotta Be a Better Way!
  Chair: Douglas J. Landoll, Arca Systems, Inc.
  Panelists:
  John J. Adams, National Security Agency
  TBD, WITAT System Analysis & Operational Assurance Subgroup Chair
  M. Abrams, The MITRE Organization, WITAT Impact Mitigation Subgroup Chair
  TBD, WITAT Determining Assurance Mix Subgroup Chair
• Certification and Accreditation - Processes and Lessons Learned
  Chair: Jack Eller, DISA, CISS (ISBEC)
  Viewpoints:
  The Certification and Accreditation Process Handbook For Certifiers
  Paul Wisniewski, National Security Agency
  Standards in Certification and Accreditation
  Candice Stark, Computer Science Corporation
  The Certification of the Interim Key Escrow System
  Ray Snouffer. National Institute of Standards and Technology
  Lessons Learned From Application of the Dept. of Defense Information Technology
  Security Certification and Accreditation
  Barry C. Stauffer, CORBETT Technologies, Inc.
• Firewall Testing and Rating
  Chair: J. Wack, National Institute of Standards and Technology
• The Trusted Product Evaluation Program: Direction for the Future
  Chair: J. Pedersen, National Security Agency
• Common Criteria Project Implementation Status
  Chair: E. Troy, National Institute of Standards and Technology
  Panelists:
  Lynne Ambuel, National Security Agency
  Murray Donaldson, Communications-Electronics Security Group, UK
  Robert Harland, Communications Security Establishment, Canada
  Klaus Keus, BSI/GISA, Germany
  Frank Mulder, Netherlands National Communications Security Agency
  Jonathan Smith, Gamma Secure Systems, UK
• Developmental Assurance and the Common Criteria
  Chair: M. Schanken, National Security Agency
  Panelists:
  S. Katzke, National Institute of Standards and Technology
  E. Troy, National Institute of Standards and Technology
  K. Keus, BSI/GISA, Germany
  Y. Klein, SCSSI, France
• Secure Networking and Assurance Technologies Chair: T. Lunt, Defense Advanced Research Projects Agency (DARPA)
  Panelists:
  K. Levitt, University of California, Davis
  S. Kent, BBN
  Viewpoints:
  Secure Mobile Networks
  J. McHugh, Portland State University
  Adaptable Dependable Wrappers
  D. Weber, Key Software
  Generic Software Wrappers for Security and Reliability
  L. Badger, Trusted Information Systems, Inc.
  Defining an Adaptive Software Security Metric From A Dynamic Software Fault-Tolerance Measure
  J. Voas, Reliable Software Technologies
• Using Security to Meet Business Needs: An Integrated View From The United Kingdom
  Chair: Alex McIntosh, PC Security, Ltd.
  Viewpoints:
  Dr. David Brewer, Gamma Secure Systems, Ltd.
  Nigel Hickson, Department of Trade & Industry
  Denis Anderton, Barclays Bank PLC
  Dr. James Hodsdon, CESG
  Michael Stubbings, Government Communications Headquarters, UK
• Security APIs: CAPIs and Beyond
  Chair: Amy Reiss, National Security Agency
  Panelists:
  John Centafont, National Security Agency
  TBD, Microsoft
  Lawrence Dobranski, Canadian Communications Security Establishment, Canada
  David Balenson, Trusted Information Systems, Inc.
• Are Cryptosystems Really Unbreakable?
  Chair: Dorothy E. Denning, Georgetown University
  Panelists:
  Steven M. Bellovin, AT&T Research
  Paul Kocher, Independent Cryptography Consultant
  Eric Thompson AccessData Corporation
  Viewpoints:
  The Mathematical Primitives: Are They Really Secure?
  Arjen K. Lenstra, Citibank
• Best of the New Security Paradigms Workshop
  Chair: T. Haigh, Secure Computing Corporation
  Viewpoints:
  New Paradigms for Internetwork Security
  J. T. Haigh, Secure Computing Corporation
  The Emperor's Old Armor
  R. Blakely, International Business Machines
  Position Statement for New Paradigms Internetwork Security Panel
  S. Greenwald, Naval Research Laboratory
  Reactive Security and Social Control
  S. Janson, Swedish Institute of Computer Science, Sweden
  NISS Whitepaper: A New Model of Security for Distributed Systems
  W. Wulf, University of Virginia
• Series: Public Key Infrastructure: From Theory to Implementation Public Key Infrastructure Technology
  Chair: D. Dodson, National Institute of Standards and Technology
  Panelists:
  R. Housley, Spyrus
  C. Martin, Government Accounting Office
  W. Polk, National Institute of Standards and Technology
  S. Chokani, Cygnacom Solutions, Inc.
  V. Hampel, Hampel Consulting
• Public Key Infrastructure Implementations
  Chair: W. Polk, National Institute of Standards and Technology
  Panelists:
  P. Edfors, Government Information Technology Services (GITS) Working Group
  D. Heckman, National Security Agency
  D. Dodson, National Institute of Standards and Technology
  J. Galvin, CommerceNet
  W. Redden, Communications Security Establishment
• Establishing an Enterprise Virus Response Program
  Christine Trently, Mitretek Systems
• Data Warehousing I
  Chair: John Campbell, National Security Agency
  Panelists:
  Jesse C. Worthington, Informix Software, Inc.
  Viewpoints:
  Data Warehousing, Data Mining, and Security: Developments and Challenges
  Dr. Bhavani Thuraisingham, The MITRE Corporation
  Data Warehousing, Data Mining, and the Security Issues
  Dr. John Campbell, National Security Agency <\i>
• Data Warehousing II: The Technology
  Chair: John Davis, NCSC
  Panelists:
  Dr. Bhavani Thuraisingham, The MITRE Corporation
  Dr. John Campbell, National Security Agency
• Introduction to Infowarfare Terminology
  Francis Bondoc, Klein & Stump
• Information Warfare: Real Threats, Definition Changes, and Science Fiction
  Chair: Wayne Madsen, Computer Sciences Corporation
  Panelists:
  Martin Hill, Office of the Assistant Secretary of Defense C3I/Information Warfare
  Frederick G. Tompkins, Matthew Devost, Science Applications InternationalCorporation
  Scott Shane, The Baltimore Sun
  John Stanton, Journal of Technology Transfer
• Security in World Wide Web Browsers: More than Visa cards?
  Chair: R. Dobry, National Security Agency
  Panelists:
  C. Kolcun, Microsoft
  B. Atkins, National Security Agency
  K. Rowe, NCSA
• Attack/Defense
  Chair: J. David, The Fortress
  Panelists:
  S. Bellovin, AT&T
  W. Cheswick, AT&T
  P. Peterson, Martin Marietta
  M. Ranum, V-One
• The Web Series
  I. The Web - What is it, Why/How is it Vulnerable
  II. Securing the Web
  Chair: J. David, The Fortress
  Speaker:
  J. Freivald, Charter Systems, Inc.
  P. Peterson, Martin Marietta
  D. Dean, Princeton University
• Electronic Data: Privacy, Security, Confidentiality Issues
  Chair: Kristin R. Blair, Esq., Duvall, Harrington, Hale and Hassan
  Viewpoints:
  Virginia Computer Crime Law
  The Honorable Leslie M. Alden, Judge, Fairfax County Circuit Court
  Electronic Data: Privacy, Security and Confidentality
  Ronald J. Palenski, Esq., Gordon and Glickson, P.C.
  Steve A. Mandell, Esq., The Mandell Law Firm
• Monitoring Your Employees: How Much Can You Do And What Should You Do When You Uncover Wrongdoing?
  Steven W. Ray, Esq., Kruchko & Fries
• Computer Crime on the Internet - Sources and Methods
  Chair: Christine Axsmith, Esq. The Orkand Corporation
  Panelists:
  Special Agent Mark Pollitt, Federal Bureau of Investigation
  Phil Reitinger, Esq., Department of Justice
  Barbara Fraser, CERT, Carnegie Mellon University
• Legal Liability for Information System Security Compliance Failures: New Recipes for Electronic Sachertorte Algorithms
  Chair: Fred Chris Smith, Esq., Private Practice, Santa Fe, New Mexico
  Panelists:
  John Montjoy Sr., BBN Corporation
  Edward Tenner, Princeton University
  David J. Loundy, Esq., Private Practice, Highland Park, Illinois
• V-Chip: Policies and Technology
  Chair: Hilary Hosmer, Data Security, Inc.
  Panelists:
  D. Moulton, Esq., Chief of Staff, Office of Congressman Markey, HR
  Dr. D. Brody, MD, American Academy of Child and Adolescent Psychiatry
  Ms. S. Goering, Esq., American Civil Liberties Union
  W. Diffie, Sun Microsystems
• Protecting Medical Records and Health Information
  Chair: Joan D. Winston, Trusted Information Systems, Inc.
  Panelists:
  Gail Belles, VA Medical Information Security Service
  Bill Braithwaite, US Department of Health and Human Services
  Paula J. Bruening, Information Policy Consultant
  Patricia Taylor, US General Accounting Office
• Crimes in Cyberspace: Case Studies
  Chair: William S. Galkin, Esq., Law Office of William S. Galkin
  Panelists:
  Arnold M. Weiner, Esq., Weiner, Astrachan, Gunst, Hillman & Allen
  Kenneth C. Bass, III, Venable, Baejter, Howard & Civeletti
• Current Challenges in Computer Security Program Management
  Chair: Mark Wilson, National Institute of Standards and Technology
  Panelists:
  Lynn McNulty, McNulty and Associates
  Paul M. Connelly, White House Communications Agency
  Ann F. Miller, Fleet and Industrial Supply Center
  Barbara Gutmann, National Institute of Standards and Technology
• Achieving Vulnerability Data Sharing
  Chair: Lisa J. Carnahan, National Institute of Standards and Technology
  Panelists:
  Matt Bishop, University of California, Davis
  James Ellis, CERT/Coordination Center, Carnegie Mellon University
  Ivan Krsul, COAST Laboratory, Purdue University
• Incident Handling Policy, Procedures, and Tools
  Chair: Marianne Swanson, National Institute of Standards and Technology
  Panelists:
  Kelly Cooper, BBN Planet
  Thomas Longstaff, Computer Emergency Response Team/Coordination Center
  Peter Richards, Westinghouse Savannah River Company
  Ken van Wyk, Science Applications International Corporation
• Interdisciplinary Perspectives on Information Security: Mandatory Reporting
  Chair: M.E. Kabay, Ph.D., National Computer Security Association
  Panelists:
  Bruce Butterworth, Federal Aviation Administration
  Barbara Smith Jacobs, Securities and Exchange Commission
  Bob Whitmore, Occupational Health and Safety Administration
  Dr. Scott Wetterhall, Centers for Disease Control and Prevention
• International Perspectives on Cryptography Policy
  Chair: Dorothy E. Denning, Georgetown University
  Panelists:
  Peter Ford, Attorney General's Department, Australia
  David Herson, Commission of the European Communities, Belgium
  Viewpoint:
  International Perspectives on Cryptography Policy: A UK Perspective
  Nigel Hickson, Department of Trade and Industry, UK
• Security Protocols/Protocol Security
  Chair: D. Maughan, National Security Agency
• Surviving the Year 2000 Time Bomb
  Grace L. Hammonds, AGCS, Inc.
  Panelists:
  James W. White, National Director of the Millenium Solutions Center, OAO Corporation
  Andrew Hodyke, United States Air Force, ESC/AXS
• Database Systems Today: Safe Information at My Fingertips?
  Chair: John R. Campbell, National Security Agency
  Panelists:
  Tim Ehrsam, Oracle
  Dick O'Brien, Security Computing Corporation
  Thomas Parenty, Sybase Corporation
  LTC Ken Pointdexter, DISA
  Satpal S. Sahni, 3 S Group Incorporated
• Webware: Nightmare or Dream Come True?
  Chair: Peter G. Neumann, SRI International
  Viewpoints:
  Java - Threat or Menance?
  Steve Bellovin, AT&T Research
  Language-based Proctection: Why? Why Now?
  Ed Felten, Drew Dean, Dan S. Wallach, Princeton University
  Untrusted Application Need Trusted Operating Systems
  Paul Karger, International Business Machines
  Webware: Widely Distributed Computation Coming of Age
  James A. Roskind, Netscape Communication Corporation
• Secure Systems and Access Control
  Chair: T. Lunt, Defense Advanced Research Projects Agency (DARPA)
  Viewpoints:
  Domain and Type Enforcement Firewalls
  D. Sterne, Trusted Information Systems, Inc.
  Task-based Authorization: A Research Project in Next-generation Active
  Security Models
  R. Thomas, ORA
  User-centered Security and Adage
  M. Zurko, OSF
  Encapsulated Environments Using the Flux Operating System
  J. Lepreau, University of Utah
• Facing the Challenge: Secure Network Technology for the 21st Century
  Chair: R. Schaeffer, National Security Agency
  Panelists:
  R. Meushaw, National Security Agency
  C. McBride, National Security Agency
  D. Muzzy, National Security Agency
  B. Burnham, National Security Agency
• Toward a Common Framework for Role-Based Access Control
  Chair: David Ferraiolo, National Institute of Standards and Technology
  Panelists:
  Dr. Ravi Sandhu, George Mason University
  Dr. Virgil Gligor, University of Maryland
  Rick Kuhn, National Institute of Standards and Technology
  Thomas Parently, Sybase
• MISSI Security Management Infrastructure The Certificate Management Infrastructure: Now and In the Next Year
  Chair: A. Arsenault, National Security Agency
  Panelists:
  D. Heckman, National Security Agency
  S. Capps, National Security Agency
  S. Hunt, National Security Agency
• Future of Trust in Commercial Operating Systems
  Chair: T. Inskeep, National Security Agency
  Panelists:
  K. Moss, Microsoft
  J. Alexander, Sun Microsystems
  J. Spencer, Data General
  M. Branstad, Trusted Information Systems, Inc.
  G. Liddle, Hewlett Packard
• Vendors Experience with Security Evaluations
  Chair: Jeff DeMello, Oracle Corporation
  Panelist:
  Janice Caywood, Digital Equipment Corporation
  Viewpoints:
  Duncan Harris, Oracle Corporation
  Ken Moss, Microsoft Corporation
  Ian Prickett, Sun Microsystems
• Workshop Report on the Role of Optical Systems and Devices for Security
  Chair: Terry Mayfield, Institute for Defense Analyses
  Panelist:
  Mark Krawczewicz, National Security Agency
  Viewpoints:
  Security Issues For All-Optical Networks
  Muriel Medard, MIT Lincoln Laboratory
  Security for All-Optical Networks
  Jeff Ingles, Scott McNown, National Security Agency
• Optical Processing Systems for Encryption, Security Verification, and Anticounterfeiting
  Bahram Javidi, University of Connecticut

  Closing Plenary Session

• Information Systems Security: Directions and Challenges
  Chair: Dr. Willis H. Ware, Corporate Research Staff, Emeritus, The Rand Corporation
  Panelists:
  J. F. Mergan, BBN
  Stephen Smaha, Haystack Labs
  Charles Stuckey, Security Dynamics
  Viewpoints:
  Information Security Challenges in the Financial Services Industry
  C. Thomas Cook, Banc One Services Corporation
  Information Systems Auditing Requirements
  John W. Lainhart IV, Inspector General, U.S. House of Representatives
  Viewpoint
  Willis Ware, The Rand Corporation
• The Next Generation of Cybercriminals
  Chair: Mark Gembicki, WarRoom Research, LLC
  Panelists:
  Jim Christy, Air Force Office of Special Investigation
  Bill Perez, Federal Bureau of Investigation
  Doug Waller, Time Magazine