Subject: Electronic CIPHER, Issue 10, November 1, 1995 _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ==================================================================== Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 10 November 1, 1995 Carl Landwehr, Editor Hilarie Orman, Assoc. Editor ==================================================================== Contents: [1854 lines total] Letter from the Editor Security and Privacy News Briefs: o S&P '96 deadline approaches o LISTWATCH: WWW-Security -- by Mary Ellen Zurko o US Navy ship's computers penetrated during JWID '95 o US medical records confidentiality act (S.1360) introduced o Microsoft security: printer/network flaws/fixes; application-level object reuse problem o Netscape security: bucks for break-ins o Separation (micro)kernel from IBM? o European Commission to propose cryptography policy o FIRST to re-form as nonprofit o RSA pushes for firewall security standard Articles and Conference Reports: o NISS notes and how to get the proceedings o IFIP WG11.3 Conference on Database Security; summary by David Spooner Calls for Papers: Many! Reader's guide to recent security and privacy literature o Conference Papers: includes NISS-18 table of contents o Journal and Newsletter articles Calendar Who's Where: recent address changes New Reports available via FTP and WWW Interesting Links DSL subscription offer How to join the TC on Security and Privacy Publications for sale TC officers Information for Subscribers and Contributors ====================================================================== + REMINDER REMINDER + + >>> "postcard" Cipher subscriptions now available. <<< + + + + >>> This and past issues are available from the Cipher Archive: <<<+ + + http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/cipher-archive.html + + + or by anonymous FTP from www.itd.nrl.navy.mil + + + + >>>>>>>>>>>>>>>>Details at the end of this issue<<<<<<<<<<<<<<<<<< + + + ====================================================================== ____________________________________________________________________ Letter from the Editor ____________________________________________________________________ Dear Readers, Cipher has just passed its first birthday as an all-electronic publication, and I want to thank all of our contributors who have helped make this venture a success. I have received a gratifying number of "thank-you's" in the past year; though I haven't thought it appropriate to take up space in the e-mail version with them, they are appreciated, and I accept them on behalf of all who have helped us grow. If you enjoy something you read here, please let me (but, equally important, the author of the piece) know. As you may have noticed, this issue of Cipher lists a new Associate Editor in the banner: Hilarie Orman of the University of Arizona. Alert readers of the Web version of Cipher who have been keeping an eye on the Calls for Papers and Calendar sections since the last issue may have noticed that following the links for those two sections now takes you to the University of Arizona. Hilarie Orman volunteered to maintain the CFP and Calendar listings, and given the highly manual methods I had been using to maintain those files, I am most grateful for her assistance. I view these as a routine but essential part of the newsletter, and this arrangement will keep the Web versions much more current than I had been able to do. Anyone interested in assuming a share of the Reader's Guide responsibilities, please let me know! Carl Landwehr Editor, Cipher ______________________________________________________________________ SECURITY AND PRIVACY NEWS BRIEFS ______________________________________________________________________ ______________________________________________________________________ IEEE S&P '96 (Oakland Conference) deadline approaches! by Dale Johnson ______________________________________________________________________ Computer security is a hot topic in the media these days. Frequently one reads or hears about break-ins to systems by hackers exploiting subtle attack methods. The inadequacy of the pseudorandom number generator used by Netscape is but one recent example. Commercial as well as governmental interests in securing computing, network, and digital monetary services are ever increasing. The break-ins show just how difficult it is to make systems secure. The IEEE Symposium on Security and Privacy since 1980 has been the premier forum for presenting developments in computer security and for bringing together researchers and practitioners in the field. Much work is still to be done. The next Symposium will be held 6-8 May, 1996 in Oakland, California at the Claremont Hotel. The deadline for submitting papers and panel proposals is 6 November 1995. The deadline for brief (5-minute) talks on recent developments is 2 April 1996. Information about the Symposium is available by anonymous ftp from ftp.cs.pdx.edu in directory /pub/SP96, on the web at http://www.cs.pdx.edu/SP96. You may also contact: Dale Johnson, General Chair John McHugh, Program Co-Chair The MITRE Corporation Computer Science Department Mailstop A156 Portland State University 202 Burlington Rd P.O. Box 751(1800 SW 6th Ave,RM 120) Bedford, MA 01730-1420, USA Portland OR 97207-0751, USA Tel: +1 (617) 271-8894 Tel: +1 (503) 725-5842 Fax: +1 (617) 271-3816 Fax: +1 (503) 725-3211 dmj@mitre.org mchugh@cs.pdx.edu ______________________________________________________________________ LISTWATCH: WWW-Security list items,summarized by Mary Ellen Zurko, OSF ______________________________________________________________________ It's been an active few weeks for WWW security. Around mid-September a fairly serious flaw was discovered in Netscape's pseudo-random number generator (PRNG), by two students at Berkeley. The students inspected the Netscape code to determine how it generated random numbers. They determined that it was trivial for someone with an account on the same system to guess the seed value, and not too hard to guess it without an account. It used the time in seconds and microseconds, the process id, and the parent process id. Various clever guesses and observations cuts the search space down for each of these numbers. More information can be found at http://hplyot.obspm.fr/~dl/netscapesec/. This kicked off a bunch of discussion on how Netscape could have made a mistake like this, and what it takes to do good pseudo-random number generation. Netscape subsequently solicited feedback on their fixed code from a number of email lists of security professionals and other interested parties. The source was available at ftp://ftp1.netscape.com/pub/review/RNGsrc.tar.Z, and still seems to be there. Someone suggested an attack with a Java applet that could pass back the value of the sources of randomness to an enemy. Someone then found a buffer overflow bug in the Netscape navigator. Since this sort of bug has been made (and found) many times, even in one highly publicized incident in the Web community (NCSA's httpd 1.3), it's pretty depressing to see it again and again. Maybe there is a market for CASE tools that improve the assurance of application code, if it can catch mundane errors like these, as well as provide some support for formal methods. Someone else discovered that mailto: URLs are passed to the system by the browser in a way that will execute any system commands appended to the URL. The Netscape saga continued in early October when they were notified by Sun that their Java system (which was in Beta test with their browser) had a serious security hole. They removed all the Java enabled distributions until they could fix the hole. In a bit of good news from Netscape, they announced that they will offer Fortezza support in their products. Community ConneXion is offering a t-shirt to people who expose flaws in "some software that is advertised on the net as secure". They have a "hack Netscape" and a "hack Microsoft" promotion. Information is available from http://www.c2.org or mailing info@c2.org. While some folks on the net think publicizing security holes in electronic commerce tools is putting the nascent industry in peril, most agree that these bugs need to be given exposure so that they'll be fixed, others like them won't be made, and consumers (and others) will have a better idea of the risks (and just what "security" means in this context). Open Market stepped into all this by offering a "security checker" that will tell you the known security problems with your browser (Open Market does not sell browsers). They are also offering free upgrades from Netscape's Secure Server to their Secure WebServer. The Open Market Web site at http://www.openmarket.com. The frenzy of newspaper articles on Internet and Web security flaws continued with one on NFS. Some of the same students who found the PRNG problem developed an attack that alters Netscape browsers when they're loading from NFS to a client host. This attack patches the binary to use a known constant for its key. There was a lot of discussion over whether this was a valid criticism of Internet security, but the authors of the email that sparked the article were clear that they were criticizing the end-to-end security of systems and processes currently in use. They also pointed out the obvious flaw in downloading new version of software with security "fixes" in it using unsecured protocols. There was a ruling on the patent law suit between RSA and CYLINK. Both are claiming victory, and both are claiming that they have the patents needed to sell public key technology. A company in Israel named Elementrix announced a secure one time pad product for use with mail and ftp. Elementrix's home page is at http://www.elementrix.co.il. No details are available because of patent issues. Experts such as Winn Schwartau and David Kahn have gotten information out of non-disclosure and the advance press for them is very positive. However, it looks from the description like a plaintext autokey system, not a one time pad. After the initial key is disseminated, the randomness of subsequent keys depends in part on the randomness of previous messages using the previous keys. The Council of Europe's Committee of Ministers adopted recommendations > Concerning Problems of Criminal Procedure Law > Connected with Information Technology It's available at http://www.privacy.org/pi/intl_orgs/coe/info_tech_1995.html. It's been interpreted by some as outlawing strong encryption that does not make keys available to governments. Microsoft has published Private Communication Technology (PCT) Protocol. It's pretty much SSL with a few fixes and tweaks. [see pointers in "New Articles and Reports via FTP and WWW"--CEL] The alliance between MasterCard and Visa broke down, and both are offering different electronic payment protocols, the former with Netscape, the latter with Microsoft. MasterCard accuses Visa of not publishing a fully open standard that will allow anyone to implement an interoperable version. ______________________________________________________________________ Navy Ship Penetrated as Part of JWID '95 ______________________________________________________________________ A U.S. Air Force captain, using a personal computer and a modem, penetrated the command and control systems of U.S. Navy ships operating in the Atlantic as part of an information warfare exercise during the Joint Warrior Interoperability Demonstration (JWID) '95 held in late September, according to a Defense News article by Pat Cooper and Frank Oliveri. The penetration, conducted with the knowledge and permission of the Navy, was said to have been initiated via an electronic mail link from the Internet into one of the ship's networked computers. The report quotes AF Lt Gen John Fairfield as asserting that the penetrators could have issued bogus steering commands to the ship and that the United States has the capability to cause serious damage to enemy forces through offensive electronic penetration. Details of the penetration and the vulnerabilities it revealed are reported to have been classified. A later report by Bob Brewin in the 23 October Federal Computer Week disputed some particulars of the Defense News account, reporting that the access was gained not from the Internet but from DoD's Secret IP Router Network (SIPRNET), that the ship was in a different ocean, and that the Navy is not yet steering its ships with joysticks. And the Navy asserted its own information warfare (IW) plans in a front page story in the same issue, also by Brewin. The Navy plans to use IW to "confuse, disable and neutralize an enemy with little or no use of traditional enemy force," according to Navy Captain R. J. Caldarella, head of information warfare in the Office of the Chief of Naval Operations. ______________________________________________________________________ Medical Records Confidentiality Legislation Introduced in U.S. Senate ______________________________________________________________________ On Oct. 24, Senator Bennett of Utah has introduced the Medical Records Confidentiality Act of 1995 (S. 1360, available from the Thomas Server ) . The bill, co-sponsored by Senators of both parties, including Dole, Leahy, Kassebaum, Kennedy, Hatch, Simpson, and others, has as its purposes to (quoting) 1) establish strong and effective mechanisms to protect the privacy of persons with respect to personally identifiable health care information that is created or maintained as part of health treatment, diagnosis, enrollment, payment, testing, or research processes; (2) promote the efficiency and security of the health information members of the health care community may more effectively exchange and transfer health information in a manner that will ensure the confidentiality of personally identifiable health information; and (3) establish strong and effective remedies for violations of this Act. The bill seems to avoid specifying particular technologies, but it would require a trustee of health information to "establish and maintain appropriate administrative, technical, and physical safeguards to ensure the confidentiality , security, accuracy, and integrity of protected health information created, received, obtained, maintained, used or transmitted by the trustee. See "New Reports available via FTP and WWW" to obtain the bill. ______________________________________________________________________ Microsoft Security: Printer/Network Flaws and Fixes plus Object Reuse ______________________________________________________________________ On October 20, Microsoft acknowledged two potential security problems with file and printer sharing in Windows 95 and made upgrades available to remove the vulnerabilities. According to Microsoft's report, if file and printer sharing are enabled in certain configurations, and if the user is running Netware Networks, it is possible for another user to gain read-only access to the first user's system after the administrator has logged off and before the first user's machine is restarted. A second problem involves file and printer sharing for Microsoft Networks (*not* MSN) running with Samba, a UNIX shareware network client. Descriptions of the problems and downloads to deal with them are available at URL http://www.microsoft.com/windows/software/w95fpup.htm In addition to these problems, the Oct. 23 New York Times carried a lengthy report by Stephen Manes describing an object re-use problem with popular Microsoft applications. The article explained how an application such as Microsoft Word, Excel, Powerpoint, or Access might retain (but not display) data that a user thought had been deleted. Thinking a file created with one of these applications was in final form, the user might then share it with others; as long as the others continue to view it using the original application package, the hidden data remains hidden. But if the user views the file with, say, a simple text editor that merely prints out each byte in the file as the corresponding ASCII character, the presumably deleted data may reappear. Although one suspects that many applications could behave this way, there is evidently a particular flaw in Microsoft's Object Linking and Embedding (OLE) code that leads to this behavior. The problem apparently cropped up several years ago and was repaired in application versions denoted by a "c" in the version number (as in Excel 5.0c), but the problem reappeared in the Windows 95 version of OLE. According to the article, Microsoft will make free upgrades available that repair the immediate problem, but the company has not yet decided when and how to eliminate the problem from future editions of Windows 96 and the Office application suite. ______________________________________________________________________ Netscape Security: Bucks for Break-ins ______________________________________________________________________ Following the security flaws found in Netscape's software in the past six weeks (see Mary Ellen Zurko's report in this issue) , the company took a leaf from Secure Computing Corporation's book and decided to try to take advantage of hackers' skills to help debug their products. Netscape created a "Bugs Bounty" program, offering prizes ranging from mugs and T-shirts to a check for $1000 (for a "severe" security bug not previously identified, with the definition of "severe" left in the hands of Netscape). Bugs must be found in beta versions of Navigator 2.0 software, which is available for downloading and presumably remedies the flaws reported since mid-September. Contest details are available at URL http://home.mcom.com/comprod/products/navigator/version_2.0/ contest_rules.html ______________________________________________________________________ Separation (Micro)Kernel from IBM? ______________________________________________________________________ As abstracted by EDUCOM from Information Week of 16 October: The IBM Microkernel, a small piece of software within OS/2 that improves a computer's stability by separating applications from the operating system, may prove to be Big Blue's key to software marketing. "By licensing the microkernel to third parties, IBM may find a way to push OS/2 and its other operating system efforts down new avenues," says an industry consultant. Recent Microkernel licensees include Digital Equipment, Goldstar, Trusted Information Systems and the University of Miami in Florida. It's perhaps worth noting at this point an article by Bruce Brown in the November issue of Byte, which describes just how easy for users doing relatively ordinary things to crash Windows, Windows NT, and Mac OS. To crash OS/2 Warp, the author resorts to advising users to open the system case and loosen a card. ______________________________________________________________________ European Commission to Propose Cryptography Policy ______________________________________________________________________ The European Commission, which formulates proposals for consideration by the Council of Ministers of the 15-member European Union, will propose legislation to police the information superhighway that include powers to decrypt confidential telephone and computer communications, according to an article by Jerome Thorel in the 28 September issue of Nature. This legislative proposal is expected to parallel the proposal for decryption announced earlier in September by the 34-nation-member Council of Europe (see Mary Ellen Zurko's column in this issue for a pointer to that proposal). The key escrow system being considered by the commission would enable EU countries to monitor encrypted telephone and computer communications within and between member states: international calls would be able to be decrypted by governments in both countries. To strengthen public support for the scheme, private "third parties," rather than government departments, are to be proposed as the escrow agents . The Nature article also reports a number of dissenting views to this proposed legislation, quoting Ross Anderson to the effect that the direct conflict of national security priorities makes it hard to specify a system that both satisfies the intelligence agencies and provides meaningful privacy to users. The Council of Ministers and European Parliament will consider guidelines proposed by the commission later this fall. ______________________________________________________________________ FIRST to Re-form as nonprofit ______________________________________________________________________ The Forum of Incident Response and Security Teams (FIRST) is planning to dissolve and reassemble as a nonprofit organization to support development of a recognized international network of security incident response teams, according to an article by Elizabeth Sikorovsky in the 25 September issue of Federal Computer Week. FIRST, which grew up in response to the Internet worm incident, now has more than 45 government and industry security teams from countries around the world. The organization has received minimal funding, primarily from NIST, and this funding will end in October 1996. The article suggests that an independent and better-funded organization is needed to support mechanisms, such as proper encryption and some form of membership criteria, that could increase the level of trust (and hence the degree of information sharing, crucial to the group's mission) among its growing and internationally diverse membership. ______________________________________________________________________ RSA Pushes for Firewall Security Standard ______________________________________________________________________ RSA Data Security, Inc., is negotiating with leading firewall and TCP/IP stack vendors to create a security standard that could eliminate a major barrier to building virtual private networks (VPN) on the Internet, according to an October 9 Infoworld article by Nick Wingfield. RSA is pushing for the adoption of Secure/WAN (S/WAN), based on IETF's IPsec draft standard. The idea is to provide interoperable IP-level encryption among firewalls from different vendors; this would make VPNs much more flexible and easier to initiate. The article reports that RSA is discussing the approach with firewall vendors such as Sun, Trusted Information Systems, Raptor Systems, and CheckPoint Software Technologies and expects to run interoperability tests with products implementing the S/WAN specification in December. ______________________________________________________________________ ARTICLES AND CONFERENCE REPORTS ______________________________________________________________________ _______________________________________________________________________ 18th NISS Conference draws throng to Baltimore ______________________________________________________________________ The National Information Systems Security Conference (formerly the National Computer Security Conference) convened at the Baltimore Convention Center on a succession of lovely days from October 10-13. Although the halls seemed a bit less crowded than past years, organizers reported that the registration was over 1900, on a par with past events. Several innovations (in addition to the new name) marked this year's edition. Many vendors took advantage of the opportunity to provide exhibits on the floor of the Convention Center, so it was possible to get an overview of current technology without traipsing to half a dozen suites in two or three different hotels. The Conference Proceedings includes the Tables of Contents from all of the seventeen previous editions of the conference, which increases its value as a reference, and a subset of the proceedings was provided on CD-ROM at no charge. The disc includes those papers and panel statements whose authors choose to submit electronic copy) as well quite a bit of other information (I think -- the disc is unfortunately formatted for DOS and Windows, but not for Macintoshes, so your reporter can only make educated guesses about the full contents. Another traditional feature of this conference is a large number of auxiliary meetings that are scheduled on an ad hoc basis during the conference. The large number of these meetings this year, together with the press of other work, conspired to prevent your reporter from attending more than a couple of regular paper and panel sessions -- hence the absence of descriptions of paper and panel sessions from this article. Any Cipher readers who attended and would like to contribute summaries of sessions they found interesting are invited to mail them to the editor for inclusion in the next issue. Awards were given to two regular papers: "Internet sniffer attacks," by Eugene Schultz and Thomas Longstaff, and "Maintaining privacy in electronic transactions," by Benjamin Cox. "Authorship analysis: identifying the author of a program," by Ivan Krsul and Gene Spafford won the student paper award. In her opening keynote address, Marjory Blumenthal, Director of the Computer Science and Telecommunications Board of the National Research Council discussed the National Information Infrastructure (NII) and its security requirements, concluding that the government needs to foster the development of a security architecture for the NII. Laryngitis prevented Dennis Branstad from delivering the address he had written as recipient of the National Computer Security Award; Steve Walker read the address for him.Stephen Barnett of the National Computer Security and Irene Gilbert of NIST co-chaired the conference, and Jack Holleran and Dennis Gilbert organized the program. Papers (up to 8 pages) for next year's conference (October 22-25, 1996 at the Baltimore Convention Center) are due February 16, 1996; for information, send e-mail to NISSCONFERENCE@Dockmaster.ncsc.mil. A limited number of single copies of the proceedings (hard copy) and CD-ROM (this is a subset of the papers) are available from the National Computer Security Center. Cipher readers should call +1(410)766-8729 or send e-mail to NISSConference@dockmaster.ncsc.mil with requests (see proceedings table of contents in this issue). ______________________________________________________________________ Report on the 9th IFIP WG 11.3 Working Conference on Database Security by David Spooner ______________________________________________________________________ The Ninth Annual IFIP WG 11.3 Working Conference on Database Security was held on August 13-16, 1995, in Rensselaerville, New York. The conference was organized into ten session, of which eight were paper sessions and two were panel discussions. The opening session was highlighted with a presentation by T. C. Ting (University of Connecticut and the National Science Foundation) titled "How Secure is Secure?". In this presentation, he stressed that policy makers must take into consideration the value of data resources, the consequences of unauthorized access, and the tolerance and risk in securing data. He also stressed that management must be convinced to take responsibility for policy making. This session also included a presentation of a paper by J. Dobson (University of Newcastle) and M. J. Martin (University of Newcastle), titled "Messages, Communications, Information Security: Protecting the User from the Data." It was presented by Dobson who argued that there can never be fully secure systems and that it is important to analyze the failure modes of systems. He suggested an approach based on common abstractions (e.g., messages, communication) that can be instantiated to model and analyze a given system. The second session was devoted to federated and replicated databases, and was chaired by E. Fernandez (Florida Atlantic University). The first paper presented was by M. S. Olivier (Rand Afrikaans University) titled "Self- Protecting Objects in a Secure Federated Database." He described the design of a secure object-oriented federated system in which the objects are self protecting via the use of a trusted extension within each object. A trusted common core provides a secure communication channel for the federated system, and a local trusted extension provides local support for objects at the nodes of the federated system. This was followed by a presentation by D. Jonscher (University of Zurich) of a paper by him and K. Dittrich (University of Zurich), titled "Argos - A Configurable Access Control System for Interoperable Environments." He described a federated system with a global access control model and local autonomous access control models. Propagation of authorizations from the global to the local models is required to maintain consistency between the global and local access control models. The details of a prototype implementation were discussed. The final paper in this session was titled "The Modulated- Input Modulated-Output Model," by I. S. Moskowitz (Naval Research Laboratory) and M. H. Kang (Naval Research Laboratory), and was presented by Moskowitz. Moskowitz discussed the problem of getting update messages to upper levels with acknowledgment in a replicated multilevel secure database. He described a "pump" mechanism to do this that is under development at the Naval Research Laboratory and an analysis of required buffer sizes for the pump so that no messages are lost. The third session addressed secure object-oriented database systems and was chaired by P. Samarati (University of Milan). The first paper in this session, titled "User-Role Based Security Enforcement Mechanisms for Object-Oriented Systems and Applications," by S. A. Demurjian (University of Connecticut), M.-Y. Hu (IBM Corporation), T. A. Daggett (University of Connecticut), and T. C. Ting (University of Connecticut), was presented by Hu. The presentation described the continuation of the development of the ADAM system, which is an object-oriented design and code generation system using C++. The system uses a separate class hierarchy to model the roles required in an application system. The second paper in this session was titled "A Formal Specification of an Authorization Model for Object- Oriented Databases," by E. B. Fernandez (Florida Atlantic University), R. B. France (Florida Atlantic University) and D. Wei (Florida Atlantic University), and was presented by Fernandez. The presentation showed how the Z formal specification language can be used to formalize security policies. Fernandez argued that this would be useful to do for assurance purposes. One of the lessons learned was the difficulty of modeling the structure of a database with the Z language. The final paper in the session was "Multilevel Data Model for the Trusted ONTOS Prototype," by M. Schaefer (ARCA Systems, Inc.), P. Marte (ONTOS Inc.), T. Kanawati (ONTOS, Inc.), and V. Lyons (ONTOS, Inc.), and was presented by Kanawati. The presentation described a secure object-oriented database system under development at ONTOS, Inc. that attempts to balance confidentiality with integrity. It supports MAC without compartments, cover stories, and classifies methods as well as attributes. The fourth session was on mandatory access controls and was chaired by M. Schaefer (ARCA Systems, Inc.). The first paper in the session was titled "Modeling Mandatory Access Control in Role-Based Security Systems," by M. Nyanchama (University of Natal-Durban) and S. L. Osborn (University of Western Ontario), and was presented by Nyanchama. Their approach studies information flows and uses constraints on these information flows to model the requirements for MAC. The second paper in the session was "Modeling a Multilevel Database with Temporal Downgrading Functionalities," by F. Cuppens (ONERA-CERT) and A. Gabillon (ONERA-CERT). It was presented by Cuppens. The paper addresses downgrading based on events, times, and delays. Since the last two types of downgrading require a temporal model, the paper proposes a temporal language for specifying downgrading rules. The final paper in the session was titled "Towards a MAC Policy Framework," by X. Qian (SRI International) and T. F. Lunt (ARPA/CSTO), and was presented by Qian. This paper looks at the problem of multilevel secure federated databases and whether semantic interoperation makes sense. It looks at such things as the semantics of object labels, upward information flows, and inference channels. It proposes as new components in a system, an interpretation policy, a view policy, and an update policy. The next session focused on concurrency control issues and was chaired by T. Keefe (Pennsylvania State University). The first paper, titled "A Locking Protocol for Multilevel Secure Databases Providing Support for Long Transactions," was written and presented by S. Pal (Pennsylvania State University). Pal discussed a concurrency control approach for secure multilevel databases that is based on object versions and uses an untrusted scheduler at each level. The second paper, titled "An Adaptive Policy for Improved Timeliness in Secure Database Systems," by S. H. Son (University of Virginia), R. David (University of Virginia) and B. Thuraisingham (MITRE Corporation), was presented by Son. This paper explores secure two-phase locking schemes for real-time databases. Compromises are required between real-time requirements and security requirements, and the paper presents simulation results to compare several such compromises. The next paper, also presented by Son, was titled "A Secure Concurrency Control Protocol for Real-Time Databases," by R. Mukkamala (Old Dominion University) and S. H. Son (University of Virginia). This paper discusses a multiversion concurrency control method in which higher priority transactions can abort other transactions at the same level. The transaction scheduler and the lock manager must be trusted. The final paper in the session was titled "Providing Different Degrees of Recency Options to Transactions in Multilevel Secure Databases," by V. Atluri (Rutgers University), E. Bertino (University of Milan), and S. Jajodia (George Mason University), and was presented by Atluri. The idea presented in this paper is that a transaction should be able to specify a desired level of recency in the data it reads. The paper presents a protocol based on multiple versions and time stamps. Design and implementation of access controls was the topic for the next session, chaired by X. Qian (SRI International). The first paper in this session was titled "Assured Discretionary Access Control for Trusted RDBMS," by M. Schaefer (ARCA Systems, Inc.) and G. Smith (ARCA Systems, Inc.), and was presented by Schaefer. The goal of the work is to investigate whether it is possible to implement DAC for a view-based secure relational database system with assurance above the B1 level. Schaefer proposed several potential approaches and concluded that a credible paradigm is to use primitive views (i.e., no joins). The second paper in the session was titled "A Formal Security Design Approach for Information Exchange in Organizations," by R. Holbein (University of Zurich), S. Teufel (University of Zurich), and K. Bauknecht (University of Zurich), and was presented by Holbein. Holbein argued that for need-to-know security design in organizations it is important to be able to trace a particular access right back to the need-to-know policy in an organization. He proposed a formal specification approach based on business process models to do this. The next session was a panel discussion on role-based access control and next generation security models, chaired by R. Thomas (Odyssey Research Associates). The first panelist was H. H. Bruggemann (University of Essen) who discussed techniques for using object technology to reduce the complexity of access rights administration. The next panelist was D. Ferraiolo (Department of Commerce, NIST) who discussed how roles provide an ability to articulate and enforce enterprise-specific protection policies. B. Hartman (Odyssey Research Associates) was the next panelist to speak. He began by stating that security is critical for distributed object systems, but that no one solution is appropriate for all markets. He described an effort to develop a role-based security model for the Object Management Group (OMG) common architecture. P. Samarati (University of Milan) spoke as the next panelist and discussed how next generation authorization models must increase expressiveness and flexibility. Then R. Sandhu (George Mason University) argued that a problem with existing security models is that they do not adequately distinguish between users and subjects. He also suggested that role constraints will be important in the development of future systems. M. Schaefer (ARCA, Systems, Inc.) spoke next and suggested that one role does not fit all users who have that role, and a way is needed to selectively add and delete access rights given the context of a situation. He also warned that greater functionality probably implies greater side-effects. The final panelist was T. C. Ting (University of Connecticut) who suggested that no single security model works for everything, that MAC and DAC are both important, and that role- based access control is one solution for DAC. After the panelists spoke there was an extended discussion on whether the trend towards roles is appropriate. It was suggested that roles are close to what many users want, but are not a universal solution. It also became clear that there is not general agreement on the definition of role-based security. The next session focused on inference controls and was chaired by Don Marks (Department of Defense). The first paper in this session was titled "Inference Analysis During Multilevel Database Design," by R. K. Burns (AGCS Inc.). Burns discussed a toolset for multilevel database design. The tool set uses Entity-Relationship diagrams augmented with a security lattice and a database inference tool to improve the design of a secure database schema. The second paper in the session was titled "A Tool for Inference Detection and Knowledge Discovery in Databases," by S. Rath (University of Tulsa), D. Jones (University of Tulsa), J. Hale (University of Tulsa) and S. Shenoi (University of Tulsa), and was presented by Shenoi. Shenoi described an imprecise inference model for a mixed database of precise relations, imprecise relations, and fuzzy relations. The approach uses sieves for filtering data chucks into equivalence classes based on the context. These equivalence classes are used to model functional dependencies and make inferences. The last paper in the session was presented by T. Hinke, and was titled "ILIAD: An Integrated Laboratory for Inference Analysis and Detection," by T. H. Hinke (University of Alabama in Huntsville), H. S. Delugach (University of Alabama in Huntsville) and R. P. Wolf (University of Alabama in Huntsville). Hinke described a software system composed of a database generator, a single-facet inference tool, and a multi-facet inference tool. He described how simulation can be used to generate data with a coherent cover story that can be used as a test database for the system. The inference tools in the system focus on transitive association type instances and are based on a semantic graph. The next session was a panel session chaired by M. Schaefer (ARCA Systems, Inc.). The first panelist to speak was R. Henning (Harris Corporation) who discussed what system administrators want in a secure database product. She listed such things as single seat administration, accountability, confidentiality, integrity, and minimal duplication of services. She also warned that what works for one application may not necessarily work for all. The next speaker was R. Miller (IBM) who described the requirements for large (terabyte) secure databases. He stated that these databases are usually, multi-vendor, geographically distributed, and heterogeneous. Security goals for such systems are consistency across the systems, with single sign-ons and flexible audit functionality. The next panelist was T. Parenty (Sybase, Inc.) who suggested that it is necessary to think about security in a context larger than a single application or database and that user authentication is particularly important. He also felt that multilevel security is far down the road for what most business applications need now. The final panelist was J. Worthington (Informix, Inc.) who described a level B3 multilevel database product, but warned that sales may not be sufficient to continue the product. He also discussed what users want, including strong authentication, different privileges at different times and locations, and flexible encryption. In summary, he indicated that the requirements are not strictly role-based or task-based, and that there is a temporal component. The presentations were followed by a general discussion that focused on three major issues: (1) privacy concerns, (2) increasing communications between vendors and researchers in the security area, and (3) customer requirements. The final session focused on the topic of storage jamming and a discussion of what was learned at the conference. This session was chaired by T. C. Ting (University of Connecticut). The session began with a presentation by J. McDermott (Naval Research Laboratory) of a paper titled "Storage Jamming," by J. McDermott (Naval Research Laboratory) and D. Goldschlag (Naval Research Laboratory). McDermott defined storage jamming as an attack on an organization by putting bogus values that satisfy integrity constraints into a database. He then discussed techniques for reducing susceptibility to such attacks within an organization (e.g., well designed and structured systems and data). This was followed by a summary and discussion of the conference led by J. Dobson (University of Newcastle). Some of the issues identified included: (1) technology is moving from research to engineering, (2) advanced information processing techniques are coming into use, (3) some problems are still open, but may not yet be relevant to customers (e.g., inference detection, connectionless communications), (4) new security models are required, but the conceptual basis for them is still a matter of debate, and (5) the problems and concerns of indirect stakeholders are not always being addressed. An informal evening session organized by T. Y. Lin (San Jose State University) was also held during the conference and was focused on data mining and its relationship to database security. There was significant interest in this topic and the discussion will be continued at future conferences. The next IFIP WG 11.3 Working Conference on Database Security will be held, July 22-24, 1996 in Como, Italy. The call for papers and details of the conference can be obtained on the World Wide Web at URL, http://www.dsi.unimi.it/IFIP96. ________________________________________________________________________ Calls for Papers (new listings since last issue only -- full list on Web) ________________________________________________________________________ (see also Calendar) CONFERENCES Listed earliest deadline first. See also Cipher Calendar and NRL CHACS CFP list. o IEEE S&P '96: 1996 IEEE Symposium on Security and Privacy, 6-8 May 1996, Oakland, California. Papers sought on engineering and applications as well as theoretical advances in secure system design and implementation. Particular interest in papers on policy and technical issues relating to privacy in the context of the Information Infrastructure, papers on securing unsecure applications and operating systems, papers relating software and system engineering technology to the design of secure systems, and papers on hardware and architectural support for secure systems. Six copies of original papers (up to 7500 words) not under consideration elsewhere or panel proposals (up to 2 pages) due to John McHugh, Program Co-Chair (mchugh@cs.pdx.edu) by 6 November 1995. Five minute talk submissions due 2 April 1996. Conference Web page: http://www.cs.pdx.edu/SP96. o IMC'96 Information Visualization and Mobile Computing, Rostock, Germany, February 26-27, 1996. This workshop is supported by the German Computer Society (GI), Special Interest Groups "Imaging and Visualization" (GI 4.1.2) and "Information Technology and Mobility" (GI 4.0.4). Topics of interest related to Mobile Visualization include data security in mobile environments. Authors are invited to submit extended abstracts or position papers (in English, at most 4 pages). Submissions should be in the form of a single uuencoded compressed PostScript file sent by email to the program chair (kirste@igd.fhg.de) by November 15. Workshop Home Page http://www.igd.fhg.de/~movi/imc96.html CfP Postscript Version http://www.igd.fhg.de/~movi/imc96-cfp.ps o First International Workshop on Real-Time Databases: Issues and Applications, Newport Beach, California, March 7-8, 1996; Workshop attendees will discuss the research issues and applications of real-time database systems and explore novel ideas. Papers describing new ideas, promising approaches, experiences with practical and research systems, and work in progress are considered particularly appropriate. One particular topic of interest is integration with active, dependable, and secure database features . Prospective attendees should send an electronic version (postscript file) of their position paper (less than 5 single-spaced pages). Hard copies are also acceptable and can be mailed to (6 copies). Electronic submissions to Prof. Sang H. Son, son@virginia.edu by December 1, 1995 . Conference Web page: http://www.eng.uci.edu/ece/rtdb/cfp.html o First IEEE Metadata Conference, Silver Spring, Maryland; 16-18 April 1996. The objectives of this conference are to (1) provide a forum to address metadata issues faced by the various communities including mass storage, data management, image and multimedia processing, and distributed computing, as well as managers of networked heterogeneous information servers, (2) bring the different communities together for technical interchange of ideas on common technologies related to metadata; (3) hear the various perspectives from the users as well as from the producers of metadata; and (4) facilitate the development and usage of metadata. A topic of interest is Metadata Management, including handling different data types, security, integrity quality. Submissions due to metadata-96@llnl.gov by 10 December 1995. o Fourth Cambridge Workshop on Cryptographic Protocols, 10-13 April 1996, Isaac Newton Institute, Cambridge, UK. Contributions sought on the design and analysis of cryptographic protocols, and especially those using public key techniques. Electronic submissions (preferably latex using llncs.sty) strongly preferred; otherwise send eight copies of papers up to 15 pages, suitable for blind refereeing, to Mark Lomas (tmal@cl.cam.ac.uk) by 16 December 1995. Workshop Web page: http://www.cl.cam.ac.uk/users/rja14/cp.html o First IFCIS International Conference on Cooperative Information Systems, Brussels, Belgium, June 19-21, 1996. The Foundation and the conference series bring together the scientific community previously served by the international workshops on Interoperability in Multidatabase Systems (IMS) and conference series on Cooperative Information Systems (CoopIS & ICICIS). One track of interest includes all aspects of federated databases and multidatabases, including the issues of handling legacy data and applications, distribution, heterogeneity, autonomy, and security. Submit six copies of the manuscript to Ahmed Elmagarmid (ake@cs.purdue.edu) or Erich Neuhold (neuhold@darmstadt.gmd.de) by December 22, 1995. Conference Web page: http://www.cs.uga.edu/LSDIS/activities o Workshop on Research Issues on Data Mining and Knowledge Discovery, in cooperation with ACM-SIGMOD'96, Montreal, Canada, June 2, 1996, DMKD96. Mining knowledge from large databases is a promising research area, with high application potential due to the huge amounts of data accumulated in databases and other repositories, coupled with the rapid growth of data. The objective of this workshop is to bring researchers in database systems together to discuss and examine the issues related to mining knowledge from databases. A topic of interest is knowledge discovery applications, including security and social impact of data mining. Authors are invited to submit short position papers and comprehensive overview talk papers on each of the three themes (see CFP). Each position paper should be no longer than 6 pages. Five hard copies or one electronic copy of the paper should be submitted by January 15, 1996 to rng@cs.ubc.ca Conference Web page: http://fas.sfu.ca/cs/conf/dmkd96.html o The Internet: Transforming Our Society Now, Montreal, Canada, 25 - 28 June 1996, INET96. This conference brings together those extending the reach and use of Internet networks. Participants include those developing and implementing Internet networks, applications, and policies for worldwide infrastructure development. Internet networks deeply transform the reach of firms, allowing small companies to have global reach. New forms of competition emerge with related questions about the nature and security of transactions, the need for new electronic currencies. Submissions to inet-submission@isoc.org by 15 January 1996. Conference Web page: http://www.isoc.org/conferences/inet96/ o 11th Annual Conference on Computer Assurance, in Gaithersburg, Maryland, 17-21 June 1996. The purpose of COMPASS is to bring together researchers, developers, integrators, and evaluators interested in problems related to specifying, building, and certifying high-assurance systems. COMPASS is distinguished from similar conferences by its emphasis on bridging the gap between theory and practice. Papers should present advances in the theory, design, implementation,evaluation, or application of high-assurance systems, or report on experiments, case studies, evaluations, and problems in the application of new computer assurance technology. Send six copies of your paper, panel, or tools fair proposal to Connie Heitmeyer (heitmeyer@itd.nrl.navy.mil) or Stuart Faulk (faulk@itd.nrl.navy.mil), Program Co-Chairs by January 15, 1996. Conference Web page: http://www.itd.nrl.navy.mil/conf/compass96 o IFIP 1996 World Conference, Mobile Communications, 2-6 September 1996, Canberra, Australia. Track 2, Trusting in Technology; Authentification; Security: "In order to pave the way for the future consumer and business markets in the field of mobile communications, one has to fulfill the requirements of the different actors in this communication world. Some of the very strong presuppositions for the success of new services and products are related to the necessity of users, information providers, service providers, equipment providers and carriers to trust in the new technology." Abstracts due by 31 January 1996 to IFIP96@acs.org.au. o Fourth Israeli Symposium on Theory of Computing and Systems, Jerusalem, Israel, June 10-11, 1996. This symposium is intended to encourage interaction among researchers active in the theoretical aspects of diverse fields such as: algorithms and data structures, coding theory, complexity theory, computability and automata, computational biology, computational geometry, computer communication, computer vision, cryptography and data security, databases, data compression, distributed and parallel computing, foundations of compiler technology, information retrieval, logics of programs, machine learning, natural language processing, program verification, robotics, semantics of programming languages, VLSI layout and design. Submissions to Moshe Y. Vardi istcs96@cs.rice.edu by January 31, 1996. o Ninth IEEE Computer Security Foundations Workshop, County Kerry, Ireland, 10-12 June 1996. This workshop series brings together researchers in computer science to examine foundational issues in computer security. It is interested both in papers that describe new results in the theories of computer security and in papers and panels that explore open questions and raise fundamental concerns about existing theories. Workshop attendance will be by invitation only and limited to about 35 participants. Workshop Web page Submissions to Michael Merritt mischu@research.att.com by February 2, 1996. (Paper submissions will be accepted if received by the deadline, but electronic submission of e.g. uuencoded postscript is strongly encouraged.) Workshop Web page: http://www.csl.sri.com/ieee-csfw/csfw9/csfw9.html o Second International Baltic Workshop on DB and IS.Tallinn, Estonia, June 12-14, 1996. This workshop is continuing a series of bi-annual Baltic workshops on databases and information systems. The objective of the workshop is to bring together researchers as well as practitioners and PhD students in the field of database research that will improve the construction of future information systems. A track of interest is information system and data communication security. Extended abstracts due to balt96@cs.ioc.ee by February 1, 1996. Workshop Web page: http://greta.cs.ioc.ee/~balt96 o World Conference of the Web Society, San Francisco, CA, October 16-19, 1996. This annual conference serves as a multi-disciplinary forum for the dissemination of information on the research, development, and applications on all topics related to the use, applications and societal and legal aspects of the Web in its broadest sense, i.e. encompassing all modern tools to peruse the Internet. "Security and Privacy on the Web" is one of several major topics. Proposals for papers, panels, tutorials, workshops, and demonstrations/posters are requested. Papers should include a cover page and an extended abstract of at least 2500 words or should be submitted as full paper of not over 4500 words (4-8 pages). Submissions to Hermann Maurer (Graz University of Technology, Austria), AACE@virginia.edu, by March 1, 1996. Conf Web page http://aace.virginia.edu/aace/conf/calendar.html o Knowledge Discovery in Databases (KDD), Portland, Oregon, August 3-5, 1996. KDD, also referred to as Data Mining, is an area of common interest to researchers in machine discovery, statistics, databases, knowledge acquisition, machine learning, data visualization, high performance computing, and knowledge-based systems. The topic of interest, KDD Process and Human Interaction, includes privacy and security. Submissions are due by March 18, 1996 to kdd@aaai.org. Conference Web page: http://www-aig.jpl.nasa.gov/kdd96 JOURNALS Regular archival computer security journals: o Journal of Computer Security (JCS) [see Cipher Web pages or EI#9]; e-mail contacts for submissions: jajodia@isse.gmu.edu or jkm@mitre.org o Computers & Security [see Cipher Web pages or EI#9] e-mail contact for submissions: j.meyer@elsevier.co.uk Special Issues of Journals and Handbooks: listed earliest deadline first. o Information Systems Special Issue on Disaster Recovery in Database Systems. No specific mention of security or privacy, but the topic seems relevant to security concerns. Five copies of paper up to 30 pages, double-spaced (10 pt.), due 1 Nov 95 to Divyakant Agrawal, Computer Science Dept., UCSB (agrawal@cs.ucsb.edu). o ACM Journal, Wireless Networks,special issue on Mobility and Security. Mobility introduces a new dimension to the problem of secure computing and communication. The securing becomes harder and often more important. This is sometimes due to the mobility of the communication devices, sometimes due to the mobility of users (without mobile device), or the mobility of objects, or that of the attackers. Manuscripts to amir@watson.ibm.com or kutten@watson.ibm.com by 15 November 1995. o International Journal of Engineering Intelligent Systems Special Issue on Databases and Telecommunications. The Journal solicits both theoretical and applied papers describing the state-of-art in this area, including security aspects in telecommunication databases. Submit manuscripts in English, not to exceed 5000 words of double-spaced text; 10 pt or larger font, including title, author names/affiliations,. 50-100 word abstract, the paper sections, acknowledgements (if any), and references. Provide name, title, postal and email address, telephone and fax numbers of primary contact author on cover sheet. Submit five copies of paper and single cover page to either Dimitrios Georgakopoulos (dimitris@gte.com) or Jari Veijalainen (jari.veijalainen@vtt.fi) by January 10, 1996.Issue to appear July '96. Journal web page: http://info.gte.com/ftp/doc/ICDE96/flyer.html o ACM Journal, Wireless Networks, special issue on Personal Communications. Personal communications provide communication services anywhere, anytime, with anybody, and in any form. To implement the personal communications concepts, extremely sophisticated systems which integrate many diverse technologies are required. This special focuses on the research and development of advanced PCS technologies. Original contributions related to the several topics are solicited, including privacy and authentication. Electronic submissions of postscript files due to Yi-Bing Lin, liny@csie.nctu.edu.tw, by April 15, 1996. Non-electronic submissions (6 copies) to Professor Yi-Bing Lin, Dept. Comp. Sci. & Info. Engr., National Chiao Tung University, Hsinchu, Taiwan, R.O.C. ________________________________________________________________________ Reader's Guide to Current Technical Literature in Security and Privacy Part 1: Conference Papers ________________________________________________________________________ Int'l Conf. on Information Systems and Management of Data (CISMOD) 1995, 14-17 November, Bombay, India (security-related paper only): * Maintaining Surrogate Data for Query Acceleration in Multilevel Secure Database Systems B. Panda and W. Perrizo Security-related papers presented at the 5th IFIP Working Conference on Dependable Computing for Critical Applications, Beckman Institute, University of Illinois at Urbana-Champaign, September 27-29, 1995 * Fail-Stop Protocols: an Approach to Designing Secure Protocols L Gong, P. Syverson * A Least Privilege Mechanism for User Processes A. Zakinthinos, E.S. Lee * Byzantine Agreement with Authentication: Observations and Applications in Tolerating Hybrid and Link Faults L. Gong, P. Lincoln, J. Rushby * Interactive Consistency Algorithms Based on Authentication and Error-Correcting Codes A. Postma, T. Krol Papers, panel statements, and tutorial announcements as listed in the Table of Contents of the Proceedings of the 18th National Information Systems Security Conference, Baltimore, MD, Oct. 10-13, 1995. The number following a paper title is the page in the Proceedings on which the paper starts. Volume I of the proceedings contains pages 1-383; volume II contains pages 382-761. For affiliations, NIST = National Institute of Standards and Technology and NSA = National Security Agency. REFEREED PAPERS o Enforcement of Complex Security Policies with BEAC, 1, I-Lung Kao, Randy Chow, University of Florida o The Controlled Application Set Paradigm for Trusted Systems, 11, Daniel F. Sterne, TIS, Inc.; Glenn S. Benson, EC-IRC o Information Domains Metapolicy, 27, Gene Hilborn, Computer Sciences Corporation o Maintaining Secrecy and Integrity in Multilevel Databases: A Practical Approach, 37; Sushil Jajodia, George Mason University; Don Marks, DoD; Elisa Bertino, Universita di Milano o TOP: A Practical Trusted ODBMS, 50, Marvin Schaefer, Arca Systems, Inc.; Valeria A. Lyons, Paul A. Martel, Antoun Kanawati, ONTOS, Inc. o Great Unsolved Problems in Applied Computer Security, 63, Mark G. Graff, Sun Microsystems o Addressing INFOSEC Analysis Problems using Rule-Based Technology, 73, Richard B. Neely, Ph.D., James W. Freeman, Ph.D., CTA Incorporated o Identification of Subjects and Objects in a Trusted Extensible Client Server Architecture, 83, Terry C. Vickers Benzel, E. John Sebes, Homayoon Tajalli, TIS, Inc. o The New Alliance: Gaining on Security Integrity Assurance, 100, Reni H. Sanchez, Rockwell Space Operations Co., Donald L. Evans, UNISYS o An Unusual B3-Compliant Discretionary Access Control Policy, 113, Jeremy Epstein, Gary Grossman, Albert Donaldson, Cordant, Inc. o GENSER Message Multi-Level Secure Classifications and Categories, 123, Mary Lou Hoffert, NCPII Development Team, NCTAMS LANT and NCTS Washington o A Standard Audit Trail Format, 136, Matt Bishop, University of California, Davis o TCP/IP (Lack of) Security, 146, Jesper M. Johansson, University of Minnesota o AINT Misbehaving--A Taxonomy of Anti-Intrusion Techniques, 163, Lawrence R. Halme, R. Kenneth Bauer, Arca Systems, Inc. o Simulating Concurrent Intrusions for Testing Intrusion Detection Systems: Parallelizing Intrusions, 173, Mandy Chung, Nicholas Puketza, Ronald A. Olsson, Biswanath Mukherjee, University of California, Davis o Maintaining Privacy in Electronic Transactions, 184, Benjamin Cox, Carnegie Mellon University o A Software Architecture to Support Misuse Intrusion Detection, 194, Sandeep Kumar, Eugene H. Spafford, The COAST Project, Purdue University o Providing Accurate Data Labels to the Analyst - The Secure C4I Workstation, 205, Ingrid Dampier, Christine Corbett, TRW Integrated Engineering Division o Controlling Network Communication with Domain and Type Enforcement, 211, David L. Sherman, Daniel F. Sterne, Lee Badger, Sandra L. Murphy, Kenneth M. Walker, Sheila A. Haghighat, Trusted Information Systems, Inc. o Integrating COTS Applications on Compartmented Mode Workstations, 221, Susan A. Heath, The Boeing Company o Project WINMILL: Using a COTS Solution to Connect LANs of Different Compartments, 228; Al Nessel, Curt Sawyer, Defense Intelligence Agency o On Guards . . . En Garde, 236, Lawrence M. Sudduth, Secure Computing and Communications, Inc. o Securing Local Area and Metropolitan Area Networks: A Practical Approach, 249, Prof. Vijay Varadharajan, U. of Western Sydney, Australia o Using Network Traffic Analysis as a Security Tool, 262, Peter Troxell, Curry Bartlett, Nicholas Gill, Digital Equipment Corp. o SAGE: Approach to Rapid Development of Trusted Guard Applications, 271, Karen Goertzel, Wang Federal, Inc. o Experiences with Implementing Messaging Security in MSMail 3.2, 281, James E. Zmuda, Russell Housley, Spyrus o Can Computers and Epidemiology Get Along? Health Problems in Computers, 291, Guillermo M. Mallin-Fullerton MS, Universidad Nacional Autonoma de Mixico; Dr. Florencia Vargas-Vorackova PhD, Instituto Nacional de la Nutricisn; Dr. Enrique Daltabuit-Godas PhD, Universidad Nacional Autsnoma de Mixico o Disaster Recovery Planning Case Study: The South African 1994 Election, 300, Walter Cooke, CISSP, W. J. Cooke and Associates Ltd. o VHA's Approach to Contingency Plan Development, 308, Gail Belles, Medical Information Security Service, National Center for Information, VA Medical Center o Functional Security Criteria for Distributed Systems, 310, Janet Cugini, NIST; Rog Dobry, NSA; Virgil Gligor, U. of Maryland; Terry Mayfield, Institute of Defense Analyses o A Perspective of Evaluation in the UK Versus the US, 322, Alan Borrett, Member of UK ITSEC Scheme o ECMA's Approach for IT Security Evaluations, 335, Alexander Herrigel, R3 Security Engineering AG, Switzerland; Roger French, Digital Equipment Corp.; Haruki Tabuchi, Fujitsu Ltd, Japan; ECMA o Rating Network Components, 344, Gloria Serrao, NSA o Analysis Requirements for Low Assurance Evaluations, 356, James L. Arnold Jr., NSA o Measuring Correctness and Effectiveness: A New Approach Using Process Evaluation, 366; Klaus Keus, Klaus-Werner Schrvder, Bundesamt f|r Sicherheit in der Informationstechnik, Bonn, Germany o Reengineering the Certification and Accreditation Process: Security is Free, 374; Sean G. Mahon, Boeing Information Services o Critical Factors of Key Escrow Encryption Systems, 384, Dorothy E. Denning, Georgetown University o Evaluating the Strength of Ciphers, 395, John C. Higgins, Brigham Young University o Community Response to CMM-Based Security Engineering Process Improvement, 404, Marcia W. Zior, NSA o Measuring Security: What Can We Learn from Other Fields?, 414, Deborah J. Bodeau, The MITRE Corporation o Security and Software Reuse, 424, George W. Rogers, Jr., Jerry C. Crabb, The Analysis Corporation o The Use of Generic Architectures in System Integration, 431, Dan Gambel, General Research Corp.; Judith Hemenway, Northrop Grumman Data Systems and Services Division o An Open Trusted Enterprise Network Architecture, 447, Gary Grossman, Jeremy Epstein, Cordant, Inc.; Roger Schell, Novell, Inc. o Component Architectures for Trusted Netware, 455, Jeremy Epstein, Gary Grossman, Cordant, Inc. Roger Schell, Novell, Inc. o Social Engineering: The Only Real Test of Information Systems Security Plans, 464; Ira S. Winkler, SAIC o Contingency Planning: What to Do when Bad Things Happen to Good Systems, 470; Jay J. Kahn, Marshall D. Abrams, The MITRE Corporation o What Every Information Systems Security Professional Should Know About Electronic Records Management, 480, Julie Smith McEwen, CISSP, IIT Research Institute o Computer Forensics: An Approach to Evidence in Cyberspace, 487, Special Agent Mark M. Pollitt, Federal Bureau of Investigation o Software Piracy: Prevention, Detection, and Liability Avoidance, 492, Melissa J. Shaw, Batelle o Authorship Analysis: Identifying the Author of a Program, 514, Ivan Krsul, Eugene H. Spafford, The COAST Project, Purdue University o Emerging Law Regarding Computers, Communications, and Software, 525, J. Stewart Bradish, University of Maryland o Internet Sniffer Attacks, 534, E. Eugene Schultz, Ph.D., SRI Int'l Thomas A. Longstaff, Ph.D., Carnegie Mellon University o Information Warfare: A Front Line Perspective, 543, Lieutenant Mark D. Tibbs, U.S. Air Force o Defending a Computer System using Autonomous Agents, 549, Mark Crosbie, Eugene H. Spafford, COAST Laboratory, Purdue University SPECIAL UNREFEREED PAPERS o The Table of Contents for the 1st through the 17th National Computer Security Conferences, 559, Jack Holleran, National Computer Security Center Darlene Affeldt, NSA o A Retrospective on the Criteria Movement, 582, Willis H. Ware, Rand Corporation o Conference Report: 17th National Computer Security Conference, 589, Dennis Gilbert, NIST PANEL SUMMARIES AND VIEWPOINTS o INFOSEC Research and Technology, Facing the Challenge: Secure Network Technology for the 21st Century, 601, Joe Moorcones, Chair, NSA ; Panelists: Tom Zmurko, Dave Muzzy, Bill Ruppert, Blaine Burnham, NSA o Security on the I-WAY (High Speed ATM Networks), 602, Ken Rowe, Chair, University of Illinois Urbana-Champaign ; Panelists: Kem Ahlers, Caterpillar, Inc.; Jay Dombroski, San Diego Supercomputing Center; Ian Foster, Argonne National Laboratory; Judy Warren, Cornell Theory Center o Secure Database Systems: Where are We?, 605, John R. Campbell, Chair, NSA ; Viewpoints by: Richard Allen, Oracle Corporation; Dick O'Brien, Secure Computing Corporation; Thomas Winkler-Parenty, Sybase Inc.; Bob Hedges, Informix Software Inc. o Security in Infinite Networks, 617, Ruth Nelson, Chair, Information System Security ; Viewpoints by: Ruth Nelson; Hilary H. Hosmer, Data Security, Inc.; Dave Bailey, Galaxy Computer Services; Kim Claffy, San Diego Super Computer Center; Steven M. Bellovin, AT&T Bell Laboratory o Cryptographic Application Program Interface , 631, Amy Reiss, Chair, NSA ; Panelists: John Linn, Panelist, Open Vision; Piers McMahon, ICL Ltd.; Dr. Burton Kaliski, RSA Labs o The Future of Formal Methods for Security, 634, Peter G. Neumann, Chair, SRI International ; Viewpoints by: Ricky W. Butler, NASA Langley Research Center; Robert Kurshan, AT&T Bell Laboratories; Bill Legato, NSA o Building a MLS System: A Real Life Adventure, 638, Stephen Kougoures, Chair, NSA ; Panelists: Gloria Fitzergald, Devloyn Arnold, Daphne Willard, Cindy Hash, NSA o Information Systems Security Research Joint Technology Office (Secure Virtual Office), 641, John C. Davis, Chair, National Computer Securtiy Center ; Panelists: Dr. Howard Frank, Advanced Research Projects Agency; Gregory Giovanis, Defense Information Systems Agency; Teresa Lunt, Advanced Research Projects Agency; Robert Meushaw, NSA o Developing an Incident Handling Capability, 643, Marianne Swanson, Chair, NIST ; Viewpoints by: Mark Graff, Sun Corporation; Sandy Sparks, DoE Computer Incident Advisory Capability; Sharon Sandstrom, GE Information Services o An Assurance Framework or Can Process Replace Evaluation?, 644, R. Kenneth Heist, Chair, NSA ; Panelists: William J. Marshall, John J. Adams, Stephen M. LaFountain, Dallas L. Pearson, NSA o Network Rating Model, 647, Olga Lambros, Chair, NSA ; Viewpoints by: Joe Filer, Trident Data Systems, Inc.; Emily D, Joyce, Dr. Bruce George, Colin Bowers, NSA o The TMach Experiment - Phase I, 659, Ellen Colvin Flahavin,NIST ; Viewpoints by: Helmut Kurth, IABG; Julian Straw, Logica/(SISL); Nigel Rogers, CESG; Martha Branstad, Trusted Information Systems, Inc. o Common Criteria Editorial Board, 662, Lynne Ambuel, Chair, NSA ; Panelists: Stephen M. LaFountain, NSA; Eugene Troy, NIST; Aaron Cohen, CSE (Canada); Yvon Klein, SCSSI (France); Chris Ketley, CESG (UK); Ulrich van Essen, GISA (Germany) o The New OMB Circular A-130, Appendix III, 663, Barbara Guttman, Chair, NIST ; Panelists: Scott Charney, Department of Justice; Ed Roback, NIST; Ed Springer, Office of Management and Budget o Perspectives on Internet Security Evaluation and Assurance, 664, Bruce Aldridge, Chair, NIST ; Panelists: Karin Taylor, Communications Security Establishment, Canada Marcus Ranum, Information Works Marvin Schaefer, ARCA Systems, Inc. Ron Ross, Institute of Defense Analyses o Trusted Products - How Are They Used?, 665, Laura M. King, Chair, NSA o Trust Technology Assessment Program, 666, Thomas Anderson, Chair, NSA ; Panelist: Ellen Colvin Flahavin, NIST o The Development of Generally-Accepted System Security Principles , 667, Will Ozier, Chair, ISSA GSSP Committee ; Panelists: Marianne Swanson, NIST; Kristen Noakes-Fry, Noakes-Fry Associates; Hal Tipton, HFT Associates; Nigel Hickson, Department of Trade and Industry o Linking Information Systems Security and Continuous Process Improvement: A Win-Win Organizational Strategy, 668, Dennis Gilbert, Chair, NIST ; Viewpoints by: Richard Belville, Richard Belville and Associates; Chris Bythewood, National Computer Security Center; Richard Koenig, (ISC)2; Corey Schou, Idaho State University; Ralph Spencer Poore, Coopers & Lybrand L.L.P. o INFOSEC Security Market, A Small Business Perspective, 679, James P. Litchko, Chair, Trusted Information Systems, Inc. ; Panelists: Jean Wu, Information Systems Management, Inc.; Teresa Acevedo, A & N Associates; Loreto Remorca, Secure Solutions, Inc. o Will Encryption Keep Out the Hackers?, 681, Dorothy E. Denning, Chair, Georgetown University ; Panelists: Michael R. Higgins, DISA/CISS; Stephen T. Kent, BBN Communications Corporation; Eugene Spafford, The COAST Project, Purdue University ; Viewpoint by: Steven M. Bellovin, AT&T Bell Laboratories o Commercial World: Requirements vs. Solutions / Corporate Security Challenges, 683, Dennis Huamn, Chair ; Panelists: Richard Lee, Brian O'Higgins, Stanley Jarocki o National Information Infrastructure Security Initiatives, Part I, Electronic Commerce, Electronic Messaging (E-Mail) and Information Security, 685, Thomas Burke, Co-Chair, GSA; F. Deane Erwin, Co-Chair, NII SIPMO ; Panelists: Tom Clarke, Defense Information Systems Agency, G. Martin Wagner, ECA-PMO ; Viewpoints by: Jack Finley, GSA Federal Electronic Commerce Program; Security Infrastructure Program Management Office o National Information Infrastructure Security Initiatives, Part II, 693, Stephen Walker, Chair, Trusted Information Systems, Inc. ; Viewpoints by: Richard Rothwell, USPS Electronic Commerce Services; Jim Bidzos, RSA Data Security, Inc.; Nick Piazzola, NSA; Wynn Redden, Communications Security Establishment, Canadian Government o INFOSEC, Prepare to Meet the New Millennium!, 697, Dr. Charles Abzug, Chair, Institute for Computer and Information Sciences ; Panelists: Marshall D. Abrams, The MITRE Corporation; Kevin T. Deeley, Federal Bureau of Investigation ; Patricia Edfors, Department of Justice; Lynn McNulty, McNulty and Associates; Donn B. Parker, SRI International; Dr. Marv Schaefer, Arca Systems ; Viewpoint by: Dr. Roger R. Schell, Novell, Inc. o Legal Hacking - What is Computer Crime on the Internet?, 703, Christine Axsmith, Chair, Orkand Corporation ; Panelists: Scott Charney, Department of Justice; Barbara Fraser, CERT, Carnegie Mellon University; Dr. Lance Hoffman, George Washington University; Marc Rotenberg, Electronic Privacy Information Center o Law Enforcement Panel on Computer Forensics, 705, Special Agent Mark M. Pollitt, Chair, Federal Bureau of Investigation ; Panelists: Special Agent Stephen D. McFall, Federal Bureau of Investigation; Special Agent Howard Schmidt, USAF Office of Special Investigations; Duncan Monkhouse, Royal Canadian Mounted Police ; Viewpoint by: Sergeant Barry E. Leese, Maryland State Police o Internet Security: Current Threats and Practical Solutions, 708, John Wack, Chair, NIST ; Viewpoints by: David Curry, Purdue University; John Pescatore, International Data Group; Robert Bagwill, NIST Dr. Matt Bishop, University of California, Davis o Internet Security , 710, Jon David, The Fortress ; Viewpoints by: Padgett Peterson, Martin Marietta; Steven M. Bellovin, AT&T Bell Laboratories; Paul Ferguson, U.S. Sprint; Sarah Gordon, Command Software Systems, Inc. o Information Warfare: Its Impact upon Information Security, 728, Wayne Madsen, Chair, Computer Sciences Corporation ; Panelists: Martin R. Hill, Office of the Assistant Secretary of Defense, C3I/IW David Banisar, Electronic Privacy Information Center John Stanton, Technology Transfer Journal ; Viewpoints by: John Hamlet, Deacon House TUTORIALS o Tutorial Series on Trusted Systems and Operational Security, 735, Dr. Gary Smith, ARCA Systems, Inc. Presenters: Karen Ferraiolo, Mike Weidner, Stan Wisseman, Jack Wool, ARCA Systems; R. Quane, A. Strameela, National Cryptologic School; Dr. Harold Highland, Computers & Security; Dr. John Campbell, NSA; Joel Sachs, The Sachs Group o Internet 101: Introduction to the Insecurity of the Internet, 737, Dr. Harold Highland, FICS, Chair, Computers & Security ; Panelists: Dr. Jon David, The Fortress; Dr. Bertil Fortrie, Internet Security News; Sarah Gordon, Command Software; Padgett Peterson, Martin Marietta o A Brief Database Security Tutorial: Or the less than Civil War between Ease-Of-Use and Security, the Battle between Grant and Lee's Privilege, Roles and Rollbacks, MAC DAC and FACT, even Distribution and Replication Maybe, 740, John R. Campbell, Chair, NSA o From Training Standards to Courseware: An INFOSEC Success Story, 758, Dr. Vic Maconachy, Chair, NSA ; Panelists: Dr. Corey Schou, Idaho State University; Dr. John Cordani, Eastern Michigan University; Dr. Timothy Mucklow, U.S. Air Force; Lt. Ken Loker, U. S. Navy; Ron Mayfield, General Services Administration o MISSI Series, 759, Brooke Jenkins, Chair, NSA ; Panelists: M. Fleming, S. Saydjari, Todd Inskeep, Carol Friedhoffer, Al Arsenault NSA o A Tutorial: The Internet, World Wide Web, and Beyond, 760, Jeff Harrison, Chair, NIST _______________________________________________________________________ Reader's Guide to Current Technical Literature in Security and Privacy Part 2: Journal and Newsletter Articles, Book Chapters ________________________________________________________________________ * Computers & Security Vol. 14, No. 4 (1995). (Elsevier) Refereed Papers: * Simon Wiseman. Classification services in the SWORD secure DBMS. pp. 207-322. * Greg O'Shea. Redundant access rights. pp. 323-348. * Simon Shepherd. A high speed software implementation of the Data Encryption Standard. pp. 349-357. * OnTheInternet (Internet Society) Vol. 1, No. 4 (Sept-Oct 1995) * It's an enigma: MCNC demonstrates security systems for data superhighways. pp. 6-9. * Jeff Schiller. Cryptography. pp. 16-19 * John Gage, Reggie Best, Vint Cerf, Rose Ann Giordano, Tim Berners-Lee, John Patrick, Tsutomu Shimomura. Network security: Do you know who's breaking in right now?.(panel session from INET '95). pp. 21-27. * ACM SIGSAC Security Audit & Control Review, Vol. 13, No. 4 (October 1995). * Diane Levine. Report in ISSA New York Chapter Conference. pp.4-6. * Simon Foley. Report on Computer Security Foundations Workshop. pp. 7-9. * Allan Mills, Tom Richards, and Leon Kappelman. Audit commission fifth triannual survey. pp. 10-13. * IEEE Trans. on Knowledge and Data Engineering Vol. 7, Number 5 (Oct. 1995) L. Gong. and X. Qian. Enriching the expressive power of security labels. (correspondence). pp. 839-841. * ACM SIGOPS Operating System Review, Vol. 29, No. 4 (October, 1995) * Yun Ding and Patrick Horster. undetectable on-line password guessing attacks. pp. 77-86. * Ping Hu and Bruce Christianson. Is you computing environment secure? Security problems with interrupt handling mechanisms. * IEEE Trans. on Computers Vol. 44, Number 9 (Sept. 1995). H. M. Heys, S. E. Tavares. Avalanche characteristics of substitution-permutation encryption networks. pp. 1131-1139. * High Integrity Systems, Vol. 1 , Number 3 (1995). Security-related papers: J. G. Williams and L. J. LaPadula. Modelling external consistency of automated systems. pp. 249-268. J. M. Voas, C. C. Michael and K. W. Miller. Confidently assessing a zero probability of software failure. pp. 269-276. W. J. Cullyer and W. J. Scales. Irregularities in the behaviour of the 68020 processor. pp. 301-312. L. Rowland and J. A. Clark. Commentary: automated intrusion detection: theory and practice. pp. 313-322. * Computer Standards and Interfaces Journal, Vol. 17, No. 4, (September 1995) (North Holland) -- special issue on computer security and standards, B. Thuraisingham and J. Williams, editors. * J. Cugini. The Common Criteria: on the road to international harmonization. * R. Shirey. Security requirements for network management data. * A. Jossang. The difficulty of standardizing smart card security evaluation. ________________________________________________________________________ Reader's Guide to Current Technical Literature in Security and Privacy Part 3: Books ________________________________________________________________________ None submitted this issue. ________________________________________________________________________ Calendar ________________________________________________________________________ Internet Conference Calendar, URL:http://www.automatrix.com/conferences/ is also worth a look. Dates Event, Location Point of Contact/ more information ----- --------------- ---------------------------------- ==================================================================== See Calls for Papers section for details on many of these listings. ==================================================================== 11/ 1/95: IS spec issue on disaster recov.;papers due; agrawal@cs.ucsb.edu 11/ 6/95:IEEE S&P '96 submissions due; mchugh@cs.pdx.edu 11/ 6/95-11/10/95: ICECCS '95, Fort Lauderdale, FL; alex@vulcan.njit.edu 11/14/95-11/15/95: ACM MCN '95 Berkeley, CA; mcn95-submission@cs.columbia.edu 11/15/95: ICSSDBM '96, Stockholm, submissions due; pers@sto.foa.se 11/15/95: ACM Wireless Networks, spec. issue on Mobility and Security. Manuscripts due to amir@watson.ibm.com or kutten@watson.ibm.com. 11/15/95-11/17/95: CISMOD '95 Bombay; bhalla@u-aizu.ac.jp 11/15/95: IMC'96, Rostock, Germany. Submissions due; kirste@igd.fhg.de. 11/29/95-12/ 2/95:CIKM '95, Baltimore; nicholas@cs.umbc.edu 11/30/95-12/ 1/95: RBAC '95 Workshop, NIST, Gaithersburg, MD 11/30/95: ACM Computer Security Day; computer_security_day@acm.org 12/ 1/95: RTDB96, Newport Beach, CA; submissions due son@virginia.edu. 12/ 4/95-12/ 7/95: DOOD '95, Singapore; mendel@db.toronto.edu 12/10/95: METAD, Silver Spring, MD. Submissions due; metadata-96@llnl.gov. 12/11/95-12/15/95: ACSAC '95, New Orleans; smith@arca.va.com 12/13/95-12/15/95: OOER '95, Gold Coast, Australia; mikep@icis.qut.edu.au 12/16/95: CWCP, Cambridge, UK, submissions due; tmal@cl.cam.ac.uk 12/18/95-12/20/95: 5th IMACCC, Cirencester, UK; IMACRH@v-e.anglia.ac.uk. 12/22/95: CoopIS96, Brussels, Belgium;. Submissions due ake@cs.purdue.edu. 12/27/95-12/30/95: 7th COMAD, Pune, India; anand@pspl.ernet.in or krishnam@hplabs.hp.com 12/31/95: IH Workshop '96, Cambridge, UK, submissions due; ross.anderson@cl.cam.ac.uk 1/10/96: Journal ICDE 96; spec. issue. submissions due; dimitris@gte.com or (jari.veijalainen@vtt.fi). 1/11/96: FMSP '96 San Diego, CA, sriram.sankar@sun.com 1/15/96: DMKD96 Montreal, Canada. Papers due; rng@cs.ubc.ca 1/15/96: INET96, Montreal, Canada.Submissions due;inet-submission@isoc.org.. 1/15/96: COMPASS96, Gaithersburg,MD;Submissions due;faulk@itd.nrl.navy.mil. 1/29/96: ACISP '96, Wollongong, NSW, Australia; submissions due, josef@cs.uow.edu.au 1/31/96: IFIP96 Mobile Commns: Abstracts due IFIP96@acs.org.au. 1/31/96: ISTCS96, Jerusalem, Israel. Submissions due; istcs96@cs.rice.edu. 2/ 1/96: BDBIS, Tallinn, Estonia.. Abstracts to balt96@cs.ioc.ee. 2/ 2/96: CSFW96. Kerry, Ireland. Submissions due; mischu@research.att.com. 2/20/96: IFIP WG 11.3,Como,Italy,submissions due, samarati@dsi.unimi.it or sandhu@isse.gmu.edu 2/21/96-2/23/96: FSE Workshop '96, Cambridge, UK,; dieter@dcs.rhbnc.ac.uk 2/22/96- 2/23/96: SNDSS '96, San Diego, CA; http://nii.isi.edu/info/sndss 2/23/96: VLDB '96 submissions due; nls@cse.iitb.ernet.in 2/26/96- 3/ 1/96: ICDE '96, New Orleans; icde96@cis.ufl.edu 2/26/96- 2/27/96: IMC'96, Rostock, Germany. 3/ 1/96: WebNet. San Francisco, CA; . Submissions due; AACE@virginia.edu. 3/ 7/96- 3/ 8/96: RTDB96, Newport Beach, California. . 3/14/96- 3/16/96: CCS-3,New Delhi;gong@csl.sri.com or Jacques.Stern@ens.fr 3/15/96:ESORICS'96,Rome; .Submissions due; bertino@hermes.mc.dsi.unimi.it 3/21/96- 3/24/96: TSMCFP96 Nashville, Tenn.; lundeng@ctrvax.vanderbilt.edu 3/18/96: KDD96. Portland, Oregon, . Submissions due, kdd@aaai.org 3/27/96- 3/30/96: CFP '96, Cambridge, MA; cfp96@mit.edu 4/10/96- 4/13/96: CWCP, Cambridge, UK; tmal@cl.cam.ac.uk 4/16/96- 4/18/96: METAD. Silver Spring, MD no e-mail address available 4/30/96- 5/ 3/96: 8th CCSS, Ottawa; no e-mail address available 5/ 5/96- 5/ 8/96: IEEE S&P 96; dmj@mitre.org 5/21/96- 5/24/96: IFIP/SEC 96 - Greece; sec96@aegean.ariadne-t.gr 5/27/96- 5/30/96: ICDCS96 Kowloon, Hong Kong. no e-mail address available 5/30/96- 6/1/96: IH Workshop '96, Cambridge, UK;ross.anderson@cl.cam.ac.uk 6/ 2/96: DMKD96 Montreal, Canada. 6/ 3/96- 6/ 6/96: SIGMOD/PODS '96, Montreal, Canada 6/10/96- 6/12/96: CSFW96. County Kerry, Ireland . 6/10/96- 6/11/96: ISTCS96. Jerusalem, Israel. 6/12/96- 6/14/96: BDBIS. Tallinn, Estonia 6/17/96- 6/21/96: COMPASS96, Gaithersburg, Maryland; 6/18/96- 6/20/96: ICSSDBM '96, Stockholm; pers@sto.foa.se 6/19/96- 6/21/96: CoopIS96, Brussels, Belgium. . 6/24/96- 6/26/96: ACISP '96, Wollongong, NSW, Australia;josef@cs.uow.edu.au 6/25/96- 6/28/96: INET96. Montreal, Canada 7/22/96- 7/24/96: IFIP WG 11.3, Como, Italy, samarati@dsi.unimi.it or sandhu@isse.gmu.edu 8/ 3/96- 8/ 5/96: KDD96. Portland, Oregon 9/ 2/96- 9/ 6/96: IFIP96 Mobile Commns Canberra, Australia. 9/ 3/96- 9/ 6/96: VLDB '96, Bombay, India; nls@cse.iitb.ernet.in 9/25/96- 9/27/96: ESORICS'96, Rome; bertino@hermes.mc.dsi.unimi.it 10/16/96-10/19/96: WebNet. San Francisco, CA 5/ 4/97- 5/ 7/97: IEEE S&P 97; no e-mail address available 5/13/97- 5/16/97: 9th CCSS, Ottawa; no e-mail address available 5/ 3/98- 5/ 6/98: IEEE S&P 98; Oakland no e-mail address available 5/12/98- 5/15/98: 10th CCSS, Ottawa; no e-mail address available 5/ 2/99- 5/ 5/99: IEEE S&P 99; Oakland no e-mail address available 5/11/99- 5/14/99: 11th CCSS, Ottawa; no e-mail address available 4/30/00- 5/ 3/00: IEEE S&P 00; Oakland no e-mail address available 5/16/00- 5/19/00: 12th CCSS, Ottawa; no e-mail address available Key: ACISP = Australasian Conference on Information Security and Privacy ACSAC = Annual Computer Security Applications Conference BDBIS = Baltic Workshop on DB and IS, BDBIS CCS-3 = 3rd ACM Conference on Computer and Communications Security CCSS = Annual Canadian Computer Security Symposium CIKM = Int. Conf. on Information and Knowledge Management CIKM '95 COMAD = Seventh Int'l Conference on Management of Data (India) CISMOD = International Conf. on Information Systems and Management of Data CFP = Conference on Computers, Freedom, and Privacy CoopIS96 = First IFCIS International Conference on Cooperative Inf.Systems COMPASS = Conference on Computer Assurance COMPASS'96 CPAC = Cryptography - Policy and Algorithms Conference CSFW = Computer Security Foundations Workshop CSFW96 and Wkshp page. CWCP = Cambridge Workshop on Cryptographic Protocols DCCA = Dependable Computing for Critical Applications DMKD96 = Workshop on Res. Issues on Data Mining and Knowledge Discovery DOOD = Conference on Deductive and Object-Oriented Databases DOOD '95 ESORICS = European Symposium on Research in Computer Security ESORICS'96 FISSEA = Federal Information Systems Security Educators' Association FMSP = Formal Methods in Software Practice FSE = Fast Software Encryption HPTS = Workshop on High Performance Transaction Systems IC3N = International Conference on Computer Communications and Networks ICDCS96 = The 16th Int'l Conference on Distributed Computing Systems ICDE = Int. Conf. on Data Engineering ICI = International Cryptography Institute ICECCS = International Conference on Engineering of Complex Computer Systems ICSSDBM = Int. Conf. on Scientific and Statistical Database Management IEEE S&P = IEEE Symposium on Security and Privacy IFIP/SEC = International Conference on Information Security (IFIP TC11) IFIP WG11.3 = IFIP WG11.3 10th Working Conference on Database Security IFIP96 Mobile Commns = IFIP 1996 World Conference, Mobile Communications IH Workshop '96 = Workshop on Information Hiding IMACCC = IMA Conference on Cryptography and Coding, 5th IMACC IMC96 = IMC'96 Information Visualization and Mobile Computing INET = Internet Society Annual Conference INET96 = The Internet: Transforming Our Society Now, INET96 IS = Information Systems (journal) ISTCS = Fourth Israeli Symposium on Theory of Computing and Systems, ISTCS96. JBCS = Journal of the Brazilian Computer Society JCMS = Journal of Computer Mediated Communication KDD96 = Second Int'l Conf. on Knowledge Discovery and Data Mining (KDD-96) MCN '95 = ACM Int. Conf. on Mobile Computing and Networking MDS '95 = Second Conference on the Mathematics of Dependable Systems METAD = First IEEE Metadata Conference METAD MMDMS = First Int. Wkshop on Multi-Media Database Management Systems NCSC = National Computer Security Conference NISS = National Information Systems Security Conference NSPW = New Security Paradigms Workshop OOER = 14th Int. Conf. on Object-Oriented and Entity Relationship Modelling RBAC'95 = First ACM Workshop on Role-Based Access Control RTDB'96 = 1st Int'l Workshop on Real-Time Databases: Issues and Applications SAC '95 = 2nd Annual Workshop on Selected Areas of Cryptography SFTC-VI = Symposium on Fault Tolerant Computing - VI (Brazil) SIGMOD/PODS:ACM SIGMOD Int'l Conf. on Management of Data / ACM SIGACT SIGMOD-SIGART Symp on Principles of Database Systems SNDSS = Symp. on Network and Distributed System Security (Internet Society) TSMCFP96 = 4th Int'l Conference on Telecommunication Systems USENIX Sec Symp = USENIX UNIX Security Symposium WDAG-9 = Ninth Int. Workshop on Distributed Algorithms WebNet = World Conference of the Web Society, WebNet96. ________________________________________________________________________ Who's Where: recent address changes ________________________________________________________________________ Judith A. Hemenway Merdan Group, Inc. 4617 Ruffner St. San Diego, CA. 92111 (619) 571-8565 hemfel@cts.com Hemenway@dockmaster.ncsc.mil Joan D. Winston Trusted Information Systems, Inc. 1420 Spring Hill Road, Suite 600 McLean, VA 22102 voice: (703)917-6630 fax: (703)821-8426 e-mail:jwinston@tis.com Jarrellann Filsinger Trusted Information Systems, Inc. 1420 Springhill Rd, Suite 600 McLean VA 22102 e-mail:janf@tis.com voice: (703)917-6630 fax: (703)821-8426 Gary Grossman Arca Systems 8229 Boone Blvd, Suite 610 Vienna VA 22182-2623 voice: (703)734-5611 fax: (703)790-0385 e-mail: grossman@va.arca.com ________________________________________________________________________ New Reports available via FTP and WWW ________________________________________________________________________ Regarding the "NFS problem" described in the New York Times Oct. 11, Avi Rubin and Trent Jaeger offer a paper concerning work done last some to detect undesired modification of an executable in transit over an untrusted network. Available at: ftp://thumper.bellcore.com/pub/rubin/stretch.ps (Caution: 1.2MB file; compressed version in stretch.ps.Z) Chelliah Thirunavukkarasu (EIT), Tim Finin (UMBC) and James Mayfield (UMBC). "Secret Agents -- A Security Architecture for the KQML Agent Communication Language", October 1995. Submitted to the CIKM'95 Intelligent Information Agents Workshop, Baltimore, December 1995. available at: http://www.cs.umbc.edu/kqml/papers/secret.ps (200MB PostScript) The Council of Europe's Committee of Ministers' recommendations Concerning Problems of Criminal Procedure Law Connected with Information Technology is available at http://www.privacy.org/pi/intl_orgs/coe/info_tech_1995.html U.S. Senate Proposed Legislation on Medical Confidentiality http://thomas.loc.gov/c104query.html (enter query for Bill number S1360) Privacy and the NII: Safeguarding Telecommunications-Related Personal Information. White paper for the US National Telecommunications and Information Administration. From the Executive Summary: "... this paper focuses on the privacy concerns associated with an individual's subscription to or use of a telecommunications or information service. The overall purpose of the paper is to provide an analysis of the state of privacy in the United States as it relates to existing and future communications services and to recommend a framework for safeguarding telecommunications-related personal information (TRPI). http://www.ntia.doc.gov/ntiahome/privwhitepaper.html (HTML - 150KB) http://www.ntia.doc.gov:70/00/policy/privwhitepaper.txt (ascii - 143KB) Microsoft/Visa Secure Transaction Technology (STT) and Private Communication Technology Protocol (PCT) Proposals: http://www.microsoft.com/windows/ie/stt.htm -- STT terse technical doc http://www.visa.com/visa-stt/ -- STT comprehensive doc & refs http://www.microsoft.com/windows/ie/pct.htm - PCT Internet draft, by J. Benaloh, B. Lampson, D. Simon, T. Spies, and B. Yee. Windows 95 Security Flaw Information and Upgrades http://www.microsoft.com/windows/software/w95fpup.htm ________________________________________________________________________ Interesting Links [new entries only] ________________________________________________________________________ Format: Description (first lines) followed by URL (last line) Government sources/information: ------------------------------- U.S. House of Representatives http://www.house.gov/ U.S. Senate http://www.senate.gov/ JWID '95 Main Page http://www.hqmc.usmc.mil/jwid/jwidmain.htm Professional societies and organizations: ----------------------------------------- European Workshop for Open Systems Security Group http://www.ewos.be/sec/home.htm Web Society Network Security Column http://www.websoc.at/web.columns.netsec;sk8313408F Other places for interesting research papers, announcements, assistance ----------------------------------------------------------------------- Openmarket Browser Security Watch http://www.openmarket.com/knowledge/security-watch/stest.cgi Netscape Bugs Bounty http://home.mcom.com/comprod/products/navigator/version_2.0/ contest_rules.html General Magic: includes developer info for Magic Cap http://www.genmagic.com ________________________________________________________________________ Data Security Letter Subscription Offer ________________________________________________________________________ A special subscription rate of $25/year for the Data Security Letter is now available to IEEE TC members. The DSL is an external, nonpartisan newsletter published by Trusted Information Systems, Inc. Eleven issues (usually 16 pages each) per year are published. The DSL welcomes reader suggestions and contributions and accepts short research abstracts (about 130 words) for publication on an ongoing basis. On occasion, the DSL will be republishing Cipher articles (with authors' approval), but such articles will constitute a small portion of DSL content (thus there will be very little duplication of Cipher material). IEEE TC members wishing to take advantage of the special subscription rate should send the following to sharon@tis.com. The information can also be faxed to 301-854-5363 (attention: DSL) phoned to 301-854-5338, or mailed to Trusted Information Systems, Inc., 3060 Washington Rd., Glenwood, MD 21738 USA. NAME: POSTAL ADDRESS: (Please indicate company name, if a business address) PHONE: (Please indicate if home or business) FAX: E-MAIL: IEEE Membership No. (if applicable): NOTE: If you are already a paying subscriber to the DSL, for the $25 you will receive a 2-year renewal; refunds, rebates, etc., on your current subscription are not available. If you have any questions about the offer or anything else pertaining to the DSL, you may contact the editor, Sharon Osuna, via E-Mail to sharon@tis.com or call her at 301-854-5338. ________________________________________________________________________ How to join the TC on Security and Privacy ________________________________________________________________________ You do NOT have to join either IEEE or the IEEE Computer Society to join the TC, and there is no cost to join the TC. All you need to do is fill out an application form and mail or fax it to the IEEE Computer Society. A copy of the form is included below (to simplify things, only the TC on Security and Privacy is included, and is marked for you) The full and complete form is available on the IEEE Computer Society's Web Server at URL: http://info.computer.org:80/tab/tcapplic.htm PLEASE NOTE THAT THE FORM IS TO BE RETURNED (BY MAIL OR FAX) TO THE IEEE COMPUTER SOCIETY, >>NOT<< TO CIPHER. --------- IEEE Computer Society Technical Committee Membership Application ----------------------------------------------------------- Please print clearly or type. ----------------------------------------------------------- Last Name First Name Middle Initial ___________________________________________________________ Company/Organization ___________________________________________________________ Office Street Address (Please use street addresses over P.O.) ___________________________________________________________ City State ___________________________________________________________ Country Postal Code ___________________________________________________________ Office Phone Fax ___________________________________________________________ Email Address (Internet accessible) ___________________________________________________________ Home Address (optional) ___________________________________________________________ Home Phone ___________________________________________________________ [ ] I am a member of the Computer Society IMPORTANT: IEEE Member/Affiliate/Computer Society Number: ____________________ [ ] I am not a member of the Computer Society* Please Note: In some TCs only current Computer Society members are eligible to receive Technical Committee newsletters. Please select up to four Technical Committees/Technical Councils of interest. TECHNICAL COMMITTEES [ X ] T27 Security and Privacy Please Return Form To: IEEE Computer Society 1730 Massachusetts Ave, NW Washington, DC 20036-1992 Phone: (202) 371-0101 FAX: (202) 728-9614 ________________________________________________________________________ TC Publications for Sale ________________________________________________________________________ Despite the sweltering D.C. summer just ending, the Proceedings of the 1995 IEEE Symposium on Security and Privacy remain as fresh and green as they were last spring. They continue to be available, along with those old favorites in blue, orange, and pink, for purchase by TC members at favorable rates. Current issues in stock and continuing LOW PRICES are as follows: Price by mail from TC IEEE CS Press IEEE CS Press Year TC members IEEE member price List Price ---- ---------- ----------------- ------------- 1992 $10 Only available from TC! 1993 $15 Only available from TC! 1994 $20 $30+$4 S&H $60+$5 S&H 1995 $25 $25+$4 S&H $50+$4 S&H For overseas delivery: -- by surface mail, please add $5 per order (3 volumes or fewer) -- by air mail, please add $10 per volume to the prices listed above. If you would like to place an order, please send a letter specifying which issues you would like, o where to send them, and o a check in US dollars, payable to the 1995 IEEE Symposium on Security and Privacy to: Charles N. Payne Treasurer, IEEE TC on Security and Privacy Secure Computing Corp. 2675 Long Lake Rd. Roseville, MN 55113 We remain unready to plunge our figurative toe into the inviting but potentially treacherous waters of electronic commerce! ________________________________________________________________________ TC Officer Roster ________________________________________________________________________ Chair: Vice Chair: Deborah Cooper Charles P. Pfleeger P.O. Box 17753 Trusted Information Systems, Inc. Arlington, VA 22216 3060 Washington Rd., (703)908-9312 voice and fax Glenwood, MD 21738 dmcooper@ix.netcom.com (301)854-6889 (voice) (301)854-5363 (fax) pfleeger@tis.com Newsletter Editor: Chair, Subcommittee on Academic Affairs: Carl Landwehr Prof. Karl Levitt Code 5542 University of California, Davis Naval Research Laboratory Division of Computer Science Washington, DC 20375-5337 Davis CA 95611 (202)767-3381 (916)752-0832 landwehr@itd.nrl.navy.mil levitt@iris.ucdavis.edu Standards Subcommittee Chair: Greg Bergren 10528 Hunters Way Laurel, MD 20723-5724 (410)684-7302 (410)684-7502 (fax) glbergr@missi.ncsc.mil ________________________________________________________________________ Information for Subscribers and Contributors ________________________________________________________________________ SUBSCRIPTIONS: Two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to (which is NOT automated) with subject line "subscribe". 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing or downloading from our ftp server send e-mail to (which is NOT automated) with subject line "subscribe postcard". To remove yourself from the subscription list, send e-mail to cipher-request@itd.nrl.navy.mil with subject line "unsubscribe". Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher CONTRIBUTIONS: to are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. For Calendar entries, please include an e-mail address for the point-of-contact. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. BACK ISSUES: There is an archive that includes each copy distributed so far, in ascii, in files you can download at URL http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/cipher-archive.html There is also an anonymous FTP server that contains the same files. To access the archive via anonymous FTP: 1. ftp www.itd.nrl.navy.mil 2. At prompt for ID, enter "anonymous" 3. At prompt for password, enter your actual, full e-mail address 4. Once you are logged in, change to the Cipher Directory: cd pub/cipher 5. Now you can request any of the files containing Cipher issues in ascii. Issues are named in the form: EI#N.9506 where N is the number of the issue desired and 9506 captures the year and month it first appeared. =======end of Electronic Cipher Issue #10, 1 November 1995================