Subject: Electronic CIPHER, Issue 14, April 28, 1996 _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ==================================================================== Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 14 April 28, 1996 Carl Landwehr, Editor Hilarie Orman, Assoc. Editor ==================================================================== Contents: [1447 lines total] Final Program Details for IEEE Symposium on Security and Privacy: Panel sessions and 5-minute talks Letter from the Editor: Research Project Registry? Letter to the Editor Reply: Advice for Cipher Reporters Security and Privacy News Briefs: o Federal District Court Rules Source Code is Protected Speech o Cryptography Policy Items from All Over o NIST and NSA Guidance on Evaluating Cryptography Released o Microsoft Crypto API Mailing List Initiated o Security Dynamics to Purchase RSA Data Security o New U.S. Cyberspace Defense Panel? o Macro Viruses Major Nuisance o Java and Security this month o Oracle Executive Successfully Repudiates E-mail Commentary and Opinion o Enforcing the CDA improperly may pervert Internet architecture by David P. Reed Articles and Conference Reports: o Report on the First ACM Workshop on Role-based Access Control by Ravi Sandhu New Reports available via FTP and WWW Interesting Links Who's Where: recent address changes Calls for Papers Reader's guide to recent security and privacy literature o Conference Papers: o Journal and Newsletter articles o Books Calendar >>>>>>>>>>>>>>Data Security Letter subscription offer<<<<<<<<<<< How to join the TC on Security and Privacy Publications for sale TC officers Information for Subscribers and Contributors ____________________________________________________________________ Final Program Details for 1996 IEEE Symposium on Security & Privacy May 7-9, Oakland, CA ____________________________________________________________________ Final details of panel participants and the 5-minute talk list have just been released by John McHugh and George Dinolt, the program co-chairs for the 1996 IEEE Symposium on Security & Privacy, which opens in just a week (General Chair Dale Johnson tells me there is still some space available; see URL http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/SP96pgmandreg.html for full registration information and form or call Vice Chair Steve Kent's office at +1 617 873-6328 for registration information. Planned 5-minute talks (not necessarily in order) are: Ludovic Me': Genetic Algorithms, a Biologically Inspired Approach for Security Audit Trails Analysis N. Asokan, G. Tsudik, and M. Waidner: Server-Supported Signatures: a New Non-repudiation Concept Gary McGraw, Anup Ghosh, and Jeff Voas: Defining an Adaptive Software Security Metric from a Dynamic Software Fault-Tolerance Measure Heather M. Hinton and E. Stewart Lee: A Safety-Progress Composition Principle Scott Knight: The Specification of Static Security Policy in the Critical System Logic (CSL) Yi Xun, Cheng Shixin, and Xiao Guozhen: A Complete Involutive Model of Block Cipher Ari M. Barma and Norihisa Doi: Encrypted Key Exchange Using Multiple Keys Yuko Murayama: A Multimedia Threat in Computer Networks: Subliminal Messages Shyhtsun F. Wu: SSGP: the Sleepy Security Gateway Protocol for IPSEC Christophe Bidan, Valerie Issarny: Towards the expression of security policies at the application level Robert Filman and Ted Linden: Communicating Security Agents R. Neely and J. Freeman: An Integrated Security Analysis Process with Knowledge-Based Tool Support Daniel F. Sterne, et. al.: Browsing the Web Safely with Domain and Type Enforcement Paul McMahan: A Security Profile for Agent Execution Environments Jose Guimaraes, et. al.: Access Control to Multimedia Services based on Trusted Third Parties N. Jukic and S.V. Vrbsky: Subject's Interpretation of Objects on Lower Security Levels Simon Foley: Building Chinese Walls in BSD UNIX Myong H. Kang, Judith N. Froscher, and Ira S. Moskowitz: A Framework for MLS Interoperability Terry Vickers Benzel's panel on OMG's CORBA security standard will feature: - Richard Soley, Vice President of OMG and OMG Technical Committee Chair. Richard is one of the key architects of the Object Request Broker Architecture. - Bob Blakely, Jr., of IBM, who is one of the principal authors of the CORBA Security Specification. - Bret Hartman, one of the principal authors of Appendix E of the Security Specification on Guidelines for a Trustworthy System. - Roger Schell, of Novell, one of the founding fathers of the field of computer security Richard Soley will give an overview of CORBA and why we should be interested in it; then Bob Blakely will describe the security spec and the process of developing it. Bret Hartman will raise particular security issues (e.g., can an ORB by non-bypassable?), and Roger Schell will provide a commentary on the issues raised by the panel. Terry Benzel leads a project that is looking into the use of CORBA in conjunction with domain type enforcement to provide interoperability between trusted and untrusted components in a client-server environment; the project is developing object-oriented DTE mechanisms and several prototype ORB servers. Deborah Cooper will chair the discussion of Ross Anderson's paper on Security for Medical Information Systems. Discussants will be - Tom Rindfleisch, Director of Stanford's Center for Advanced Medical Informatics - Bruce Sams, M.D., who has served as executive director of Permanente in Oakland and is a member of the National Institute of Medicine; - Don Biggar, Vice President and Deputy General Manager, Health Management, Unisys As previously announced, Cynthia Irvine's panel on Goals for Computer Security Education will feature Leslie Chalmers, Karl Levitt, Steve Barnett, Jim Schindler and Roger Schell. Cynthia is expecting diverse opinions from both the panelists and the audience. She says, "Those of us engaged in research and development as well as education need to be alert to the concerns and frustrations of the community we serve. Our "customers" need to understand that issues of security and privacy need not be relegated to trivial afterthought nor regarded as too difficult to address. Both of these approaches can result in inadequate resources to tackle real, but solvable security problems. Well-founded education programs can increase confidence that the problems are, or can be, understood and that we can make progress toward solving them." Finally, Vipin Swarup of MITRE is organizing an evening discussion on Java and Mobile Code Systems as a prelude to the paper "Java Security: From HotJava to Netscape and Beyond," by Drew Dean, Edward Felten, and Dan S. Wallach of Princeton University that has already attracted considerable Internet discussion. Representation from Sun is expected. ____________________________________________________________________ Letter from the Editor: Research Project Registry ____________________________________________________________________ Dear Readers, How can we use the mechanisms available to us to foster more effective research? One way might be to create a "registry" of URLs and e-mail addresses where researchers could post brief summaries of their activities and pointers to themselves. People interested by the summaries could follow the pointers, send e-mail, or phone to obtain further information. I am willing to start this up on an experimental basis. If you would like to have your research project listed, please send me your a) name b) e-mail address c) project title d) affiliation e) one sentence describing what you are trying to accomplish f) URL for further information I'll create a web page and include results in the next issue. Carl Landwehr Editor, Cipher ____________________________________________________________________ Letter to the Editor ____________________________________________________________________ Letter form a well-known reader (excerpted): Carl, I just want to let you know that lately I've been really appreciating Electronic Cipher. Over time I get more and more out of touch with security happenings and people, and I've little time to spend in newsgroups and mailing lists. But I'm always interested in what's up the security world. and I've found Cipher the most efficient and interesting way to do so. Tell Mez (I don't know her email address) that I particularly like her news highlights: being written by a security person, they actually tell me what I want to know (unlike newspaper articles) and I don't have to wade through mass quantities of newsgroup chatter to get there. If I had a wish, it would be to have someone write a highlights for the various security conferences. I know it's important to give an objective summary of each paper, but it's too much for me to read all of them and I'm not capable of judging which are truly "important" anyway I read Science News every week and trust their reporters to tell me what's important from scientific conferences (and from journals). It would be nice to have something like that for security conferences, though I admit it might be hard to find someone you trust to make the choices. Keep it up! Morrie Gasser ____________________________________________________________________ Reply: ____________________________________________________________________ Morrie, Thanks very much. I am always on the lookout for volunteers to write up significant highlights from relevant conferences. In fact, some time ago I wrote up some advice to potential Cipher reporters, and perhaps this is a good opportunity to broadcast this to our entire readership. Here it is: ____________________________________________________________________ Advice for Cipher Conference Reporters ____________________________________________________________________ 1. Thanks very much for contributing. It takes some work, but it can be rewarding to you as well as to your readers. Reporting on a meeting as a whole forces you to look at it with a somewhat broader perspective than if you were just listening for the points that directly affect your own research. 2. You are writing for the readers of a NEWSletter. Think of yourself as a member of the audience -- if you weren't able to be at the meeting what would you like t knmw about it from a friend who attended? Put the most important things first and be brief. Write in the active voice. See Strunk & White for additional advice on writing style. Look at past Cipher issues for examples. 3. Significant technical advances are always of interest. For most meetings Cipher covers, however, a proceedings containing all the technical papers is published, so it isn't usually necessary to cover those details in depth. The questions asked after a paper and un-minuted panel discussions usually deserve more space than a rehearsal of the papers' abstracts. It is helpful to note what caught the interest of the audience (or what didn't, if that's significant). 4. It's helpful to let readers know how to acquire a copy of the proceedings -- try to provide a reference; pointers to Web pages are good if available. 5. Details of the meeting outside the technical sessions can liven up the story. We aren't looking for gossip, but who won the croquet tournament may be of interest. Was the attendance up or down from last year? What are the plans for next year -- dates, location, points of contact? 6. Try to get your copy in as soon as possible. "News" ceases to be that when it gets old. If necessary, I will edit your report and get it back to you for approval if there are any significant changes or additions. 7. Again, thank you! Without contributions like yours, Cipher could not continue. ______________________________________________________________________ SECURITY AND PRIVACY NEWS BRIEFS ______________________________________________________________________ Federal District Court Rules Source Code is Protected Speech _______________________________________________________________________ "For the purposes of First Amendment analysis, this court finds that source code is speech." On this basis, U.S. District Judge Marilyn Hall Patel went on to refuse to dismiss Daniel Bernstein's suit against the State Department, which had denied his requests to export the source code for "snuffle", a cryptographic algorithm he developed. According to the Electronic Frontier Foundation, which is assisting Bernstein's suit, this represents the first time a U.S. court has ruled that source code is speech under First Amendment analysis, and as such this represents a landmark ruling. EFF sees this case as having the potential to nullify the basis for NSA's control of cryptographic software exports. The case will proceed in Judge Patel's court, the Northern District of California, in San Francisco. Full scanned-in text of the decision available at: < http://www.eff.org/pub/Privacy/ITAR_export/Bernstein_case /Legal/960415.decision > _______________________________________________________________________ More Cryptography Policy Items from All Over _______________________________________________________________________ Bills to relax U.S. controls on the use and export of encryption were introduced 5 March in both the House (Rep. Goodlatte, H.R. 3011, Security and Freedom through Encryption Act) and Senate (Senator Leahy, S.1587, Encrypted Communications Privacy Act of 1966). At this writing (28 April), the House bill has attracted 37 co-sponsors; the Senate bill has only four, but Senator Dole is one of them. The bills are not identical, but both would relax U.S. export controls on encryption substantially and assure U.S. citizens certain rights in the use of encryption. Neither bill has progressed very far in the legislative process as yet. According to the Internet Privacy Coalition, Senator Burns will introduce his own bill, entitled Promotion of Commerce On-line in the Digital Era (PRO-CODE), on April 30. This is the legislation he announced at the Computers, Freedom, and Privacy conference (Cipher EI #13). In the past month, the ACM US Policy Board and IEEE US Activities Board jointly wrote to Senator Burns as chairman of the Senate subcommittee with cognizance over S. 1587 in support of relaxing export controls on encryption, but suggesting that "we believe that the inclusion of issues that are tangential to export, such as key escrow and encryption in domestic criminal activities, is not necessary. The relaxation of export controls is of great economic importance to industry and users, and should not become entangled in more controversial matters." A letter from Dorothy Denning to Sen. Leahy was circulated widely on the Internet this month. She argues that his bill goes too far in removing export controls and that international solutions based on the use of escrowed encryption and CAPIs would be acceptable to business and government and should be sought. Matt Blaze and Bruce Schneier had earlier written to Sen. Leahy endorsing the legislation, though expressing concerns over the potential interpretation of the bill's provision that criminalizes the use of cryptography in the furtherance of a Federal felony. Denning's letter is available at URL The Schneier and Blaze letters are available at the Internet Privacy Coalition's web site: . Now that the "Blue Ribbon" campaign against the Communications Decency Act is old news (though it's not over -- judges in a Philadelphia courtroom were treated to lessons in how to find indecent materials on the Internet this month, as the CDA trial continues), the Internet Privacy Coalition (IPC), sporting a distinguished list of Founding Members and a long list of Affiliated Organizations, has started a "Gold Key" campaign to "to raise awareness and support for the preservation of the right to communicate privately and the availability of new techniques which make it possible." The IPC announced its formation and the campaign on April 24. For details, see URL . According to a report in Inter@ctive Week, the Gartner Group has issued a study arguing that "easily available encryption would quickly result in the dominance of a handful of encryption products worldwide, much like the market for other software. Once a mass market for cheap, easy-to-use security was established, the Gartner Group said, there would be little motivation for other companies to produce expensive, leading edge technologies, thus slowing the progress of encryption technology abroad as well as domestically. At that point, Gartner said, law enforcement could concentrate on cracking a handful of codes rapidly, instead of worrying about a wide variety of strong encryption technologies worldwide." A report from the UK indicated that its Department of Trade and Industry (DTI) has received a study on information security featuring the key-escrow approach and that ministers will decide on whether the UK will adopt such a scheme in the next few months. _______________________________________________________________________ NIST and NSA Guidance on Evaluating Cryptography Released _______________________________________________________________________ NIST has published Technical Report - Evaluation Criteria for Cryptography (see new reports section). Also, it is rumored that NIST and NSA will soon publish joint guidance relating the lower assurance levels of the TCSEC to corresponding assurance and functionality levels of the ITSEC and CTCPEC; stay tuned. _______________________________________________________________________ Microsoft Crypto API Mailing List Initiated _______________________________________________________________________ CryptoAPI is a mailing list (discussion list) for Microsoft Cryptographic API (CryptoAPI), which provides services that enable application developers to add cryptography to their Win32 applications. For more information about CryptoAPI, see . You can subscribe to the regular mailing list or a digest version. To subscribe, send e-mail to listAdmin@lists.msn.com with the following text in the message body (not subject line): subscribe CryptoAPI your@email.address or digest CryptoAPI your@email.address where _______________________________________________________________________ Macro Viruses Becoming Major Nuisance _______________________________________________________________________ According to Information Week, a survey of 300 large corporations by the National Computer Security Association (NCSA) showed that more than 50% had suffered from macro-virus attacks during January and February. According to the report, Microsoft says its Virus Protection Tool, available at < http://www.microsoft.com/ > offers protection against the Word macro virus. _______________________________________________________________________ Java and Security this month _______________________________________________________________________ From CERT CA 96-17: Java bytecode verifier weakness: "The CERT staff recommends disabling Java in Netscape Navigator and not using Sun's appletviewer to browse applets from untrusted sources until patches are available from these vendors. As we receive additional information relating to this advisory, we will place it in ftp://info.cert.org/pub/cert_advisories/CA-96.07.README" Later in the month, Daniel Abplanalp and Stephan Goldstein reported that Java applets run under Netscape Navigator on a wide variety of platforms can determine the pathname of the directory in which the Netscape Navigator was started; this is considered a privacy/security violation. On April 25, the NY Times reported that Windows 95 will soon include Java support with its regular distribution. _______________________________________________________________________ Oracle Executive Successfully Repudiates E-mail _______________________________________________________________________ The San Francisco Chronicle reported that instead of receiving a $100,000 settlement for wrongful termination, a former Oracle employee may now herself be prosecuted for sending false e-mail. The e-mail in question was ostensibly sent to her by her supervisor, but he was able to show from cellular phone records that he could not have sent the message at the time he was supposed to have done so because he was driving his car at the time. Further, the woman knew the passwords for the account from which the mail originated. One wonders whether non-repudiation services for e-mail will be in regular use before executives are routinely sending e-mail from their automobiles. ______________________________________________________________________ COMMENTARY: Enforcing the CDA Improperly May Pervert Internet Architecture by David P. Reed ______________________________________________________________________ [The following note came across my screen recently and I thought it worth bringing to the attention of Cipher readers. I found the "end-to-end argument" paper a model of clarity and insight, and this comment has a technical component I haven't seen elsewhere in the furor the CDA has evoked on the net.--CEL] Friends - I'd like to call your attention to a situation where misguided politics (of the "ends-justify-means" sort) threatens one of the fundamental principles of Internet architecture, in a way that seems like a slippery slope. I do not normally take public stands of a political nature, and I do not participate much in Internet architecture anymore, but I'd like to call your attention to a very severe perversion of the Internet architectural philosophy that is being carried out in the name of political and commercial expediency. No matter what you believe about the issues raised by the Communications Decency Act, I expect that you will agree that the mechanism to carry out such a discussion or implement a resolution is in the agreements and protocols between end users of the network, not in the groups that design and deploy the internal routers and protocols that they implement. I hope you will join in and make suggestions as to the appropriate process to use to discourage the use of inappropriate architectural changes to the fundamental routing architecture of the net to achieve political policy goals. As you know, I am one of the authors, along with Saltzer and Clark, of the paper "End-to-end arguments in decentralized computer systems", which first characterized in writing the primary approach to the Internet's architecture since it was conceived, which approach arguably has been one of the reasons for its exponential growth. This philosophy - avoid building special functionality into the net internals solely to enforce an end-to-end policy - has led to the simplicity, low cost, and radical scalability of the Internet. One of the consequences is that IP routers do not enforce policies on a packet-by-packet basis, so routers can be extremely simple beasts, compared to the complex beasts that characterize even the simplest telephone central office switch. End-to-end policies are implemented by intelligence at the ends (today, the PCs and servers that communicate over the many consolidated networks that make up the Internet). I just read in Inter@ctive Week (March 25, 1996) that Livingston plans to announce an "Exon box" - a router that is designed to enable ISPs to restrict access to "indecent sites" or unrated sites unless an "adult" enters an authorization code when opening a session to enable the router to transmit packets to the site. The scam seems to be that Livingston has colluded with Senator Exon's staff to propose a "solution" to enable ISP's to implement parental controls. Exon's staff is using the announced solution as an example to demonstrate how simply ISPs can enforce local community standards and parental controls, thus supporting interpretations of the CDA requiring all access providers to include such capability in their boxes. Exon's staff is quoted as encouraging ISP's to install such functionality into the routers that serve as access points for nets. Since I use an Ascend P50 ISDN router to make frequent, short, bandwidth-on-demand ISDN connections from my "Family LAN" to an Ascend multi-line ISDN router at my commercial Internet Service Provider, I am worried that this model is completely unworkable for me, and for others that will eventually use such a practical system. My family has minor children and adults who all happily access the Internet. My ISP has no clue whatsoever whether a child or adult has initiated the call, and in fact, if my child and I are both on different computers in different rooms, it is quite silly to imagine that the Ascend router at the ISP can figure out if it is me or my child generating each packet. It is appalling to me that Livingston, which has some responsibility as a router provider to assist in the orderly growth of the net, is pandering to Exon's complete misunderstanding of how the Internet is built. I would hope that Ascend, with its much larger share of the ISP market, and other router companies such as Cisco and Bay Networks, would take a principled and likely popular position that the "Exon box" is not the way to go about this. I would hope that ISP's would in general avoid use of Livingston's products, and also refuse to cave into Exon's pressure. I believe, though I may be wrong, that Livingston has contributed to the RADIUS technology that many ISP's use to manage dialup access charging in a way that is consistent with ethe end-to-end philosophy, but any credit they are due is overwhelmed by the Exon box insanity. I do work to protect my children from inappropriate material, but pressure from Senators to mandate technically flawed solutions, and opportunistic, poorly thought-through technologies from companies like Livingston are not helpful. If you agree, please join me in attempting to call off any tendency for other router vendors and protocol designers to develop Exon box features. It would seem that the appropriate place for content restrictions, such as "parental controls", are in the end-to-end agreements between content providers and their users, not in the internal switching architecture of the net. - David P. Reed Notes: The end-to-end paper was edited and republished in several forms (with slight variations in title), generalizing its observations to systems beyond the distributed systems that were its original focus; the final and most accessible one is: Saltzer, J.H., D.P. Reed, and D.D. Clark, End-To-End Arguments in System Design. ACM Transactions on Computer Systems, 1984. 2(4) p. 277-288. I don't have any more details on Livingston's technology or its marketing plans than what was presented in Inter@ctive Week. The Inter@ctive Week article apparently based its information on 'sources' describing a planned announcement, and also quoted Exon's staff. It is possible that Livingston will choose not to announce or position its technology in this form. It seems less likely that Exon's staff will change its position on forcing ISP's to adopt some kind of technological solution, however. - David [After considering Dr. Reed's comments, I asked him whether he objects to firewalls in general. His reply follows --CEL] No, I think firewalls of the sort now deployed can be OK (e.g., packet filters), as a minimal line of defense. However, they are inherently flawed, in ways that are well understood (reading Cheswick and Bellovin gives good insight here). Most security threats ultimately require end-to-end policies and must be implemented with end-to-end solutions. As the paper points out, sometimes one can optimize cost of implementing and end-to-end solution by including some functionality that is not end-to-end. Firewalls may reduce the cost. _____________________________________________________________________ Report on the First ACM Workshop on Role-based Access Control, Gaithersburg, Maryland, Nov. 30 - Dec. 1, 1995 by Ravi Sandhu (sandhu@isse.gmu.edu) ______________________________________________________________________ The First ACM Workshop on Role-Based Access Control (RBAC) was held at the National Institute of Standards of Technology (NIST) in Gaithersburg, Maryland on November 30th and December 1st, 1995. The Workshop was sponsored by ACM SIGSAC, ACM DC Local Chapter and NIST. Proceedings of the workshop are in preparation and should be available in the May-June timeframe from ACM. The Call for Papers describes the organizers' motivation in creating this series of workshops. Relevant portions are quoted below. "In a nutshell, the essence of Role-Based Access Control (RBAC) is that rights and permissions are assigned to roles rather than to individual users. Users acquire these rights and permissions by virtue of being assigned membership in appropriate roles. This simple idea greatly eases the administration of authorizations. The basic concepts behind RBAC have been around since the advent of multi-user computing and information systems in the late 60's and early 70's. There has been a recent resurgence of interest in RBAC. This is in large part due to the user community's expression of interest in RBAC, and disenchantment with traditional mandatory and discretionary access controls. The ACM Workshop on Role-Based Access Control has been created to bring together users, vendors and researchers who are interested in fostering and promoting RBAC. The Workshop's objectives are to provide a forum for rapid dissemination of new ideas and developments in RBAC, and to cultivate convergence towards a standard framework for RBAC and related access control issues. This is the first in a series of workshops to be held on a fairly frequent basis. Ideally, we would like these workshops to develop a standard reference model for RBAC. We recognize this cannot be accomplished in a single meeting, but we are seeking progress towards this end at a rapid pace. In the first workshop we seek input from users regarding their access control needs, from vendors regarding plans for products, and from researchers concerning conceptual frameworks from which to approach these issues. Although there is much agreement on the basic concepts and value of RBAC, there remain a number of issues on which different researchers and vendors are proposing different approaches. The user community is also often doing access control and management in a way that is very similar to RBAC without actually applying that name. At the same time, the scope of RBAC ranges from very simple and straightforward at one end, to very sophisticated and complicated at the other. Much remains to be done to develop a scientific and engineering discipline in this arena. The ACM Workshops on RBAC are primarily intended to support this goal." The Workshop attracted attendees from the US, Canada and various West European countries. Many of the attendees met for the first time at the Workshop. We had representation from users, vendors, academia, research laboratories and standards organizations. Because the need for RBAC is pervasive in computer systems it was particularly gratifying that we had representation from the database, network, distributed systems and operating systems communities. Concepts of RBAC have evolved more or less independently in these communities and it is important to have Workshops such as this to foster cross-fertilization of ideas. The Workshop was successful in its modest goal of taking a first step towards a consensus reference model for RBAC. There was substantial agreement among attendees regarding the general outlines of RBAC and its various components. There was considerable discussion about the details, including the reconciliation of different terminology used by different groups working in the field. There was also extensive discussion concerning the priorities and importance of various aspects of RBAC. Nonetheless, in general, there was substantial agreement. From the workshop discussion two issues have emerged as significant ones for further work in similar workshops and study groups. Firstly, any scientific discipline needs an internally consistent and widely used terminology and vocabulary. In the early stages, as the discipline emerges, different people use the same words to mean different things, and sometimes major concepts have not yet been articulated and named. As the discipline matures a de facto standard terminology emerges. Efforts to impose a standard terminology by committee are rarely successful. These efforts can be premature if major concepts are still emerging in the field. As the field matures development of a de facto standard can be encouraged and helped by workshops where disagreements about terminology and standards can be articulated and discussed. Discussions at the first workshop indicate that RBAC is at the right point of maturity to merit such efforts. Secondly, RBAC is an expansive concept. In order to scope the problem the RBAC community needs to clearly articulate what is excluded as being outside the scope of RBAC proper. This relates to the terminology issue because we need to decide what should legitimately be called RBAC. But there is a bigger issue than terminology here. A sound technical discipline draws boundaries around its major concepts for technical reasons. The RBAC community needs to clearly identify where it is useful to draw these boundaries for technical reasons (and not merely for convenience of terminology). In the rest of this report I describe my impression of the sessions as they actually took place. Let me emphasize that this is my personal impression and I have not verified these remarks with other attendees. A revised report incorporating feedback from attendees will appear in the workshop proceedings. After introductory remarks from representatives of the various sponsoring organizations, the Workshop's first session on "What is RBAC?" followed. The first talk was presented by me. My objective was to present a framework of models for RBAC and the rationale which led to this framework. (This family of RBAC models was recently published in IEEE Computer, Feb. 1996). As is appropriate in a workshop setting there were many questions and comments during the presentation. The central notion of this framework is that users and permissions are brought together indirectly by roles. So a user acquires a permission by virtue of being assigned to a role that has been assigned that permission. The framework begins with a base model to which role hierarchies and constraints are added in the extended models. This piecemeal approach is motivated by the use of the term RBAC in the literature to include simple as well as sophisticated concepts. My talk was followed by a presentation from Virgil Gligor concerning a RBAC model that has been developed for implementation on NSA's Synergy platform. Interestingly both talks presented work funded in part by NIST. A major discussion point during Virgil's talk concerned the review of access rights and its importance in context of RBAC. Virgil argued that a central aspect of RBAC is that access review on a per subject or per object basis involves similar effort. Several attendees noted that there are systems (such as Novell's NetWare) which store access control data so that per object or per subject review requires traversal of the access control data structures, but such traversal has been demonstrated to be practical. The second session continued the theme of "What is RBAC?" Emile Lupu of the Imperial College in London, UK presented a talk on a policy based framework for RBAC. His co-author and thesis advisor Morris Sloman has been conducting research in this area from the perspective of distributed systems management. Lupu's talk introduced the concepts of obligations and duties going beyond the access control notion of permissions. Lupu and Sloman were careful to point out that obligations and duties are outside the scope of access control. In their view roles are a larger concept beyond access control and it is important to distinguish and recognize the scope of access control roles in contrast to roles in general. Chris Sundt presented a talk on ICL's experiences with deploying RBAC in actual products and their experience with real users. Chris noted that RBAC makes it easy to split the administration of the role-user relationship from that of the role-permission relationship. He said users find this very useful. He also introduced the notion of an affiliation whereby a role can be further qualified. Thus a role of branch manager could be qualified by an affiliation to a particular branch thereby conferring branch manager permissions only within that branch. This was another facility that ICL found to be popular with users. The second session on "What is RBAC?" concluded with three shorter talks. Sylvia Osborne of the University of Western Ontario in Canada presented an overview of RBAC research by her group. Among other things this work has developed algorithms for recognizing redundant assignment of permissions to roles, as well as algorithms for deletion and addition of roles in a hierarchy and similar operations. Luigi Guiri of Fondazione Ugo Bordoni in Rome, Italy presented an extension of a model of Baldwin's based on a role as a named protection domain. Luigi argued that a role should be viewed a set of named protection domains (and roles). He presented a role algebra for constructing such sets based on the notion of and-roles (that are simultaneously activated) and or-roles (that are mutually exclusive). For logistical reasons, the third short talk of this session was actually presented later but logically belongs in this session where it had been originally scheduled. The talk was by Fang Chen who is a student of mine at George Mason University. He described some preliminary work in designing a language to express constraints on components of RBAC. Mutually exclusive roles, where one user cannot be assigned both roles, are perhaps the most common example of constraints in RBAC, but there are also many other useful constraints. After lunch, the third session on "What are user needs?" had two presentations. The first talk by Yahya Al-Salqan of West Virginia University described an application of RBAC in the health care domain. In this project RBAC provided by the Oracle database management system (DBMS) was being considered as a means to enforce patient privacy and confidentiality requirements. Possible extensions to an inter-organizational environment were also being studied. The second talk by Trent Jaeger looked at the possibility of using RBAC in collaborative systems. RBAC facilitates the use of least privilege because different code can be executed with different roles by the same user. This makes it safer to use agents supplied by other users, since these agents can execute on a user's workstation but with restricted roles. Further, different roles can be assigned to different agents depending upon the trust and requirements of these agents. The fourth session consisted of a group exercise developed by Charles Youman of SETA Corporation. The exercise was conducted in two break out groups. The objective of the exercise was to rank order different aspects of RBAC with respect to their priority or importance. The results indicated that there were some differences in priorities assigned by individual attendees, but by and large there was considerable agreement on what the more important aspects were. This is an encouraging finding which suggests that there is substantial consensus within the RBAC community upon which a widely accepted reference model can be developed. This concluded the first day. The second day began with a number of short talks in a session called "Available and Emerging Technologies." LouAnna Notargiacomo of Oracle Corporation described various aspects of RBAC in Oracle 7 and Trusted Oracle 7. Oracle has pioneered the use of roles in relational DBMSs and these features are being incorporated into SQL standards. Jeremy Epstein of Cordant Inc. presented a talk on "NetWare 4 as an Example of Role Based Access Control." Jeremy's talk focused on identifying how Netware can implement the concepts of the RBAC models introduced earlier in my talk. Netware has a built-in concept of Organizational Roles but attaches very little semantics to it beyond that associated with any other Netware Directory Service object. Jeremy's finding was that some aspects of RBAC do translate quite easily on to Netware roles but others would be difficult to support. These two talks demonstrate that there is available technology on popular platforms that can be used today to support RBAC (at least to some extent). The remaining papers in this session addressed emerging technologies. T.C. Ting of the National Science Foundation (on leave from University of Connecticut) described ongoing RBAC research at U. Conn. concerned with implementing RBAC in object-oriented systems. Their project seeks to develop RBAC notions consistent with object-oriented conceots such as encapsulation, information hiding and inheritance. They have used a health-care case study in their project. John Barkley of NIST gave a talk on "Implementing Role Based Access Control using Object Technology." In this project John used a concept of layered objects to facilitate flexible administration while minimizing impact of role changes on applications. A prototype demonstration of these concepts is available at NIST's RBAC home page (http://waltz.nist.gov/rbac). Rohan Thomas of Odyssey Research Associates (ORA) presented a talk on "RBAC and Distributed Object-Based Enterprise Computing." Roshan described ongoing work at Odyssey on next-generation security models that involve RBAC as a component. Roshan also mentioned ORA's efforts at including some of these concepts in OMG's CORBA initiative. The next session consisted of open discussion on two important issues in making RBAC practical. Edward Coyne of SETA Corporation facilitated discussion on Role Engineering. The definition of roles, assignment of permissions to roles and definition of other components of an RBAC model, is essentially a requirements engineering process. Attendees agreed that this is an important and complex topic which should be approached with a engineering methodology. Charles Youman of SETA Corporation facilitated discussion on RBAC Transition. The question is how to get from here (no RBAC) to there (RBAC)? Attendees agreed that RBAC would co-exist with other access control mechanisms. Moreover, RBAC would need to be deployed incrementally in an orginazation rather than totally replacing legacy approaches. Further details of these two discussion will be available in the Workshop proceedings. After lunch there was a discussion session on "Consensus Reached and Remaining Issues," moderated by me. A number of open issues were enumerated. The discussion focussed entirely on the most important which was to define the concept of a role and distinguish it from the familiar concept of a group in access control. There was agreement that the notion of a directory and a file and fairly standard notions in operating systems (OSs) even though the details do vary from one OS to another. Similarly the concept of a group as a collection of users (and possibly other groups) is well-known in access control systems. The discussion attempted to develop a notion of role along the same line. The concept of a role in access control is currently being used in two different ways. Some use role to mean a named collection of permissions (and possibly other roles). Others use role to mean a named collection of permissions and a named collection of users (and possibly other roles). The discussion could not reconcile whether one of these was the "correct" use of the term role. Further details and thoughts on this discussion will be provided in the Workshop proceedings. It might seem that a discipline that cannot even agree on the meaning of its key term (role in this case) is in deep trouble. I am, however, much more optimistic and feel there is substantial consensus that can overcome these minor disagreements of terminology. Perhaps the term role can be used in both ways, but we just need to make clear how it is being used in a given context. Or perhaps we need to agree as a community to use two different term for these two different concepts of a role. It would be inappropriate to discard the entire disciple of RBAC just due to some minor disagreement in basic terminology. The final session of the workshop was devoted to discussion of future plans. Based on these discussion the Workshop Steering Committee is planning for a second workshop to be held in the early part of 1997. In conclusion I reiterate my earlier statement that the first RBAC Workshop was successful in its modest goal of taking a the important first steps towards a consensus reference model for RBAC. Overall success of this series will depend upon what happens subsequently. Anyone interested in being involved should contact me. ________________________________________________________________________ New Reports available via FTP and WWW ________________________________________________________________________ o The CC-companion document, "Technical Report - Evaluation Criteria for Cryptography", is now available for review and comment from NIST's website in compressed FrameMaker4 format (fcs.zip) or compressed PostScript (fcs-ps.zip). According to Gene Troy of NIST, this report includes material on crypto management intended to go into the new Common Criteria (CC) draft, but it wasn't quite ready by the 31 January 1996 deadline for CC v1.0. The present version is based on the Crypto Annex to the Canadian Trusted Computer Product Evaluation Criteria (CTCPEC) and the U.S. Federal Information Processing Standard (FIPS) 140-1. o CORBA security specification is available via FTP from: ftp://ftp.omg.org/pub/docs/1995 in file pub/docs/1995/95-12-01.ps or 96-12-01.ps.Z or 95-12-01.ps.gz. Caution: even the smallest of these is over 2.5MB. OMG web site, for general information: o Defending Against Information Warfare, by Stewart Baker Opinion piece arguing that a government-industry consensus on defending national assets against information warfare will only develop if it can be done without addressing cryptography policy at all. o Where to find various evaluation criteria on the Web: - Common Criteria (draft for comment) - Canadian Criteria can be found at URL: - TCSEC can be found at: or There are rumors that that the NSA web site will eventually host not only their list of evaluated products, but their entire products and services catalog - ITSEC or There is a UK web site: linked to CESG and may include the ITSEC eventually, but it wasn't there when I look. The site seems to indicate plans to include an online version of UK evaluated products, but the list isn't there yet. As announced in Cipher EI#13, Germany has a list of their evaluated products (and also the UK ones) on line at: ________________________________________________________________________ Interesting Links [new entries only] ________________________________________________________________________ Format: Description (first lines) followed by URL (last line) Government sources/information: ------------------------------- [No new entries this issue] Professional societies and organizations: ----------------------------------------- Organization for Economic Cooperation and Development (OECD) Page on security, privacy, cryptography and intellectual property rights: Other places for interesting research papers, announcements, assistance ----------------------------------------------------------------------- Computer Security at CERN ________________________________________________________________________ Who's Where: recent address changes ________________________________________________________________________ Entered 1 April 1996 [but NOT a joke!] Glenn Benson Siemens AG Dept. ZFE T SN3 D81730, Munich Germany e-mail: Glenn.Benson@zfe.siemens.de voice: +49 89 636 50 583 fax: +49 89 636 48 000 _______________________________________________________________________ Calls for Papers (new listings since last issue only -- full list on Web) ________________________________________________________________________ CONFERENCES Listed earliest deadline first. See also Cipher Calendar o Third Annual Workshop on Selected Areas in Cryptography, Queen's University, Kingston, Ontario, August 15-16, 1996. Papers concerning efficiency in cryptographic systems, block ciphers and stream ciphers, and the role of public-key cryptography in secure wireless communications are particularly solicited. Submissions must consist of an extended abstract of at most 15 double-spaced pages, clearly indicating the results achieved, their significance, and their relation to other work in the area. By June 7, authors should either send 8 COPIES of the extended abstract to Stafford Tavares at Queen's or e-mail one copy of a postscript file to SAC96@ee.queensu.ca but "Postscript submissions that we are unable to print by June 7, will be rejected." Details at URL: o Asian Computing Science Conference, Singapore, 22 Apr 1996. This year networking and security (algorithms, protocols, formalisms, systems, ...) are among featured topics. The proceedings is expected to be published by Springer-Verlag in the Lectures Notes in Computer Science series. Submission by email to asian96@iscs.nus.sg by 5 July 1996, in a self-contained PostScript file (compressed and uuencoded), to be complemented by a hard copy sent to the address of the program chair. The length guidelines are 10--12 pages in 11-point font, and about 3000 words. For details, see: o 13th International Conference on Data Engineering, Birmingham, England, April 7-11, 1997. Topics of interest include network databases and security. Proceedings published by the IEEE CS. Authors of selected papers will be invited to submit extended versions for possible publication in the IEEE Trans. on Data and Knowledge Engg. and in J. Dist. and Parallel Databases. Best paper award and separate award honouring K.S. Fu to the best papers authored solely by students. Paper, panel, and tutorial submissions due 30 August 1996. Submit e-mail abstract plus six (hard) copies of original papers, not exceeding 6000 words (25 double spaced pages), to Program Co-Chair Paul Larson For details see URLS: European Site: USA Mirror Site: o Database Systems For Advanced Applications, Melbourne, Australia, April 1-4, 1997. DASFAA focuses on research in database theory, development of advanced DBMS technologies, and their advanced applications. Papers on implemented systems, from research prototypes to advanced industry projects are strongly solicited. "Security and integrity" is a topic of interest. Submissions via email to rwt@cit.gu.edu.au are due by August 30, 1996. The CFP has formatting and paper mail instructions. See: JOURNALS Regular archival computer security journals: o Journal of Computer Security (JCS) [see Cipher Web pages or EI#9]; e-mail contacts for submissions: jajodia@isse.gmu.edu or jkm@mitre.org See also Web site: http://www.jcompsec.mews.org/ o Computers & Security [see Cipher Web pages or EI#9] e-mail contact for submissions: j.meyer@elsevier.co.uk Special Issues of Journals and Handbooks: listed earliest deadline first. o Distributed Systems Engineering Journal, Special Issue on Future Directions for Internet Technology. Contributions are invited on all aspects of where the Internet is going technically including security. Initial submissions are being accepted now (April 10, 1996); send papers via email to the guest editors: Dr Brian E. Carpenter (brian@dxcoms.cern.ch) and Prof J Crowcroft (J.Crowcroft@cs.ucl.ac.uk). ________________________________________________________________________ Reader's Guide to Current Technical Literature in Security and Privacy Part 1: Conference Papers ________________________________________________________________________ * ADL '96, Forum on Research and Technology Advances in Digital Libraries, Library of Congress, Washington, D.C., May 13-15, 1996. Security-related paper: - Authorization in the Digital Library: Secure Access to Services Across Enterprise Boundaries. N. Ching, V. Jones and M.Winslett (U. of Illinois) * COMPASS '96, 11th Annual IEEE Conference on COMPuter ASSurance (COMPASS), NIST, Gaithersburg, MD, June 17-21, 1996. Security-related papers: - An Empirical Model of the Security Intrusion Process. Erland Jonsson and Tomas Olovsson (Chalmers University of Technology,Sweden) - Increasing Assurance Through Literate Programming Techniques. Andrew Moore (NRL) and Charles Payne (Secure Computing Corp.) - A Framework for Composition. Todd Fine (Secure Computing Corporation) - Composition of a secure system based on trusted components. Ulf Lindqvist, Tomas Olovsson, Erland Jonsson (Chalmers U. of Tech., Sweden) - Defining an Adaptive Software Security Metric From a Dynamic Software Software Fault-Tolerance Measure. J. Voas (Reliable Software Technologies) and K. Miller (U. of Illinois, Springfield) _______________________________________________________________________ Reader's Guide to Current Technical Literature in Security and Privacy Part 2: Journal and Newsletter Articles, Book Chapters ________________________________________________________________________ * Communications of the ACM, Vol. 39 (1996) Number 5, May. R. Fagin, M. Naor, and P. Winkler. Comparing information without leaking it. pp. 77-85. * Computers & Security Volume 15, Number 1 (1996). (Elsevier) Special Features: - Jon David. The new face of the virus threat. pp. 13-16. - Mark Buckwell. The spook solution - now open for business. pp.17-26. - Paul Smith. Achieving interoperable security services in open systems products. pp. 27-37. - Thierry Moreau. A probabilistic flaw in PGP design? pp.39-43. Refereed Papers: - J. Eloff, R. Holbein, and S. Teufel. Security classification for documents. pp. 55-72. - Min-Shiang Hwang, Wen-Guey Tzeng, and Wei-Pang Yang. An access control system based on the Chinese remainder theoorem and time stamp concept. pp. 73-82. * Computing Systems, Vol. 9, No. 1 (Winter 1996): - F. Avolio. Guest Editorial. pp. 1-2. - I. Winkler. The Non-Technical Threat to Computing Systems. pp. 3-14. - A. Rubin. Independent One-Time Passwords. pp. 15-27. - D. Davis, D. Geer and T. Ts'o. Kerberos with Clocks Adrift: History, Protocols, and Implementation. pp. 29-46. - L. Badger, D. Sterne, D. Sherman and K. Walker. A Domain and Type Enforcement UNIX Prototype. pp. 47-83. _______________________________________________________________________ Reader's Guide to Current Technical Literature in Security and Privacy Part 3: Books ________________________________________________________________________ D. Brent Chapman and Elizabeth D. Zwicky, "Building Internet Firewalls". O'Reilly & Associates, Inc., 1995, ISBN 1-56592-124-0 (paper). ________________________________________________________________________ Calendar ________________________________________________________________________ Internet Conference Calendar, URL:http://www.automatrix.com/conferences/ is also worth a look. ==================================================================== See Calls for Papers section for details on many of these listings. ==================================================================== Dates Event, Location Point of Contact/ more information ----- --------------- ---------------------------------- * 4/30/96- 5/ 3/96: 8th CCSS, Ottawa; questions to ccss96@cse.dnd.ca. * 5/ 5/96- 5/ 8/96: IEEE S&P 96; dmj@mitre.org * 5/ 6/96- 5/11/96: WWWC96, Paris, France * 5/ 7/96: OSDI '96, Seattle, WA. Paper submissions due by mail and email to osdi-papers@cs.rice.edu; * 5/ 9/96- 5/10/96:EdCS. Monterey, California; * 5/10/96: PISEE. Cambridge, England. Submissions due via email to rja14@newton.cam.ac.uk; * 5/20/96: ASIACRYPT96 Kyongju, South Korea; Paper submissions due by mail. * 5/20/96- 5/21/96: IPSWG '96. Haystack Observatory, Mass.; * 5/21/96- 5/24/96: IFIP/SEC 96 - Greece; sec96@aegean.ariadne-t.gr * 5/24/96: ACSAC, San Diego, CA; Papers due. * 5/27/96- 5/30/96: ICDCS96 Kowloon, Hong Kong. * 5/30/96- 6/1/96: IH Workshop '96,Cambridge, UK ross.anderson@cl.cam.ac.uk * 6/ 2/96: DMKD96 Montreal, Canada. * 6/ 3/96- 6/ 6/96: SIGMOD/PODS '96, Montreal, Canada * 6/ 3/96- 6/ 5/96: SOC18, Kingston, Ontario, Canada. * 6/ 4/96- 6/ 6/96: SECURICOM '96, Paris, France. * 6/ 7/96: SAC '96, Kingston, Ontario, Canada. Submissions due via mail; * 6/10/96- 6/12/96: CSFW96. County Kerry, Ireland Wkshop * 6/10/96- 6/11/96: ISTCS96. Jerusalem, Israel. * 6/10/96- 6/12/96: CVDSWS, Gaithersburg, MD * 6/12/96- 6/14/96: BDBIS. Tallinn, Estonia * 6/12/96: registration deadline for CRYPTO '96, Santa Barbara, California * 6/13/96: ICDT97, Delphi, Greece; Submissions due to afrati@cs.ece.ntua.gr * 6/16/96- 6/20/96: SFC '96, Snowbird, Utah; * 6/17/96- 6/21/96: COMPASS96, Gaithersburg, Maryland; * 6/18/96- 6/20/96: ICSSDBM '96, Stockholm; pers@sto.foa.se * 6/19/96- 6/21/96: CoopIS96, Brussels, Belgium. * 6/19/96- 6/21/96: IWES. Stanford University, California * 6/21/96- 6/22/96: PISEE; Isaac Newton Institute, Cambridge, England * 6/24/96- 6/26/96: ACISP96, Woolongong, NSW, Australia. * 6/25/96- 6/28/96: INET96. Montreal, Canada * 7/ 5/96: ASIAN '96, Singapore; Submissions to asian96@iscs.nus.sg; * 7/15/96: ISADS97, Berlin, Germany; Submissions due by mail; * 7/22/96- 7/24/96: IFIP WG 11.3, Como, Italy, samarati@dsi.unimi.it or sandhu@isse.gmu.edu * 7/22/96- 7/25/96: USENIX Sec Symp, San Jose, California; * 7/28/96- 7/31/96: FIRST '96, Santa Clara, California; * 8/ 3/96- 8/ 5/96: KDD96. Portland, Oregon . * 8/14/96- 8/16/96: MMDMS, Mountain Lake, NY. * 8/15/96- 8/16/96: SAC '96, Kingston, Ontario, Canada * 8/18/96- 8/22/96: CRYPTO96, Santa Barbara, California * 8/27/96- 8/30/96: TPHOLs '96, Turku, Finland; * 8/30/96: DASFAA '97; Melbourne, Australia; email submissions due to rwt@cit.gu.edu.au; * 8/31/96- 9/ 2/96: ATMA, Goa, India; * 9/2/96-9/6/96: IFIP96 Mobile Commns Canberra, Australia. * 9/ 3/96- 9/ 6/96: VLDB96, Bombay, India * 9/ 3/96: DCCA6, Garmisch-Partenkirchen, Germany. * 9/ 9/96- 9/13/96: DEXA96, Zurich, Switzerland. * 9/16/96 - 9/19/96: NSPW '96, Lake Arrowhead, CA ; questions to newparadigms96@itd.nrl.navy.mil. * 9/18/96- 9/20/96: SCRAPC96, Lille, France * 9/23/96- 9/24/96: IFIPTC6TC11, University of Essen, Germany; * 9/23/96- 9/27/96: SDSP96, Perth, Australia * 9/25/96- 9/27/96: ESORICS'96, Rome; bertino@hermes.mc.dsi.unimi.it * 9/30/96-10/ 3/96: PRAGOCRYPT '96, Prague * 10/16/96-10/19/96: WebNet. San Francisco, CA * 10/16/96-10/19/96: IC3N96, Rockville, Washington D. C. * 10/21/96-10/25/96: ICECCS96; Montreal, Quebec. * 10/29/96-11/ 1/96: ICNP96, Columbus, Ohio; * 11/ 3/96-11/ 7/96: ASIACRYPT96, Kyongju, South Korea * 11/11/96-11/12/96: MOBICOM96, Rye, NY; * 11/11/96-11/13/96: CSI '96,Chicago, Illinois * 11/14/96-11/15/96: IPIC96, Cambridge, Massachusetts; * 10/22/96: HASE96. Niagara-on-the-Lake, Canada; * 10/22/96-10/25/96: NISS96. Baltimore, Maryland * 10/29/96-11/ 1/96: OSDI '96 Seattle, WA; * 12/ 2/96-12/ 4/96: ASIAN '96, Singapore. * 12/ 9/96-12/13/96: San Diego, CA. * 1/ 8/97- 1/10/97: ICDT97, Delphi, Greece; * 2/23/97- 2/24/97: PAKDD '97, Singapore. Info hweeleng@iti.gov.sg; * 3/ 5/97- 3/ 7/97: DCCA6. Garmisch-Partenkirchen, Germany. * 4/ 1/97- 4/ 4/97: DASFAA '97; Melbourne, Australia * 4/ 9/97- 4/11/97: ISADS97, Berlin, Germany; * 5/ 4/97- 5/ 7/97: IEEE S&P 97; no e-mail address available * 5/13/97- 5/16/97: 9th CCSS, Ottawa; no e-mail address available * 5/ 3/98- 5/ 6/98: IEEE S&P 98; Oakland no e-mail address available * 5/12/98- 5/15/98: 10th CCSS, Ottawa; no e-mail address available * 5/ 2/99- 5/ 5/99: IEEE S&P 99; Oakland no e-mail address available * 5/11/99- 5/14/99: 11th CCSS, Ottawa; no e-mail address available * 4/30/00- 5/ 3/00: IEEE S&P 00; Oakland no e-mail address available * 5/16/00- 5/19/00: 12th CCSS, Ottawa; no e-mail address available Key: * ACISP = Australasian Conf. on Information Security and Privacy, * ACSAC = Annual Computer Security Applications Conference * ASIAN = Asian Computing Science Conference ASIAN '96 * ATMA = Advanced Transaction Models and Architectures ATMA * BDBIS = Baltic Workshop on DB and IS, BDBIS * CCS-3 = 3rd ACM Conference on Computer and Communications Security * CCSS = Annual Canadian Computer Security Symposium * CIKM = Int. Conf. on Information and Knowledge Management CIKM '95 * COMAD = Seventh Int'l Conference on Management of Data (India) * CISMOD = Int. Conf. on Information Systems and Management of Data * CFP = Conference on Computers, Freedom, and Privacy * COMPASS = Conference on Computer Assurance COMPASS'96 * CoopIS96 = First IFCIS Int. Conf. on Cooperative Information Systems * CPAC = Cryptography - Policy and Algorithms Conference * CRYPTO = IACR Annual CRYPTO Conference CRYPTO96 * CSFW = Computer Security Foundations Workshop CSFW96 and Wkshp page * CSI = Computer Security Institute Conference CSI96 * CVDSWS = Invitational Workshop on Computer Vulnerability Data Sharing * CWCP = Cambridge Workshop on Cryptographic Protocols * DASFAA = Database Systems For Advanced Applications DASFAA '97. * DCCA = Dependable Computing for Critical Applications DCCA6 * DEXA = Int. Conf. and Workshop on Database and Expert Systems Applications * DMKD96 = Workshop on Research Issues on Data Mining and Knowledge Discovery * DOOD = Conference on Deductive and Object-Oriented Databases DOOD '95 * EdCS = Education in Computer Security EdCS * ESORICS = European Symposium on Research in Computer Security * FIRST = Computer Security Incident Handling and Response FIRST '96 * FISP = Federal Internet Security Plan Workshop, FISP96. * FISSEA = Federal Information Systems Security Educators' Association * FME = Formal Methods Europe, FME '96 * FMSP = Formal Methods in Software Practice * FSE = Fast Software Encryption * HASE = High-Assurance Systems Engineering Workshop HASE96 * HPTS = Workshop on High Performance Transaction Systems * IC3N = Int. Conf. on Computer Communications and Networks * ICDCS96 = The 16th Int. Conf. on Distributed ComputingSystems * ICDE = Int. Conf. on Data Engineering ICDE '95 * ICDT = International Conference on Database Theory ICDT97. * ICECCS = Int. Conf. on Engineering of Complex Computer Systems * ICI = International Cryptography Institute * ICNP96 = International Conference on Network Protocols ICNP96 * ICSSDBM = Int. Conf. on Scientific and Statistical Database Management * IEEE S&P = IEEE Symposium on Security and Privacy - IEEE S&P '96 * IFIP/SEC = International Conference on Information Security (IFIP TC11) * IFIP WG11.3 = IFIP WG11.3 10th Working Conference on Database Security * IFIP96 Mobile Commns = IFIP 1996 World Conference, Mobile Communications * IH Workshop '96 = Workshop on Information Hiding * IMACCC = IMA Conference on Cryptography and Coding, 5th IMACC * IMC96 = IMC'96 Information Visualization and Mobile Computing * INET = Internet Society Annual Conference * INET96 = The Internet: Transforming Our Society Now, INET96 * IPIC = Integration of Enterprise Information and Processes, IPIC96 * IPSWG = Internet Privacy and Security Workshop IPSWG '96 * IS = Information Systems (journal) * ISADS = Symposium on Autonomous Decentralized Systems ISADS '97 * ISTCS = Fourth Israeli Symposium on Theory of Computing and Systems * IWES = International Workshop on Enterprise Security IWES * JBCS = Journal of the Brazilian Computer Society * JCMS = Journal of Computer Mediated Communication * JDSE = J. Dist. Sys. Engineering; Future Directions for Internet Technology * KDD96 = The Second Int. Conf. on Knowledge Discovery and Data Mining * MCN = ACM Int. Conf. on Mobile Computing and Networking. See MOBICOM * MCDA = Australian Workshop on Mobile Computing & Databases & Applications * MDS '95 = Second Conference on the Mathematics of Dependable Systems * METAD = First IEEE Metadata Conference METAD * MMDMS = Wkshop on Multi-Media Database Management Systems MMDMS '96 * MOBICOM = Mobile Computing and Networking * NCSC = National Computer Security Conference * NISS = National Information Systems Security Conference * NSPW = New Security Paradigms Workshop NSPW '96 * OSDI = Operating Systems Design and Implementation * PAKDD = First Asia-Pacific Conf. on Knowledge Discovery and Data Mining * PISEE = Personal Information - Security, Engineering, and Ethics PISEE * RBAC'95 = First ACM Workshop on Role-Based Access Control * RTDB'96 = 1st Int. Workshop on Real-Time Databases: Issues and Applications * SAC = Workshop on Selected Areas of Cryptography * SCRAPC = Smart Card Research and Advanced Application Conference * SDSP = UK/Australian Int. Symp. On DSP For Communication Systems * SECURICOM = World Cong. on the Security of Inf. Sys. and Telecommunication * SFC = Society and the Future of Computing * SFTC-VI = Symposium on Fault Tolerant Computing - VI (Brazil) * SIGMOD/PODS - ACM SIGMOD International Conference on Management of Data / ACM SIGACT SIGMOD-SIGART Symposium on Principles of Database Systems * SNDSS = Symposium on Network and Distributed System Security (Internet Society) SNDSS '96 * SOC = 18th Biennial Symposium on Communiations * TPHOLs = Theorem Proving in Higher Order Logics * TSMCFP96 = 4th International Conference on Telecommunication Systems * USENIX Sec Symp = USENIX UNIX Security Symposium, 6th Annual. * VLDB = 22nd International Conference on Very Large Data Bases, VLDB96. * WDAG-9 = Ninth Int. Workshop on Distributed Algorithms * WebNet = World Conference of the Web Society, WebNet96. * WWWC = International World Wide Web Conference WWWC96. ________________________________________________________________________ Data Security Letter Subscription Offer ________________________________________________________________________ A special subscription rate of $25/year for the Data Security Letter is now available to IEEE TC members. The DSL is an external, nonpartisan newsletter published by Trusted Information Systems, Inc. Eleven issues (usually 16 pages each) per year are published. The DSL welcomes reader suggestions and contributions and accepts short research abstracts (about 130 words) for publication on an ongoing basis. On occasion, the DSL will be republishing Cipher articles (with authors' approval), but such articles will constitute a small portion of DSL content (thus there will be very little duplication of Cipher material). IEEE TC members wishing to take advantage of the special subscription rate should send the following to sharon@tis.com. The information can also be faxed to 301-854-5363 (attention: DSL) phoned to 301-854-5338, or mailed to Trusted Information Systems, Inc., 3060 Washington Rd., Glenwood, MD 21738 USA. NAME: POSTAL ADDRESS: (Please indicate company name, if a business address) PHONE: (Please indicate if home or business) FAX: E-MAIL: IEEE Membership No. (if applicable): NOTE: If you are already a paying subscriber to the DSL, for the $25 you will receive a 2-year renewal; refunds, rebates, etc., on your current subscription are not available. If you have any questions about the offer or anything else pertaining to the DSL, you may contact the editor, Sharon Osuna, via E-Mail to sharon@tis.com or call her at 301-854-5338. ________________________________________________________________________ How to join the TC on Security and Privacy ________________________________________________________________________ You do NOT have to join either IEEE or the IEEE Computer Society to join the TC, and there is no cost to join the TC. All you need to do is fill out an application form and mail or fax it to the IEEE Computer Society. A copy of the form is included below (to simplify things, only the TC on Security and Privacy is included, and is marked for you) The full and complete form is available on the IEEE Computer Society's Web Server at URL: http://info.computer.org:80/tab/tcapplic.htm PLEASE NOTE THAT THE FORM IS TO BE RETURNED (BY MAIL OR FAX) TO THE IEEE COMPUTER SOCIETY, >>NOT<< TO CIPHER. --------- IEEE Computer Society Technical Committee Membership Application ----------------------------------------------------------- Please print clearly or type. ----------------------------------------------------------- Last Name First Name Middle Initial ___________________________________________________________ Company/Organization ___________________________________________________________ Office Street Address (Please use street addresses over P.O.) ___________________________________________________________ City State ___________________________________________________________ Country Postal Code ___________________________________________________________ Office Phone Fax ___________________________________________________________ Email Address (Internet accessible) ___________________________________________________________ Home Address (optional) ___________________________________________________________ Home Phone ___________________________________________________________ [ ] I am a member of the Computer Society IMPORTANT: IEEE Member/Affiliate/Computer Society Number: ____________________ [ ] I am not a member of the Computer Society* Please Note: In some TCs only current Computer Society members are eligible to receive Technical Committee newsletters. Please select up to four Technical Committees/Technical Councils of interest. TECHNICAL COMMITTEES [ X ] T27 Security and Privacy Please Return Form To: IEEE Computer Society 1730 Massachusetts Ave, NW Washington, DC 20036-1992 Phone: (202) 371-0101 FAX: (202) 728-9614 ________________________________________________________________________ TC Publications for Sale ________________________________________________________________________ Proceedings from the 1995 IEEE Symposium on Security and Privacy, or one of our past issues, are available for purchase by TC members at favorable rates. Current issues in stock and continuing LOW PRICES are as follows: Price by mail from TC IEEE CS Press IEEE CS Press Year TC members IEEE member price List Price ---- ---------- ----------------- ------------- 1992 $10 Only available from TC! 1993 $15 Only available from TC! 1994 $20 $30+$4 S&H $60+$5 S&H 1995 $25 $25+$4 S&H $50+$4 S&H For overseas delivery: -- by surface mail, please add $5 per order (3 volumes or fewer) -- by air mail, please add $10 per volume to the prices listed above. If you would like to place an order, please send a letter specifying which issues you would like, o where to send them, and o a check in US dollars, payable to the 1995 IEEE Symposium on Security and Privacy to: Charles N. Payne Treasurer, IEEE TC on Security and Privacy Secure Computing Corp. 2675 Long Lake Rd. Roseville, MN 55113 We remain unready to plunge our figurative toe into the inviting but potentially treacherous waters of electronic commerce! ________________________________________________________________________ TC Officer Roster ________________________________________________________________________ Chair: Vice Chair: Deborah Cooper Charles P. Pfleeger P.O. Box 17753 Trusted Information Systems, Inc. Arlington, VA 22216 3060 Washington Rd., (703)908-9312 voice and fax Glenwood, MD 21738 dmcooper@ix.netcom.com (301)854-6889 (voice) (301)854-5363 (fax) pfleeger@tis.com Newsletter Editor: Chair, Subcommittee on Academic Affairs: Carl Landwehr Prof. Karl Levitt Code 5542 University of California, Davis Naval Research Laboratory Division of Computer Science Washington, DC 20375-5337 Davis CA 95611 (202)767-3381 (916)752-0832 landwehr@itd.nrl.navy.mil levitt@iris.ucdavis.edu Standards Subcommittee Chair: Greg Bergren 10528 Hunters Way Laurel, MD 20723-5724 (410)684-7302 (410)684-7502 (fax) glbergr@missi.ncsc.mil ________________________________________________________________________ Information for Subscribers and Contributors ________________________________________________________________________ SUBSCRIPTIONS: Two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to (which is NOT automated) with subject line "subscribe". 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing or downloading from our ftp server send e-mail to (which is NOT automated) with subject line "subscribe postcard". To remove yourself from the subscription list, send e-mail to cipher-request@itd.nrl.navy.mil with subject line "unsubscribe". Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher CONTRIBUTIONS: to are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. For Calendar entries, please include an e-mail address for the point-of-contact. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. BACK ISSUES: There is an archive that includes each copy distributed so far, in ascii, in files you can download at URL http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/cipher-archive.html There is also an anonymous FTP server that contains the same files. To access the archive via anonymous FTP: 1. ftp www.itd.nrl.navy.mil 2. At prompt for ID, enter "anonymous" 3. At prompt for password, enter your actual, full e-mail address 4. Once you are logged in, change to the Cipher Directory: cd pub/cipher 5. Now you can request any of the files containing Cipher issues in ascii. Issues are named in the form: EI#N.9506 where N is the number of the issue desired and 9506 captures the year and month it first appeared. =======end of Electronic Cipher Issue #14, 28 April 1996================