Subject: Electronic CIPHER, Issue 25, November 25, 1997 _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ==================================================================== Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 25 November 25, 1997 Carl Landwehr, Editor Bob Bruen, Book Review Editor Hilarie Orman, Assoc. Editor ==================================================================== Contents: [1980 lines total] o Letter #1 from the TC Chair o Letter #2 from the TC Chair o Letter from the Editor Security and Privacy News Briefs: o President's Commission on Critical Infrastructure Protection Warns of Vulnerabilities, Calls for Action o IETF forms S/MIME Working Group o Attacks, Flaws, and Penetrations o Better DNS Security Coming? o COMPASS Board Votes to Reform as TC Commentary and Opinion: Book Reviews o Secure Computing, Threats and Safeguards by Rita Summers, reviewed by Bob Bruen o Technology and Privacy: The New Landscape, by Philip Agre and Marc Rotenberg, reviewed by Bob Bruen Conference Reports: o New Paradigms Workshop Summary, by Mary Ellen Zurko New reports available via FTP and WWW: several! Who's Where: recent address changes Calls for Papers: CAiSE, WECS, DOCS, WebDB, COMPSAC, CSFW, ACISP, VLDB, WFMSP, ESORICS, DEXA-SIDIA, IIIS, CCS-5, COMPUTER Reader's guide to recent security and privacy literature o Conference Papers: IFIP WG 11.5, ACSAC, USENIX Sec Conf o Journal and Newsletter articles: several o Books: several Calendar Data Security Letter subscription offer Publications for sale -- CSFW proceedings available TC officers Information for Subscribers and Contributors ____________________________________________________________________ Letter #1 from the TC Chair ____________________________________________________________________ Dear Members, In this issue, I am very pleased to share with you the name of the newly- appointed chair of our subcommittee on standards, David Aucsmith. Dave, a security architect with the Intel Corp. in Hillsboro, Oregon, brings great strength to our executive committee. Clearly a company such as Intel is always heavily involved in setting and making standards. Within the security realm, Dave has oversight of activities involving cryptography, integrity, and secure data communications. I think Dave will be an outstanding addition to our executive committee, bringing both significant knowledge and an industrial perspective. With this new addition to our executive committee, I would like to take a moment to explain what our executive committee is, and who are its members. With an organization with approximately 2500 members (by IEEE Computer Society count), it is difficult to get all, or a quorum, or even a significant fraction together to conduct business on a frequent basis. Our annual meeting held during the Symposium on Security and Privacy in May is the only formal meeting we hold. Fortunately, most of our business is involved in providing services for our members, so direction from the members is not required frequently. However, a formal structure of responsibilities and areas of concern, and a set of people to whom to refer for a consensus opinion, make an executive committee very desirable. My predecessor as Chair, Deborah Cooper formalized what had until then been an informal executive committee, with permanent positions for chairs of the subcommittees on conferences, academic affairs, communications, and standards, as well as the vice-chair and the immediate past chair. Tom Berson, our vice-chair is also chair-elect, to take office in 1999. Deborah Cooper served as chair from 1995-1997 and has been an invaluable source of guidance. The past chair, chair, and chair-elect constitute a very important corporate memory of our technical committee. The subcommittee chairs also serve significant functions in their own area. Our chair of conferences, Michael Reiter, is also the chair of our Symposium on Security and Privacy. Our chair of academic affairs is Cynthia Irvine. Our chair of communications is our newsletter editor, Carl Landwehr, who is soon to be replaced by Paul Syverson and Avi Rubin (see the other articles in this issue of Cipher). With Dave Aucsmith to round out our slate, we now have a complete executive committee. All of these people serve as unpaid volunteers, with only the thanks that we too infrequently give them. These officers, and their contact details, are listed on our technical committees web page at www.itd.nrl.navy.mil/ITD/5540/ieee/index.html You can also reach the site from the IEEE Computer Societys page at www.computer.org. Remember that this organization is meant to help its members. If you can think of other things that we could do to help in the area of security and privacy, please contact either me or the appropriate subcommittee chair with your suggestion. And don't be surprised if you are invited to help implement your suggestion. Charles P. Pfleeger TCSP Chair ____________________________________________________________________ Letter #2 from the TC Chair ____________________________________________________________________ Dear Members, You think about your electric service only when you turn on the switch and the light doesn't go on. Fortunately, for Cipher readers, the light has always gone on thanks (and without having been thanked) to Carl Landwehr. Carl has been our editor for more years than I can remember. And the highest compliment we can give Carl is that readers knew he was editor only by reading the electronic masthead. For you readers, Cipher just appeared; for those of us who contributed, the same was true. It was Carl who brought us into the information age, first by distribution of Cipher by e-mail, and then, to save our mailboxes from overflow, by what he called the postcard distribution, in which he sent a brief e-mail message advising readers that a new edition had been posted at the web site. He maintained a mailing list of addresses that changed daily, as people changed affiliations and, more frequently, as organizations changed addressing conventions. He tirelessly repaired failed e-mail addresses in the best traditions of any postal service: the [e-]mail must get through. Now, after long and faithful service, Carl has decided it is time for someone else to take over from him. And, as if to underscore the amount of work he has done for us, he will be replaced by not one but two editors: Avi Rubin of Bell Laboratories and Paul Syverson of the Naval Research Laboratory. These two have an extremely high standard to follow. Please join me in a heartfelt expression of thanks to Carl, and best wishes to our new editors. Charles P. Pfleeger TCSP Chair ____________________________________________________________________ Letter from the Editor ____________________________________________________________________ Dear Readers, As you may already have discovered from Chuck's kind words above, this will be my last issue as Editor of Electronic Cipher. I enjoyed the opportunity to launch Cipher into the world of paperless distribution, but roughly three years and 25 issues later, I think it is time for some new blood. As a Cipher reader, you (and I) are fortunate to have two volunteers as capable as Paul Syverson and Avi Rubin willing to devote their time and creativity to keeping Cipher lively and current. Cipher is not the product of one person; I expect there have been more than 50 contributors since we began electronic distribution. While I can't thank each of you individually, I do want to thank Hilarie Orman, Mary Ellen Zurko, Jim Davis, and Bob Bruen for their excellent and sustained efforts to make Cipher lively, up-to-date, and accurate. And I would also like to thank Terri Benzel, Deb Cooper, and Chuck Pfleeger for their support as TC officers. Paul and Avi plan to bring out their first issue towards the end of January or in early February, and in the meantime I will be working with them to ease the transition. I plan to continue to contribute to Cipher, and I hope you will, too. Carl Landwehr Editor, Cipher ____________________________________________________________________ SECURITY AND PRIVACY NEWS BRIEFS ____________________________________________________________________ ____________________________________________________________________ President's Commission on Critical Infrastructure Protection Warns of Vulnerabilities, Calls for Action ____________________________________________________________________ The President's Commission on Critical Infrastructure Protection (see Cipher EI#16, July 28, 1996), the unclassified version of its report in late October, generating considerable press coverage and discussion. The New York Times quoted the commission's chair, Gen. Robert (Tom) March, retired, of the Air Force, as calling attention to the need for the government's computer networks to be the benchmark by which the nation's digital security is measured. He also called attention to the threat from insiders: "You can have good firewalls, good password control, but if you have an insider who intends to do harm, he can bypass many of these good safeguards." Some advocates of relaxing controls on the export of strong encryption were disappointed that the commission did not go further in recognizing the defensive uses of cryptography. Others responded that "the Commission properly spoke to cryptography in the context of its assigned task; namely, protecting the critical infrastructure. Equally properly, it did not -- and should not -- address cryptography as a national policy issue. The latter debate belongs elsewhere and it is elsewhere." The report also called for the government and private sector to share responsibility for improving the resilience of the nation's infrastructures. This brought criticisms from some industry representatives that "shared responsibility is a code word for 'You are going to pay for it.'" Cipher readers wishing to review the report for themselves can find it at: http://www.pccip.gov/. ____________________________________________________________________ IETF forms S/MIME Working Group ____________________________________________________________________ Secure Multi-purpose Internet Mail Extensions, or S/MIME, gained momentum as a standard for secure e-mail as RSA re-submitted it to the IETF on 3 November, and the IETF formed an S/MIME working group chaired by Russ Housley on 7 November. From the charter: The S/MIME Working Group will define MIME encapsulation of digitally signed and encrypted objects whose format is based on PKCS #7. [1] X.509 Certificates and CRLs as profiled by the existing PKIX Working Group will be used to support authentication and key management. The Working Group will base its work on the S/MIME version 2 specification (available from RSA Data Security), but the Working Group will be free to change any part of that specification. In particular, the Working Group will prepare a new document that allows algorithm independence, based on PKCS #7 1.5. The creation of the working group followed RSA's agreement to renounce its rights to ownership of the technology and trademark, according to an article by Elinor Mills of the IDG News Service published in Network World Fusion. RSA also announced a new consortium of 12 manufacturers, resellers, and distributors in Japan, as well as an effort to merge S/MIME with the Message Security Protocol (MSP) developed by the U.S. Dept. of Defense. The IETF's working group on Open PGP, co-chaired by John Noerenberg and Charles Breed, which is to develop a MIME framework for exchanging "PGP-processed objects" via e-mail and other transport protocols intends to continue its efforts. URL's for further details: http://www.nwfusion.com/news/113rsa.html http://www.ietf.org/html.charters/smime-charter.html http://www.ietf.org/html.charters/openpgp-charter.html http://www.rsa.com/smime/html/news.html ____________________________________________________________________ Attacks, Flaws, and Penetrations ____________________________________________________________________ Among the news reports of attacks, flaws, and penetrations since the last issue of Cipher were the following: * October 15: Microsoft confirmed a security flaw in Windows NT registry system that could permit an NT user to perform unauthorized software installations. According to an article in Infoworld, the problem was reported by David LeBlanc of Internet Security Systems. Microsoft has posted an article about the flaw at http://support.microsoft.com/support/kb/articles/q126/7/13.asp. * October 17, November 4, November 11, and November 21 were the dates on which Microsoft posted successive security fixes for different security problems in Internet Explorer 4.0 identified by users worldwide; see http://www.microsoft.com/ie/security * October 20: NASA report that ground systems supporting e-mail communications with the space station Mir were infected with a macro virus. In addition, a web server at the Johnson Space Flight Center was shut down and all passwords were reset after they learned a password file might have been compromised. In a separate incident, a NIST spokesperson reported that,following an anonymous tip, a password sniffer was discovered and removed from a NIST system. * November 10: Government Computer News reports that organizers of a Federal Web conference had misconfigured a Lotus Notes database and inadvertently exposed credit card information on an open web site. * November 10: Security issues in cable modem systems such as those being marketed by @Home Network were the subject of an article in Infoworld. A California subscriber to @Home's service discovered that he could, with a few mouse clicks, gain information from computers located in about 150 remote systems listed in the Network Neighborhood. * November 17: An article in Government Computer News reported that a citizen of the People's Republic of China working for a contractor to the U.S. Air Force had, more than a year ago, stolen passwords for an unclassified computer system, copied them, and posted them on the Internet. Lt. Gen. Kenneth Minihan, director of the National Security Agency, revealed that more than 250 Defense Department systems were penetrated last year, and that that number is expected to double this year, according to a separate GCN report. ____________________________________________________________________ Better DNS Security Coming? ____________________________________________________________________ RSA Data Security, Inc. and the Internet Software Consortium announced an agreement providing ISC with a free license for DNSsafe, an implementation of the RSA cryptosystem, limited for use only in authenticating Domain Name System resource records According to a widely distributed e-mail message from Carl Malamad, The donation allows the implementation of the DNS Security standards in BIND, a publicly-available implementation of the Domain Name System. RSA has also agreed to offer the same license to other DNS developers for a three-year period, so that non-BIND-based DNS products can also be secured. Virtually every device on the Internet currently implements the existing (insecure) DNS. We believe the DNSsafe security engine will be embedded in a wide variety of products, including routers and firewalls, and we hope that eventually Secure DNS will appear in every device on the Internet. ____________________________________________________________________ COMPASS Board Votes to Reform as TC ____________________________________________________________________ Jeff Voas of Reliable Software Technologies, Inc., distributed the following announcement on 1 November: The Annual COMPuter ASSurance (COMPASS) Conference, that has been held yearly at NIST in Gaithersburg, MD, and is sponsored by the IEEE National Capital Area and the IEEE Aerospace and Electronic System Society will not be held in 1998. On September 15, 1997 the COMPASS Board of Directors passed a motion to pursue becoming a Technical Committee (TC) under the IEEE Computer Society. The former Board of Directors, which is now the Interim COMPASS Task Force, is currently preparing a formal request to the IEEE Computer Society for this to occur. If this request is granted, then the newly formed Technical Committee will have the authority to hold future conferences. The earliest that these conferences could be held is 1999. It is anticipated that the new COMPASS conference(s) will be held in new locations and will remain focused on the principles of software assurance. Building systems with assurance and measuring that assurance will remain in the mission statement and charter of this new organization as fundamental goals. After twelve years of serving the information systems community, the Board of Directors felt that it was time to freshen and revamp the COMPASS organization (which began its mission in the mid-1980s). By doing this, the software community will be better served with information and events that are more in line with problems that researchers, practitioners, and theorists are facing as we near the close of this century. Interested parties in participating in the Technical Committee should contact Bonnie Danner at bonnie.danner@faa.dot.gov. ____________________________________________________________________ COMMENTARY AND OPINION ____________________________________________________________________ Secure Computing, Threats and Safeguards, reviewed by Bob Bruen, Cipher Book Review Editor ____________________________________________________________________ Rita Summers. Secure Computing, Threats and Safeguards. McGraw-Hill 1997. $59.95 Acronym list and Index. Each chapter a has summary, bibliographic notes, exercises and references. 688 pages. ISBN 0-07-069419-2. LoC QA76.9.A25S85 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Summers has divided the book into four parts: (1) Foundations, (2) Methods (3) Security in Computer Networks and (4) Management and Analysis. These parts provide the outline for a well organized presentation, balanced between technical topics such as cryptography and management topics such as policy. She has done an excellent job in both areas, not as common a feat as one would like. Her information theory and models based discussions of policy are clear and precise, as are the comprehensive descriptions of cryptographic methods (yes, she defines the terms cryptology and cryptanalysis as well). The book works as a handbook for technology managers, as a textbook and as a good book to read about computer security. In spite of the comprehensive approach, there is generally enough detail in each subject to get a good grasp of each idea. She has summarize instead of glossed over ideas, making sure there are plenty of pointers if you want to expand your knowledge. The bibliographies and references are extensive, indicating the research done for the book. A security professional might like to see more detail in the individual sections, but there will not be any complaints about how thorough she has been. Foundations includes a good introduction, a helpful chapter on the context in which we find computer security, a chapter on threats and the fourth chapter is about policies and models. For most computer managers, threats seen to come from everywhere, but Summers helps to narrow it down. The policy chapter is really a gem. She goes past the usual problem of trying to convince management to pay for it into the technical basis of integrity and several theoretical models. Methods is almost half the book, covering cryptography, designing and building secure systems, protection mechanisms, operating systems security, and database security. The database chapter is up to date with a section on object oriented databases. The operating systems chapter covers principles about built in OS security, then looks at commercial operating systems, such Unix, MVS, VMS, NT, etc, with a slight bias toward MVS, but then she did spend some time at IBM working on security. Network security is separated into basic network security and distributed systems. These are straight forward and well covered. Novell Netware has its own section, as does distributed file systems, remote access and mobile computing. Kerberos is covered as part of the section on authentication, but there are other aspects of authentication as well. Management and analysis has a chapter on each topic. Management covers the job that needs to be done, the organization, employees, contingency planning and incident response. In analysis, we find risk analysis, auditing, vulnerability testing and intrusion detection. Through these chapters we have step by step methods, examples, techniques and financial considerations. If you are new to this field, you will not miss much if you follow her advice. If you are experienced, you might be reminded of something to pay attention to. This a valuable resource from an experienced security professional who knows how to write. Recommended reading. ____________________________________________________________________ Technology and Privacy: The New Landscape Reviewed by Bob Bruen, Cipher Book Review Editor ____________________________________________________________________ Philip E. Agre and Marc Rotenberg (eds) Technology and Privacy: The New Landscape. Cambridge MIT Press 1997. 325 pages. Name index and subject index. Composed of 10 papers and introduction. ISBN 0262-01162-x LoC QA76.9.A25T43 $25.00 Table of Contents: 0. Philip Agre. Introduction 1. Philip Agre. Beyond the Mirror World: Privacy and the Representational Practices of Computing. 2. Victoria Bellotti. Design for Privacy in Multimedia Computing and Communications Environments. 3. Colin J. Bennett. Convergence Revisited: Towards a Global Policy for the Protection of Personal Data? 4. Herbert Burkert. Privacy-Enhancing Technologies: Typology, Critique, Vision. 5. Simon Davies. Re-Engineering the Right to Privacy: How Privacy Has Been Transformed from a Right to a Commodity. 6. David H. Flaherty. Controlling Surveillance: Can Privacy Protection Be Made Effective? 7. Robert Gelman. Does Privacy Law Work? 8. Viktor Mayer-Schonberger. Generational Development of Data Protection in Europe. 9. David J. Phillips. Cryptography, Secrets, and the Structuring of Trust. 10. Rohan Samarajiva. Interactivity As Though Privacy Mattered. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - "Privacy is the capacity to negotiate social relationships by controlling access to information about oneself" (from the dust jacket) is a far cry from privacy as the "right to be let alone" as described by Louis Brandeis and Samuel Warren in their 1890 landmark paper "The Right to Privacy." But 107 years later the issue of privacy has moved just as far or even farther. In fact, in the past decade the issue has moved as far as in the last 100 years, mainly as a consequence of technology. As with the usual advances in technology, information moves faster, gets collected in larger quantities and is analyzed in more detail. This excellent collection of papers is right on the mark presenting the policy problem from various vantage points. Almost all the papers have useful references in the form of endnotes or bibliographies. Agre's introduction starts off listing all the things the book is not, such as a source for genetic, medical, international, etc. privacy issues. Privacy is a big area for which there are other books that cover these issues. The New Landscape attempts to help "frame the new policy debate," which I think it does. The introduction not only summarizes the papers in the book, but also provides good insight into each topic. What I took away from the book was a sense that the issues are international with important differences in approaches from the US. One can not ignore the potential difficulties inherent in fundamental approaches to privacy between our closet world partners in Canada and Europe. Nor can one ignore the potential threats in the Internet's lack of respect for international boundaries. The death of privacy was declared by Time Magazine on August 25 of this year, but since it was at the personal level we need to also look at the larger consequences at the international policy level. There are no end to the sources of problems as technology not only gets better, but more of it gets into the hands of more people. For what it is worth, people are pretty much the same. Technology just gives them better tools to do whatever it is that they do. A quick look at history shows a mixed bag of good, bad and indifferent. While the range of the New Landscape is intended to be somewhat narrow, there is a still a broad enough range in the papers to be interesting and balanced. The best chapter is Cryptography, Secrets and Trust by David Phillips. The crypto summary was well done and interesting, but I especially liked his discussion of the structure of trust. He sets up a good baseline that makes the jump from technology to policy. His references contain the right choices for such a paper. He did not say it, be he gives cause for concern that not only will privacy disappear, but so will trust as we understand it. Burkert's paper on privacy enhancing technologies (PET) provides another dimension in which personal identity is protected. He first lays out a starting point for a typology of interactions that could be subject to protections by technology, then critiques PET design as it exists today. The problems raised by him are well worth thinking about: anonymity, trust and identity. The papers by Bennett, Davies and Mayer-Schonberg cover Europe in a helpful way. Europe's approach overall is to provide better individual privacy protection than the US where private information is a commodity to be bought and sold, which gives rise to strange notion that the right to privacy can be a commodity as well. Even though Europe is working towards a coherent privacy approach, the usual local differences are still making it a rocky road for them. The Canadian contributions are from Flaherty and Samarajiva, both of which emphasize surveillance. Flaherty is an academic who became the first Information and Privacy Commissioner for British Columbia. He offers a unique perspective on the rules are being written today. He is critical of the US approach because the federal government seems to prefer being sued to making any real progress over taking the initiative to protect its citizens. Samarajiva's paper discusses a project in Quebec called UBI (Universal, Bidirectional, Interactivity) which intends to create an electronic mall providing commercial services to the homes of subscribers. The service will be free to subscribers, but information will be easily collected about buying habits. The fears of private industry's surveillance should surpass those of government surveillance. Bellotti's paper is also about surveillance in private industry at Apple. The work was done as research about how visual media affects people. Some of the first attempts seem clumsy, as in the public coffee stand and some of the attempts seem successful as in offices where users have some control. Surveillance generally brings about thoughts of illegal activity, but as shown by this book, there is a fair amount of surveillance of legal and sometimes uninteresting activity. The law has its due in Gellman's paper which asks if it works. Privacy law does exist in the US, but it is a patchwork that is constantly under attack. How many people realize that the infamous "Deadbeat Dads" law passed in 1996 gave the FBI permission to gather up data on every person who gets a new job after October 1, 1997? Remember the CDA? Gellman does a good presenting some history as he tries to answer his question. Lastly, Agre's chapter on the Mirror World is an historical look at privacy and PETs going back to the 1910 then progressing to today. He demonstrates effectively how the thinking of pre-computing days has been passed down to our current thinking and why it is important to understand it. This is a well constructed, interesting and useful book. It helps to expand the notion the all that matters is the technical side of things to a more properly balanced approach that includes policy making and social change. Definitely recommended. ______________________________________________________________________ CONFERENCE REPORTS ______________________________________________________________________ Report on New Security Paradigms Workshop '97 Langdale, Cumbria, England, September 23 - 26, 1997 by Mary Ellen Zurko, The Open Group Research Institute (m.zurko@opengroup.org) ______________________________________________________________________ New Security Paradigms Workshop '97 was held this year in Langdale, Cumbria, England, from September 23 - September 26. The goal of the workshop is to provide a highly interactive and supportive forum for brand new and radically different work in computer security. NSPW is an invitation-only workshop, generally restricted to accepted authors, organizers, and sponsors. It's home page is http://www.cs.uwm.edu/~new-paradigms. Session 1 was on "Formalism and Pragmatism," and run by Hilary Hosmer, who founded the workshop. The first paper was "Integrating Formalism and Pragmatism: Architectural Security" by Ruth Nelson. Ruth was motivated by her perception that nobody listens to security people. She suggested we can change that, by focusing on things that matter to the world, and not just to us. While correctness is a really handy thing to worry about, universality is hard: to get the world right is difficult. She categorized security people as either formalists who mostly access control or pragmatists who mostly worry about intrusion detection. Neither school has great effect on system design. Someone suggested that penetrate and patch had an influence on system design by making systems like Java more complex (and hence worse). Ruth had several possible solutions to these problems. Architects can be intermediaries between the specific and general. We could work on general but not necessarily universal countermeasures. We can try to get more input from the real world (such as from system manager). We shouldn't buy into any one model of the world, because the bad guys don't have to. Instead of discussing issues with jargon (which is good for hiding structure and information) we should discuss things in pidgins and creoles (inter-languages). We can take a risk-based approach and work with attacks and countermeasures. We can include actual users within the boundary of the systems we're designing. There is a tension with security work. Security people come from the "don't do this" direction; functionality people come from the "do do this" direction. The second paper was "A Practical Approach to Computer Security" by Darrell M. Kienzle and William A. Wulf. Darrell presented. The security people working on the Legion system needed a practical approach to evaluating security. It needed a minimal learning curve and had to allow formality to applied incrementally, where it was most useful. The goal was to give the user (the Legion application writer) the information to make the decision about whether the system is secure enough. They used system fault trees as the basis of their approach to produce Methodically Organized Argument Tree (MOAT). They produce a tree of uninterpreted predicates that are combined with AND or OR gates. Arguments are accessible and amenable to discussion/inspection. Further refinements of the trees go after the next weakest link in the arguments or the node that seems to have the best benefit/cost ratio. Chenxi Wang is doing research on assigning numbers to the nodes and composing them. One much discussed aspect of the work was that it chose a tree representation instead of a graph. It is trying to represent a formal argument. The results from using this method with Legion were that it was inexpensive, formality proved unnecessary, and they benefited from some reuse. It provided a systematic approach to trade-offs, aided problem understanding, and uncovered implicit assumptions. It aided communication in that arguments were accessible to inspection and assumptions were well communicated. They need tools to manage larger analyses; the gestalt approach begins to break down as the system scales up. Dixie Baker suggested that this approach also needs to communicate to the customers how much risk is left. Session 2, on "Protection," was chaired by Steven Greenwald. The first paper in that session was "Meta Objects for Access Control: Extending Capability-Based Security" by Thomas Riechmann and Franz J. Hauck. Thomas presented. Their work was in a distributed, object-oriented system where an object reference is already a capability (controlled by the system and necessary and sufficient for calling an object). Their Security Meta Objects place restrictions on these capabilities. They are fully programmable, so can be used for policies involving revocation and expiration. Bob Blakley pointed out that you can encode policy that changes member functions to return different values for different policy states. These SMOs can apply policy to references that are returned from calls to methods they point to, or simply disallow their return. This approach encourages library reuse allowing object classes to be security unaware. SMOs also work when their reference is passed as a parameter to a method on an untrusted object. One future direction mentioned was to integrate ACLs and principals into SMOs. They are implementing their work in a Java prototype. Bob Blakley pointed out that Java can turn references into strings, then back into references, which would circumvent this approach. The next paper was "A Tentative Approach to Constructing Tamper-Resistant Software" by Takanori Murayam, Masahiro Mambo, and Eiji Okamoto. Masahiro presented. They are working on defining tamper resistance as information stored in a device or software that is hard to read or modify by tampering. In terms of cost vs. performance and ease of handling, it is better to achieve tamper resistance without using any physical device. They are starting by making programs hard to analyze, so that it is uneconomic to guess the algorithm and impractical to guess the place in the module of a given piece of functionality. They attempted to generate hard to analyze programs without modifying the original algorithm (one attendee suggested they could hire some programmers who wrote spaghetti code that was hard to understand). Their basic techniques to generate elementary tamper-resistant code are irregularly order the instruction streams, insert dummy codes, eliminate useful patterns and redundancy via optimization. Heather Hinton pointed out that their method of turning two lines of assembly language into nine would produce a significant size issue. Bob Blakley suggested looking over the obfuscated C handbook to see how to do things like this without unreasonable code expansion. Another concern was that if this process can be automated, then it can be undone by an automated process. Session 3, "Design of Secure Systems," was run by Cathy Meadows, who authored the paper "Three Paradigms in Computer Security" that was used as a touchstone for this discussion session. Her paper was inspired by a panel she was on last year called "High Assurance Systems: The Good, the Bad, and the Ugly." The Ugly are solutions that are practical but messy and of doubtful assurance (like most things in the world). Cathy suggested that firewalls and virus checkers fall in this category. The Bad are sound but impractical solutions (the Orange Book being a favorite example). The Good are sound and practical solutions, such as connecting system high computers at different security levels via one-way flow devices. Cathy's conjecture about what makes the difference between these approaches is in the attitude to existing infrastructure. Cathy proposes three paradigms based on this conjecture: Live With It (Ugly), Replace It (Bad), and Extend It (Good). The Live With It Paradigm takes the infrastructure as a given and applies security patches without modifying or extending the underlying structure. The Replace It Paradigm states "Replace X with a secure X" while ignoring entrenchment of X. The Extend It Paradigm pays close attention to infrastructure. It identifies necessary modifications, but keeps them to a minimum. Adding components to the infrastructure is usually better than trying to replace them. One question that received much discussion was "How do we distinguish between the different paradigms?", particularly between Live With It and Extend It. Extend It seems easiest to apply when a function does not yet exist or is inadequate. I pointed out that Digital's A1 Virtual Machine Monitor overcame the Replace It issues, but died for other reasons, so that following the Extend It paradigm might be necessary, but not sufficient. One participant suggested coming up with a problem architecture before coming up with the solution architecture. Session 4, "Trust and Distrust," was chaired by Marv Schaefer. The first paper was "Patterns of Trust and Distrust" by Daniel Essin. Dan took a look at policies in the context of a service organization such as a hospital, where high quality work is the goal. Activities are highly regulated and there is a potential for catastrophic loss. Many tasks have a specification and require permission (not just data system tasks). Each component of an individual's work may be governed by different policies and permissions. For example, the organization may suspend the privileges to do elective surgery, but in an emergency they may be temporarily granted, if the suspension was due to non-compliance with administrative policy. The nature of the task and the circumstances may affect the decision to allow the action and the evaluation of its deliverables. There is no training on how to make policy; it's assumed people who can breathe can make policy. The number of policies defined goes up while the number carried out remains flat. One of the many questions raised was "How do you determine in retrospect what the situation was so that you can be sure that the right policy was applied?". It hinges on having a detailed, contemporaneous record. Actors motivation is to have as few policies as possible so they only need to be held to as few as possible. Trust represents a conclusion about whether an outcome will be positively affected by allowing an actor to interact with resources in the context of the risks involved. John Dobson pointed out that policy making is not a rational act; it's a visible manifestation of the exercise of power. The next paper was "A Distributed Trust Model" by Alfarez Abdul-Rahman and Stephen Hailes. Farez presented. He quoted Diego Gambetta, a sociologist, from Can We Trust Trust?, "trust ... is a particular level of the subjective probability with which an agent will perform a particular action, both before [we] can monitor such action ... and in a context in which it affects [our] own action." This points out that trust is subjective and contingent on the uncertainty of a future outcome. Another quote states "Human interaction would be impossible without trust." Trust is made necessary by a lack of knowledge. Their approach is a generalization of existing approaches. Agents exchange (recommend) reputation information about other agents. The 'quality' of the information depends on the recommender's reputation. While Farez stated that managing your own policy is a downside to recommendation-based trust, many of the attendees disagreed, and considered it to be necessary (even full delegation was considered self management). Chenxi Wang stated that recommendation works well in a contract based society but not in a reputation based society like China or Russia. John Dobson pointed out that evidence from psychological studies showed that trust is not even partially ordered, and that you can change your amount of trust without any evidence. Ian Welch suggested the notion of back flow; if A recommends B, and B stings me, I don't trust A or B. Marv Schaefer pointed out that B could undermine A on purpose this way. Ruth Nelson noted that tracking who to refresh (trust values are refreshed by their recommenders) is unwieldy. The last paper in this session was "An Insecurity Flow Model" by Ira S. Moskowitz and Myong H. Kang. Ira presented. Ira started by listing the issues and assumptions not covered by this work: it's insecurity flow, not information flow; time is not considered; the model cares about the invader getting in, not about anything getting out; the model does not address if you know if anyone gets in; and all "layers" are independent (this simplifies the current model, though it is a very major assumption). Their motivation was Moore and Shannon on "Reliable Circuits Using Less Reliable Relays." Layers of defenses such as firewalls and access control systems are composed. They ask questions such as: What is the vulnerability for a path? How do they aggregate? Are there redundant or useless mechanisms? How do we analyze cost? 0 is secure; 1 is insecure (the probabilities measure intrusion). For parallel circuits, if there are 3 ways in, it's less secure than one way in. This matches our intuition. All probabilities are >= 0. In sequence, cheap, high probability components more secure than one alone. The probability of insecurity flowing through two identical components in series that are again replicated in parallel is: 1 - (1-p^2)^2. When this function is plotted against the single component option, it has a nice little wiggle in it and becomes more insecure than the single component at p = .618. Ira then outlined the formalism for considering multiple paths. The probability of insecurity is union of all of the "non-stupid" paths. They have some reduction formulas for common topologies. Session 5 on Emergent Systems was led by Cristina Serban. The first paper in that session was "Principles of a Computer Immune System" by Anil Somayaji, Steven Hofmeyr, and Stephanie Forrest. Anil presented. They looked at computers as complex systems, where software is updated, configurations change, and system administrators are overburdened. We build them, but we do not understand them. Ruth Nelson classified our attempts to make models that accurately reflect these systems as "a desperate move." Anil outlined what they considered to be general properties of complex adaptive systems: distributability, diversity, adaptability, disposability, and autonomy. They then tried to turn these properties into principles. For example, no small set of cells is irreplaceable. Steven Greenwald pointed out that infectious disease was a major issue, but now auto-immune diseases are. However, immune systems are still essential. Tom Lincoln stated that medicine is 15% science and models of dubious completeness. The models give us great clinical courage. Anil pointed out how immune systems are not computer security systems. There is no confidentiality, no data integrity, little accountability, and (perhaps most importantly) no guarantees. There is a physical barrier. Dixie suggested we consider analogies with the skin and brain as well as the immune system. Anil talked about identity being determined by behavior, which is spoofable, but intrinsic. In a sense, you have to become the thing you're pretending to be. Ruth Nelson pointed out that viruses spoof cells without being them. Anil concluded that we still need traditional security mechanisms. They provide the first level of defense. The next paper was "Composition and Emergent Properties" by Heather Hinton. Heather started her research by looking at why composition fails and how properties emerge on composition. Previous approaches focused on information flow. Properties are the formal instantiation of the informal policy goals at a given system. While changes in a system and its environment may affect a system's properties, the system's policies are usually unchanged by composition. Heather classified properties by whether their satisfied by individual systems and/or the two systems' composition. She defined emergent behaviors as new behaviors relevant to a composite system but not its components. Ruth Nelson asked about disappearing properties, which Mike Williams suggested were submergent behaviors. Heather indicated that emergent behaviors are unpredictable or surprising behaviors arising from a composition. This implies that they are subjective and might be learnable from experience (such as what happens when you mix colors). Bob Blakley suggested that as you compose more things, more of the system behavior is underspecified and surprising. Emergent behaviors may lead to the emergence of desired properties on composition. No matter how we represent the system, we have to deal with effects of composition. Tom Lincoln was reminded of the difficulty of composing valid laws. The final session, Session 6 on Networks, was chaired by Mike Williams. The first paper was "Protecting Routing Infrastructures from Denial of Service Using Cooperative Intrusion Detection" by Steven Cheung and Karl N. Levitt. Steven presented. Their models attempt to deal with a compromised router that can remove (blackhole) or misroute packets. Good routers diagnose each other to detect and respond misbehaving routers. Their approach makes assumptions about the networks, develops their system model and failure models for routers, designs the diagnosis protocols, and proves detection and response properties of the protocols. They design their responses so that they cannot be used against them by an attacker. They assume that the well-behaved routers are connected (no partitioning by bad routers), that neighboring routers can send packets directly to each other, and that routers know the network topology and the cost of every link. They do shortest path based routing. Misrouting routers are routers that forward a transit packet to a router that is not on the shortest path to its destination. They developed a classification of the strength of a bad router. A bad router can misbehave permanently, probabilistically (on every packet with a certain probability), almost permanently, or intermittently. They can misbehave on all packets, packets determined by addresses, or packets determined by address and/or payload. For a permanent bad router that acts on all or address specific packets, can they can use distributed probing: if C is closest to B, it can send a packet to B and see if it gets it back. For diagnosing intermittently bad routers that may be address or payload aware, they can use flow analysis: the amount of transit packets going into B should be the same as the amount going out. A good router never incorrectly claims another router as a misbehaving router (soundness). If a network has misbehaving routers, one or more of them can be located (completeness). Misbehaving routers will eventually be removed; good routers will remain connected (responsiveness). The concluding paper of the workshop was "A Security Model for Dynamic Adaptable Traffic Masking" by Brenda Timmerman. Her thesis is on traffic masking for traffic flow confidentiality, and this paper is one chapter of it. She calls her approach Secure Dynamic Adaptive Traffic Masking (S-DATM). The model can also be self-modifying. She began by outlining a variety of incidents from Desert Storm which would have allowed for traffic analysis. She said that about 2% of users needed traffic flow confidentiality (TFC). TFC masks the frequency, length, and source and destination traffic patterns. The fundamental mechanisms for TFC are encryption, traffic adding and delaying, and routing controls. Her model supports adaptable traffic masking for trade-offs between user protection needs and efficiency and performance. Early work on TFC encrypted the link and kept it full of noise. More recent work on adaptable transport layer traffic masking work well for normal low traffic, but large spurts makes it adapt, which gives away information. Mike Williams suggested considering multiplexing across multiple channels. Cathy Meadows pointed out that you need the people doing the innocuous stuff to mask the people doing the important work that needs to be hidden. S-DTAM mask statistical anomalies with bursts of traffic. It precisely specifies the acceptable ranges of system behavior and can model dynamic adjustments. Previous work required global knowledge, which didn't scale to the size of the Internet. A profile of masked traffic behavior is defined at installation time, including burst size, inter-arrival delay, and throughput. Statistics provides precision and reduces processing and storage. The model can change the statistical critical values. For example, in times of extreme crisis, people know you're going to react, so TFC can go down. Heather Hinton suggested considering an algorithm that ramps up and ramps down; prediction is hard. ________________________________________________________________________ New Reports available via FTP and WWW ________________________________________________________________________ o http://www.cs.odu.edu/~mukka/tcos/tcos.html Newsletter of the IEEE TC on Operating Systems can now be found here, including a pointer to a summary of discussions on security at the HOTOS conference held last spring: http://www.eecs.harvard.edu/hotos/scribes/sessions/security.html o http://www.steptoe.com/digsig2.htm International Developments Affecting Digital Signatures. by Stewart A. Baker o http://www.wheelgroup.com/netrangr/PWS_survey.html Analysis of Internet Attacks, vy Wheelgroup Corp., covering May - September 1997, based on analyzing more than 500,000 security alarms generated by NetRanger intrusion detection system and ProWatch Secure monitoring service. o http://www.csci.ca/breach.htm Catalog of WWW computer security breaches, provided by Computer Security Canada, Inc. o Couldn't make it to Baltimore this year for the 20th National Information Systems Security Conference, October 7-10, 1997? You can now find the table of contents on the web at http://csrc.nist.gov/nissc/1997/proceedings/toc.pdf. In addition, the table of contents includes links to most of the papers provided in the conference proceedings. The 1996 proceedings are similarly available at http://csrc.nist.gov/nissc/1996. Congratulations to NIST for making these proceedings available. o http://eis.jpl.nasa.gov/quality/Formal_Methods/ NASA guidebook "Formal Methods Specification and Analysis Guidebook for the Verification of Software and Computer Systems, Volume II: A Practitioner's Companion" [NASA-GB-001-97, 245 pages, May 1997] o From Gene Spafford: Two new PhD dissertations of potential interest to Cipher readers are now available online in the COAST ftp archive: "Languages and Tools for Rule-based Distributed Intrusion Detection" by Abdelaziz Mounji; Universitaires Notre-Dame de la Paix; Namur Belgium; B. Le Charlier, advisor. ftp://coast.cs.purdue.edu/pub/doc/intrusion_detection/mounji_phd_thesis.ps.Z "On the Modeling, Design, and Implementation of Firewall Technology" by Christoph L. Schuba; COAST Laboratory, Purdue University; W. Lafayette, IN; E. H. Spafford, advisor. ftp://coast.cs.purdue.edu/pub/COAST/papers/schuba_phddis.ps ftp://coast.cs.purdue.edu/pub/COAST/papers/schuba_phddis.pdf We welcome any submissions of electrionic versions of dissertations, reports or papers in topics related to information security, computer crime, or computing ethics. We are interested in continuing to expand the COAST archive with material useful to the infosec community. o http://hissa.ncsl.nist.gov/risq/ Reference Information for Software Quality. The CHISSA Resource Center is a collection of artifacts covering the range of subjects loosely grouped under the ruberic High Integrity Software. Artifacts may include documents, video clips, audio clips, tool demonstrations, etc. o http://www.odci.gov/csi/studies/97unclas/warfare.html A Major Intelligence Challenge: Toward a Functional Model of Information Warfare L. Scott Johnson ________________________________________________________________________ Who's Where: recent address changes ________________________________________________________________________ Entered 12 November 1997 LouAnna Notargiacomo Trusted Computer Solutions 13873 Park Center Road Suite 225 Herndon, VA 20171 Email: lnotar@tcs-sec.com Voice: 703-318-7134 Fax: 703-318-5041 Entered 23 October 1997 Pierangela Samarati Computer Science Laboratory SRI International 333 Ravenswood Avenue Menlo Park, CA 94025, USA e-mail: samarati@csl.sri.com (e-mail to other addresses is automatically forwarded) Phone: (650)859-3927 Fax: (650)859-2844 Entered 20 October 1997 David A. Cooper Computer Security Division Information Technology Laboratory National Institute of Standards and Technology 820 West Diamond Ave. (Room 426) Gaithersburg, MD 20899 email: david.cooper@nist.gov phone: (301)975-3194 Entered 19 October 1997 Ron S. Ross, Ph.D. National Institute of Standards and Technology Information Technology Laboratory Computer Security Division 820 West Diamond Avenue (Room 426) Gaithersburg, MD 20899 voice: (301) 975-5390 fax: (301) 948-0279 email: rross@nist.gov pager: (800) 796-7363 pin: 110-109-0 Entered 15 October 1997 Judith Hemenway Senior Associate Booz-Allen & Hamilton, Inc. 1615 Murray Canyon Road, Suite 220 San Diego, CA 92108 voice: (619) 718-3866 fax: (619) 718-3880 e-mail: hemenway_judith@bah.com Dr. Heinrich Kersten Head of Certification Body at debis IT Security Services Oxfordstr. 12-16 D-53111 Bonn / Germany voice: +49-228-9841-110 fax: +49-228-9841-60 email: h-kersten@itsec-debis.de _______________________________________________________________________ Calls for Papers (new listings since last issue only -- full list on Web) ________________________________________________________________________ CONFERENCES Listed earliest deadline first. See also Cipher Calendar. Mix of full and abbreviated listings this issue; web will be updated as soon as possible to include abbreviated listings. CAiSE*98 http://www.pianosa.cnuce.cnr.it/caise98 The Tenth Conference on Advanced Information Systems Engineering, June 8-12, 1998, Pisa, Italy. Theme: "Information Systems in Public Administrations"; topics of interest include IS security. Five copies of original papers 5,000 words or less due 30 November 1997 to program chair Barbara Pernici, pernici@elet.polimi.it. Proceedings to be published in Springer LNCS. WECS'98 Workshop on Education in Computer Security, Asilomar Conference Center, Pacific Grove, CA, January 19-21, 1988. (submissions due: December 15, 1997). [posted here 11/9/97] The Workshop on Education in Computer Security is intended to bring together those interested in developing and enhancing instruction in computer security within undergraduate and graduate computer science programs. The Workshop's objectives are to provide a forum for discussion of ideas and techniques in computer security education. The theme for the 1998 workshop will be the use of laboratory activities to enhance educational objectives. It is expected that the outcome of the workshop will be a set of laboratory exercises that can be used by the participants and others to enhance the teaching of security objectives. The meeting will also feature a half-day tutorial on Penetration Testing by Daniel Faigin, of the Aerospace Corporation. Penetration Testing is a holistic flaw assessment approach that is applied to expose weaknesses in an implemented system. This form of system stress testing is likely to be appealing to students and provides a rigorous framework from which instructors may fashion laboratory and course material. All participants must: (a) Submit a laboratory exercise, (b) Make conference center reservations, and (c) Complete the workshop registration form. Educators from undergraduate and graduate programs wishing to participate in the workshop are requested to submit a laboratory exercise or project description used to provide instruction on a topic in Computer or Network Security. Exercises should be submitted on or before 15 December 1997. All exercises will be organized in a collection which will be prepared for distribution to participants at the meeting. Submissions should be sent to: Prof. Cynthia E. Irvine, Computer Science Department, Code CS/Ic , Naval Postgraduate School, Monterey, CA 93943-5118, USA Voice: +1 408 656 2461 Fax: +1 408 656 2814 irvine@cs.nps.navy.mil Hard copy and e-mail submissions are acceptable. Complete submission instructions and local arrangements can be found on the conference web page at http://www.cs.nps.navy.mil/research/cisr/events/wecs98_announce.html. DOCS '98 http://www.omg.org/DOCSec/1998/ Second Workshop on Distributed Object Computing Security, May 5-7, 1998, Baltimore, Maryland. Topics of interest include DOC security standards, product design issues, security integration issues, and security operational issues. One page position statement to be submitted by 9 January 1998 to secws-submissions@omg.org. Further information from web page or co-chairs Richard Soley, OMG, soley@omg.org, or David Chizmadia, NSA, dmc@tycho.ncsc.mil. WebDB '98 http://poincare.inf.uniroma3.it:8080/webdb98/ International Workshop on the Web and Databases, Valencia, Spain, March 27-28 1998 (in conjunction with EDBT '98, http://mistral.dsic.upv.es/~edbt98/) Topics of interest include security and integrity issues. Submit extending abstract, 6pp (3000 words) or less, by January 12 in Postscript or HTML by e-mail to webdb98@inf.uniroma3.it. COMPSAC '98 http://enws178.eas.asu.edu/compsac98/index.html Twenty-second Annual Int'l Computer Software and Applications Conference, August 17-21, Vienna, Austria. Topics of interest include all aspects of software security and safety. Six copies of original papers (3000-5000 words) due to program co-chairs (by area, see web page) by January 15, 1998. Further information on web page or: thura@mitre.org, ako@aqu.hitachi-sk.co.jp, boasson@signaal.nl CSFW11 11th IEEE Computer Security Foundations Workshop, Rockport, Massachusetts, USA, 9-11 June, 1998. (Submissions due: February 6, 1998) [posted here: 10/22/97]. This workshop brings together researchers in computer science to examine foundational issues in computer security. We are interested both in papers that describe new results in the theories of computer security and in papers and panels that explore open questions and raise fundamental concerns about existing theories. The paper submission deadline is February 6, 1998. See the web page, http://www.csl.sri.com/~millen/csfw/index.html or email Program Chair (snf22@ccsr.cam.ac.uk) for full details. ACISP '98 http://www.isrc.qut.edu.au/acisp98/cfp.html Third Australasian Conference on Information Security and Privacy, 13-15 July, 1998, Brisbane, Australia. Papers solicited pertaining to all aspects of information security and privacy are solicited. Papers may present theory, techniques, applications and practical experiences on any relevant topic. Electronic submissions (preferred) or seven copies of hard copy anonymized submissions due February 20, 1998, to acispsubmit@isrc.qut.edu.au or A/Prof Ed Dawson, Queensland University of Technology. Details available on web page. VLDB '98 http://www.research.att.com/conf/vldb98/ 24th International Conference on Very Large Data Bases, August 24-27, 1998, New York City. Topics of interest inlcude authorization and security. Submissions in various categories due by 23 February, 1998, with abstracts of original research papers due 16 February to Jennifer Widom, widom@cs.stanford.edu, or Oded Shmueli, oshmu@cs.technion.ac.il. Details available on web page. ESORICS'98 5th European Symposium on Research in Computer Security, Louvain-la-Neuve, Belgium, September 16-18, 1998. (submissions due February 28, 1998) [posted here: 11/9/97] Computer security is concerned with the protection of information in environments where there is a possibility of intrusion or malicious action. The aim of the European Symposia on Research in Computer Security (ESORICS) is to further the progress of research in computer security by establishing a European forum for bringing together researchers in this area, by promoting the exchange of ideas with system developers and users and by encouraging links with researchers in related areas. A complete list of topics can be found on the conference web page at www.dice.ucl.ac.be/esorics98. Papers should be written in English and limited to 6000 words, full page figures being counted as 300 words. Each paper must include a short abstract and a list of keywords. Since special sessions will be devoted to posters and demonstrations, it should be indicated in the paper submission if a demonstration can accompany the paper presentation. A call for posters and demonstrations will be published with the preliminary program. Panel proposals should include title, proposed chair, tentative panelists, a 2 or 3 paragraph description of the subject, format of the presentation, and rationale for the panel. Six hard copies of papers and panel proposals must be received before February 28, 1998, at the following address: Yves Deswarte/ ESORICS 98 PC Chair/ LAAS-CNRS/ 7 avenue du Colonel Roche/ 31077 Toulouse cedex 4, France/ Tel. +33 (0) 5 61 33 62 88 / Fax: +33 (0) 5 61 33 64 11. In parallel with hard copy paper submission, an electronic (ASCII) copy of the paper abstract and key words must be sent by e-mail to: Yves.Deswarte@laas.fr WFMSP '98 http://www.cs.bell-labs.com/~nch/fmsp Workshop on Formal Methods and Security Protocols, 25 June, 1998, Indianapolis, Indiana, (following LICS'98). Submissions due March 13, 1998. Correspondence and submssions to nch@research.bell-labs.com and wing@cs.cmu.edu. Details available on web page. DEXA'98 http://www.ifs.tuwien.ac.at/dexa98 Int. Workshop on Security and Integrity of Data Intensive Applications (http://www.wi-inf.uni-essen.de/~dexa98ws) Vienna, Austria, August 26-28, 1998. Submissions (short papers up to 2500 words or full papers up to 5000 words) due March 15, 1998. Electronic submission preferred; contact dexa98ws@wi-inf.uni-essen.de and see web page for full details. IIIS '98 http://www.ifip.tu-graz.ac.at/TC11/CONF/cfp98.html Second Annual IFIP WG 11.5 Working Conference on Integrity and Internal Control in Information Systems. Papers solicited describing original ideas and results on foundations and applications related to the subject of integrity and internal control in information systems. Six copies of papers up to 5000 words due before 1 April to Prof. Sushil Jajodia, jajodia@isse.gmu.edu. See web page for details. CCS-5 Preliminary call for papers for the Fifth Conference on Computer and Communications Security, San Francisco, California, USA, November 3-5, 1998 (Tutorials on November 2, 1998). (submissions due: April 3, 1998). [posted here: 10/1/97] Papers offering novel research contributions in any aspect of computer security are solicited for submission to the Fifth ACM Conference on Computer and Communications Security. Papers may present theory, technique, applications, or practical experience; a complete list of topics of interest can be found in the call for papers. Instructions for authors: Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with a proceedings. Papers should be at most 15 pages excluding the bibliography and well-marked appendices (using 11-point font and reasonable margins on letter-size paper), and at most 20 pages total. Committee members are not required to read the appendices, and so the paper should be intelligible without them. Submission instructions for papers, as well as for panel proposals and tutorial proposals, will be posted at http://www.research.att.com/~reiter/ccs5/ and circulated in the final call for papers. JOURNALS Special Issues of Journals and Handbooks: listed earliest deadline first. o Special Issue of IEEE COMPUTER on Networking Security Systems and the Web: A baseline on security strategies for the emerging broadband environment. Guest Editors: Patrick Dowd, Univ. of Md, and John McHenry, National Security Agency. Electronic submissions (only) due January 15, 1998, to the editors: dowd@eng.umd.edu and jtmchen@afterlife.ncsc.mil. This special issue will focus attention on the integration of networking and endpoint security. It will pull together both IP and ATM networking security strategies and examine methods that will allow homes and offices to safely explore the opportunities provided by a "connected" environment. Papers are solicited on the topics described above. Topics including the emerging broadband networking environment, IP and ATM security, integrated security strategies, and security analysis are of particular interest. ________________________________________________________________________ Reader's Guide to Current Technical Literature in Security and Privacy Part 1: Conference Papers ________________________________________________________________________ o The list of papers presented at the 20th National Information Systems Security Conference can now be found on the web at http://www.jya.com/nissc97.htm or http://csrc.nist.gov/nissc/1997/proceedings/toc.pdf In addition, the text of most of the papers is available via links in the latter file o Papers to be presented at IFIP WG11.5 First Working Conference on Integrity and Internal Control in Information Systems. December 4-5, 1997, Zuerich, Switzerland. Conference information: http://www.ifip.tu-graz.ac.at/TC11/CONF/zuerich1997/index.html Refereed Papers: - Towards continuously auditable systems Prof. Naftaly H. Minsky, Rutgers University, USA - Maintaining temporal integrity of WWW-pages Prof. Dr. Gerhard Knolmayer and Thomas Buchberger, University of Bern, Switzerland - Dynamic integrity constraint definition and enforcement in databases: a classification framework Maria-Amelia Pacheco Silva, Polytechnic University of Catalunya, Spain - An extensible framework for repairing constraint violations Dr. Michael Gertz and Prof. Dr. Udo W. Lipeck, University of Hannover, Germany - Query answering in information systems with integrity constraints Prof. Dr. Frangois Bry, University of Munich, Germany - Optimistic concurrency control for maintaining the global integrity constraint in multidatabase systems Kyuwoong Lee and Prof. Dr. Seog Park, Sogang University, Korea - Integrity: do you know where your objects are? Andrew E. Wade Ph.D., Objectivity Inc., USA - A model for specifying individual integrity constraints on objects Dr. Youssef Lahlou, German National Centre for Information Technology, Germany - View constraints: an interpretation of integrity constraints for security Patrizia Asirelli, IEI-CNR, Italy - Changing definitions of internal control and information systems integrity Robert R. Moeller, Compliance and Control Systems Associates, USA - Information integrity in end-user systems David Chadwick, Joan Knight, Phil Clipsham, University of Greenwich, UK Invited Papers: - Establishing an information security strategy Erik Guldentops CISA, SWIFT, Belgium - The integrity of electronic evidence Matti Tenhunen, Central Criminal Police, Finland - Pragmatics driven research issues in data and process integrity in enterprises Prof. Amit Sheth, University of Georgia, USA - Control of information and communication technology: an integrity problem. Views, perspectives, education, evaluation. Prof. Andries W. Neisingh RE RA, State University of Groningen / KPMG EDP Auditors, The Netherlands o Papers to be presented at the 13th Annual Computer Security Applications Conference, December 8-12, 1996, San Diego, CA Conference information: http://www.acsac.org/1997/overview.html - Micro-digital Money for Electronic Comerce, K.Nguyen, V. Varadharajan, Y. Mu, University of Western Sydney - An Efficient Off-Line Anonymous Cash Scheme, K. Nguyen, V. Varadharajan, Y. Mu, University of Western Sydney - The Secure Distribution of Digital Contents, E. von Faber, R. Hammelrath, F Heider, Debis IT Security Services - Securing an Object Relational Database, S. Lewis, S. Wiseman, Defense Evaluation and Research Agency - Supporting Secure Canonical Upgrade Policies in Multilevel Secure Object Stores, S. Foley, University College Cork - Incremental Assurance for Multilevel Applications, D. Thompson, Secure Computing Corp., M. Denz, Air Force Research Laboratory - An Efficient Message Authentication Scheme for Link State Routing, S. Cheung, UC, Davis - Detection and Classification of TCP/IP Network Services, K. Tan, B. Collie, Australian Federal Police - Achieving User Privacy in Mobile Networks, B. Askwith, M. Merabti, Q. Shi, K. Whiteley, Distributed Multimedia Systems Group - Domain and Type Enforcement Firewalls, K. Oostendorp, L. Badger, C. Vance, W. Morrison, D. Sherman, D. Sterne, TIS, Inc. - A Reference Model for Firewall Technology, C. Schuba, Purdue University - Using Type Enforcement to Assure a Configurable Guard, P. Greve, J. Hoffman, R. Smith, Secure Computing Corp. - Applying the DoD Goal Security Architecture as a Methodology for the Development of System and Enterprise Security Architectures, D. Mosier, T. Lowman, SAIC - An Architecture for Multilevel Secure Interoperability, M. Kang, J. Froscher, I.Moskowitz, NRL - Using Web Technologies in Two MLS Environments: A Security Analysis, R. Niemeyer, CSC - On the Key Recovery of the Key Escrow System, Y. Lee, C. Liah, National Huwei Institute of Technology - (t+1, n) Threshold and Generalized DSS Signatures without a Trusted Party, C.Wang, T. Hwang, National Cheng-Kung University - An Improved E-Mail Security Protocol, B. Schneier, C. Hall, Counterpane Systems - Implementing RBAC on a Type Enforced System, J. Hoffman,Secure Computing Corp. - Lattice Based Models for Controlled Sharing of Confidential Information in the Saudi Hajj System, T. Himdi, R. Sandhu, George Mason University - Using Kernel Hypervisors to Secure Applications, T. Mitchem, R. Lu, D. O'Brian, Secure Computing Corp. - Remote Electronic Gambling, C. Hall, B. Schneier, Counterpane Systems - Some Thoughts About the Ethical Responsibilities and Legal Liabilities of Network Security Professionals, F. Smith, D. Bailey, Rose, Kohn, & Davenport, Ltd. - PCASSO: Applying and Extending State-of-the-Art Security in the Healthcare Domain, D. Baker, R. Barnhart, T. Buss, SAIC - Doc, Wyatt and Virgil: Prototyping Storage Jamming Defenses, J. McDermott, R.Gelinas, S. Ornstein, NRL - Protecting Unattended Computers Without Software, C. Landwehr, NRL o Papers to be presented at 7TH USENIX UNIX Security Symposium January 26-29, 1998, San Antonio, Texas. Conference information: http://www.usenix.org/events/sec98 Refereed Papers: - A Comparison of Methods for Implementing Adaptive Security Policies Brian Loe, Michael Carney, Secure Computing Corporation - The CRISIS Wide Area Security Architecture Eshwar Belani, Amin Vahdat, Thomas E. Anderson, Michael Dahlin, University of California at Berkeley - Bro: A System for Detecting Network Intruders in Real-Time Vern Paxson, Lawrence Berkeley National Laboratory - Cryptographic Support for Secure Logs on Untrusted Machines Bruce Schneier, John Kelsey, Counterpane Systems - StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks Crispan Cowan, Oregon Graduate Institute - Data Mining Approaches for Intrusion Detection Wenke Lee, Salvatore J. Stolfo, Columbia University - Securing Classical IP over ATM Networks Carsten Benecke, Uwe Ellermann, Universitaet Hamburg, Fachbereich Informatik - A Java Beans Component Architecture for Cryptographic Protocols Pekka Nikander, Arto Karila, Helsinki University of Technology - Secure Videoconferencing Peter Honeyman, Andy Adamson, Kevin Coffman, Janani Janakiraman, Rob Jerdonek, Jim Rees, CITI, University of Michigan - Unified Support for Heterogeneous Security Policies in Distributed Syste ms Victoria Ungureanu, Naftaly H. Minsky, Rutgers University - Operating System Protection for Fine-Grained Programs Trent Jaeger, Jochen Liedtke, Nayeem Islam, IBM T.J. Watson Research Center - Expanding and Extending the Security Features of Java Karen R. Sollins, Nimisha V. Mehta, MIT Laboratory for Computer Science - Towards Web Security Using PLASMA A. Krannig, Fraunhofer-Institute for Computer Graphics IGD - Security of Web Browser Scripting Languages: Vulnerabilities, Attacks, a nd Remedies Alain Mayer, Vinod Anupam, Bell Labs, Lucent Technologies - Finite-state Analysis of SSL 3.0 John C. Mitchell, Vitaly Shmatikov, Ulrich Stern, Stanford University - Certificate Revocation and Certificate Update Kobbi Nissim, Moni Naor, Weizmann Institute of Science - Attack-resistant trust metrics for public key certification Raph Levien, Alex Aiken, U.C. Berkeley - Software generation of random numbers for cryptographic purposes Peter Gutmann, University of Auckland Invited Talks: - Keynote Address: Bill Cheswick, Lucent Technologies Security Lessons From All Over - Marcus Ranum, Network Flight Recorder Security Product Market: Trends and Influences - Steve Bellovin, AT&T Labs - Research Computer Security and Legal Liability - Clifford Neuman, USC-ISI Securing electronic commerce: Applied computer security or just common sense - JoAnn Perry, Independent consultant, and Shabbir Safdar, Goldman, Sachs & Co. Real World Security Practices - Arjen Lenstra, Citicorp Factoring, facts and fables - Alfred Menezes, Auburn University Elliptic Curve Cryptosystems -- Ready for Prime Time _______________________________________________________________________ Reader's Guide to Current Technical Literature in Security and Privacy Part 2: Journal and Newsletter Articles, Book Chapters _______________________________________________________________________ o Computers & Security Volume 16, Number 5 (1997). (Elsevier) Harold Joseph Highland Commemorative Issue. o ACM SIGOPS Operating System Review, Vol. 31, No. 4 (October, 1997). o IEEE Trans. on Knowledge and Data Engineering Vol. 9 No. 5 (September/October 1997, received Nov '97): V. Atluri, S. Jajodia, and E. Bertino. Transaction processing in multilevel secure databases with kernelized architecture: challenges and solutions. pp. 697-708. o Journal of Computer Security, Vol. 5, No. 2 [received about 10/97]: - D. Malkhi and M. Reiter. A high-throughput secure reliable multicast protocol. pp. 113-128. - J. Sinclair. Action systems for security specification. pp. 129-154. - S. De Capitani di Vimercati and P. Samarati. Authorization specification and enforcement in federated database systems. pp. 155-188. o Journal of Computer Security, Vol. 5, No. 1 [received about 10/97]: - P.A. Bonatti, M.L. Sapino, and V.S. Subrahmanian. Merging heterogeneous security orderings. pp. 3-10. - V. Lotz. Threat scenarios as a means to formally develop secure systems. pp. 31-68. - J. Camenisch, U. Maurer, and M. Stadler. Digital payments systems with passive anonymity-revoking trustees. pp. 69-90. - N. Asokan, G. Tsudic, and M. Waidner. Server-supported signatures. pp. 91-108. o Communications of the ACM, Vol. 40, No. 11 (November 1997): Hal Berghel. Watermarking cyberspace. pp. 19-24. o IEEE Transactions on Software Engineering, Vol. 23, No. 9 (Sept. 1997): R. Focardi and R. Gorrieri. The compositional security checker: a tool for the verification of information flow security properties. pp. 550-571. o Computers & Security Volume 16, Number 4 (1997). (Elsevier) Refereed Article: Chih-Hung Wang and Tzonelih Hwang. Modefied Chen-Hwang identity-based conference key broadcast schemes with user authentication. pp. 339-344. o ACM SIGOPS Operating System Review, Vol. 31, No. 4 (October, 1997). Shouhuai Xu, Gendu Zhang, and Hong Zhu. On the properties fo cryptographic protocols and the weaknesses of the BAN-like logics. pp. 12-23. _______________________________________________________________________ Reader's Guide to Current Technical Literature in Security and Privacy Part 3: Books ________________________________________________________________________ * Rita Summers. Secure Computing, Threats and Safeguards. McGraw-Hill 1997. Acronym list and Index. Each chapter a has summary, bibliographic notes, exercises and references. ISBN 0-07-069419-2. LoC QA76.9.A25S85.688 pp. $59.95. [Review by Bob Bruen in this issue]. * Agre, Philip E., and Marc Rotenberg (eds) Technology and Privacy: The New Landscape. MIT Press, Cambridge, 1997. ISBN 0262-01162-x LoC QA76.9.A25T43, 325 pages. $25.00 [Review by Bob Bruen in this issue] * Deavours, Cipher A., David Kahn, Louis Kruh, Greg Mellen, Brian J. Winkel, eds. Selection from Crypologia: History, People, Technology. Artech House, Boston, 1998, ISBN 0-89006-862-3, 544pp., $79. * Hendry, Mike. Smart Card Security and Applications. Artech House, Boston, 1997, ISBN 0-89006-953-0, 282pp., $65. * Opplinger, Rolf. Internet and Intranet Security. Artech House, Boston, Jan. 1998, ISBN 0-89006-829-1, 376pp., $69. ________________________________________________________________________ Calendar ________________________________________________________________________ ==================================================================== See Calls for Papers section for details on many of these listings. ==================================================================== "Conf Web Page" indicates there is a hyperlink on the Cipher Web pages to conference information. (In many cases there is such a link even though mention is not made of it here, to save space.) Dates Event, Location Point of Contact/ more information ----- --------------- ---------------------------------- 11/24/97: IEEE S&P '98, submissions due (hardcopy) 11/28/97: PKC '98, Yokohama, Japan. Submissions due to pkc98@imailab.iis.u-tokyo.ac.jp 11/30/97: CAiSE*98, Pisa, Italy; submissions to deantone@elet.polimi.it 12/ 4/97-12/ 5/97: IFIP-IICIS. Zurich, Switzerland 12/ 8/97-12/12/97: ACSAC '97, San Diego, CA 12/15/97: ITLIT Irvine, California; submissions to IT-Lit@nas.edu 12/17/97-12/19/97: ISCOM '97. Hsinchu, Taiwan 12/19/97: SICON '98. National University of Singapore, Singapore Submission due, email sicon@iscs.nus.edu.sg, ftp ftp.iscs.nus.edu.sg 12/29/97: IEEE-S&P. Oakland, California; publication release certification due 12/31/97: IH Workshop; Portland, Oregon; Submissions due, awk@ibeam.intel.com 1/ 6/98- 1/ 9/98: ENCXCS. Hawaii, HI 1/ 6/98- 1/ 8/98: OBJ-CSA, Monterey, CA 1/ 9/98: DOCSec '98, Baltimore, MD, submissions due: dmc@tycho.ncsc.mil 1/12/98: WebDB '98, Valencia, Spain, submissions due: webdb98@inf.uniroma3.it 1/15/98: ITLIT Invitational CSTB workshop, Irvine, California 1/15/98: COMPSAC '98, Vienna, Austria, submissions due: thura@mitre.org 1/15/98: IEEE COMPUTER special issue in Networking Security, submissions due to dowd@eng.umd.edu and jtmchen@afterlife.ncsc.mil 1/16/98: IFIP/SEC '98, Vienna and Budapest, Austria and Hungary; Submissions due to rposch@iaik.tu 1/21/98- 1/23/98: ICOIN--12. Saitama, Japan 1/26/98- 1/29/98: USENIX Sec Symp. San Antonio, Texas 2/ 2/98- 2/ 3/98: ADC '98. The Levels, South Australia 2/ 5/98- 2/ 6/98: PKC '98, Yokohama, Japan 2/ 6/98: CSFW 11; Rockport, Massachusetts; submissions due to snf22@ccsr.cam.ac.uk 2/20/98: ACISP '98, Brisbane, Australia, submissions due: acispsubmit@isrc.qut.edu.au 2/23/98: VLDB '98, New York City, NY, submissions due: widom@cs.stanford.edu 2/23/98- 2/27/98: ICDE '98. Orlando, Florida 2/28/98: ESORICS '98, Neuve, Belgium. Submissions due to Deswarte@laas.fr (hardcopy also required) 3/ 4/98- 3/ 5/98: WWCA '98, Tsukuba, JAPAN 3/10/98: IFIP WG11.3 Chalkidiki, Greece Submissions due to jajodia@gmu.edu 3/11/98- 3/13/98: SNDSS '98, San Diego, California 3/13/98: WFMSP, Indianapolis, Indiana; submissions due to nch@research.bell 3/15/98: DEXA-SIDIA '98, Vienna, Austra, submissions due: dexa98ws@wi-inf.uni-essen.de 3/27/98: FMLDO 7, Ostfriesland,Germany;submissions due to schewe@informatik.tu 3/27/98- 3/28/98: WebDB '98, Valencia, Spain 3/30/98- 4/ 3/98: ETAPS '98. Lisbon, Portugal 4/ 1/98: IIIS, Fairfax VA; submissions due to jajodia@isse.gmu.edu 4/ 3/98: CCS-5. San Francisco, CA, USAConf Web page 4/14/98- 4/17/98: AGENTS-EMCSR '98, Vienna, Austria 4/15/98- 4/17/98: IH Workshop; Portland, Oregon 5/ 3/98- 5/ 6/98: IEEE-S&P; Oakland, California 5/ 5/98- 5/ 7/98: DOCSec '98, Baltimore, MD 5/12/98- 5/15/98: 10th CITSS, Ottawa; no e-mail address available 5/31/98- 6/ 4/98: EUROCRYPT '98, Helsinki, Finland 6/ 1/98- 6/ 4/98: SIGMOD-PODS. Seattle, Washington 6/ 8/98- 6/12/98: CAiSE*98, Pisa, Italy 6/ 9/98- 6/11/98: CSFW 11; Rockport, Massachusetts 6/25/98: WFMSP, Indianapolis, Indiana 6/30/98- 7/ 2/98: ISCC '98. Athens, Greece 7/ 1/98- 7/ 4/98: SICON '98. National University of Singapore 7/13/98- 7/15/98: ACISP '98, Brisbane, Australia 7/15/98- 7/17/98: IFIP WG11.3, Chalkidiki, Greece 8/17/98- 8/21/98: COMPSAC '98, Vienna, Austria 8/24/98- 8/27/98: VLDB '98, New York City, NY 8/26/98- 8/28/98: DEXA-SIDIA '98, Vienna, Austria 8/31/98- 9/ 4/98: IFIP/SEC '98, Vienna and Budapest 9/16/98- 9/18/98: ESORICS '98, Neuve, Belgium 10/ 5/98-10/ 9/98: FMLDO 7, Ostfriesland, Germany 11/ 3/98-11/ 5/98: CCS-5. San Francisco, CA, USA 11/19/98-11/20/98: IIIS, Fairfax, VA 5/ 2/99- 5/ 5/99: IEEE S&P 99; Oakland no e-mail address available 5/11/99- 5/14/99: 11th CITSS, Ottawa; no e-mail address available 4/30/00- 5/ 3/00: IEEE S&P 00; Oakland no e-mail address available 5/16/00- 5/19/00: 12th CITSS, Ottawa; no e-mail address available Key: * ACISP = Australasian Conference on Information Security and Privacy * ACM-MOBILE = ACM Mobile Computing and Communications Review * ACM-MONET = Special Issue of the Journal on Special Topics in Mobile Networking and Applications * ACSAC = Annual Computer Security Applications Conference 13th Annual * AGENTS-EMCSR = From Agent Theory to Agent Implementation * ASIAN = Asian Computing Science Conference * ATMA = Advanced Transaction Models and Architectures ATMA * BDBIS = Baltic Workshop on DB and IS, BDBIS * CAiSE*98 = Conference on Advanced Information Systems Engineering * CCS = ACM Conference on Computer and Communications Security CCS-5 * CCSS = Annual Canadian Computer Security Symposium (see CITSS) * CIKM = Int. Conf. on Information and Knowledge Management * COMAD = Seventh Int'l Conference on Management of Data (India) * CISMOD = Int. Conf. on Information Systems and Management of Data * CITSS = Canadian Information Technology Security Symposium * CFP = Conference on Computers, Freedom, and Privacy * COMPSAC = Int'l. Computer Software and Applications Conference * CoopIS96 = First IFCIS International Conference on Cooperative Information Systems * CORBA SW = Workshop on Building and Using CORBASEC ORBS CORBA SW * CPAC = Cryptography - Policy and Algorithms Conference * CRYPTO = IACR Annual CRYPTO Conference * CSFW = Computer Security Foundations Workshop CSFW 11 * CSI = Computer Security Institute Conference * CVDSWS = Invitational Workshop on Computer Vulnerability Data Sharing * CWCP = Cambridge Workshop on Cryptographic Protocols * DART = Databases: Active & Real-Time * DASFAA = Database Systems For Advanced Applications DASFAA '97 * DATANET = Datanet Security, Annual International Conference and Exhibition on Wide Area Network Security * DCCA = Dependable Computing for Critical Applications * DEXA = International Conference and Workshop on Database and Expert Systems Applications * DEXA-SIDIA = DEXA Workshop on Security and Integrity of Data Intensive Applications * DIMACS Security Ver = DIMACS Workshop on Formal Verification of Security Protocols '97 workshop * DMKD = Workshop on Research Issues on Data Mining and Knowledge Discovery * DOCSec = Second Workshop on Distributed Object Computing Security * DOOD = Conference on Deductive and Object-Oriented Databases * ECDLP = Workshop on the Elliptic Curve Discrete Logarithm Problem ECDLP * EDOC = Enterprise Distributed Object Computing EDOC '97 * Electronic Commerce for Content II = Forum on Technology-Based Intellectual Property Management URL * ENCXCS = Engineering Complex Computer Systems Minitrack of HICSS ENCXCS * ENM = Enterprise Networking ENM '97 * ENTRSEC = International Workshop on Enterprise Security ENTRSEC '97 * ESORICS = European Symposium on Research in Computer Security * ETAPS = European Joint Conferences on Theory and Practice of Software * EUROCRYPT = EUROCRYPT EUROCRYPT '98 * FIRST = Computer Security Incident Handling and Response * FISP = Federal Internet Security Plan Workshop * FISSEA = Federal Information Systems Security Educators' Association * FME = Formal Methods Europe * FMLDO7 = Foundations of Models and Languages for Data and Objects * FMP = Formal Methods Pacific * FSE = Fast Software Encryption Workshop FSE4 * FMSP = Formal Methods in Software Practice * GBN = Gigabit Networking Workshop GBN'97 * HASE = High-Assurance Systems Engineering Workshop HASE '97 * HICSS = Hawaii International Conference on Systems Sciences * HPTS = Workshop on High Performance Transaction Systems * IC3N = Int. Conference on Computer Communications and Networks Sixth, '97 * ICAST = Conference on Advanced Science and Technology, 13th ICAST * ICCC = International Conference for Computer Communications ICCC '97 * ICDCS96 = The 16th Int.l Conference on Distributed Computing Systems * ICDE = Int. Conf. on Data Engineering ICDE '98 * ICDT = International Conference on Database Theory ICDT97 * ICECCS = International Conference on Engineering of Complex Computer Systems * ICI = International Cryptography Institute * ICICS = International Conference on Information and Communications Sec. * ICNP = International Conference on Network Protocols ICNP '97 * ICOIN = International Conference on Information Networking ICOIN--12 * ICSSDBM = Int. Conf. on Scientific and Statistical Database Management * IDEAS = International Database Engineering and Applications Symposium * IEEE S&P = IEEE Symposium on Security and Privacy IEEE S&P '98 * IEEE NM = IEEE Network Magazine Special Issue on PCS Network Management * IEEE-ANETS = IEEE Network Magazine Special Issue on Active and Programmable Networks * IESS = International Symposium on Software Engineering Standards * IFIP/SEC = International Conference on Information Security (IFIP TC11) IFIP/SEC '98 (Twelfth Annual) * IFIP WG11.3 = IFIP WG11.3 11th Working Conference on Database Security * IFIP Mobile Commns = IFIP 1996 World Conference, Mobile Communications * IFIP-IICIS = First Working Conference on Integrity and Internal Control in Information Systems * IH Workshop = Workshop on Information Hiding * IICIS = Integrity and Internal Control in Information Systems * IMACCC = IMA Conference on Cryptography and Coding, 5th IMACC * IMC = IMC Information Visualization and Mobile Computing * INET = Internet Society Annual Conference * INET = The Internet: Transforming Our Society Now * INTRA-FORA = International Conference on INTRANET: Foundation, Research, and Applications * IPIC = Integration of Enterprise Information and Processes * IPSWG = Internet Privacy and Security Workshop * IRISH = Irish Workshop on Formal Methods IRISH97 * IS = Information Systems (journal) * ISADS = Symposium on Autonomous Decentralized Systems ISADS '97 * ISCC = IEEE Symposium on Computers and Communications ISCC '98 * ISCOM = International Symposium on Communications ISCOM '97 * ISTCS = Fourth Israeli Symposium on Theory of Computing and Systems * ITLIT = CSTB Workshop on Information Technology Literacy * IT-Sicherheit = Communications and Multimedia Security: Joint Working conference of IFIP TC-6 and TC-11 and Austrian Computer Society * IWES = International Workshop on Enterprise Security * JBCS = Journal of the Brazilian Computer Society * JCMS = Journal of Computer Mediated Communication * JCS = Journal of Computer Security * JDSE = Journal of Distributed Systems Engineering; Future Directions for Internet Technology * JSS = Journal of Systems and Software (North-Holland) Special Issue on Formal Methods Technology Transfer * JTS = Journal of Telecommunications Systems, special multimedia issue * JWWW = World Wide Web Journal Web page * KDD = The Second International Conference on Knowledge Discovery and Data Mining * MCN = ACM Int. Conf. on Mobile Computing and Networking. See MOBICOM * MCDA = Australian Workshop on Mobile Computing & Databases & Applications * MDS = Second Conference on the Mathematics of Dependable Systems * METAD = First IEEE Metadata Conference METAD * MMD = Multimedia Data Security MMD '97 * MMDMS = Wkshop on Multi-Media Database Management Systems * MOBICOM = Mobile Computing and Networking MOBICOM '97 * NCSC = National Computer Security Conference * NGITS = World Conference of the WWW, Internet, and Intranet NGITS '97 * NISS = National Information Systems Security Conference NISS '97 * NSPW = New Security Paradigms Workshop NSPW '97 * OBJ-CSA = OMG-DARPA Workshop on Compositional Software Architectures * OOER = Fourteenth Int. Conf. on Object-Oriented and Entity Relationship Modelling * OSDI = Operating Systems Design and Implementation * PAKDD = First Asia-Pacific Conference on Knowledge Discovery and Data Mining * PISEE = Personal Information - Security, Engineering, and Ethics * PKC98 = Practice and Theory in Public Key Cryptography * PKS = Public Key Solutions * PTP = Workshop on Proof Transformation and Presentation * RBAC = ACM Workshop on Role-Based Access Control * RIDE = High Performance Database Management for Large Scale Applications * RTDB = First International Workshop on Real-Time Databases: Issues and Applications * SAC = Workshop on Selected Areas of Cryptography * SAFECOMP = Computer Safety, Reliability and Security * SCRAPC = Smart Card Research and Advanced Application Conference * SDSP = UK/Australian International Symposium On DSP For Communication Systems * SECURICOM = World Congress on the Security of Information Systems and Telecommunication * SFC = Society and the Future of Computing * SFTC-VI = Symposium on Fault Tolerant Computing - VI (Brazil) * SICON = IEEE Singapore International Conference on Networks SICON '98 * SIGMOD/PODS - ACM SIGMOD International Conference on Management of Data / ACM SIGACT SIGMOD-SIGART Symposium on Principles of Database Systems * SNDSS = Symp. on Network and Distributed System Security (Internet Society) * SOC = 18th Biennial Symposium on Communications, SOC18 * SOSP = ACM Symposium on Operating Systems Principles SOSP '97 * TAPOS = Theory and Applications of Object Systems, special issue Objects, Databases, and the WWW TAPOS * TAPSOFT = Theory and Practice of Software Development TAPSOFT '97 * TPHOLs = Theorem Proving in Higher Order Logics * TSMA = 5th International Conference on Telecommunication Systems - Modeling and Analysis TSMA '97 * USENIX Sec Symp = USENIX UNIX Security Symposium, 8th Annual * VLDB = International Conference on Very Large Data Bases * WDAG-9 = Ninth Int. Workshop on Distributed Algorithms * WebDB = International Workshop on the Web and Databases * WebNet = World Conference of the Web Society, WebNet 97 * WECS = ACM Workshop on Computer Security Education * WFMSP = Workshop on Formal Methods and Security Protocols WFMSP * WITAT = Workshop on Information Technology - Assurance and Trustworthiness * WOBIS = Workshop on Satellite-based Information Services WOBIS '97 * WWWC = International World Wide Web Conference ________________________________________________________________________ Listing of Academic (Teaching and Research) Positions in Computer Security maintained by Cynthia Irvine ________________________________________________________________________ * Dept. of Electrical and Computer Engineering, Iowa State University, Ames, Iowa Assistant, Associate, or Full Professor in Computer Engineering (special interest in networks and security) Date closed: December 15, 1997, or until filled http://vulcan.ee.iastate.edu/~davis/job-ad.html * Naval Postgraduate School Center for INFOSEC Studies and Research, Monterey, CA, Visiting Professor, (9/98) http://www.cs.nps.navy.mil/research/cisr/jobs/npscisr_prof_ad.html * Naval Postgraduate School Center for INFOSEC Studies and Research, Monterey, CA, Computer Scientist, (9/21/97) http://www.cs.nps.navy.mil/research/cisr/jobs/npscisr_97de055.html * US Air Force Academy Department of Computer Science, Colorado Springs, CO, Professor, (7/98) http://www.usafa.af.mil/dfcs/ * Purdue University, Computer Science Department, West Lafayette, IN Assistant Professor, tenure track, also Assoc. and Full Prof., (2/98) http://www.cs.purdue.edu/facAnnounce This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on the Cipher web page and e-mail issues, send the following information : Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ________________________________________________________________________ Data Security Letter Subscription Offer ________________________________________________________________________ A special subscription rate of $25/year for the Data Security Letter is now available to IEEE TC members. The DSL is an external, nonpartisan newsletter published by Trusted Information Systems, Inc. Eleven issues (usually 16 pages each) per year are published. The DSL welcomes reader suggestions and contributions and accepts short research abstracts (about 130 words) for publication on an ongoing basis. On occasion, the DSL will be republishing Cipher articles (with authors' approval), but such articles will constitute a small portion of DSL content (thus there will be very little duplication of Cipher material). IEEE TC members wishing to take advantage of the special subscription rate should send the following to sharon@tis.com. The information can also be faxed to 301-854-5363 (attention: DSL) phoned to 301-854-5338, or mailed to Trusted Information Systems, Inc., 3060 Washington Rd., Glenwood, MD 21738 USA. NAME: POSTAL ADDRESS: (Please indicate company name, if a business address) PHONE: (Please indicate if home or business) FAX: E-MAIL: IEEE Membership No. (if applicable): NOTE: If you are already a paying subscriber to the DSL, for the $25 you will receive a 2-year renewal; refunds, rebates, etc., on your current subscription are not available. If you have any questions about the offer or anything else pertaining to the DSL, you may contact the editor, Sharon Osuna, via E-Mail to sharon@tis.com or call her at 301-854-5338. ________________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy ________________________________________________________________________ You do NOT have to join either IEEE or the IEEE Computer Society to join the TC, and there is no cost to join the TC. All you need to do is fill out an application form and mail or fax it to the IEEE Computer Society. A copy of the form is included below (to simplify things, only the TC on Security and Privacy is included, and is marked for you) The full and complete form is available on the IEEE Computer Society's Web Server at URL: http://www.computer.org:80/tab/tcapplic.htm (print & mail form) or http://www.computer.org:80/tab/Tcappli1.htm (HTML form for form-enabled browsers) IF YOU USE THE FORM BELOW, PLEASE NOTE THAT THE IT IS TO BE RETURNED (BY MAIL OR FAX) TO THE IEEE COMPUTER SOCIETY, >>NOT<< TO CIPHER. --------- IEEE Computer Society Technical Committee Membership Application ----------------------------------------------------------- Please print clearly or type. ----------------------------------------------------------- Last Name First Name Middle Initial ___________________________________________________________ Company/Organization ___________________________________________________________ Office Street Address (Please use street addresses over P.O.) ___________________________________________________________ City State ___________________________________________________________ Country Postal Code ___________________________________________________________ Office Phone Fax ___________________________________________________________ Email Address (Internet accessible) ___________________________________________________________ Home Address (optional) ___________________________________________________________ Home Phone ___________________________________________________________ [ ] I am a member of the Computer Society IMPORTANT: IEEE Member/Affiliate/Computer Society Number: ____________________ [ ] I am not a member of the Computer Society* Please Note: In some TCs only current Computer Society members are eligible to receive Technical Committee newsletters. Please select up to four Technical Committees/Technical Councils of interest. TECHNICAL COMMITTEES [ X ] T27 Security and Privacy Please Return Form To: IEEE Computer Society 1730 Massachusetts Ave, NW Washington, DC 20036-1992 Phone: (202) 371-0101 FAX: (202) 728-9614 ________________________________________________________________________ TC Publications for Sale ________________________________________________________________________ Proceedings of the IEEE CS Symposium on Security and Privacy Sorry! Strong response has reduced our stocks of old proceedings, and we have closed this year's conference books, so we will not be accepting any more orders until spring 1998. You may still order current (1997) and some back issues from IEEE CS Press at http://www.computer.org/cspress/catalog/proc9.htm. This year's Computer Security Foundation Workshop took place the 10th through 12th of June in Kenmare, Ireland. Topics included authentication protocols (specifications, analysis, and attacks), formal security policies (non-interference style and access control), and intrusion detection. Copies of the proceedings are available from the publications chair for $25 each. Copies of last year's proceedings are also available at $20, and several earlier years at $15. Checks payable to "Joshua Guttman for CSFW" may be sent to: Joshua Guttman, MS A155 The MITRE Corporation 202 Burlington Rd. Bedford, MA 01730-1420 USA guttman@mitre.org Europeans may instead send checks payable in Irish punts (IEP 16 for 1996, IEP 12.50 for 1995) to: Simon Foley Dept of Computer Science University College Cork, Ireland simon@security.ucc.ie ________________________________________________________________________ TC Officer Roster ________________________________________________________________________ Chair: Past Chair: Charles P. Pfleeger Deborah Cooper Arca Systems, Inc. P.O. Box 17753 8229 Boone Blvd, Suite 750 Arlington, VA 22216 Vienna VA 22182-2623 (703) 908-9312 (voice and fax) (703) 734-5611 (voice) d.cooper@computer.org (703) 790-0385 (fax) c.pfleeger@computer.org Vice Chair: Thomas A. Berson Anagram Laboratories P.O. Box 791 Palo Alto, CA 94301 (650) 324-0100 (voice) berson@anagram.com Newsletter Editor: Chair, Academic Affairs Subcommitte: Carl Landwehr Prof. Cynthia Irvine Code 5542 U.S. Naval Postgraduate School Naval Research Laboratory Computer Science Department Washington, DC 20375-5337 Code CS/IC (202) 767-3381 (voice) Monterey CA 93943-5118 landwehr@itd.nrl.navy.mil (408) 656-2461 (voice) irvine@cs.nps.navy.mil Chair, Standards Subcommittee: Chair, Security Conferences Subcommittee: David Aucsmith Michael Reiter Intel Corporation AT&T Bell Labs JF2-74 Room A269 2111 N.E. 25th Ave 180 Park Ave Hillsboro OR 97124 Florham Park NJ 07932-0971 (503) 264-5562 (voice) (973) 360-8349 (voice) (503) 264-6225 (fax) (973) 360-8809 (fax) awk@ibeam.intel.com reiter@research.att.com ________________________________________________________________________ Information for Subscribers and Contributors ________________________________________________________________________ SUBSCRIPTIONS: Two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to (which is NOT automated) with subject line "subscribe". 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing or downloading from our ftp server send e-mail to (which is NOT automated) with subject line "subscribe postcard". To remove yourself from the subscription list, send e-mail to cipher-request@itd.nrl.navy.mil with subject line "unsubscribe". Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher CONTRIBUTIONS: to are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. For Calendar entries, please include an e-mail address for the point-of-contact. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. BACK ISSUES: There is an archive that includes each copy distributed so far, in ascii, in files you can download at URL http://www.itd.nrl.navy.mil/ITD/5540/ieee/cipher/cipher-archive.html There is also an anonymous FTP server that contains the same files. To access the archive via anonymous FTP: 1. ftp www.itd.nrl.navy.mil 2. At prompt for ID, enter "anonymous" 3. At prompt for password, enter your actual, full e-mail address 4. Once you are logged in, change to the Cipher Directory: cd pub/cipher 5. Now you can request any of the files containing Cipher issues in ascii. Issues are named in the form: EI#N.9708 where N is the number of the issue desired and 9703 captures the year and month it appeared. ========end of Electronic Cipher Issue #25, 25 November 1997=============