Subject: Electronic CIPHER, Issue 38, August 4, 2000 _/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ==================================================================== Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 38 August 4, 2000 Jim Davis, Editor Hilarie Orman, Assoc. Editor Bob Bruen, Book Review Editor Mary Ellen Zurko, Assoc. Editor Anish Mathuria, Reader's Guide ==================================================================== http://www.ieee-security.org/cipher.html Contents: * Letter from the Editor * Conference and Workshop Announcements o Call for papers for the 2001 Security & Privacy Conference, May 13-16, 2001, Oakland, CA, USA o Upcoming calls-for-papers and events * News Briefs: o Cipher has moved to www.ieee-security.org o LISTWATCH by Mary Ellen Zurko * Commentary and Opinion o Editorial on UCITA by Eugene Spafford o Robert Bruen's review of "The Hundredth Window", by Charles Jennings and Lori Fena o Robert Bruen's review of "The End of Privacy", by Charles Sykes o Report on CSFW, by Joshua Guttman o Report on the 2000 S&P Oakland conference, by Hilarie Orman and Richard Schroeppel o Report on FIRST, by Cristina Serban * Staying in Touch o Information for subscribers and contributors o Recent address changes * Interesting Links and New reports available via FTP and WWW * Reader's guide to recent security and privacy literature, by Anish Mathuria * List of Computer Security Academic Positions, by Cynthia Irvine * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: We are pleased to bring you this issue of Cipher! We have reviews of the 2000 S&P Oakland conference (Hilarie Orman and Richard Schroeppel) and FIRST'2000 (Cristina Serban) along with two book reviews (Robert Bruen) and LISTWATCH (Mary Ellen Zurko). You may recall that the May issue of Cipher was distributed during the frenzy over ILOVEYOU and its cousins. I had several mailings returned to me along with an automated note stating that my email (the TEXT version of Cipher) was infected with the ILOVEYOU virus and that I should be more careful about the mail I send to others....I hope that the email scanning programs will find this month's Cipher more pleasing. Two quick notes to highlight: The TC has it's own domain name (www.ieee-security.org) and we have moved the web pages for the TC, Cipher, and the calls-for-papers to the new site. The URLs for various Cipher departments are listed in Cipher NewsBriefs section. Second, the call-for-papers for the 2001 S&P Oakland conference has just been released! See www.ieee-security.org/TC/sp2001.html for details. Many thanks to our contributors and for their help with this issue! This is truly a community-driven newsletter; I continue to be amazed and pleased with your commitment to keeping Cipher a relevant and useful newsletter. Best regards, Jim Davis ==================================================================== Conference and Workshop Announcements ==================================================================== CALL FOR PAPERS 2001 IEEE Symposium on Security and Privacy May 13-16, 2001 The Claremont Resort Oakland, California, USA sponsored by IEEE Computer Society Technical Committee on Security and Privacy in cooperation with The International Association for Cryptologic Research (IACR) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Previously unpublished papers offering novel research contributions in any aspect of computer security or electronic privacy are solicited for submission to the 2001 symposium. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. We particularly welcome papers that help us continue our re-established emphasis on electronic privacy. Topics of interest include, but are not limited to, the following: Commercial and industrial security Electronic privacy Mobile code and agent security Distributed systems security Network security Anonymity Data integrity Access control and auditing Information flow Security verification Viruses and other malicious code Security protocols Authentication Biometrics Smartcards Electronic commerce Intrusion detection Database security Language-based security Denial of service INSTRUCTIONS FOR PAPER SUBMISSIONS Submitted papers must not substantially overlap papers that have been published or that are simultaneously submitted to a journal or a conference with proceedings. Papers should be at most 15 pages excluding the bibliography and well-marked appendices (using 11-point font,single column format, and reasonable margins on 8.5"x11" or A4 paper), and at most 25 pages total. Committee members are not required to read the appendices, so the paper should be intelligible without them. Papers should be submitted in a form suitable for anonymous review: remove author names and affiliations from the title page, and avoid explicit self-referencing in the text. To submit, please visit URL: http://cmt.research.microsoft.com/SSP2001/ and enter your paper in Portable Document Format (.pdf) or as a Postscript file (.ps). Submissions received after the submission deadline or failing to conform to the guidelines above risk rejection without consideration of their merits. Where possible all further communications to authors will be via email. Paper submissions due: November 7, 2000 Acceptance notification: January 29, 2001 If for some reason you cannot conform to these submission guidelines, please send email to needham@microsoft.com. Please use a subject field containing the string "Oakland01". PANEL PROPOSALS The conference may include panel sessions addressing topics of interest to the computer security community. Proposals for panels should be no longer than five pages in length and should include possible panelists and an indication of which of those panelists have confirmed participation. Send an email with a MIME attachment containing your panel proposal in PDF or Postscript format to needham@microsoft.com. This email should state that your proposal is for the 2001 IEEE Symposium on Security and Privacy, and should include the proposers' names, email and postal addresses, and phone and fax numbers. Please use a subject field containing the string "Oakland01". Panel proposals due: November 7, 2000 Acceptance notification: January 29, 2001 5-MINUTE TALKS A continuing feature of the symposium will be a session of 5-minute talks, where attendees can present preliminary research results or summaries of works published elsewhere. Printed abstracts of these talks will be distributed at the symposium. Abstracts for 5-minute talks should fit on one 8.5"x11" or A4 page, including the title and all author names and affiliations. Send an email with a MIME attachment containing your abstract in PDF or Postscript format to needham@microsoft.com. This email should state that your abstract is for the session of 5-minute presentations at the 2001 IEEE Symposium on Security and Privacy, and should include the presenter's name, email and postal addresses, and phone and fax numbers. Please use a subject field containing the string "Oakland01". 5-Minute abstracts due: March 13, 2001 Acceptance notification: March 31, 2001 General chair: Li Gong (Sun Microsystems, USA) Vice chair: Heather Hinton (Tivoli Systems, USA) Program co-chairs: Roger Needham (Microsoft Research, UK) Martin Abadi (Bell Labs - Lucent, USA) Treasurer: Brian Loe (Secure Computing Corporation, USA) Program Committee: Paul Ammann (George Mason University, USA) Lee Badger (Network Associates, USA) Mihir Bellare (University of California San Diego, USA) Marc Dacier (IBM Zurich Research Laboratory, Switzerland) Simon Foley (University College, Cork, Ireland) Virgil Gligor (University of Maryland, USA) Stuart Haber (Intertrust, USA) Paul Karger (IBM Research, USA) Markus Kuhn (University of Cambridge, UK) Teresa Lunt (Xerox PARC, USA) Andrew Myers (Cornell University, USA) Dan Simon (Microsoft Research, USA) David Wagner (University of California Berkeley, USA) Avishai Wool (Bell Labs - Lucent, USA) ==================================================================== Upcoming Calls-For-Papers and Events ==================================================================== The complete Cipher Calls-for-Papers is located at www.ieee-security.org/cfp.html. The Cipher event Calendar is at www.cs.utah.edu/flux/cipher/cipher-hypercalendar.html ____________________________________________________________________ Cipher Event Calendar ____________________________________________________________________ Calendar of Security and Privacy Related Events maintained by Hilarie Orman Date (Month/Day/Year), Event, Locations, e-mail for more info. See also Cipher Calls for Papers file (www.ieee-security.org/cfp.html) for details on many of these listings. Also worth a look are the ICL calendar and the IACR site, and several others 8/ 1/00: 5th NORDSE, Reykjavik, Iceland; submissions due; www.ru.is/nordsec2000/ 8/ 2/00: NDSS '01, San Diego, California;Submissions due, www.isoc.org/ndss01/cfp 8/ 6/00- 8/11/00: MSWiM 2000, Boston, Massachusetts 8/10/00: INDOCRYPT 2000, Calcutta, India; submissions due; 8/11/00: DAMMCC4, Boston, Massachusetts www.cis.udel.edu/~elloyd/dialm.d/home.html 8/14/00- 8/17/00: USENIX Sec Sym 9. Denver, Colorado www.usenix.org/events/sec2000 8/14/00- 8/15/00: SAC 2000, Waterloo, Canada 8/15/00: ISADS 2001, Dallas, Texas; isads.utdallas.edu 8/17/00- 8/18/00: CHES 2000, Worcester, Massachusetts 8/20/00- 8/24/00: CRYPTO 2000, Santa Barbara, California; www-cse.ucsd.edu/users/mihir/crypto/electronic.html 8/25/00: FME 2001, Berlin, Germany; www-cse.ucsd.edu/users/mihir/crypto/electronic.html 9/ 4/00- 9/ 8/00: DEXA 2000 9/ 4/00- 9/ 8/00: NBIS 2000, Greenwich, www.takilab.k.dendai.ac.jp/conf/dexa2000/nbis/ 9/ 6/00- 9/ 8/00: MDDS 2000, Greenwich, UK 9/ 6/00- 9/ 8/00: CoopIS 2000, Eilat, Israel 9/11/00- 9/15/00: ICECCS 2000, Tokyo, Japan; www.polimi.it/iceccs2000 9/11/00- 9/13/00: WECS 2000, Monterey, CA 9/13/00- 9/15/00: ASAMA2000. ETH Zurich, Switzerland www.inf.ethz.ch/ASA-MA/ 9/14/00- 9/16/00: VI RECSI, Tenerife, Canary Islands, Spain 9/18/00- 9/21/00: NSPW 2000, Cork, Ireland; Web: www.nspw.org/ 9/18/00- 9/30/00: FOSAD, Bertinoro, Italy; www.cs.unibo.it/~gorrieri/fosad 9/19/00- 9/21/00: PKS 2000, San Jose, CA 9/20/00- 9/22/00: CARDIS 00, Bristol, UK. www.cardis.org 9/25/00- 9/28/00: EDOC 2000, Makuhari, Japan 9/25/00- 9/27/00: WISAC, Monterey, California; cisr.nps.navy.mil/events/WISAC/WISAC_index.html 9/27/00- 9/29/00: ISSE 2000 Barcelona, Spain 10/ 1/00: OPENARCH '01, Anchorage, Alaska; www.openarch.org 10/ 2/00-10/ 4/00: RAID 2000, Toulouse, France; www.raid-symposium.org/Raid2000/cfp2000.html 10/ 4/00-10/ 6/00: ESORICS 2000; Toulouse, France, www.cert.fr/esorics2000/ 10/ 4/00-10/ 6/00: DISC 2000, Toledo, Spain; www.disc2000.org/ 10/ 4/00-10/ 6/00: ECC 2000, Essen, Germany; www.cacr.math.uwaterloo.ca 10/11/00-10/14/00: SOFTCOM 2000 10/12/00-10/13/00: 5th NORDSEC, Reykjavik, Iceland; www.ru.is/nordsec2000/ 10/16/00-10/19/00: 23rd NCSC, Baltimore, Maryland 10/16/00-10/18/00: IC3N 2000, Las Vegas, Nevada; icccn.cstp.umkc.edu 10/16/00-10/20/00: MSRI-NTCW, Berkeley, CA 10/22/00-10/25/00: PROMS 2000, Cracow, Poland PROMS2000.kt.agh.edu.pl/ 10/23/00-10/25/00: OSDI 2000 San Diego, California 10/24/00-10/27/00: IPSEC 2000, Paris, France; www.upperside.fr/baipsecy2k.htm 10/25/00-10/27/00: SAFECOMP 00, Rotterdam, Netherlands 10/30/00-11/ 3/00: 8th ACM-MM, Los Angeles, California www.acm.org/sigmm/MM2000 10/30/00-11/ 3/00: AMOC 00, Penang, Malaysia 11/ 1/00-11/ 4/00: CCS 7, Athens, Greece; www.ccs2000.org 11/ 4/00: SPECOMM 2000, Athens, Greece 11/ 6/00-11/11/00: Ninth CIKM, Washington, DC 11/ 8/00-11/10/00: IEEE-LCN, Tampa, FL Conf Web page 11/ 8/00-11/10/00: NGC 2000, Palo Alto, California; www.cs.ucsb.edu/ngc2000/ 11/13/00-11/16/00: CSI 2000, Chicago, Illinois 11/14/00-11/17/00: ICNP 2000, Osaka, Japan 11/30/00: Computer Security Day 11/30/00: CaLC '01, Providence, RI; www.math.brown.edu/~jhs/CALC/CALC.html 12/ 3/00-12/ 7/00: Asiacrypt 2000, Kyoto, Japan 12/ 7/00: WOIH-4, Pittsburgh, PA; chacs.nrl.navy.mil/IHW2001 12/ 8/00-12/ 9/00: ICISC 2000, Seoul, Korea 12/10/00-12/13/00: INDOCRYPT 2000, Calcutta, India 12/11/00-12/15/00: 16th ACSAC, New Orleans, Louisiana; www.acsac.org 12/13/00-12/15/00: FST-TCS 2000, New Delhi, India; www.cse.iitd.ernet.in/~fsttcs20 12/14/00-12/16/00: Tenth COMAD, Pune, India 12/14/00-12/16/00: ADCOM 2000, Cochin, India; www.adcom2000.homepage.com/ 12/17/00-12/20/00: HiPC 2000, Bangalore, India; www.hipc.org 12/18/00-12/19/00: ISW 2000, Wollongong, Australia 12/18/00-12/20/00: PRDC 00, Los Angeles, California 2/ 7/01- 2/ 9/01: NDSS '01, San Diego, California; www.isoc.org/ndss01/cfp 3/12/01- 3/16/01: FME 2001, Berlin, Germany; www.informatik.hu-berlin.de/top/fme2001 3/28/01: ISADS 2001, Dallas, Texas; isads.utdallas.edu 3/29/01- 3/30/01: CaLC '01, Providence, RI; www.math.brown.edu/~jhs/CALC/CALC.html 4/22/01- 4/23/01: OPENARCH '01, Anchorage, Alaska; www.openarch.org 4/25/01- 4/27/01: WOIH-4, Pittsburgh, PA; chacs.nrl.navy.mil/IHW2001 5/13/01- 5/17/01: IEEE S&P 2001, Oakland, California 8/13/01- 8/16/01: 10th USENIX Security Symposium, Washington, D.C. 11/13/01-11/16/01: ICICS, Xian, China ____________________________________________________________________ Conference and Workshop *Calls-for-Papers* August 2000-December 2000 ____________________________________________________________________ INDOCRYPT'2000 Web: www.isical.ac.in/~indocrypt First International Conference on Cryptology in India, Indian Statistical Institute, Calcutta, India, December 10-13, 2000. (Submissions due: August 10, 2000) Original papers on all technical aspects of cryptology are solicited. Please see the conference web page for details. ISW'2000, Web: isads.utdallas.edu Third IEEE Information Survivability Workshop, Boston, MA, USA, October 24-26, 2000. (papers due August 15, 2000) The Information Survivability Workshops provide a forum for researchers, practitioners, and sponsors to discuss problems associated with the survivability of mission-critical systems, and to identify solutions to these problems. A primary goal of the workshops is to identify and highlight new survivability research ideas that can contribute to the protection of critical infrastructures and critical applications. Another important goal is to foster research collaboration to improve the survivability of systems that support our global information society. Participation in the workshop is BY INVITATION ONLY, based on the submission of a short position paper (of up to 4 pages in length). The position paper should clearly indicate how the background or interests of the author(s) would contribute to the goals of the workshop. We are especially interested in submissions that either: (a) summarize new research results, (b) describe dependability and fault-tolerance approaches for enhancing survivability, (c) summarize case studies or experience with critical applications, or (d) document relevant policy or other approaches (such as insurance) that contribute to the survivability of critical applications. A complete list of topics of interest and instructions for submitting a position paper are given on the conference web site at www.cert.org/research/isw2000/cfp.html, or you may contact the workshop organizers at isw-2000@cert.org. ISADS 2001 Web: isads.utdallas.edu The Fifth International Symposium on Autonomous Decentralized Systems, Dallas, Texas, USA, March 26-28, 2001. (Papers and panel proposals due August 15, 2000) Driven by the continuous growth in the power, intelligence and openness of computer, communication and control technologies, possibilities and opportunities for realizing highly efficient and dependable business and control systems have been steadily increasing. Dynamically changing social and economic situations demand next-generation systems based on emerging technologies and applications. Such systems are expected to have the characteristics of living systems composed of largely autonomous and decentralized components. Such systems are called Autonomous Decentralized Systems (ADS). While ISADS 2001 will primarily focus on advancements and innovation in ADS concept, technologies, and applications related to the increasingly important topic of Electronic Commerce, other themes such as telecommunications and heterogeneous system and application integration will also be included. The scope of discussions on ADS shall include, but not be limited to: - Computer and communication architectures / intelligent network /Internet; - Heterogeneous distributed information / control systems; - Mobile agent /computer-supported cooperative works; - Distributed software development and maintenance; - Assurance, fault tolerance and on-line expansion; - Object management architecture /design pattern / application frameworks; - Emergent control and robotic systems; - Novel applications: electronic commerce, telecommunications, information service systems, manufacturing systems, real-time event management, office automation, traffic and transportation control, logistics systems. See the conference web site for details. FME2001 Web: www.informatik.hu-berlin.de/top/fme2001 FORMAL METHODS EUROPE Formal Methods for Increasing Software Productivity, Humboldt-Universitaet zu Berlin, Germany, March 12-16, 2001. (Papers, tutorial and workshop proposals due: August 25, 2000) FME 2001 is the tenth in a series of symposia organised by Formal Methods Europe, an independent association whose aim is to stimulate the use of, and research on, formal methods for software development. The theme of FME 2001 is Formal Methods for Increasing Software Productivity. This theme recognizes that formal methods have the potential to do more for industrial software development than enhance software quality--they can also increase productivity at many different points in the software life-cycle. The symposium committee is particularly interested in papers on the use of formal methods to increase productivity, for example on: - Codifying domain knowledge - Re-using components - Automatically generating code and/or documentation - Improving the efficiency of software testing - Enhancing analysis techniques for validation and verification - Exploiting commonalities within product families - Improving the maintainability and modifiability of software - Empirical studies of effects on productivity The symposium committee solicits full-length papers in two broad categories: 1. Use of formal methods, including reports on industrial use, substantial case studies, comparisons among methods, education, and technology transfer. 2. Development of formal methods, including motivating factors, theoretical foundations, extensions, manual procedures, and tool support. More information about the submission of papers, tutorial and workshop proposals can be found on the conference web site. SREIS Web: www.cerias.purdue.edu/SREIS.html Symposium on Requirements Engineering for Information Security, Purdue University CERIAS, West Lafayette, Indiana, USA, November 15-17, 2000. (Papers due September 6, 2000) [The dates for submissions and the symposium itself may change to accommodate a special, accompanying event. Check the on-line CFP at www.cerias.purdue.edu/SREIS.html after August 6 for updates.] The symposium is intended to provide researchers and practitioners from various disciplines with a highly interactive forum to discuss security and privacy-related requirements. Specifically, we encourage those in the fields of requirements engineering, software engineering, information systems, information and network security as well as trusted systems to present their approaches to analyzing, specifying and testing requirements to increase the level of security provided to users interacting with pervasive commerce, research and government systems. Symposium attendance will be limited. All attendees are encouraged to submit a paper or position statement. Special emphasis will be placed on attendance by graduate students participating in PhD study. Some travel and expense scholarships for these students will be available; preference will be given to students from CERIAS Affiliate centers and programs. Submissions are encouraged addressing a range of requirements engineering, security, and privacy issues, such as: - Solutions to known RE problems as applied to security and privacy - Innovative research ideas initiating new research directions - Industrial problem statements - Generalizations from individual industrial experiences - RE for trusted Commercial Off-The-Shelf (COTS) systems - Empirical studies of industrial RE practice - Capture and expression of informal and ad hoc requirements - Managing conflicting requirements of operational effectiveness and security - Methods for the specification and analysis of security requirements - Methods for ensuring compliance between requirements and policies More information can be found on the symposium web site at www.cerias.purdue.edu/SREIS.html OPENARCH'01 Web: www.openarch.org The Fourth IEEE Conference on Open Architectures and Network Programming, Hilton Anchorage Hotel, Anchorage, Alaska, April 22-23, 2001. (Papers, tutorial and workshop proposals due: October 1, 2000) The Fourth IEEE Conference on Open Architectures and Network Programming invites participation in this international forum on active, and programmable networks. Advances in open signaling and control, active networks, mobility management, transportable software, web-based services access, and distributed systems technologies are driving a reexamination of existing network software architectures and the evolution of control and management systems away from traditional constrained solutions. OPENARCH 2001 will foster a better understanding of these new network software architectures and techniques that are making the network interface more flexible and robust. Authors are invited to submit both full and short papers for consideration. Suggested topics include: - Advances in active networks - Open and innovative signaling systems - Programming abstractions and interfaces for networks - Service creation platforms - Programming for mobility - Programming for Quality of Service - Intelligent agents and trading - Distributed computing models and algorithms - Security in an open object world - Support for multiple control planes - Control and resource APIs and object representations - Performance of control architectures - Experimental architectures and implementation techniques - Enabling technologies, platforms and languages (CORBA, WWW, Java, ...) - Reliability of programmable networking technologies - Modeling of network services - Programmability support for virtual networks - Interactive multimedia, multi-party cooperation and groupware - Pricing and real-time billing - Secure transactions processing and electronic commerce - Active networks in telephony Complete instructions for submissions can be found on the conference web site. CaLC 2001 Web: www.math.brown.edu/~jhs/CALC/CALC.html Cryptography and Lattices Conference, Brown University, Providence, Rhode Island, USA, March 29-30, 2001. (papers due: November 30th, 2000) The focus of this conference is on all aspects of lattices as used in cryptography and complexity theory. We hope that the conference will showcase the current state of lattice theory and will encourage new research in both the theoretical and the practical uses of lattices and lattice reduction in the cryptographic arena. We encourage submission of papers from academia, industry, and other organizations. Topics of interest include the following, but any paper broadly connected with the use of lattices in cryptography or complexity theory will be given serious consideration: - Lattice reduction methods, including theory and practical implementation. - Applications of lattice reduction methods in cryptography, cryptanalysis and related areas of algebra and number theory. - Cryptographic constructions such as public key cryptosystems and digital signatures based on lattice problems. - Complexity theory of hard lattice problems such as SVP and CVP. - Other lattice related cryptographic constructions, for example based on cyclotomic fields, finite group rings, or group representations. If you want to receive emails with subsequent Calls for Papers and registration information, please send a brief mail to . More information can be found on the conference web site at www.math.brown.edu/~jhs/CALC/CALC.html IHW2001 Web: chacs.nrl.navy.mil/IHW2001 4th International Information Hiding Workshop, Holiday Inn University Center, Pittsburgh, PA, USA, April 25-27, 2001 (submissions due December 7, 2000) Many researchers are interested in hiding information or, conversely, in preventing others from doing so. As the need to protect digital intellectual property grows ever more urgent, this research is of increasing interest to both the academic and business communities. Current research themes include: copyright marking of digital objects, covert channels in computer systems, detection of hidden information, subliminal channels in cryptographic protocols, low-probability-of-intercept communications, and various kinds of anonymity services ranging from steganography through location security to digital elections. Interested parties are invited to submit papers on research and practice which are related to these areas of interest. Further information can be obtained at chacs.nrl.navy.mil/IHW2001 or by contacting the program chair at ihw@itd.nrl.navy.mil ICICS'2001 Web: homex.coolconnect.com/member2/icisa/icics2001.html Third International Conference on Information and Communications Security, Xian, China, November 13-16, 2001. (submissions due May 20, 2001) ICICS’01 covers all aspects of theory and application of information and communications security. More information can be found on the conference web page at homex.coolconnect.com/member2/icisa/icics2001.html ==================================================================== Conferences and Workshops (the call for papers deadline has past) August 2000-October 2000 ==================================================================== MSWiM'2000 Web: www.tlc.polito.it/mswim Third ACM International Workshop on Modeling, Analysis and Simulation of Wireless and Mobile Systems, in conjunction with MobiCom 2000, August 6-11, 2000, Boston, MA, USA. 4th International Workshop on Discrete Algorithms and Methods for Mobile Computing & Communications, Boston, Massachusetts, USA, August 11, 2000. In conjunction with ACM MobiCom 2000. SAC2000 Web: www.cacr.math.uwaterloo.ca/conferences/2000/SAC2000/announcement.html Seventh Annual Workshop on Selected Areas in Cryptography, August 14-15, 2000, Waterloo, Ontario, Canada. USENIX Web: www.usenix.org/events/sec2000 9th USENIX Security Symposium, Denver, Colorado, USA, August 14-17, 2000. CHES'2000 Web: www.ece.WPI.EDU/Research/crypt/ches Workshop on Cryptographic Hardware and Embedded Systems, Worcester Polytechnic Institute, Worcester, Massachusetts, USA., August 17-18, 2000. CRYPTO Web: www.cse.ucsd.edu/users/mihir/crypto2k Santa Barbara, California, USA, August 20-24, 2000. NBIS2000 Web: www.takilab.k.dendai.ac.jp/conf/dexa2000/nbis/ The Third International Workshop on Network-Based Information Systems in conjunction with the 11th International Conference on Database and Expert Systems Applications (DEXA'2000), Greenwich, United Kingdom, September 4-8, 2000. [posted here 5/29/00] DEXA2000 Web: www.dexa.org/dexa00/ 11th International Conference and Workshop on Database and Expert Systems Applications, London - Greenwich, United Kingdom, September 4- 8, 2000. MDDS'2000 Web: www.ct.monash.edu.au/DPMC/mdds/mdds2000/ Third International Workshop on Mobility in Databases and Distributed Systems (in conjunction with DEXA'2000), Greenwich, UK, September 6-8, 2000. CoopIS'2000 Web: www.haifa.il.ibm.com/coopis2000.html In Cooperation with VLDB'2000, Eilat, Israel, September 6-8, 2000. Organized by the International Foundation on Cooperative Information ISSSTA 2000 Web: www.ISSSTA2000.org IEEE Sixth International Symposium on Spread Spectrum Techniques and Applications, Sheraton Tara, Parsippany, NJ, USA, September 6-8, 2000. WECS'2000 Web: cisr.nps.navy.mil/events/wecs/wecs2000_announce.html Practicum Workshop on Education in Computer Security, Center for Information Systems Security Studies and Research, Naval Postgraduate School, Monterey, California, USA, September 11-13, 2000. ICECCS'2000 Web: www.polimi.it/iceccs2000. Sixth IEEE International Conference on Engineering of Complex Computer Systems, Boissonade Tower, Ichigaya Campus, Hosei University, Tokyo, Japan, September 11-15, 2000. ASA/MA 2000 www.inf.ethz.ch/ASA-MA/ Second International Symposium on Agent Systems and Applications, Fourth International Symposium on Mobile Agents, ETH Zurich, Switzerland, September 13-15, 2000. Biometric Consortium 2000 Conference Web: www.nist.gov/bc2000 "Biometric Technologies...Emerging into the Mainstream", NIST, Gaithersburg, MD, USA, September 13-14, 2000. www.cs.unibo.it/~gorrieri/fosad International School on Foundations of Security Analysis and Design, September 18-30, 2000, Bertinoro, Italy.    NSPW' 2000 Web: www.nspw.org/ New Security Paradigms Workshop 2000, Ballycotton, County Cork, Ireland, September 19-21, 2000.   PKS' 2000 Web: www.certicom.org/sitemap_frames/news_pks_fs.html Catch the Perfect Wave of the New Mobile World, San Jose, CA, USA, September 19-21, 2000. CARDIS 2000 Web: www.cardis.org IFIP CARDIS 2000 Fourth Smart Card Research and Advanced Application Conference HP Labs, Bristol, UK, September 20-22, 2000. WISAC Web: cisr.nps.navy.mil/events/WISAC/WISAC_index.html  Workshop on Innovations in Strong Access Control, Monterey, California, September 25-27, 2000 EDOC'2000 Web: www.iijima.ae.keio.ac.jp/edoc/cfp.html Fourth International Enterprise Distributed Object Computing Conference, Makuhari, Japan, September 25-28, 2000 niap.nist.gov/telecomm/ Workshop on Telecommunications Security, The University of Tulsa, Tulsa, Oklahoma, USA, September 27-28, 2000. ISSE' 2000 Barcelona, September 27-29, 2000. RAID' 2000 Web: www.raid-symposium.org/Raid2000/cfp2000.html Third International Workshop on the Recent Advances in Intrusion Detection (in conjunction with ESORICS 2000), Toulouse, France, October 2-4, 2000. ESORICS 2000 Web: www.cert.fr/esorics2000/ 6th European Symposium on Research in Computer Security Toulouse, France, October 4-6, 2000. ECC'2000 Web: www.cacr.math.uwaterloo.ca The 4th Workshop on Elliptic Curve Cryptography, University of Essen, Essen, Germany, October 4-6, 2000. DISC'2000 Web: www.disc2000.org/ 14th International Symposium on DIStributed Computing, Toledo, Spain, October 4-6, 2000. SOFTCOM'2000 Web: www.fesb.hr/SoftCOM/2000/NS/Call_For_Papers.htm Eighth International Conference on Software, Telecommunications and Computer Networks (co-sponsored by the IEEE Communications Society), held aboard the luxury ship "Marko Polo", October 10-14, 2000. NORDSEC'2000 Web: www.ru.is/nordsec2000/ Fifth Nordic Workshop on Secure IT Systems - Encouraging Cooperation, Reykjavik, Iceland, October 12-13, 2000. IC3N'2000 Web: icccn.cstp.umkc.edu Ninth International Conference on Computer Communications and Networks, Las Vegas, Nevada, USA, October 16-18, 2000. 23rd NISSC Web: csrc.nist.gov/nissc/. 23rd National Informational Systems Security Conference, Baltimore Convention Center, Baltimore, MD., USA, October 16-19, 2000. /www.msri.org/calendar/workshops/0001/Algorithmic_Number_Theory/number/ Mathematical Sciences Research Institute Number-Theoretic Cryptography Workshop, Berkeley, CA, USA, October 16-20, 2000. PROMS2000 Web: PROMS2000.kt.agh.edu.pl/ Protocols for Multimedia Systems, Cracow, Poland, October 22-25, 2000. OSDI'2000 Web: www.usenix.org/events/osdi2000/ Fourth Symposium on Operating System Design and Implementation, San Diego, CA, USA, October 23-25, 2000. Safecomp'2000 Web: www.wtm.tudelft.nl/vk/safecomp2000 Rotterdam, the Netherlands, October 24-27, 2000. ACM-MM'2000  www.acm.org/sigmm/MM2000 Eighth ACM International Multimedia Conference, Los Angeles, CA, USA, October 30-November 3, 2000. ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at www.ieee-security.org/Cipher/NewsBriefs.html ==================================================================== August 4, 2000 Cipher has moved! We have our own domain name and are hosted on a new web sever. You can now find Cipher and related links at the following URLs: TC home page: www.ieee-security.org Cipher home page: www.ieee-security.org/cipher.html Other Links: Cipher Calls-for-papers: www.ieee-security.org/cfp.html Past Cipher issues: www.ieee-security.org/Cipher/PastIssues.html Book reviews: www.ieee-security.org/Cipher/Bookreviews.html Conference reports: www.ieee-security.org/Cipher/ConfReports.html Newsbriefs: www.ieee-security.org/Cipher/NewsBriefs.html Reader's guide to literature: www.ieee-security.org/Cipher/ReadersGuide.html ===================================================================== _____________________________________________________________________ LISTWATCH: items from security-related mailing lists (August 1, 2000) by Mary Ellen Zurko (mzurko@iris.com) _____________________________________________________________________ This issue's highlights are from cypherpunks, risks, dcsb, ACM technews, and TBTF. ____________________ It's DefCon week, and direct from there is the announcement of Mojo Nation , the beta version of a distributed file sharing system that uses agents, micro payments, it's own currency (Mojo), reputation capital, and relay chaining for some amount of anonymity. It's goal is to create a file sharing economy. ____________________ John Young published a secret CIA overview of the U.S. intelligence community prepared for Japanese intelligence officials who visited the agency's headquarters in 1998 at his Cryptome site . He received this from a source in Japan, who was originally anonymous but has since been self-identified. He was contacted by two FBI agents who asked him to remove the material. He refused. They asked him to not identify them on his web site. He agreed, then changed his mind and did so. Debate raged over whether he as making government employees targets of harassment needlessly, or merely publishing information on government activites that he has a right to publish. He was so heavily referenced by sites such as slashdot and Drudge that his server was unreachable (the Drudge URL was munged, which generated a large error log which contributed to the problem). There was a suspicion of a denial of service attack (in fact, how is that different from a distributed denial of service attack? :-), but that doesn't seem to be the case. A CIA spokesman said "Public disclosure of that information is troubling. In terms of the information (in the briefing), it is not insignificant. We're always concerned when classified information is disclosed publicly." John got many kudos on cypherpunks for publishing information, and there was discussion of the best way to send him money anonymously to help him out. Discussion of how to cut the plastic or metal thread in US currency ensued. ____________________ A story in USA Today gave statistics on the number of search warrants served on AOL (according to court logs in Loudoun County, Va. where AOL is based): 33 in 1997, 167 in 1998 and 301 in 1999. House Majority Leader Richard Armey's (R-Texas) reaction was that, minimally, police need to tell Congress when, why and how they perform electronic searches. The most extensive search warrants ask for subscriber identity, billing data, payment history, e-mail, the online "handles" and names of people cataloged in members' "buddy lists", all files attached to e-mail, and all other information contained about the subscriber in the America Online databases. There is no official statement from AOL about whether or not it retains chat information. ____________________ Debate rages on Carnivore, the FBI's real time email interception tool that is installed in an ISP's network (with a court order). Is email like a phone call, or like a document? It seems that the current legal protections on the former are stricter than on the latter and the FBI would like to claim the latter. Yet Carnivore is said to collect only information from the To and From fields of targeted communication. That gives law enforcement the equivalent of the telephone world's "pen register" and "trap and trace" data--the origin and destination of all calls related to the subject. There's little hard information on the functions and capabilities in Carnivore. It's been pointed out that there are few technical restrictions on what Carnivore does and it could easily do more later. It needs to be on the ISP premises, physically hooked up to the ISP's backbone. Someone suggested that an ISP be recruited to lure the FBI into a Carnivore hookup then have a "breakin" and lose the box (to people who would reverse engineer it). Some folks argue it's not the technical details, but the right to do this at all that should be attacked. There seems to be no ISP review of the data collected, to validate it. The FBI has said that Carnivore will only be directed at specific targets of a wiretap order, yet brings up "anonymous, encrypted communications" as a threat that motivates its use. The FBI does plan "an independent verification and validation" of the system. ____________________ The British government passed a new Act of Parliament in which ISP's are required to fit interception devices to allow the Secret Services and other UK government departments to intercept and read emails. If emails are encrypted, the authorities may demand the key from the originator on pain of 5 years jail for informing anyone else that this demand has been made. Refusing to hand a key over is another 2 years in jail, but individuals will not be required to prove they do not hold the keys to encrypted material. Internet service providers will be required to set up secure channels to the Government Technical Assistance Center so they can transmit information about Internet traffic (now there's a target!). Law enforcers who ask to see records of Internet traffic will not be able to read the content of the messages. Web page logs (lists of Internet sites browsed) also may not be obtained without a warrant. Internet security experts are publishing some ways around the bill , including using free, anonymous ISP accounts, and cutting out the ISP altogether by running your own mail server. ____________________ Yet another buffer overflow bug , this one in the date field in Outlook, so that it can be exploited without the user needing to open the mail message. ____________________ Electronic signatures used to sign documents on the internet are now legally admissible in a court of law in the UK as handwritten signatures, according to the the Department of Trade and Industry . ____________________ There has been much speculation on exactly when the RSA patent runs out. Concensus seems to be that it's one minute after midnight on Sept 20, 2000, in the US patent office's time zone. Coincidentally, that will be smack in the middle of NSPW 2000 , which I am general chair of this year. ____________________ ZKS released the source code of its Freedom Linux kernel interface for public review, but the amount released is small and getting dissed by cypherpunks because of that. Neither the source code to the Freedom clients nor the Freedom servers has been released, nor any of the crypto. ____________________ EyeTicket Corp. in McLean, Va., has begun using iris scanning when registering passengers at Charlotte/ Douglas International Airport in North Carolina and Flughafen Frankfurt Airport in Germany. EyeTicket has been scanning Charlotte/Douglas airport employees and U.S. Airways Group Inc. flight staffs since May. ____________________ At the O'Reilly Open Source Convention, Astrophysics professor Gregory Benford said that he wrote and documented the first computer virus in the late 1960s on DARPANet. At the time, he predicted the rise of counter-agent software to combat viruses."This is another story about how I lost $100 million in my spare time by not patenting any of this." ____________________ Steven King is going to offer a novel on web at $1 an installment. He will stop the installment if he doesn't get money from 75% of the downloads (I imagine this means he'll look at the web logs for the number of downloads, multiply that by .75, and see if that much money comes in). ____________________ The MIT Women's League (617.253.3656 or wleague@mit.edu) is holding a panel on "PRIVACY IN THE AGE OF INFORMATION" on TUESDAY, OCTOBER 24, 2000, from 10 am to Noon, in MIT's WONG AUDITORIUM in the TANG CENTER (Building E51). Panelists are CHRISTINE VARNEY, RON RIVEST, PETER SZOLOVITS, and JOHN DEUTCH (a great lineup!). ____________________ Amir Herzberg is putting his demo-money where his mouth is. He's put the .pdf foils for the course `Introduction to Cryptography and Electronic Commerce` at . Downloading is free, but most documents require `paying` using IBM Micro Payments demo money. ____________________ Researchers at AT&T Labs are working on a system called Publius, that provides anonymous, censorship-resistant publishing on the web. It encrypts files and divides them into smaller pieces to be distributed over a number of servers, making it hard to trace the original transaction or erradicate the information from the Net. ____________________ Haven Co. announced "the world's most secure managed co-location facility based in the world's smallest sovereign territory, the Principality of Sealand." It generated a ton of buzz around June, and it does seem to have considered all the bases. ____________________ And finally, a four bits from the 7/20 TBTF: ________________________________________________________________________ ..A perfect privacy storm Advertising industry is warned to shore up its house You know the topic of privacy has arrived on the public agenda when the New York Times writes about the issue's nuanced implications for electoral politics [1] and CNN reports that the latest hot corporate title is Chief Privacy Officer [2]. Law.com / New York surveyed [3] the kinds of advice lawyers are now giving their corporate clients about privacy in light of these recent developments: - 2000-04-21: The Children's Online Privacy Protection Act [4] went into effect, requiring Net companies that market to children to obtain verifiable parental consent and to follow other strict rules. - 2000-05-22: The FTC, which previously had favored industry self-regulation, reversed field [5] and recommended to Congress that it enact legislation to protect online privacy. - 2000-07-05: The European Parliament rejected [6] a proposed "safe harbor" data-protection agreement, two years in the making, between the Commerce Department and the European Union. - 2000-07-10: The FTC sued to prevent bankrupt Toysmart.com from selling its customer database [7]. The Internet advertising industry is justifiably nervous about the public's rising concern over online privacy. Wired reports [8] on a meeting last week of the Internet Advertising Bureau at which a TRUSTe spokesman warned attendees that a "perfect privacy storm" is brewing. He noted that Al Gore had recently gone on record as favoring opt-in solutions to Net privacy concerns, and that George W. Bush had soon hopped onboard that bandwagon. Opt-in is anathema to the Net advertising crowd. Steve Gibson is exceptionally ticked-off at this crowd, especially the subset that peddles adbots and spyware [9]. Savor his impassioned and articulate call for ethics in data collection [10]. > I consider the actions of companies that hide behind their > fine print, take advantage of consumer trust and ignorance, > and deliberately leverage complex hidden technology, to be > the lowest form of personal privacy exploitation. [1] http://www.nytimes.com/library/review/060400private-info-review.html [2] http://www.cnn.com/2000/TECH/computing/07/11/privacy.officers.ap/index.html [3] http://www.nylj.com/stories/00/07/071300a4.htm [4] http://www.ftc.gov/opa/1999/9910/childfinal.htm [5] http://www.interesting-people.org/200005/0044.html [6] http://www.idg.net/ic_197647_1794_9-10000.html [7] http://www.thestandard.com/article/display/0,1151,16718,00.html [8] http://www.wirednews.com/news/print/0,1294,37547,00.html [9] http://tbtf.com/archive/2000-04-19.html#s02 [10] http://grc.com/oo/ethics.htm ____________ ..France: unintended consequences In the wake of the ILOVEYOU virus, France moved to stamp out online anonymity within its borders [11], [12]. (The French distaste for anonymity predates the Internet by at least 150 years, as the note at [11] explains.) Now it appears that open-source development may suffer as a result of the proposed law. John Fremlin was quoted in a Freshmeat article [13]: > As written, [the law] would unambiguously prohibit hosting of > content of unspecified provenance; that is, sites on which > users could post material would be legally obligated to > somehow determine the true identities and postal addresses of > their users. Open Source projects never have such information about all of their far-flung contributors, and gathering it would be next to impossible. Under the proposed law, open-source projects currently hosted on French servers would have to move outside the country's borders. This unintended consequence is particularly twisted given France's expressed preference [14] for open-source software over that from Microsoft. [11] http://tbtf.com/archive/2000-03-31.html#s04 [12] http://www.vnunet.com/News/601295 [13] http://freshmeat.net/news/2000/06/21/961587656.html [14] http://tbtf.com/archive/1999-10-24.html#4 ____________ ..Poking at Echelon French pot to examine Anglo-American kettle A French prosecutor announced [37] he has launched a preliminary investigation into the workings of Echelon, the rumored worldwide spy system run by intelligence agencies in the US, UK, Canada, Australia, and New Zealand. (The announcement came on July 4th, the American Independence Day holiday -- that must have been intentional.) The French probe will focus on allegations that the members of the UKUSA Alliance have used Echelon's intercept capabilities for economic espionage. Both the US and Britain have denied this charge without admitting officially that Echelon exists. Those inclined to cheer the French for their courageous probe into UKUSA snooping ought to cast an eye over this excellent ZDNet collection of new Echelon material [38]. It includes details on France's copycat system, unfortunately dubbed "Frenchelon" [39]. Separately, the European Union voted to empanel an investigation into Echelon [40]. But to the consternation of this probe's supporters, the panel was denied any investigatory powers. (It was set up as a "temporary committee" rather than as an "inquiry committee.") A member of Germany's Green Party, possibly with help from the Babelfish, called the resulting body a "toothless talkingshop." [37] http://dailynews.yahoo.com/htx/nm/20000704/ts/france_usa_dc_1.html [38] http://www.zdnet.co.uk/news/specials/2000/06/echelon/ [39] http://www.zdnet.co.uk/news/2000/25/ns-16281.html [40] http://www.heise.de/tp/english/inhalt/te/6891/1.html ____________ ..What if smart people wrote computer viruses? Now THAT's a virus Security experts were not much surprised when the Morris worm [41] dragged down 10% of the Internet overnight in 1998. Security experts in recent days have been unsurprised by Melissa, ILOVEYOU, DDoS attacks, and the thousands of other manmade ills to which the Net is heir. And I doubt they will be overly surprised when a truly nasty and devious piece of malware slouches toward Bethlehem to be born. Remember the Central Park scene in "Crocodile Dundee" [42]? Mick and his love interest are accosted by a gang of punks, one of whom whips out a switchblade. The girl shouts, "Mick, watch out! He's got a knife!" Mick examines the switchblade with pursed lips then says dismissively, "Naah. That's not a knife." Reaching behind his back, he withdraws and displays his 12-by-4-inch blade. "THAT'S a knife." Melissa? ILOVEYOU? That's not a virus. For a glimpse of how bad it could be, scan these two thought experiments [43], [44]. The first is a conceptual design for the most elu- sive and versatile trojan horse the author could think up. It's bad enough. The second describes an actual project to design and build a worm of truly staggering stealthiness and damage potential. Michal Zalewski and a few friends prototyped a worm the team called "Samhain." It was designed to: - run on multiple platforms - secrete itself invisibly - employ a distributed library of system exploits to obtain privileges on the compromised system - communicate in encrypted packets with other similar worms in a Freenet-like [45] "wormnet" - spread automatically without user interaction Its payload would be a plug-in module. The wormnet would discover new exploits and spread them immediately. The worm's code would morph constantly to defeat anti-virus signature checks. It would employ active countermeasures against debuggers and other nosy processes that might be capable of uncovering it. If such a worm were competently developed released into the world, the fate of the Internet would be in the hands of those who controlled it. To discuss these or other proposed uber-viruses, please visit this Quick Topic forum [46]. [41] http://www.eos.ncsu.edu/eos/info/computer_ethics/www/abuse/wvt/worm/ [42] http://us.imdb.com/Title?0090555 [43] http://www.hackernews.com/bufferoverflow/99/nitmar/nitmar1.html [44] http://lcamtuf.na.export.pl/worm.txt [45] http://freenet.sourceforge.net/ [46] http://www.quicktopic.com/tbtf/H/nikFBZikIxlLrXC8KjX ____________ ===================================================================== From: Avi Rubin [rubin@research.att.com] Sent: Friday, June 30, 2000 1:54 PM To: davis@iastate.edu Subject: Submission for Cipher CALL FOR VOLUNTEERS ------------------- We have designed and implemented a system for anonymous, censorship-resistant publishing on the web. It is called Publius. Details can be found at http://cs.nyu.edu/waldman/publius/ We are soliciting volunteers to host publius servers. All that is required is that you run our CGI script on your server, and that you are willing to dedicate a certain amount of disk space to the project. More information is available on the publius site. Key dates: 6/30-7/21 Request For Volunteers 7/21-7/27 Publius Software Distribution and Installation 7/28-9/28 Live Trial of Publius Today's Washington Post featured an article about Publius. The text is available at http://www.washingtonpost.com/wp-dyn/articles/A21689-2000Jun29.html If you are interested in volunteering, you can sign up on the Publius web site. -- http://avirubin.com/ ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at www.ieee-security.org/Cipher/ConfReports.html. ===================================================================== Editorial by Spaff Editorial by Eugene Spafford CERIAS at Purdue University August 4, 2000 The biggest threats in the next decade to information security may not be malicious hackers and viruses. They are going to be bad law, passed by ill-informed legislators, and pushed by greedy and unscrupulous commercial interests with lots of money with which to lobby. Those companies are going to seek to further expand (bad) law protecting intellectual property, curtailing consumer rights, and further protecting them from consequence for their production of bad software. You don't believe it? If you live in the US, consider the following scenario: You buy some shrink-wrapped software for use in your business or at home. As part of that purchase: * you are bound by a license inside the box that you cannot read until you make the purchase * the license can be changed by the vendor simply by posting an update at the vendor's WWW site or sending you email, and you are legally bound by the changes * you are required to open your firewall to allow the vendor access to a "backdoor" in the software to allow the vendor to monitor license compliance and remotely disable the software at the vendor's option * you can be sued by the vendor if you reverse-engineer the code or protocol to find out exactly what information the software is collecting and sending out * if the software fails catastrophically because of clear and obvious negligence, you can't sue the vendor * if you decide to publish a review of the software noting your bad experiences, you can be sued by the vendor for not obtaining prior review and permission by the vendor Sounds absurd, doesn't it? Impossible, perhaps? Unfortunately not -- it is currently embodied in state law in both Maryland and Virginia, and will soon be considered by the state legislatures in the other 48 states. If a vendor chooses to write any of the above-mentioned provisions into a software license, state contract law will allow and support it. The vehicle for this travesty is UCITA -- the Uniform Computer Information Technology Act. Ostensibly an update of the Uniform Commercial Code in each state, the process of drafting the act was co-opted by some of the largest entertainment and software firms. The result is something that is opposed by a Who's Who of the computing and consumer-rights milieu -- including the IEEE, ACM, MPAA, ALA, Consumer's Union, and the FTC. (See www.badsoftware.com/oppose.htm for an incomplete list of opponents.) Why is UCITA such a threat when it is so obviously bad for consumers and the IT industry (and security people in particular)? Mainly because of the complexity of the issue and the money involved. The draft act is several hundreds pages of dense legalize that is beyond the ability of most state legislators to analyze. So, they are depending on the word of knowledgeable experts to understand the impact. Unfortunately, the companies that stand to gain the most are also lobbying the most strongly on this issue. The mantra heard in MD and VA from these lobbyists was that if the states didn't pass UCITA then they would not be able to complete for high-tech jobs and dollars. This is persuasive to legislators who don't otherwise understand the issues. How would it play in the halls of your state capitol? So, what can *you* do? Well, first of all, educate yourself about the issues. Start with Barbara Simon's editorial "Shrink-Wrapping Our Rights" in the Inside Risks column of CACM (vol #8, August 2000); also available at www.csl.sri.com/neumann/insiderisks.html. You can also find articles about UCITA and its impact at www.ucita.org/. Then, you need to communicate with your state legislators about the problems this law would bring to your state if passed, and your opinion thereto. Remember -- the insider threat is not simply from employees. The software you use may well be the biggest threat, along with its vendor. What good is security technology when the law doesn't let you protect yourself? Book Review by Robert Bruen, Cipher Book Review Editor, bruen@exile.ne.mediaone.net The Hundredth Window by Charles Jennings and Lori Fena. The Free Press 2000. 278 pages. Two appendices, index, glossary. ISBN 0-684-83944-X. LoC QA76.9.A25 J456 2000. $26.00 The Hundredth Window is the one that the crackers get through after you have secured the other 99 windows, highlighting the difficult job of those who try to secure computer systems and networks. The authors founded TRUSTe, an organization dedicated to privacy issues. It monitors web sites, giving out seals of approval to those who meet their pro-privacy standards. Privacy is one of the most important issues facing us today. Some of us feel that it has already been lost while others are fighting to maintain it. Both camps generally agree that monitoring the attacks on privacy an stepping up the awareness campaign are crucial. There are a number of books appearing that deal with privacy issues, each with its own perspective. Jennings and Fena appeal to a wide audience, not a technical audience, and do not use scare tactics. Instead they explain an aspect of the problem, then offer suggestions on to cope with it. Their focus is the loss of privacy through the web, choosing to call the first chapter "The Invasion of the Data Snatchers". The main unit within this loss of privacy is the PII (Personally Identifiable Information), those little factoids about you that can be traced to you, such as your birthday, you social security number, your address, etc. It also includes things like your financial status, your favorite movies, when you drove through that tollboth and whether you have AIDS or have visited a psychiatrist. It might even include what you said to that psychiatrist. Imagine at a divorce hearing having your spouse's lawyer produce a record of your liquor purchases to prove that you are unfit parent. PII can be thought of as the virtual you. It is nice if it results in you getting a discount coupon on some consumer item that you wanted in the mail, unsolicited, because that company knew that fact about you. It is not so nice when that same piece of your PII is damaging to you. Unfortunately there is no distinction anymore, factoids are just factoids. The suggestion has been made that we can longer expect privacy, but instead we have to manage our privacy, in part because it is a commodity bough and sold in the marketplace. The problem is that we do not have control of it nor do we reap the benefits derived from its sale, unless you include that discount coupon. The authors provide many techniques to get hold of some control, much it through awareness. For example, when visiting a web site do you see a privacy policy posted? If you do, is a one that you agree with? Other suggestions include information on the failure of security in web shopping carts, web sites that do not maintain good security practices and web sites that will sell whatever they can discover about you. The Hundredth Window is inexpensive, a quick read, with some marketing for TRUSTe. I liked the book and recommend it for those who, for whatever reason, need to learn that there is actually a problem with our loss of privacy as well as those who want to keep up to date on the issue. ===================================================================== Book Review by Robert Bruen, Cipher Book Review Editor, bruen@exile.ne.mediaone.net The End of Privacy, by Charles Sykes. St. Martin's Press 1999. 282 pages, index, end notes. ISBN 0-312-20530-0. LoC JC596.2 U5S95 $24.95 Charles Sykes looks at privacy through the lens of "Personal Rights in the Surveillance Society," the book's subtitle. As with all the books on privacy, there is a history of how we got to where we are and just how bad it is. And it is bad. He concentrates less on web sites and the ubiquitous spy-cams and more the dataweb that is capturing information about each of us then merging the information from the many points-of-capture into a virtual representation of us. Although The End of Privacy is not a long book, it covers a lot of ground. It has four main parts: The Attack on Privacy; The Surveillance Society; The Snoop Wars; and The Exposure Culture. The first is the required explanation for what is happening and why it matters, in case the reader has been without human contact for a decade or so. The Surveillance Society is the best part of the book, including chapters on the courts and Congress with laws made, challenged and enforced. We all know that rights get chipped away piece by piece, best exemplified by case law. The chapter on medical privacy should be enough to convince even the most stringent opposition to privacy rights that something is fundamentally wrong. It was pleasing to a chapter on genetic privacy which seems to be glossed over by many writers as something that is probably important, but not something to spend much time with. Genetics is one of the most important aspects of privacy for everyone because our genome is the definition of who we are. We are the results of our experiences, but we start out with a very specific definition. Knowing that definition allows others to know a lot about you. Knowing that you have a gene or mutation that raises the probability of contracting some form of cancer by an early age does not mean you will contract that cancer, but you may be stigmatized or discriminated against by an insurance company who does not want to take any risk at all. If you thought that the various forms of discrimination (race, gender, color, national origin, etc) were insidious, just wait until you see what genetic discrimination will be like. The protections against this must begin now, not later. Sykes has figured this out. The rest of the book has two main themes (after some more on surveillance in the workplace and by the government). Although I really hoped I would never see or hear about Princess Diana and the Bill Clinton-Monica Lewinsky affair, the author brings it back to the top of the heap. Reluctantly though, I have to agree that this was appropriate because those that watched TV and bought books, newspapers and magazines when these events were covered show why are privacy is ending: we are helping. If we are going to spend time and money peering into the lives of other people, how can we expect them not to look into our lives? The final chapter of the book presents some thoughts on how we can deal with the problem, with suggestions ranging from "let's give everyone a national ID card and forget this privacy nonsense" to "since our privacy is gone, let's make sure that everyone's private information is public." It seems to me that our privacy is gone. The most important challenge is how we are going to deal with this fact. If everyone can know everything about everybody, what are we going to do everyday? This was an enjoyable book to read with lots of notes and references. It would have been helpful if there was a separate bibliography, but in general, it is another good book on privacy, especially since the title hits the nail on the head. ===================================================================== ____________________________________________________________________ Conference Reports ____________________________________________________________________ Report on the 2000 S&P Oakland conference by Hilarie Orman and Richard Schroeppel Oakland, CA, USA May 15-18, 2000 S&P was back again at the Claremont for its 21st year after nearly moving to Portland. Current plans call for the Claremont remaining the venue for the conference for another few years at least. The following notes are the personal observations of two attendees; they are submitted here, not as accurate transcripts nor as definitive reports, but only as personal views and remembrances of the lively debates, the audience interactions with the speakers, and as a stimulant to those who were not at the conference to obtain the proceedings and read the full papers. The proceedings booklet has a blue and white cover; this may be an attractive addition to your bookcase, exactly matching the 1999 proceedings and complementing the prior array of solid hues. Hilarie Orman Richard Schroeppel Reporters editorial re citations: Of the 18 papers presented, 12 used at least one citation to a document on the Internet. No paper cited a reference prior to 1972, and 5 papers cited no references prior to 1990. At least one paper cited IETF Internet drafts, which are required to carry a disclaimer noting that they should never be cited (this is because the IETF keeps no copies of drafts that are more than 6 months old). Given the popularity of Internet citations, it seems that the S&P conference has an important failing towards the research community because it does not keep on-line copies of its own conference papers. _____________________________________________________________________ Session 1: Access Control, chair Roger Needham Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers Presenter Dalit Naor www.hrl.il.ibm.com/TrustEstablishment Building a large enough set of trust relationships to carry on complex activities without extensive administration cost is a problem facing electronic commerce today. A "grass roots" role-based approach fits well with an emerging public key infrastructure. Trust Establishment (TE) uses a Trust Policy Language to mediate acess to objects based on the subject's roles. The policy language describes how to use information, particularly certiticates, to deduce the set of roles for a subject. The system can make use of attribute certificates and the process of actively collecting data from which roles are deduced. This deductive system uses an XML expression of rules and XML certificate encodings; it also has an LDAP interface for certificate retrieval. The illustrative example shows doctor at one hospital accessing database at another hospital, using rules such as: A hospital certified by two trusted hospitals is trusted. A doctor's speciality must match type of database (e.g., cardiologist to cardiology). An implementation note, based on the experience of building this in Java for a web server, is that the usual trust policy for SSL must be modified for this sort of purpose; certificates must be accepted even if the chain of trust for the certificate authority (CA) is not yet established. Questions Steve Kent asked if the system had a business-to-business focus, to which the presenter answered yes. Kent went on to say hat hospital example was flawed because certification is a much more diverse problem; there can be "islands of trust" that have no cross-certification available. Audun Josang, Australia, noted that trust is not binary in the real world and asked if there were ways to express degrees of trust. The answer was that trust is in groups and roles. Roger Needham suggested that in the real world sometimes trust cannot be determined from the available information, or that trust depends on the strength of trust in the opinion of a third party. Paper 2: Security Infrastructure for Distributed Java Applications Presenter: Dirk Balfanz, Princeton The experience of implementing the Placeless Documents System led to this paper about building a security infrastructure for distributed Java applications. The first milestone of the project was to implement SDSI/SPKI in Java. The backtrack goal was to implement an access control logic. The logics ABLP and FAF can describe SDSI/SPKI, but because Because the logics are not decidable, their proof rules are not desirable ones to use for building control logic. The logic used in the document system defines an access control logic of about four inference rules with a Java-friendly expression. Additional inferences rules permit more delegation, such as "secondary delegation" - delegate to Alice the right to delegate read permission to this object. There were implementatation challenges resulting from using RMI over SSL. For example, RMI will download any SSL code, which is Very Bad for integrity of authentication. Another problem is that the RMI server needs to know the identity of the call initiator, but this information, available from SSL, is normally lost to the upper RMI layers. Other lessons learned from the Placeless experience concerned the logic. There are some undesirable results re using "bare keys" because the "name" is global. Some of early versions of the inference rules gave surprising results, and the presenter felt that there was no good way to come up with rules; it is basically trial and error. Questions Fred Cohen: congratulations on finding flaws. Please comment on lack of resiliency in systems with systems built from modules that rely on other modules, etc. Answer: redelegation is part of the reality of the world. Experience and trial and error is required to build trust in a system. John McLean: A problem with catching problems as you find them is that you are never sure when you have got them all. Is independent formalization useful? Answer: The proof is done with respect to a standard logic; the problem is that semantics are not intuitive, not any more than the logic itself. Paper 3: A Practically Implementable and Tractable Delegation Logic (or Delegation Logic: A Logic-Based Approach to Distributed Authorization) Presenter: Ninghui Li, New York University Delegation logic uses third party information for authorization. There are several logical variants of logic programming for trust management, including Java and Prolog deductions. This one is called D1LP. Some interesting features of the logic include specification of delegation depth and threshold specifications. The latter can be static k-of-n thresholds or weighted thresholds or dynamic thresholds. The dynamic version allows the set of principals for the thresholding to be determined by a predicate that is evaluated at the same time as the threshold rule; in this way the set of authorized principals can change over time while the logic rules remain constant. One of the examples of specification of a delegation scheme shows a medical records access scheme for physicians and hospitals. Another, more complicated example shows how one person can delgate delegation rights to a second person while allowing a third person to define the set of principals to whome the second person can delegate. This involves the creation of a "dummy principal" represented by a public key. Original semantics are intractable, because delegation queries involving dynamic threshold schemes cannot be resolved; delegation chains can be exponential. Tractability is established by introducing restrictions on delegations to principals. This reduces complexity to O(N^4 * D^2) (number of principals and maximum delegation depth). Plans for this system include implementation, an upgrade to a different version of the logic (D2LP), study of nonmonotonic expressions, the addition of temporal information, and a GUI. Questions: Fred Cohen: The delegation is uncontrolled if B is a bad guy? Ans: Yes, it (the game) is all over. Q: Power of attorney has restrictions, computer languages don't have these semantic restrictions. A: The delegation is only for a particular right. Audun Josang: Suggest adding levels of trust, with dilution of trust on each delegation, thus automatically limiting chain depth; the trust can drop off quickly or slowly. Ans: (ed. not recorded) Thomas Quinn: Is there a way to get sequencing of atomic actions? Ans: It could be done. Q: The transitivity of the second party cannot be constrained by the logic? (ed. this discussion, relative to the three-party delegation example above, resulted in a discussion in which the presenter and questioner could not agree on terms but did agree to continue offline). Fred Schneider: Bad policy is easy to write; one needs have a language that expresses either good or bad policy. The language isn't the issue. No one can articulate a yardstick by which to measure languages. A: Yes. Second Session Applications of Cryptography Chair: Steve Bellovin Paper 1: Practical Techniques for Searches on Encrypted Data Presenter Dawn Song This novel work is for use in a scenario where Alice has encrypted a document and handed the ciphertext over to Bob. She would like to ask Bob to perform word searches in the encrypted document, but she does not want to reveal the document plaintext to him. In the most secure version of the problem, Alice will not even tell Bob what word she is searching for (although she will tell him a function of the word). A simple solution involve encrypting the files using ECB and using the encrypted search terms as search keys. This is undesirable because ECB is subject to dictionary attacks (which is exactly why searches work). The method proposed in the paper encrypts the data using a modified cipherstream. In the simplest version of the scheme, Alice encrypts the file using cipherstream blocks that are formed from the concatenation of two pieces: a pseudorandomly generated running cipherstream value and a one-way function of a key and the PRG value. If she needs to search for a word W, she tells Bob the value of W and the key for each cipherstream block where the word might occur. Bob can xor the word into the encrypted block, obtain the cipherstream, and use the key to validate the two cipherstream block parts. If the word actually occured at that point, the validation will succeed; otherwise, it will usually fail. False positives are not security failings, as they reveal no extra information. The first variation of the simple scheme makes each block key a one-way function of the plaintext. This lets Bob search for a word without revealing anything about the blocks that do not contain the word. Alice can use encrypted terms for searching if she first encrypts the document using an ECB scheme and then applies the cipherstream encryption. To search for a word, she supplies its ECB encryption to Bob, along with the keys for the cipherstream blocks of interest, as above. This suffers from a minor problem: Alice cannot decrypt the version of the document that she gave to Bob because the cipherstream depends on the ECB encipherment. In order to disentangle the two, Alice need only make a slight change in the encryption method that is applied to the document. She must base the second cipherstream block part on a substring of the ECB value (instead of the running cipherstream). Other enhancements allow restriction of searching to "at least one occurrence", "at least N", or "at most N". The scheme has provable secrecy and requires only a single master key. The most important open question about the scheme is what other kinds of functions can be performed on encrypted data. Questions: Steve Kent: The requirement for a completely specified search is an important issue. This means that the method cannot cope with overlapping ciphertext; the search terms must be matched to the blocksize of cipher. Ans: The parameters for length of check block are variable. The paper does address variable length. Q: Can this method search for an arbitrary length value independent of cipher blocksize? A: There is a tradeoff; substring matches require tricks in the encryption that have additional overhead. Fred Cohen: There is a covert channel in searching; match on X reveals that Y is not at that location. A: Performing many searches on one document does reveal some information. We recommend re-encryption if many successful searches have been performed. Paper 2: Efficient Authentication and Signing of Multicast Streams on Noisy Channels Presenter: Adrian Perrig Two protocols, TESLA and EMSS, provide solutions to the difficult problem of associating a verifiable identity with each message in a multicast data stream. The presentation of TESLA, Timed Efficient Stream Loss-tolerant Authentication, builds successively on 5 pieces to achieve security properties. It relies on delayed authentication and loose time synchronization between a sender and the multicast receivers. A message authentication code (MAC) is tied to each message; the MAC is based on a secret key. The key for the i'th message is revealed in message i+1; in this way each message can be used to authenticate the previous message. The method is efficient computationally if the MAC is efficient, but a lossy multicast environment introduces problems because a message cannot be sent until all receivers have seen the previous message; providing this guarantee implies that the basic transport protocol is reliable, but this violates the basic assumptions of the system. TESLA solves this by using time intervals to determine when the MAC key gets changed and by delaying key disclosure for several intervals. The scheme can accommodate dynamic packet rates within certain bounds. If the receivers have widely differing roundtrip latencies, the sender can use multiple time intervals (with different keys). The nearby receivers can use short intervals, thus validating messages without incurring latency, and the far away receivers can use the longer intervals, thus avoiding the need to drop messages due to late arrival and key expiration. The EMSS (Efficient Multi-chained Stream Signature) protocol addresses the more difficult problem of non-repudiation. This requires a public key signature algorithm, but a signature on each message would be computationally onerous and would also increase the size of each message by at least hundreds, if not thousands, of bits. The basis of EMSS is a signature over the hashes of several packets. This amortizes computational cost and eliminates concerns over packet loss. Experiments with EMSS indicated that the overhead be brought down to 40 bytes per packet under realistic scenarios. However, the problem of selecting the messages that go into a signature group is harder to solve. If the losses are correlated, the grouping should not be correlated to the loss pattern. This means that groupings should have some randomness to them. TESLA is being considered as part of the IETF research work on secure multicast schemes. Q: (ed. inaudible question re EMSS and non-repudiation) A: Multiple signature packets; receiver doesn't need to check them, only presents them to 3rd parties Steve Kent: With respect to the claims of low overhead per packet; what assumption on size of basic packet? A: The real packet size doesn't matter. Overhead is fixed at 20 bytes. Q: That might might be 20%-30% overhead; must look at actual application. Comment: Unicast overhead of IPSEC ESP is 12 bytes. A: Signature of stream is for free. This is lowest overhead today. Q: What layer would this be applied? A: TESLA could be in the application layer; one could imagine in network or transport as well. Many tradeoffs are possible. Q: Non-repudiation generally done only at application layer; network layers doesn't need to consider it. Panel Session: Debate: Is Electronic Privacy Achievable? Chair: Cynthia Irvine The debate rules limited heckling to be directed at contradictions and absurdities. Each heckler was permitted one comment per speaker time slot with a four word limit Proponents: Mike Reiter, Roger Needham, Dave Marvitt, Stefan Brands, Ross Anderson Opponents: Marv Schaefer, Ed Felten, Fred Cohen Reiter: Anonymity Anonymity services are viable. One can use remailers, anonymizers, etc. Sender-receiver unlinkability is defined by Chaum. It uses source routing, layered encryption, and one trustworthy mix is enough. Remailers, onion routing, ZeroKnowledge, are examples of real-world anonymity services. "Crowds" is dynamic and probabilistic routing using a lightweight protocol; it tolerates small collaborations. Do They Work? Caveat User - Java applets leave channel back to the origin. Attacker might have enough resources to break the underlying cryptography. One need always look for bugs in the implementation. The services do raise the bar for the surveillers. Anonymous services are abused to stir up trouble; this leads to shutting them down. Law enforcement has the authority to open up the service for search (in the US) Forward secrecy systems are "largely immune" to law enforcement searches Rebuttal to Reiter Felton: Mundane information disclosure is common. Cohen: Server breakins, keystroke patterns, etc. are all ways of deducing identity Law enforcement gets search warrants because they are easier than any other technology. Secrets get taken all the time. One must defeat all attack mechanisms, but one cannot find them all. Human susceptibility is a problem. Schaefer: Where are the trusted platforms to run the anonymity systems? What's the isolation or confinement mechanism? Needham: Steganographic File Systems Can you counter threats that are unique to the electronic revolution? With regard to personal privacy, people have long wondered if God could see everything; apparently governments saw a vacancy to be filled. It is easy to steal laptop machines that have lots of information on them. This is a reason to invent countermeasures. It is a good idea to overwrite deleted files with garbage because local file systems have hidden information. Steganography is attractive because it interposes the problem of discovering that files have hidden data. Technology is neutral to political correctness, and information can be good or bad depending on local conditions. Rebuttal to Needham Schaefer: If a disk is removed, it can be analyzed. Alternatively, Trojan Horse software might have secreted away information and will reveal it later. Felten: Real world ("meat space") requires computers; there are threats that are independent of computers. Data mining exists because of computer technology. Our everyday interactions give up a lot of information. Cohen: Sufficient motive and resources will overcome any protection. There are steganography discovery software programs. Keyboard recording will get any keys used for stego. The means to get information can be the means to disclose it. Dave Marvit: Email Policy Systems Proactive deletion of email by a trusted authority protects against surreptious and warranted searches. There are implementations of such systems done as Microsoft Outlook plugins and trusted mail servers. Mail is encrypted with a key shared with the client for a limited time; after that, the server discards the key. Rebuttal to Marvit: Cohen: The threat model is not realistic. It only defeats law enforcement; they are not the threat. The system represents a fundamentally foolish attitude. In practice, one can always find deleted material. Cryptographic key generation and storage of the keys can expose them later. The trusted party might give over the keys anyway. Schaefer: Cleartext data oftens exists in the paging area and won't be deleted for months. Visual Basic for applications could let Outlook make copies of everything. Felten: In real life there would have a printer somewhere; the user's mother-in-law might print all email. Attachments opened in Word will have cleartext local copy. Stefan Brands: Privacy and Public Key Infrastructure Brands describes himself as hard-core privacy fanatic. Why do we need privacy in PKI? Certificates provide a name and key certified by an authority. The issuer must communicate with databases, exposing who they are checking, their age, driver's license number, etc. A recommendation is to use blinding on the certificates to hide the identity from the issuer. This allows the principal to disclose individual attributes to observers one at a time, as needed, under principal's control. Privacy is not anonymity, it is merely the controlled and willful disclosure of information. Rebuttal to Brands [Ed. note: The rebuttal team repeatedly held up a camera to illustrate the point that the attendees were not appearing at the conference anonymously; their pictures could be taken at any time and used to reveal their whereabouts.] Felten: This is a good description of real-world. There are recent increases in number of times you are asked for ID. Mathematical impossibility is beside the point; practical problems are more important. Felton has had his own encrypted email subpoenaed. Cohen: There might not be any long-term unbreakable cryptographic system. Zero knowledge doesn't say anything about source integrity, which is important to privacy. Lies can violate privacy. Driver's licenses can be forged. Mass privacy happens because it is too hard to search everything in the whole world. Ross Anderson: Privacy Technology Lessons From Healthcare Secretary Shalala is working on legislation that gathers health information. NIST is proposing a security model that is the Orange Book warmed over. The UK did same thing in 1994-1995, and it breaks spectacularly. HIV prescription is problematical. Should all providers have access to all patient information? Anderson recommended using a compartmentalized approach in 1996. It controls information sharing as in paper records. It uses an ACL-based model. Does it work? There is a system running in 3 UK hospitals. It went to role-based model. Nurses can see records of their own patients, good for 90 days. The system uses capabilities in the form of certificates and smart cards. One hard problem is dealing with research use of information. Drug representatives are interested in deducing patients from doctor's records of what they prescribed. Sanitization of data is highly application specific; it involves removing identities while leaving enough information for research purposes. Large databases are assets and will not be given up easily. Privacy is about power. Government definition of privacy protects Tony Blair. Rebuttal to Anderson Schaefer: Denning showed that given enough queries you can defeat de-identification. Health providers may need to know all diseases of the patient. You cannot hide too much from the doctors without impairing theiir ability to treat the patient. Cohen: Anderson's talk bolstered the opposition. One cannot determine if de-identification does what it claims. Minimal privacy can be hand-waved; serious assurance cannot co-exist with utility. Data aggregation has the big problem of covert channels. Social engineering can break the whole scheme like a house of cards. Guessing can break the system because data space is too small. Even weak encryption is probably good enough. The Opposition Marv Schaefer (Dave Bailey was slated to substitute for Marv, but Bailey was at Los Alamos where wildfire threatened the facility). Schaefer notes that the "fire started as control burn; security measures incurred the disaster is was supposed to prevent. Not all actions will lead to the goal. White hats can destroy what they are trying to preserve." Technologies are often applied to a problem without deep understanding of the goal. With respect to privacy, out of band channels always exist. Humans will always make mistakes, no matter what the designers intended. Reply to Schaefer Reiter: Moving the problem somewhere else is an acceptable defense. Needham: Status quo is maintained if it is as easy to investigate people now as it was before electronics. Felten: Electronic privacy isn't real privacy, it's just that people can't use your computer to learn everything about you. One must address real world. All information exchange leads to a reduction in privacy. Marvit: Free flowing information can mitigate privacy. The academic question can be put to rest; technology can make things a little bit better. Brands: Non-traceable information is not a violation of privacy. Avoiding database aggregation over a period of years does protect privacy. Cohen: The main problem is overtrusting privacy technology; leads to unnecessary disclosure. People won't pay the 20% necessary protection. Perfect protection is infeasible. [Fred Cohen is not speaking as employee of Sandia or DOE in this panel.] Anderson: System ownership leads to insecurities; billing information is at odds with records privacy. EU directive on data protection in 2006 will introduce tension between Europe and the US. Ther is economic incentive for US companies to get their act together on privacy. Q&A Q; Isn't it true that problems don't come from personal info being captured and put on web sites, but from identity theft? Cohen: Governmentts aren't the problem. Reiter: Corporations are the problem Marvit: An email deletion system is currently run by his company. Obstruction of justice issue is only to raise bar for what requires a subpoena. One can set the system to delete email after 7 days. Cohen: I sent you email 10 days ago refuting that. Q: is there anyway to put the genie back in the bottle? Given that Internet detectives can find out so much about you? Cohen: no Syverson: We have worked on all the objections that Cohen raised wrt to anonymity. Q, Paul Karger: US government about 25 years ago had embarrassing tape erasure that compromised privacy. White House email backup problems were relevant to Privacy Act. Kent: Reading email while disconnected renders the disappearing email solution ineffective or undesirable (because a copy of the email must be kept on the disconnected machine). Financial transactions can result in loss of identity. A credit card number leaves a noticeable trail of information. Marvit: There is an offline version of the system; keys can be locally cached. Regular document destruction is legal. Cohen: high value transactions require audit trail Cliff Neuman: Privacy is an intrinsic problem. Brands: Digicash had mismanagement. Felten: Fedex still brings goods to the door. ____________________________________________________________________ Fourth Session: Protocol Analysis and Design Chair: Paul Syverson Paper 1: Searching for a Solution: Engineering Tradeoffs and Evolution of Security Protocols Presenter: John Clark An innovative approach to the design of new authentication protocols is to use genetic programming in conjunction with BAN logic to discover a message sequence that achieves the security goals. This paper reports on experiments using hill climbing with an objective function to find sequences of belief states that constitute a protocol that is correct and efficient. The protocols are first encoded into bitstrings for manipulation by the genetic algorithms. Multiple participants in the protocol are allowed. The algorithm generates bitstrings, and the results are interpreted as though the generator had selected message components (beliefs) and recievers; the system them updates the belief states of the sender and receiver to add derived beliefs, and checks for goal satisfaction. At the end of the protocol, the sender and receiver should be in a state where they agree on a session key that is "good" (derived appropriately). The method generates protocols that are honest by construction. The genetic algorithms require the ability to evaluate a protocol in order to prune out unpromising sequences. The paper describes the experiments with initial and refined evaluation functions, noting the successes and difficulties of pruning out useless protocols early while still having enough latitude to discover solution protocols. The speaker noted that these were experiments and that the methods in the paper were not definitive of best practice in this novel area. Paper 2: Authentication tests Presenter Josh Guttag, Mitre For a given protocol, it is desirable to determine which authentication and secrecy goals are achieved by the protocol. The method presented in this paper does this using syntactic matching to find "regular transforming edges" in strand spaces. This is a way of tracking protocol information, such as nonces, between honest participants. A regular transforming represents information that is received and later sent as part of the protocol. The analysis method is useful for showing whether or not a protocol achieves its authentication goals, but it has the added advantage of indicating where there is a possible abuse of the protocol by dishonest parties. Weaknesses in a protocol can arise from having too many transforming edges (reflection attacks, etc.) or by having free variables on transforming edges. The pattern matching technique on edges shows which edges can be used to compromise the protocol security. The methods use the notion of transforming a value into an altered form. The basic security question is whether or not the transformation was done by a "regular" participant or a penetrator. A penetrator might use a regular participant as a dupe. The examples in the paper illustrate applications of the analysis to Needham-Schroeder-Lowe, Otway-Rees, Neuman-Stubblebine, and Woo-Lam (which can be shown to contain an exploitable transforming edge. Paper 3: Protocol Independent Secrecy Presenter: Jon Millen Protocols for key exchange require that the key remain secret. This paper describes how to simplify formal proofs of secrecy by using a protocol dependent proof part and a protocol independent proof part that does not require induction. The terminology used for the proof method are worth remembering, even if the formal methods using ideals and co-ideals fade: spells are a book of secrets (session keys), Cabals are agents, the secrets of a spell are the book and the long-term secrets of the cabal. A trace is a sequence of legitimate messages, spells, and fake messages. An intruder can only construct messages based on available information from the protocol run. The proof method relies on introducing "spell events" as artifical protocol events; these denote the transmission of a secret to the legitimate participants. Correct protocols will not be able to transmit these secrets to intruders, no matter what sequence of messages the intruder can generate. By appropriately defining traces with and without intruder messages, it is possible to use only first-order logic to show that the protocol dependent parts are safe from intruders. Examples done by hand in paper are Otway-Rees and the modified Needham-Schroeder. Proofs are done by case analysis on messages in protocol --------------------------------------------------------------------- Day 2 Debate Panel: Will Open Source Really Improve System Security? Chair: Lee Badger Panelists: Gary McGraw, Eric Raymond, Fred Schneider, Peter Neuman, Brian Witten For the Proposition Peter Neuman: (projecting a Dilbert cartoon for the audience) Software supplier: "We can fix these bugs for $20,000." Dilbert: "I'm starting to question our single source strategy." Open source is truly a double-edged sword. Given that software engineering is abyssmal, government procrurement is inherently broken, ..., we face the exacerbating point that proprietary methods get product to market as quickly as possible. Would you accept cryptography where you didn't know the algorithm? One source examination case smoked out DES with an effective key length of effectively 9 bits. In a examination of voting machine software, although there were no obvious vulnerabilities, there were at least 23 ways to compromise the election. Open box concept in principle lets you do things you otherwise couldn't; may get proprietary concerns to clean up their act. Eric Raymond: Although there be a case where closed source aids security, I have never seen a single example. Why rely only on the algorithm for security? Because it is hard to protect lots of bits that comprise the algorithm, but the key is only a few bits and thus easier to protect. Open source has same property - the "many eyeballs" effect. Developers change behavior based on presence of open source. Internet software has always been largely open. Detection of malicious bugs in open software are usually caught and fixed in hours. Brian Witten: (Not speaking as a member of the US DoD) Open source will improve security. Corporations will spend real money on reading open source; they will hire experts. Fielding a single product means making tradeoffs affecting security; one size doesn't fit all. Attackers who get access to closed sources can compromise them. Against the Proposition Gary McGraw: No. Fallacies: the Microsoft, the Java, the many eyeballs. Open source is a red herring for security. Analysis of source code is great, good software engineering is good. Open source is orthogonal to these issues. Microsoft makes bad software, Microsoft is closed source, therefore closed source is bad. Disentangle it - Microsoft engineers can examine their own source code, but it doesn't make it better. Java: if we keep fixing holes, then eventually we will fix them all. Each new JDK introduces new vulnerabilities. Penetrate and patch is not optimal. Many eyeballs. The wu-ftpd had a bug that was undetected for many years, only to be exploited in DDOS. RST had noted it in scans. There are tools that will find low-level bugs like buffer overflow, but if the overall design is bad, fixing them doesn't make the system more secure. Fred Schneider: 'Many eyes will find buffer overflow, pointer problems, time-of-check and time-of-use.' This is dogma that is questionable. Using a better programming language than C is a better solution than political approaches. More attention to assurance is important. 1. Test. 2. Analyze and restrict descriptions. 3. Analyze and restrict the construction process. Open source cannot do item 3 because no one is trusted. The software producer could be made accountable for problems in all three areas. "Amateur capitalism to professional communism does not scale." Lipner: Academic review of algorithms is good and can be done. Source code is on a different scale. There was an exercise in security evaluation that made "openish" source available over the Internet. This generated no feedback on the security of the product, and left the impression that no one even tried to examine the security. The product was shipped with source code to customers, and none of them came back with security flaw notices. They merely asked "How do you use this?" PC Week has example of penetration that was enabled by source code availability. The fun part of open source is writing it; reading it isn't fun. The best approach is to pay people to do this and to be successful in the marketplace. Someone has to read the code; it isbest done in a closed source environment. Q&A Ross Anderson: Until 1982, one OS was shipped with source code. Comment? Schneider: What? Is the issue about who writes the code? Anderson: Until 1982 there were many eyeballs, one set of hands. Schneider: There's no harm in widely distributing source code, but I don't want to depend on volunteers to read the code. Raymond: That is a typical model in open source world. In practice, there is a distinguished maintenance group. The "diff" set gets sent to the maintainer for consideration. There is peer review with a single point of accountability. John McHugh: It's a debatable issue; is there any evidence, preferably published, that open source does change programmer behavior? Raymond: The "Fuzz" paper. This fed random inputs to Unix utilities to locate bugs. Open source is consistently more robust. That there are no controls for programmer characteristics makes this more interesting. One might conclude that amateurs consistently beat professionals. McGraw: GNU tools for NT are worse on the fuzz test than the Microsoft tools. Neuman: Having someone to sue for problems is an argument that is invalid because the time to settle a lawsuit is so long. McGraw: There is more concern about branding. (unidentified audience member): The is an implication that college students (or worse) write open source. Professionals are being paid to write open source software. Schneider: I don't want to debate merits of college age programmers. An economic model can work. I can't see how to invest in assurance and then give away high quality and well-tested code. Anyone can recoup the investment. Software will move at a rapid pace and ruin assurance. One must invest repeatedly. Raymond: There is a good business model for open source. Look at my paper "Magic Cauldron". Assurance is an upfront payment to establish one's self as a trusted party. Experience levels of open source programmers exceed those of the closed source world. Paul Karger: (not speaking for IBM). This debate is a red herring. There is a long series of excuses by the security industry: "no market" "export control" etc. Windows 2000 is a bug-prone monolith. We need third party evaluators that are competent. We will never have security along the current path. Raymond: The claim that we don't know how to build complex systems is bull. We do build complex systems, like suspension bridges (McGraw flashes "WRONG" on projection screen). The method institutionalized is to have a transparent process and do independent peer review. John McLean: Paternalistic socialism vs. democracy. DoD builds crypto but they regularly have problems detected by independent review. Raymond: Is that open source software??? Schneider: I'm not opposed to code review, but open source doesn't improve security. Lipner: It doesn't help unless someone looks at the code. Neuman: Without discipline, you get garbage. Years of methods, defense in depth, but we get weakness in depth. The digital world isn't like the civil engineering world, but the discipline of engineering is important. McGraw: What does this have to do with open source? Raymond: The panel sees a gap between open source and security. Open source in the stronger sense says peer review requires equal access to source code. This sets up the right set of incentives. Posit that there's a huge corporation that shows the source code of Microsoft Outlook to the world as a "source code under glass" license. A developer will not want to help someone else profit from improvements that I recommend. The community will not bootstrap itself, but a symmetrical power relationship will make the process work. Participants can get power or reputation. Lipner: Yet it is to be seen if it really scales. I'm skeptical about reward structure. Schneider: The audience will have to think about what they've learned. Source code for Windows NT being public won't make it better. When something grows up as open source will it be better? Eric says "if everyone has equal access will the system be more secure?" Raymond: Open source activity is approximately 7K active projects, developer and tester and contributors number about 750K. This is two orders of magnitude more people than any closed source process. Mark Crispin: Assurance has a problem that it is boolean. Is is too expensive, and most projects aren't assured. Open source gives you more effort devoted to penetrate and patch. Neuman: AES is wide open in cryptography; 'many eyeballs' is working. Formal methodists would love to get their hands on some software. Those eyeballs would be quite interesting to add. They would get rid of weak links. McGraw: The crypto analogy ignores the fact that security is not cryptography. There's a lot more to it than that. You have to keep the key secret in the software. Security is an emergent property of software. Lipner: Analyzing security of crypto algorithms is more tractable and interesting than analyzing software. Neuman: If it's 60M lines of code, yeah. (unidentified audience member): The Fuzz results are biased. AT&T is old stuff. It's folly to ignore progress. There is only a small market for secure systems. Microsoft is not interested in a small market. Raymond: The Fuzz results might show that new code gets written. Syverson: I haven't been in the field as long as Peter (laughter) but they've been dog years. With respec to the 'many eyeballs' argument and formal methods for slogging through lots of source code, it doesn't have to be open. Neuman: Analyzability requires a formal specification and also structure to allow abstraction layer mapping. Open source enforces information hiding, etc. Lipner: Stan Ames said something about "mathematicians work on toy problems, somebody cheats and formal methods cheat on toy problems." In a real case of a 50K product, formal methods couldn't handle it. Raymond: Formal methods are only applicable in ex ante view. One must apply it beforehand. Open source is an aid even when you look at it after the release and bug is found. Virgil Gligor: Why not talk about open design? Salzer and Schroeder recommended this in 1995. Open source doesn't help without insight into the design. The only thing left is black box analysis. You must have some idea of what the designer had in mind. Neuman: That's part of good software engineering. Raymond: Open source is devoted to adherence to standards. Marv Schaefer: A comment. I participated in an analysis of WinNT with Office95 with no access to source code. We did formal methodism, flaw hypothesis method, and read documentation. We found many flaws this way. Source code access would have revealed deeper flaws, probably. We told Microsoft about the flaws. Open source might not have resulted in reports back to Microsoft. One cannot assume no problems just because no one speaks out. Open source will help enemies more than friends. Neuman: Security by obscurity is always there. Reliablity requires openness. This is an intriguing mismatch. Mismatches are often the reason that OS's fail. I still want some kind of open analysis; reports from friends. It is a difficult thing to set up. Schaefer: The design was open; the implementation had problems, implementors did not follow design principles. Raymond: Open source doesn't guarantee good peer review. McGraw: That's the Microsoft fallacy! Lipner: My colleague here manages research source licenses. Ladder of Microsoft: There are 110 users who have access to source and many companies. (unidentified audience member): Openish doesn't cut it. Open source is white box. Grey box ... we have closed binaries. Can you tell me with straight face that customer is better off if he cannot inspect anything??? McGraw: What is the question? (): If open source is not better it should follow that closed binaries are better. ASP's restrict access even to the binary. Lipner: Security depends on a whole batch of things. ASP might be better or worse, it all depends. _____________________________________________________________________ Fifth Session: Intrusion Detection Chair: Phil Porras Paper 1: Using Conservation of Flow as a Security Mechanism in Network Protocols Authors: John Hughes, Tuomas Aura, Matt Bishop The WATCHERS distributed network monitoring protocol attempts to identify and isolate misbehaving routers. Each router counts messages in several categories, and the counts are checked for consistency (the Conservation of Flow condition). This paper considers various shortcomings of WATCHERS, and suggests some possible fixes. Paper Logic Induction of Valid Behavior Specifications for Intrusion Detection Presenter: Calvin Ko One approach to intrusion detection is to make behavior profiles for privileged programs, and notice when such a program does something unusual. This paper uses machine Learning to automate the construction of profiles. The profiles are based on unordered sets of system calls. Inductive Logic Programming is used to process example program executions, and create first-order logic formulas that distinguish ordinary from unexpected behavior. In experiments, the generated formulas detected attacks on the Unix programs imapd and lpr. ____________________________________________________________________ Sixth Session: Assurance Chair: John McHugh Paper 1: Model Checking for Network Vulnerability Detection Presenter: Ronald Ritchie A model checker is different from a rules-based network. Model checkers are good at searching large state spaces to determine whether an assertion is true or false. An exploit is a technique used to carry out an attack; exploits in this system are modeled by Prerequisites and Results. Attacks are changes that increase the vulnerability of the target system. The model of an attacker is one who or that which: Chooses a host to analyze Tries to find an exploit The attacker is trying to reduce the level of security of the overall network below the security requirements. An example requirement is that attacker cannot get access to Private File Server or root access on Public Web Server. The model checker can automatically derive a pathway from compromise of the password file to a login on the web server in order to access to private file server. Question: Performance? Scalable to large network? Answer: The flexibility of checker allows more sophisticated analysis. Question: If the model checker finds a particular attack, will it find others? Answer: No, but it could be changed to keep going. Question: Could you discover exploits by analysis of the model? Answer: No, I don't think so, we need to start with known exploits. Question: Have you considered tying this to a scripting engine? (Laughter) Paper 2: Verifying the EROS Confinement Mechanism Presenters: Jonathan Shapiro, Samuel Weber Jonathan Shapiro: EROS is a fast, capability-based operating system. Higher-level security policies can be implemented on capability systems if there is confinement assurance. This motivates the verification of the EROS confinement mechanism, which provides runtime guarantees of process confinement. Lampson defined confinement as program that can only communicate outward through authorized channels. A confined subsystem cannot be inspected by the user. EROS, in a simplified view, has two kinds of objects: data pages and capability nodes. It is a microkernel system without performance penalties. An EROS Constructor certifies confinement of a program or subsystem by examining the capabilities to be assigned to it. If the capabilities are either safe or already known to be authorized, then the subsystem can be considered confined. Capabilities are safe is they do not convey mutation authority, or are read-only or weak or limited by a constructor that generates confined products. Sam Weber: The model is constructed as a state transition system. The model is more powerful than the system. It implicitly quantifies over all user states. Confinement only requires that processes can't increase their authority by means of object creation. If A creates B, B gets no more than subset of A's authority. For each kernel call, the system must name the state objects it mutates or creates. This constitutes a formal model of capability systems Shapiro: The Verfication strategy System calls either succeed or they don't; there is no hidden state in the operating system, no kernel stack. Actions in capability systems only have local effects on the direct access graph, which simplifies verification. EROS process creation time is only 2/3 that of Linux's fork and exec. This shows that confinement can be enforced in capability systems. Question: The result sounds like type safety and soundness for programming languages Answer (Weber): Indeed. A (Shapiro): It is different in several ways. A (Weber): The computation is more compicated. Q: What is the performance wrt number of systems calls to effect a result? A: That isn't the right metric. Instead, how much time is spent in systems services? EROS does many kernel operations, but is still faster than Linux. Q (Cliff Neuman): Some of us have been playing with capability systems for over 30 years. What about the realistic nature? I'm delighted to see the continuation of KEYCOS chain of approaches. What is the usefulness of all this research that has never seen the light of day? A (Shapiro): Why do an oddball OS? There are contexts arising where people need to execute code where parties don't trust each other. Unix doesn't facilitate controlled collaboration; it does allow Balkanization. I don't see this taking over the desktop. Second, a capability system that does indirection can do revocation. Q (Karger through Neuman): AS400?? Paper 3: Fang: A firewall analysis system Presenter: Avashai Wool Do you know what your firewall is doing? This is not a joke. System adminstrators face a lot of hard questions in managing firewalls. The rules are order dependent, written in arcane language, with poor GUI's, and the problems are multiplied if there are multiple firewalls. Firewall consultancy is a well-reimbursed career. The objective of this work is to allow high-level analysis of a configuration. It can be used to gain understanding of the configuration via queries. Names are taken from configuration files; each firewall gets a portion of the namespace, and each network interface gets a portion of the namespace. The Gateway Zone Graph is a data structure used in the analysis. A bipartite graph, it has firewalls, gatways, network interfaces, zones. The analysis system needs to check all paths from source to destination. It does not model routers and thus doesn't depend on their correct configuration as part of the system security. FANG tests for spoofing of the source IP address in network packets. It can test that a firewall drops faked packets. In comparison to current active vulnerability testing tools, Fang is unique in that it can test the entire Internet as fast as individual host. The spoof test is an abstraction, not actual testing, so it is faster. Q&A Q: Performance? A: Even with thousands of rules, the whole thing works in seconds. Q: What about human behavior, say cabling things incorrectly? A: We are working with Bill Cheswick to detect rogue connections, then we will use it as the definitions that are input to Fang. Q (McHugh): What about the utility of rule transformations to translate between vendor formats? A: 1. It is feasible, but we haven't done it. 2. We modeled what a firewall can do and fit everything into that. If we don't model something that the firewall supports we could err; we are pretty good on core network protocols and have captured them pretty well. More elaborate protocols force us to fudge it somewhat. We tried to take a fairly inclusive model of what firewalls can do. Q: Balkanization in telephone switches some years ago resulted in AT&T producing a tool to translate between configuration languages was really useful. A: My paper last year was relevant to that. _____________________________________________________________________ 5 Minute Talks Chenxi Wang - Software Tamper Resistance through Obfuscation of Static Analysis Lee Badger - Wrappers and Emerald intrusion detection Clay Shields - Using IP Multicast for anonymous IP addresses; multicast lead to families of protocols with different properties. We are developing a logic of anonymity. Onion routing style approach. Dan Lough- A Taxonomy of Attacks in the Internet Extended MATT Bishop's work on studies of attacks. Added integrity flaws and trapdoor from McPhee and Neuman. Added others from several sources. Have ambiguous categories. Matches up attacks across taxonomies. Contrasts principles of security vs. characteristics of security flaws. Future work IS to create taxonomic systems Dan Lough - Tamper Resistent Software The encoder cloaks software, which remains executable Tampering will introduce bugs and is thus detectable The program graph is expanded using randomly inserted constructs that preserve functionality Fun to play with compiler Need to define what tamper-proof means Patents pending Sejong Oh, The RBAC Agent Model on Enterprise Web Environment Using SSL and RBAC agents to mediate access Asirelli, A deductive tool applied to the definition and verification of firewall policies. The tool is easy to use, produces concise definition of the firewall policy, easy to understand and analyze. Will use it on real networks and in security policy management for a radiological department Douglas Kilpatrick - Napolean Wrappers, Data Driven Policy Management and Enforcement Role based policy generation. Napolean will generate graphical policy and wrappers will enforce it. Layered architecture. Generates policies easily and enforcement generated in seconds. Intermediate language had poor mapping to Unix semantics. Had to duplicate policy attributes for similar policies; could lead to performance penalty. Need to add secure policy distribution. Need to secure interfaces. John Reisner - An Agent Model Countering the Security Problem of Malicious Hosts Can encrypt portions of agents, can sign the code. But this requires that the agent creator know the hosts in advance. 5 components that might need protection: Originator Originator data Acquired data ... 8 operations Use models to develop secure agents based on analysis of agent requirements and vulnerabilities. Dave Goldberg - Self-Authenticating Paper Documents Write glyphs onto each page of document Scan the document Print digital signature of the compressed bits on the document Need to scan and get the content, not the appearance Do symbol-based compression, dieselpaper has higher compression ratio but lower quality Can get 24K postscript down to 3003 bytes Compression tries to find similar connected components; keep pointers to connected components Store pointers to images Richard B. Neely - Information Engineering for Security Risk Analysis Assets -(Impact) Threats, - (Impedance) Controls Relevance Applicability Want to apply this to products for general analysis capability Heiko Mantel - A New Framework for Possibilistic Security - A Summary Information flow for representation, comparison, and construction of "possibilistic" security properties. Security properties are assembled from basic building blocks. Two dimensions to the building blocks. See papers at the CSFWorkshop this year. Sven Dietrich - History and Future of Distributed System Attack Methods Categories; Information gathering Remote sniffing Denial of service Remote execution of code The problem is how to find the attack topology quickly. Increase targeting of infrastructure Dawn Song - APG Automatic Generation of Security Protocols New protocols are necessary Method is to take requirements and specification, generate possible protocols, screen them, select an optimal protocol. The "Athena" protocol checker relates specification to protocol Two party authentication and key distribution with TTP is 10^12 state space. Can be explored efficiently. Simon Foley - Malicious Code on a Palm Handheld Didn't find any malicious code, despite searching Asked, what does it take to run malicious code on such a device? Did construct a virus that goes into the code resource of target application database Easy to infect once a virus is on the device Infection from handheld to workstation is very unlikely At any rate, infection does not spread on workstation Applications may facilitate virus spread through mail Dan Wallach, Rice University - Termination in Language Based Systems How to enforce resource limits by killing an applet or servlet or whatever? Soft termination - thread.stop and thread.destroy are not safe. Can terminate threads, thread groups, classes. System classes execute normally. Blocking I/O can be interrupted. Deadlock is ugly. Done via byte code rewriting. ______________________________________________________________________ Day 3 Seventh Session: Key Management Chair: Audun Josang Paper 1: A More Efficient Use of Delta-CRLs Presenter: David Cooper This paper addresses the problem of timely distribution of Certificate Revocation Lists. Information about newly revoked certificates (Delta-CRLs) is fetched by certificate users as needed. This paper considers details of update frequency, caching strategy, and network bandwidth. The paper argues that the original method of using Delta-CRLs is not especially efficient, and suggests Sliding Window Delta-CRLs as an improvement. The audience discussion brought out the problems associated with the bursty nature of revocations. Paper 2: An Efficient, Dynamic and Trust Preserving Public Key Infrastructure Presenter: Albert Levi Verifying a certificate chain can require considerable arithmetic. The paper introduces Nested Certificates, wherein an Authority testifies that the arithmetic of one or more certificates in a path is valid. The notion is that Certificate Authorities would generate these with their spare cycles, and that verifiers would find it more efficient to retrieve and check NCs than check a whole certificate chain. There was some audience skepticism about the usefulness of the idea. Paper 3: Kronos: A Scalable Group Re-Keying Approach for Secure Multicast Presenter: Sanjeev Setia, Samir Koussih, Sushil Jajodia, and Eric Harder Secure multicast requires some way of updating member keys as members join and leave the multicast group. This paper looks at several approaches to rekeying, and models their behavior as a function of group membership volatility. Kronos is introduced and contrasted with other solutions. The authors feel that Kronos is more scalable, while not requiring intermediate nodes in the key distribution hierarchy to also do packet reencryption. The auidience objected that Kronos unfairly relaxed the forward- backward confidentiality requirement. _____________________________________________________________________ Eigth Session: Access Control II Chair: Lee Badger Paper 1: LOMAC Low Water-Mark Integrity Protection for COTS Presenter: Tim Fraser LOMAC is a kernel resident access control mechanism based integrity protection using the "low-water mark" model. The question for operating system designers is whether or not this can this be done so that the users perceive it as valuable and painless. The system introduces two-valued label: low integrity, high integrity. Compatibility is achieved by loadable kernel modules in Linux. One can consider a Venn diagram of privilege revision models. The revisions can be based on what the process observes, modifies, or invokes. This leads to the following sets: Invoke - Chinese Wall, Clark-Wilson, DTE, RBAC Modify - Chinese Wall Observe - Chinese Wall, Low Water Mark Because LOMAC is based on what a process observes, it can change the access permissions for a process while it is running. Unix processes expect mediation to be done only once, when an object is opened, and this means that the processes will not be robust when access is revoked. LOMAC defines conventions that allow communicating process groups to minimize revocations and still be subject to integrity restrictions. Q&A Karger: Is LOMAC the same as Biba's original model? A: Yes. The model had to be modified to accommodate shared memory. Lipner: Have you tried enough useful work to see if it really is easy to use, considering upgrading and downgrading frequency. A: Yes, I used it for web building. LOMAC trusts the system log objects. Q (Cynthia Irvine): How does setuid work? A: LOMAC doesn't have identities. A level 1 root user remains at level 1 and cannot affect level 2 objects, cannot kill higher level processes, cannot mount file systems, etc. Paper 3: IRM Enforcement of Java Stack Inspection Presenter: Ulfar Erlingsson The implementation of the enforcement is done via an inlined reference monitor. It allows efficient stack inspection for enforcing security policies. The challenges are: to guarantee integrity of the monitoring when it is embedded in the application to observe all relevant effects, to maintain the functional correctness of application. The system works by rewriting the JVML classes; it uses guarantees given by the JVML verfifier. The applications are transformed into security applications with runtime checking. The transformation is done by a Policy Enforcement Toolkit which takes a policy specification and a Java application as input and produces a Java application with an inlined reference monitor as output. The policy enforcement state is not visible to the original application. The IRM must inpect the stack in order to understand the security state. n Java, each call stack is in a protection domain, each protection domain has a set of permissions Stack inspection is done for the most common primitive in Java,the method call, and also for checkpermission and doprivilege. The paper contains the timing information indicating the overhead introduced for the checking. IRM has the advantage of allowing the security policy to be specified and inserted into the code at the boundaries of an organization Q&A Q: What fraction of Java bugs would this have prevented? A: Most bugs were found in the verifier; we rely on the verifier. However we could stop things like an applet opening too many windows, or you cannot use the network if you have used the file system - we can do this. Q: I built that in 1995. Q: What are the implications of JIT? A: The JIT is a complicated compiler in the Java TCB. We have the first formal representation of what stack inspection is. Q: (question re hardware failure) A: We rely on the hardware, always. Badger: Can the IRM's share policy state information? A: They can communicate with IPC if they aren't in the same process. That capability is part of our system. Q: McLean: can you take information flow out of this? A: We have given thought to extensions, yes. ===================================================================== Report on The Twelth Forum of Incident Response and Security Teams June 25-30, 2000 Chicago, USA Review by Cristina Serban The 12th FIRST (Forum of Incident Response and Security Teams) International Conference was held June 25-30 in Chicago, IL. [If you are not familiar with FIRST, it is the international organization of CERTs, or Computer Emergency Response Teams, including teams from literally all over the world, representing universities, industry, defense organizations or even whole countries. A lot more info at www.first.org if you are interested.] The 2000 conference had two full days of tutorials, followed by three days of paper and panel presentations, with the FIRST annual general meeting in between. Among tutorials, we had "Internet Cryptography" by Bruce Schneier and "Intrusion Detection and Network Forensics" by Marcus Ranum - both high-level overviews of the respective fields, along with "Firewalls: What am I seeing?" by NetworkICE's Robert Graham for the technical-detail minded participants. [I believe some of the information presented in the latter is still available from www.robertgraham.com if you are into firewalls or sniffing business.] The conference had keynote addresses from Bruce Schneier, Joseph D'Angelo (Citigroup), and Scott Charney (formerly DoJ, now Pricewaterhouse Coopers). Consensus: Risk management, not threat avoidance; What is secure today won't be tomorrow; Theft of info, DoS and extortion are growing significantly. Another important change noted is in staff composition: Current staff has many consultants and temps with the *same* access as full-time employees; Former staff do not have all access rights removed when they leave. These, coupled with high turn over, make security a lot harder to manage. Among the topics discussed in papers and panels: -- Using a Protocol Tunnel to Defeat a Firewall (BT Labs): Context of applications is rarely considered by commercial firewalls, allowing for attacks through protocol tunneling (encapsulating a protocol within another protocol firewalls would let pass). The bad news: tools are already available httptunnel is one for wide use. Only one compromised host behind the firewall is needed, then client/server setting for tunneling *any* protocol over http. Solutions proposed: Maintaining domains similar to CMW at host level, IPSec segmentation at network level (separate stacks, 1 per sensitivity level). Implementation: firmware on special networking card for "bump in the wire." -- Honeynets (Sun): The idea: build a mirrored environment of your production and use it to test and develop security technologies and procedures, exploit vulnerabilities, track hackers, gather and log data, etc. The purpose is to have these systems probed, attacked, and compromised, while gathering information in real time (analysis later). [This is a nice extension of the honey pot concept, but who can afford a *full* mirrored environment in real life?] -- Intrusion Detection Technology Today and Tomorrow (AT&T Labs): Lessons learned from years of IDS work include: Most IDS products are still rapidly evolving (commercial IDS are still maturing, security companies are re-structuring); Too many false positives make operators ignore alerts or re-configure thresholds (risking to miss important alarms); While ID (Intrusion Detection) is addressed to different extents, IR (Intrusion Response) is not. Data correlation is necessary on IDS products and cross-product, and an expert-system approach to ID could be the right way to go. -- We did hear about "defense/security in depth" A LOT during this conference it is becoming a mainstream concept. There were also a lot of lively discussions during the sessions and outside, several bofs, plus many exchanges of real-life experiences and information. Chicago was sunny (not windy), and the local organizers from Northwestern University did a great job. Overall, it was an excellent conference for all those involved in incident response security work. ==================================================================== Staying in Touch ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to (which is NOT automated) with subject line "subscribe". 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to (which is NOT automated) with subject line "subscribe postcard". To remove yourself from the subscription list, send e-mail to cipher@issl.iastate.edu with subject line "unsubscribe". Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher@issl.iastate.edu are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at www.ieee-security.org/Cipher/AddressChanges.html Entered August 4, 2000 David Bell retired, quit 2415 Andorra Place Reston VA 20191 voice: 703-476-0839 fax: 703-476-3964 email: dbell@clark.net Entered June 3, 2000 Randall Atkinson Senior Scientist Extreme Networks PO Box 11147 McLean, VA 22102-9147 rja@inet.org Tom Van Vleck Encirq Inc 64 Bayonne Pl Ocean City, NJ 08226 609-398-5926 Entered May 20, 2000 Bob Bruen bruen@exile.ne.mediaone.net Entered April 26, 2000 Bill Bartgis TRW P.O. Box 58992 Riyadh 11515 Saudi Arabia Voice: +966.1.476.9777 ext. 42776 Fax: +966.1.478.5622 E-mail: bartgis@gibraltar.ncsc.mil Entered March 20, 2000 Heather Hinton IBM Tivoli Security Business Unit 9020 Capital of Texas Hwy N. Great Hills Corporate Center Building 1, Suite 270 Austin, TX 78759 USA e-mail: hhinton@tivoli.com Telephone: +1:(512)458-4037x5023 Fax: +1(512)458-2377 ==================================================================== Interesting Links and Reports Available via FTP and WWW ==================================================================== "Reports Available" links from previous issues of Cipher are archived at www.ieee-security.org/Cipher/NewReports.html and www.ieee-security.org/Cipher/InterestingLinks.html Infosec Research Council, Malicious Code Infosec Science and Technology Study Group. "Attacking Malicious Code" by Gary McGraw and Greg Morrisett www.rstcorp.com/irc. ==================================================================== Reader's Guide to Current Technical Literature in Security and Privacy, by Anish Mathuria ==================================================================== The Reader's Guide from Past issues of Cipher is archived at www.ieee-security.org/Cipher/ReadersGuide.html ==================================================================== Listing of academic positions available by Cynthia Irvine May 22, 2000 ==================================================================== Department of Computer Science, University of Twente, Enschede, The Netherlands Research Assistant/Ph.D. (depending on candidate) (05/22/00) Areas of particular interest: Distributed multimedia database systems, information security, security of multimedia databases, COTS components in the construction of secure systems, and tools and techniques to copyright and protect content. Application open until June 01, 2000. http://www.utwente.nl/vacancies/1/3/1/015.shtml Department of Information and Software Engineering, George Mason University, Fairfax, VA 1 Tenure-track and 1 visiting position in security (05/01/00) Areas of particular interest: Computer security, networking, data mining and software engineering Search will continue until positions are filled. http://ise.gmu.edu/hire/ Department of Computer Science, University of Twente, Enschede, The Netherlands Ph.D., Postdoctoral or research fellow (depending on candidate) (04/20/00) Areas of interest: E-commerce. Areas of particular interest: Hiring for the following security related projects: "Architectural support for secure cooperation", and "User authentication and authorisation in dynamic (mobile) e-commerce environments". Application open until June 01, 2000. http://www.ctit.utwente.nl/vacancies/ad_ec_uk.html Department of Computer Science, Dartmouth College, Hanover, NH Tenure Track Positions Areas of interest: all fields of computer systems. Areas of particular interest: Computer security, or anything that can contribute to the new Institute for Security Studies at Dartmouth. Applications will be processed as they arrive, with interviews expected in March or April 2000. http://www.cs.dartmouth.edu/job.html Department of Computer Science, Purdue University, West Lafayette, IN Emphasis on Assistant Professor Positions, but more senior applicants will be considered Areas of particular interest: Computer security, and INFOSEC. Positions beginning August 2000. http://www.cs.purdue.edu/positions.html Department of Computer Science, Renesselaer Polytechnic Institute, Troy, NY Tenure Track, Teaching, and Visiting Positions Areas of particular interest: Computer security, networking, parallel and distributed computing and theory. Positions beginning Fall 2000. http://www.cs.rpi.edu/faculty-opening.html Swiss Federal Institute of Technology, Lausanne (EPFL), Switzerland/Eurecom/Telecom Paris General Director Areas of particular interest: Education and research in telecommunications. Applications begin immediately. http://admwww.epfl.ch/pres/dir_eurecom.html Department of Computer Science, Naval Postgraduate School, Monterey, CA Junior and Senior Tenure Track Positions in Professorship Areas of particular interest: Computer Security, but applicants from all areas of Computer Science will be considered. Applications begin immediately and are open until filled. http://www.cs.nps.navy.mil/people/faculty/chairman.html Department of Computer Science, Florida State University, Talahassee, FL Tenure-track positions at all ranks. Several positions available. (1/00) Areas of particular interest: Trusted Systems, security, cryptography, software engineering, provability and verification, real-time and software engineering, provability and verifications, real-time and safety-critical systems, system software, databases, fault tolerance, and computational/simulation-based design. http://www.cs.fsu.edu/positions/ Naval Postgraduate School Center for INFOSEC Studies and Research, Monterey, CA, Visiting Professor (Assistant, Associate, or Full Professor levels) (9/98) Areas of particular interest: Computer and information systems security. http://cisr.nps.navy.mil/jobs/npscisr_prof_ad.html This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ______________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy ________________________________________________________________________ You do NOT have to join either IEEE or the IEEE Computer Society to join the TC, and there is no cost to join the TC. All you need to do is fill out an application form and mail or fax it to the IEEE Computer Society. A copy of the form is included below (to simplify things, only the TC on Security and Privacy is included, and is marked for you). Members of the IEEE Computer Society may join the TC via an https link. The full and complete form is available on the IEEE Computer Society's Web Server by following the application form hyperlink at the URL: computer.org/tcsignup/ IF YOU USE THE FORM BELOW, PLEASE NOTE THAT THE IT IS TO BE RETURNED (BY MAIL OR FAX) TO THE IEEE COMPUTER SOCIETY, >>NOT<< TO CIPHER. --------- IEEE Computer Society Technical Committee Membership Application ----------------------------------------------------------- Please print clearly or type. ----------------------------------------------------------- Last Name First Name Middle Initial ___________________________________________________________ Company/Organization ___________________________________________________________ Office Street Address (Please use street addresses over P.O.) ___________________________________________________________ City State ___________________________________________________________ Country Postal Code ___________________________________________________________ Office Phone Fax ___________________________________________________________ Email Address (Internet accessible) ___________________________________________________________ Home Address (optional) ___________________________________________________________ Home Phone ___________________________________________________________ [ ] I am a member of the Computer Society IMPORTANT: IEEE Member/Affiliate/Computer Society Number: ____________________ [ ] I am not a member of the Computer Society* Please Note: In some TCs only current Computer Society members are eligible to receive Technical Committee newsletters. Please select up to four Technical Committees/Technical Councils of interest. TECHNICAL COMMITTEES [ X ] T27 Security and Privacy Please Return Form To: IEEE Computer Society 1730 Massachusetts Ave, NW Washington, DC 20036-1992 Phone: (202) 371-0101 FAX: (202) 728-9614 _____________________________________________________________ TC Publications for Sale _____________________________________________________________ Proceedings of the IEEE CS Symposium on Security and Privacy The Technical Committee on Security and Privacy has copies of its publications available for sale directly to you. Proceedings of the IEEE Symposium on Security and Privacy -------------------------------------- 2000 $25.00 1999 -- SOLD OUT -- 1998 $15.00 For domestic shipping and handling, add $3.20 (3 volumes or fewer). For overseas delivery: -- by surface mail, please add $5 per order (3 volumes or fewer) -- by air mail, please add $10 per volume If you would like to place an order, please specify * how many issues you would like, and * where to send them, and * the shipping method (air or surface) for overseas orders. For mail orders, please send a check in US dollars, payable to the "2000 IEEE Symposium on Security and Privacy" to: Brian J. Loe Treasurer, IEEE TC on Security and Privacy Secure Computing Corp. 2675 Long Lake Rd. Roseville, MN 55113 U S A For electronic orders, in addition to the information above, please send the following credit card information to brian.loe@computer.org: - the name of the cardholder, - type of card (VISA, Mastercard, American Express, and Diner's Club are accepted) - credit card number, and - the expiration date. You may use the following PGP public key to encrypt any information that you're not comfortable sending as cleartext. -----BEGIN PGP SIGNATURE----- Version: 4.0 Business Edition iQCVAwUBOSVyE0y6WVOs56vlAQFVRwQAg3/SovqmTqWKCExfeTDkgMaFpkOGRKpo A/p5c/oSrg8g2ev7GBllKz+e3/frSi27pyA5HBxXzm5tnqnCafjS1Fub8S7XepWo opI/lPGGXRmHHlBDNQ+58ui5/SH68cT64auBbYmvhh8YQqJJnoieMMWDlU3fvR/y RynPbZ2hMn0= =FL5l -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 4.0 Business Edition mQCNAy+T6TkAAAEEAN/fnVu7VCPtcmBQhXFhJbejSoZJkEmWNUYvx13yRwl/gyir 61ae+GUjgWjWs9O06C6dugRGrjFZpBhMosu7sgGJMz54hvKbBNrYBSHpH0yex6e/ +c2mzbCbh40naARgPAaAki2rCkV2ryETj2Z6w98/k5fMgOZDnEy6WVOs56vlAAUR tBtCcmlhbiBKLiBMb2UgPGxvZUBzY3RjLmNvbT6JARUDBRA5FvlSehjn4trNNnMB AVulCAC/cqeBfMVohQqSZSHsaBudKUaKRCbH9PoKB0xr2SkmI/XYTzm6X7Cc+CXb hfcO/t++p1IscnB9Ne7Qa/MYqTD3zzgp/x/xor0bHnLSLGlVCN3XoRr3oxWuGOE9 Bul85Jse5V3FqMjsnGzm3PFRnYEJ9EPfTbWLnmmPteNSCwzFJe0z2nSAWbW+X4BQ W6qN/5SHFWQ/0xcpSWte7TD98BDpZl12ow3W+NY1P01AYfby0IthvuPL7PMrcOgV cGz8sBflkF4QbL/CJW42oPjztvj+Ks+I2b1W9oSJgX5fPeU9hcsPg3wVO5o3/Mdb lEtBSrdQfnbfOpiEm16/CK3OGr3NiQB1AwUQL5UPKjVOHVCprfxtAQG2tgMAruPD qtQzxJVdegzUG+0r0AMEDxmGDN84PUU9AMhXl2owR2/TthpDpmovMq8ibeLd0PGk NgXJFlLHJNvU09jP1O4TqwvoSTzG84qm8OY7kfdOqY7PTsz0keT7WgFuuglKiQCV AwUQL5UOenp25Pxx+Z6ZAQH5MAP/c1SngCYf1+Ks1M2Cbf8PR4t5hQAM5tGFHA8J zS5L/3NZNyoNAD4fgRm62xr8trFWtT4BSmZboXgqklTvwbQKWn90EsoKEtdfJNtJ swVNkLF/SjLyes/J6HEgllPUaKVIq5PM8AIrKsAKvHZoDcDbDH8QypnQsdxYhOOh a0pxCpaJAJUDBRAvlCiXTLpZU6znq+UBAdmiA/9eq6niZHHykR/27P9chkqhYLuq /E1CirA+aYP73OdbfXeV+vwDxr9Zzv2iTra/DUNyJzU7JelWRFlov+k7yiO6Pr7j bWeqms0WYsQV30jIelBs6w34A4CC1bnuHxt6gKxd63EZCqhVsZV+GN3pGfL2CQBc mraYYRb4Q1+gSocsAIkAdQMFEDXRyzCbYv3kpAuW2QEBv+AC/jDstmZP0UTTwixB htVd50TqxE0vU/g6YC6sKg1wyHNlYEvwP0xRsM1P+Qs1603SV6TarP8q5AQVMuwg 1qQxxuThCAG/hXcsI5t/5pbMTQSAMUkZQHittS69sSQtNSd+R7QlQnJpYW4gSi4g TG9lIDxicmlhbi5sb2VAY29tcHV0ZXIub3JnPrQmQnJpYW4gSi4gTG9lIDxsb2VA c2VjdXJlY29tcHV0aW5nLmNvbT4= =PUX1 -----END PGP PUBLIC KEY BLOCK----- You may also order some back issues from IEEE CS Press at www.computer.org/cspress/catalog/proc9.htm. Proceedings of the IEEE CS Computer Security Foundations Workshop (CSFW 1, 5 through 12) The most recent Computer Security Foundation Workshop (CSFW12) took place the 28th through 30th of June in Mordano, Italy. Topics included formal specification of security protocols, protocol engineering, distributed systems, information flow, and security policies. Copies of the proceedings are available from the publications chair for $25 each after 1 July. Copies of earlier proceedings starting with year 5 are available at $10. Photocopy versions of year 1 are also $10. Checks payable to "Joshua Guttman for CSFW" may be sent to: Joshua Guttman, MS A150 The MITRE Corporation 202 Burlington Rd. Bedford, MA 01730-1420 USA guttman@mitre.org ________________________________________________________________________ TC Officer Roster ________________________________________________________________________ Chair: Past Chair: Thomas A. Berson Charles P. Pfleeger Anagram Laboratories Arca Systems, Inc. P.O. Box 791 8229 Boone Blvd, Suite 750 Palo Alto, CA 94301 Vienna VA 22182-2623 (650) 324-0100 (voice) (703) 734-5611 (voice) berson@anagram.com (703) 790-0385 (fax) c.pfleeger@computer.org Vice Chair: Chair, Subcommittee on Academic Affairs: Michael Reiter Prof. Cynthia Irvine Bell Laboratories U.S. Naval Postgraduate School 600 Mountain Ave., Room 2A-342 Computer Science Department Murray Hill, NJ 07974 USA Code CS/IC Monterey CA 93943-5118 (908) 582-4328 (voice) (408) 656-2461 (voice) (908) 582-1239 (fax) irvine@cs.nps.navy.mil reiter@research.bell-labs.com Newsletter Editor: Jim Davis Department of Electrical and Computer Engineering 2413 Coover Hall Iowa State University Ames, Iowa 50011 (515) 294-0659 (voice) davis@iastate.edu Chair, Subcommittee on Standards: Chair, Subcomm. on Security Conferences: David Aucsmith Jonathan Millen Intel Corporation SRI International EL233 JF2-74 Computer Science Laboratory 2111 N.E. 25th Ave 333 Ravenswood Ave. Hillsboro OR 97124 Menlo Park, CA 94025 (503) 264-5562 (voice) (650) 859-2358 (voice) (503) 264-6225 (fax) (650) 859-2844 (fax) awk@ibeam.intel.com millen@csl.sri.com BACK ISSUES: There is an archive that includes each copy distributed so far, in ascii, in files you can download at URL www.ieee-security.org/cipher.html ========end of Electronic Cipher Issue #38, August 4, 2000============