Refereed Papers

• Enforcement of Complex Security Policies with BEAC, 1,
  I-Lung Kao, Randy Chow, University of Florida
• The Controlled Application Set Paradigm for Trusted Systems, 11,
  Daniel F. Sterne, Trusted Information Systems, Inc.; Glenn S. Benson, European Computer-Industry Research Centre
• Information Domains Metapolicy, 27,
  Gene Hilborn, Computer Sciences Corporation
• Maintaining Secrecy and Integrity in Multilevel Databases: A Practical Approach, 37,
  Sushil Jajodia, George Mason University; Don Marks, Department of Defense; Elisa Bertino, Universita di Milano
• TOP: A Practical Trusted ODBMS, 50,
  Marvin Schaefer, Arca Systems, Inc.; Valeria A. Lyons, Paul A. Martel, Antoun Kanawati, ONTOS, Inc.
• Great Unsolved Problems in Applied Computer Security, 63,
  Mark G. Graff, Sun Microsystems
• Addressing INFOSEC Analysis Problems using Rule-Based Technology, 73,
  Richard B. Neely, Ph.D., James W. Freeman, Ph.D., CTA Incorporated
• Identification of Subjects and Objects in a Trusted Extensible Client Server Architecture, 83,
  Terry C. Vickers Benzel, E. John Sebes, Homayoon Tajalli, Trusted Information Systems, Inc.
• The New Alliance: Gaining on Security Integrity Assurance, 100,
  René H. Sanchez, Rockwell Space Operations Company Donald L. Evans, UNISYS
• An Unusual B3-Compliant Discretionary Access Control Policy, 113,
  Jeremy Epstein, Gary Grossman, Albert Donaldson, Cordant, Inc.
• GENSER Message Multi-Level Secure Classifications and Categories, 123,
  Mary Lou Hoffert, NCPII Development Team, NCTAMS LANT and NCTS Washington
• A Standard Audit Trail Format, 136,
  Matt Bishop, University of California, Davis
• TCP/IP (Lack of) Security, 146,
  Jesper M. Johansson, University of Minnesota
• AINT Misbehaving--A Taxomony of Anti-Intrusion Techniques, 163,
  Lawrence R. Halme, R. Kenneth Bauer, Arca Systems, Inc.
• Simulating Concurrent Intrusions for Testing Intrusion Detection Systems: Parallelizing Intrusions, 173,
  Mandy Chung, Nicholas Puketza, Ronald A. Olsson, Biswanath Mukherjee, University of California, Davis
• Maintaining Privacy in Electronic Transactions, 184,
  Benjamin Cox, Carnegie Mellon University
• A Software Architecture to Support Misuse Intrusion Detection, 194,
  Sandeep Kumar, Eugene H. Spafford, The COAST Project, Purdue University
• Providing Accurate Data Labels to the Analyst - The Secure C4I Workstation, 205,
  Ingrid Dampier, Christine Corbett, TRW Integrated Engineering Division
• Controlling Network Communication with Domain and Type Enforcement, 211,
  David L. Sherman, Daniel F. Sterne, Lee Badger, Sandra L. Murphy, Kenneth M. Walker, Sheila A. Haghighat, Trusted Information Systems, Inc.
• Integrating COTS Applications on Compartmented Mode Workstations, 221,
  Susan A. Heath, The Boeing Company
• Project WINMILL: Using a COTS Solution to Connect LANs of Different Compartments, 228,
  Al Nessel, Curt Sawyer, Defense Intelligence Agency
• On Guards . . . En Garde, 236,
  Lawrence M. Sudduth, Secure Computing and Communications, Inc.
• Securing Local Area and Metropolitan Area Networks: A Practical Approach, 249,
  Prof. Vijay Varadharajan, University of Western Sydney, Nepean, Australia
• Using Network Traffic Analysis as a Security Tool, 262,
  Peter Troxell, Curry Bartlett, Nicholas Gill, Digital Equipment Corporation
• SAGE: Approach to Rapid Development of Trusted Guard Applications, 271,
  Karen Goertzel, Wang Federal, Inc.
• Experiences with Implementing Messaging Security in MSMail 3.2, 281,
  James E. Zmuda, Russell Housley, Spyrus
• Can Computers and Epidemiology Get Along? Health Problems in Computers, 291,
  Guillermo M. Mallén-Fullerton MS, Universidad Nacional Autonoma de México; Dr. Florencia Vargas-Vorackova PhD, Instituto Nacional de la Nutrición; Dr. Enrique Daltabuit-Godas PhD, Universidad Nacional Autónoma de México
• Disaster Recovery Planning Case Study: The South African 1994 Election, 300,
  Walter Cooke, CISSP, W. J. Cooke and Associates Ltd.
• VHA's Approach to Contingency Plan Development, 308,
  Gail Belles, Medical Information Security Service, National Center for Information, VA Medical Center
• Functional Security Criteria for Distributed Systems, 310,
  Janet Cugini, NIST; Rob Dobry, NSA; Virgil Gligor, University of Maryland; Terry Mayfield, Institute of Defense Analyses
• A Perspective of Evaluation in the UK Versus the US, 322,
  Alan Borrett, Member of UK ITSEC Scheme
• ECMA's Approach for IT Security Evaluations, 335,
  Alexander Herrigel, R3 Security Engineering AG, Switzerland; Roger French, Digital Equipment Corporation; Haruki Tabuchi, Fujitsu Ltd, Japan; The European Computer Manufacturers Association
• Rating Network Components, 344,
  Gloria Serrao, NSA
• Analysis Requirements for Low Assurance Evaluations, 356,
  James L. Arnold Jr., NSA
• Measuring Correctness and Effectiveness: A New Approach Using Process Evaluation, 366,
  Klaus Keus, Klaus-Werner Schröder, Bundesamt für Sicherheit in der Informationstechnik, Bonn, Germany
• Reengineering the Certification and Accreditation Process: Security is Free, 374,
  Sean G. Mahon, Boeing Information Services
• Critical Factors of Key Escrow Encryption Systems, 384,
  Dorothy E. Denning, Georgetown University
• Evaluating the Strength of Ciphers, 395,
  John C. Higgins, Brigham Young University
• Community Response to CMM-Based Security Engineering Process Improvement , 404,
  Marcia W. Zior, NSA
• Measuring Security: What Can We Learn from Other Fields?, 414,
  Deborah J. Bodeau, The MITRE Corporation
• Security and Software Reuse, 424,
  George W. Rogers, Jr., Jerry C. Crabb, The Analysis Corporation
• The Use of Generic Architectures in System Integration, 431,
  Dan Gambel, General Research Corporation; Judith Hemenway, Northrop Grumman Data Systems and Services Division
• An Open Trusted Enterprise Network Architecture, 447,
  Gary Grossman, Jeremy Epstein, Cordant, Inc.; Roger Schell, Novell, Inc.
• Component Architectures for Trusted Netware, 455,
  Jeremy Epstein, Gary Grossman, Cordant, Inc. Roger Schell, Novell, Inc.
• Social Engineering: The Only Real Test of Information Systems Security Plans, 464,
  Ira S. Winkler, Science Applications International Corporation
• Contingency Planning: What to Do when Bad Things Happen to Good Systems, 470,
  Jay J. Kahn, Marshall D. Abrams, The MITRE Corporation
• What Every Information Systems Security Professional Should Know About Electronic Records Management, 480,
  Julie Smith McEwen, CISSP, IIT Research Institute
• Computer Forensics: An Approach to Evidence in Cyberspace, 487,
  Special Agent Mark M. Pollitt, Federal Bureau of Investigation
• Software Piracy: Prevention, Detection, and Liability Avoidance, 492,
  Melissa J. Shaw, Batelle
• Authorship Analysis: Identifying the Author of a Program, 514,
  Ivan Krsul, Eugene H. Spafford, The COAST Project, Purdue University
• Emerging Law Regarding Computers, Communications, and Software, 525,
  J. Stewart Bradish, University of Maryland
• Internet Sniffer Attacks, 534,
  E. Eugene Schultz, Ph.D., SRI International Thomas A. Longstaff, Ph.D., Carnegie Mellon University
• Information Warfare: A Front Line Perspective, 543,
  Lieutenant Mark D. Tibbs, U.S. Air Force
• Defending a Computer System using Autonomous Agents, 549,
  Mark Crosbie, Eugene H. Spafford, COAST Laboratory, Purdue University

  Special Unrefereed Papers

• The Table of Contents for the 1st through the 17th National Computer Security Conferences, 559,
  Jack Holleran, National Computer Security Center Darlene Affeldt, NSA
• A Retrospective on the Criteria Movement, 582,
  Willis H. Ware, Rand Corporation
• Conference Report: 17th National Computer Security Conference, 589,
  Dennis Gilbert, NIST

  Panel Summaries and Viewpoints

• INFOSEC Research and Technology, Facing the Challenge: Secure Network Technology for the 21st Century, 601,
  Joe Moorcones, Chair, NSA ; Panelists: Tom Zmurko, Dave Muzzy, Bill Ruppert, Blaine Burnham, NSA
• Security on the I-WAY (High Speed ATM Networks), 602,
  Ken Rowe, Chair, University of Illinois Urbana-Champaign ; Panelists: Kem Ahlers, Caterpillar, Inc.; Jay Dombroski, San Diego Supercomputing Center; Ian Foster, Argonne National Laboratory; Judy Warren, Cornell Theory Center
• Secure Database Systems: Where are We?, 605,
  John R. Campbell, Chair, NSA ; Viewpoints by: Richard Allen, Oracle Corporation; Dick O'Brien, Secure Computing Corporation; Thomas Winkler-Parenty, Sybase Inc.; Bob Hedges, Informix Software Inc.
• Security in Infinite Networks, 617,
  Ruth Nelson, Chair, Information System Security ; Viewpoints by: Ruth Nelson, Information System Security; Hilary H. Hosmer, Data Security, Inc.; Dave Bailey, Galaxy Computer Services; Kim Claffy, San Diego Super Computer Center; Steven M. Bellovin, AT&T Bell Laboratory
• Cryptographic Application Program Interface , 631,
  Amy Reiss, Chair, NSA ; Panelists: John Linn, Panelist, Open Vision; Piers McMahon, ICL Ltd.; Dr. Burton Kaliski, RSA Labs
• The Future of Formal Methods for Security, 634,
  Peter G. Neumann, Chair, SRI International ; Viewpoints by: Ricky W. Butler, NASA Langley Research Center; Robert Kurshan, AT&T Bell Laboratories; Bill Legato, NSA
• Building a MLS System: A Real Life Adventure, 638,
  Stephen Kougoures, Chair, NSA ; Panelists: Gloria Fitzergald, Devloyn Arnold, Daphne Willard, Cindy Hash, NSA
• Information Systems Security Research Joint Technology Office (Secure Virtual Office), 641,
  John C. Davis, Chair, National Computer Securtiy Center ; Panelists: Dr. Howard Frank, Advanced Research Projects Agency; Gregory Giovanis, Defense Information Systems Agency; Teresa Lunt, Advanced Research Projects Agency; Robert Meushaw, NSA
• Developing an Incident Handling Capability, 643,
  Marianne Swanson, Chair, NIST ; Viewpoints by: Mark Graff, Sun Corporation; Sandy Sparks, DoE Computer Incident Advisory Capability; Sharon Sandstrom, GE Information Services
• An Assurance Framework or Can Process Replace Evaluation?, 644,
  R. Kenneth Heist, Chair, NSA ; Panelists: William J. Marshall, John J. Adams, Stephen M. LaFountain, Dallas L. Pearson, NSA
• Network Rating Model, 647,
  Olga Lambros, Chair, NSA ; Viewpoints by: Joe Filer, Trident Data Systems, Inc.; Emily D, Joyce, Dr. Bruce George, Colin Bowers, NSA
• The TMach Experiment - Phase I, 659,
  Ellen Colvin Flahavin,NIST ; Viewpoints by: Helmut Kurth, IABG; Julian Straw, Logica/(SISL); Nigel Rogers, CESG; Martha Branstad, Trusted Information Systems, Inc.
• Common Criteria Editorial Board, 662,
  Lynne Ambuel, Chair, NSA ; Panelists: Stephen M. LaFountain, NSA; Eugene Troy, NIST; Aaron Cohen, CSE (Canada); Yvon Klein, SCSSI (France); Chris Ketley, CESG (UK); Ulrich van Essen, GISA (Germany)
• The New OMB Circular A-130, Appendix III, 663,
  Barbara Guttman, Chair, NIST ; Panelists: Scott Charney, Department of Justice; Ed Roback, NIST; Ed Springer, Office of Management and Budget
• Perspectives on Internet Security Evaluation and Assurance, 664,
  Bruce Aldridge, Chair, NIST ; Panelists: Karin Taylor, Communications Security Establishment, Canada Marcus Ranum, Information Works Marvin Schaefer, ARCA Systems, Inc. Ron Ross, Institute of Defense Analyses
• Trusted Products - How Are They Used?, 665,
  Laura M. King, Chair, NSA
• Trust Technology Assessment Program, 666,
  Thomas Anderson, Chair, NSA ; Panelist: Ellen Colvin Flahavin, NIST
• The Development of Generally-Accepted System Security Principles , 667,
  Will Ozier, Chair, ISSA GSSP Committee ; Panelists: Marianne Swanson, NIST; Kristen Noakes-Fry, Noakes-Fry Associates; Hal Tipton, HFT Associates; Nigel Hickson, Department of Trade and Industry
• Linking Information Systems Security and Continuous Process Improvement: A Win-Win Organizational Strategy, 668,
  Dennis Gilbert, Chair, NIST ; Viewpoints by: Richard Belville, Richard Belville and Associates; Chris Bythewood, National Computer Security Center; Richard Koenig, (ISC)2; Corey Schou, Idaho State University; Ralph Spencer Poore, Coopers & Lybrand L.L.P.
• INFOSEC Security Market, A Small Business Perspective, 679,
  James P. Litchko, Chair, Trusted Information Systems, Inc. ; Panelists: Jean Wu, Information Systems Management, Inc.; Teresa Acevedo, A & N Associates; Loreto Remorca, Secure Solutions, Inc.
• Will Encryption Keep Out the Hackers?, 681,
  Dorothy E. Denning, Chair, Georgetown University ; Panelists: Michael R. Higgins, DISA/CISS; Stephen T. Kent, BBN Communications Corporation; Eugene Spafford, The COAST Project, Purdue University ; Viewpoint by: Steven M. Bellovin, AT&T Bell Laboratories
• Commercial World: Requirements vs. Solutions / Corporate Security Challenges, 683,
  Dennis Huamán, Chair ; Panelists: Richard Lee, Brian O'Higgins, Stanley Jarocki
• National Information Infrastructure Security Initiatives, Part I, Electronic Commerce, Electronic Messaging (E-Mail) and Information Security, 685,
  Thomas Burke, Co-Chair, GSA; F. Deane Erwin, Co-Chair, NII SIPMO ; Panelists: Tom Clarke, Defense Information Systems Agency, G. Martin Wagner, ECA-PMO ; Viewpoints by: Jack Finley, GSA Federal Electronic Commerce Program; Security Infrastructure Program Management Office
• National Information Infrastructure Security Initiatives, Part II, 693, Stephen Walker, Chair, Trusted Information Systems, Inc. ; Viewpoints by: Richard Rothwell, USPS Electronic Commerce Services; Jim Bidzos, RSA Data Security, Inc.; Nick Piazzola, NSA; Wynn Redden, Communications Security Establishment, Canadian Government
• INFOSEC, Prepare to Meet the New Millennium!, 697,
  Dr. Charles Abzug, Chair, Institute for Computer and Information Sciences ; Panelists: Marshall D. Abrams, The MITRE Corporation; Kevin T. Deeley, Federal Bureau of Investigation ; Patricia Edfors, Department of Justice; Lynn McNulty, McNulty and Associates; Donn B. Parker, SRI International; Dr. Marv Schaefer, Arca Systems ; Viewpoint by: Dr. Roger R. Schell, Novell, Inc.
• Legal Hacking - What is Computer Crime on the Internet?, 703,
  Christine Axsmith, Chair, Orkand Corporation ; Panelists: Scott Charney, Department of Justice; Barbara Fraser, CERT, Carnegie Mellon University; Dr. Lance Hoffman, George Washington University; Marc Rotenberg, Electronic Privacy Information Center
• Law Enforcement Panel on Computer Forensics, 705,
  Special Agent Mark M. Pollitt, Chair, Federal Bureau of Investigation ; Panelists: Special Agent Stephen D. McFall, Federal Bureau of Investigation; Special Agent Howard Schmidt, USAF Office of Special Investigations; Duncan Monkhouse, Royal Canadian Mounted Police ; Viewpoint by: Sergeant Barry E. Leese, Maryland State Police
• Internet Security: Current Threats and Practical Solutions, 708,
  John Wack, Chair, NIST ; Viewpoints by: David Curry, Purdue University; John Pescatore, International Data Group; Robert Bagwill, NIST Dr. Matt Bishop, University of California, Davis
• Internet Security , 710,
  Jon David, The Fortress ; Viewpoints by: Padgett Peterson, Martin Marietta; Steven M. Bellovin, AT&T Bell Laboratories; Paul Ferguson, U.S. Sprint; Sarah Gordon, Command Software Systems, Inc.
• Information Warfare: Its Impact upon Information Security, 728,
  Wayne Madsen, Chair, Computer Sciences Corporation ; Panelists: Martin R. Hill, Office of the Assistant Secretary of Defense, C3I/IW David Banisar, Electronic Privacy Information Center John Stanton, Technology Transfer Journal ; Viewpoints by: John Hamlet, Deacon House

  Tutorials

• Tutorial Series on Trusted Systems and Operational Security, 735,
  Dr. Gary Smith, ARCA Systems, Inc. Presenters: Karen Ferraiolo, Mike Weidner, Stan Wisseman, Jack Wool, ARCA Systems; R. Quane, A. Strameela, National Cryptologic School; Dr. Harold Highland, Computers & Security; Dr. John Campbell, NSA; Joel Sachs, The Sachs Group
• Internet 101: Introduction to the Insecurity of the Internet, 737,
  Dr. Harold Highland, FICS, Chair, Computers & Security ; Panelists: Dr. Jon David, The Fortress; Dr. Bertil Fortrie, Internet Security News; Sarah Gordon, Command Software; Padgett Peterson, Martin Marietta
• A Brief Database Security Tutorial: Or the less than Civil War between Ease-Of-Use and Security, the Battle between Grant and Lee's Privilege, Roles and Rollbacks, MAC DAC and FACT, even Distribution and Replication Maybe, 740,
  John R. Campbell, Chair, NSA
• From Training Standards to Courseware: An INFOSEC Success Story, 758,
  Dr. Vic Maconachy, Chair, NSA ; Panelists: Dr. Corey Schou, Idaho State University; Dr. John Cordani, Eastern Michigan University; Dr. Timothy Mucklow, U.S. Air Force; Lt. Ken Loker, U. S. Navy; Ron Mayfield, General Services Administration
• MISSI Series, 759,
  Brooke Jenkins, Chair, NSA ; Panelists: M. Fleming, S. Saydjari, Todd Inskeep, Carol Friedhoffer, Al Arsenault NSA
• A Tutorial: The Internet, World Wide Web, and Beyond, 760,
  Jeff Harrison, Chair, NIST