2005 IEEE Symposium on Security and Privacy
May 8-11, 2005
The Claremont Resort
|16:00-19:00||Registration and Reception|
|8:45-9:00||Opening Remarks (Steve Tate, Michael Waidner)|
Session: Intrusion Detection (Wenke Lee)
Language-Based Generation and Evaluation of NIDS Signatures
Efficient Intrusion Detection using Automaton Inlining
Semantics-Aware Malware Detection
Invited Talk (Vern Paxson)
Physical Security -- the Good, the Bad, and the Ugly
Physical security is an oft-overlooked but critical prerequisite for information security. Now that software has leaked into all aspects of modern life, physical security mechanisms often are badly designed, rely extensively on Security through Obscurity, contain substantial snake oil components, include back doors, use piece-part solutions which have nontrivial real-world interactions, and need to function in a system but ignore environmental context.
I'll tell some stories about tests of outsourcing and colocation facilities, components and badge systems as examples of such security flaws.
Session: Sensor Networks (Birgit Pfitzmann)
Distributed Detection of Node Replication Attacks in Sensor Networks
Detection of Denial-Of-Message Attacks on Sensor Network Broadcasts
Session: 5-minute Work-in-progress Talks (Vern Paxson, Michael Waidner)
Session: Access Control and Authentication (Virgil Gligor)
Distributed Proving in Access-Control Systems
On Safety in Discretionary Access Control
Seeing-Is-Believing: Using Camera Phones For Human-Verifiable Authentication
|11:00-12:00||Invited Talk (Michael Waidner)
We present an approach to integrating security into the system design process. Namely, models are made of system designs along with their security requirements, and security architectures are automatically generated from the resulting security-design models. We call the resulting approach "Model Driven Security" as it represents a specialization of model driven development to the domain of system security.
To illustrate these ideas we present SecureUML, a modeling language based on UML for modeling system designs along with their security requirements. From SecureUML models, we automatically generate security architectures, built from declarative and procedural access control mechanisms, for distributed middleware-based applications. The process has been implemented in the ArcStyler tool, which generates security infrastructures based on Sun's Enterprise Java Bean standard. We report on case studies using this tool, which illustrate the flexibility and power of our approach.
Session: Integrity (Michael K. Reiter)
A Generic Attack on Checksumming-Based Software Tamper Resistance
Towards Constant Bandwidth Overhead Integrity Checking of Untrusted Data
Bind: A Time-Of-Use Attestation Service For Secure Distributed System
Session: Cryptography and Protocols (Josh Benaloh)
Relating Symbolic And Cryptographic Secrecy
Low-Cost Traffic Analysis Of Tor
Leap-Frog Packet Linking and Diverse Key Distributions for Improved Integrity In Network Broadcasts
|9:00-10:00||Panel Discussion (Michael Backes)
Security in Ad-hoc and Sensor Networks
Ad-hoc and sensor networks have recently received increasing attention in the security community. The panel aims to highlight new challenges in this area, addressing both open theoretical questions and issues concerning the usability of such networks in security-critical practical scenarios.
Worms and Network Forensics (Giovanni Vigna)
Remote Physical Device Fingerprinting
Polygraph: Automatically Generating Signatures For Polymorphic Worms
Worm Origin Identification Using Random Moonwalks
|Last modified: Sat Apr 16 22:30:50 Romance Daylight Time 2005|