15th Annual Computer Security Applications Conference
December 6-10, 1999
Phoenix, Arizona

Technical Program

Technical Program Features and Organization

We continue to add diversity to the manner in which computer security applications are discussed at the conference. Paper sessions include refereed papers that describe the latest in implementations and applications-oriented research.

The conference includes two types of sessions designed to allow significant time for interaction with the audience: panel sessions are designed to provoke discussion on a controversial topic; forum sessions may report on the results of implementation activities or provide different perspectives on a single topic of interest.

Track C presentations allow providers of products and/or services an opportunity to describe the innovative ways in which their products or services are being used to implement secure systems.

The Case Studies will include presentations on capabilities of INFOSEC products to realistic civil, defense, and commercial problems. This track will feature system integrators, designers, and architects from the government and private sector. Displays will also be open on Wednesday during the evening reception and on Thursday during breaks between the sessions.


Wednesday, December 8, 1999

General Session

7:30 Registration
8:30 Opening Remarks Dee Akers, Conference Chair,
The MITRE Corporation
8:35 Welcome to Phoenix Hotel Manager
8:40 Keynote Speaker LTG Michael V. Hayden, NSA
9:10 Distinguished Lecturer Ross Anderson, Univ of Cambridge
9:50 Student Paper Award Dr. Matt Bishop, Student Chair, UC/Davis
9:55 Technical Program Introduction Klaus Keus, Program Chair, GISA/BSI
10:00 BREAK
10:30 Electronic Commerce
Chair: Ravi Sandhu, George Mason Univ., USA

  • Modular Fair Exchange Protocols for Electronic Commerce, Holger Vogt, Henning Pagnia, Felix C. Gärtner, Darmstadt Univ. of Technology, Germany
  • Trustworthy Access Control with Untrustworthy Web Servers, Tim Wilkinson, Dave Hearn, & Simon Wiseman, Defence Evaluation & Research Agency (DERA), UK
  • A Language for Modeling Secure Business Transactions, Alexander W. Röhm, Gaby Herrmann, & Günther Pernul, Univ. of Essen, Germany
  • System Engineering
    Chair: Jan Filsinger, NAI Labs, USA

  • Safe Areas of Computation for Secure Computing with Insecure Applications, Andre dos Santos & Richard Kemmerer, Univ. of California Santa Barbara, USA
  • Architecture and Concepts of the ARGuE Guard, Jeremy Epstein, NAI Labs, USA
  • Using Abuse Case Models for Security Requirements Analysis, Chris Fox & John McDermott, James Madison Univ., USA
  • Security Services
    Chair: Tom Russell, Booz Allen & Hamilton Inc., USA
  • TCSecure, LouAnna Notargiacomo, Trusted Computer Solutions, Inc., USA
  • Automated Intrusion Detection Environment, Advance Concept Technology Demo, Aaron Temin, Litton PRC, USA
  • Hardware Based Security Services, John Garber, CRYPTEK, USA
  • 12:00 LUNCH
    1:30 Networks
    Chair: Christoph Schuba, SUN & Microsystems Laboratories, USA

  • A Parallel Packet Screen For High Speed Networks, Carsten Benecke, Univ. of Hamburg, Germany
  • An Asynchronous Distributed Access Control Architecture For IP Over ATM Networks, Olivier Paul, ENST de Bretagne, France
  • Secure Communications in ATM Networks, Maryline Laurent, IRISA; Ahmed Bouabdallah & Chirstophe Delahaye, ENSTB de Bretragne; Herbert Leitold & Reinhard Posch, IAIK; Enrique Areizaga, Fundacion Robotiker; Juan Manuel Mateos, Inelcom Ingeniera
  • PANEL: The Collection and Use of Meaningful Red Team Metrics
    Chair: J. L. Connolly, The MITRE Corp., USA

  • Chris McBride, OASD (C3I)/IA, USA
  • LCDR Greg Whitlow, USN, Joint Command and Control Warfare Center, USA
  • Atlantic Command (ACOM), USA
  • Mike Skroh, DARPA, USA
  • Ed Schneider, IDA, USA
  • System Design Methodology
    Chair: Art Minadeo, NSA, USA

  • Security Robustness, Deb Cooley, NSA, USA
  • Application of the IATF, Stephen Hirsch, Terri Arber, Jim Osterritter, NSA, USA
  • Information Risk Management, Mark Fedak, L-3 Network Security, USA, Lari Anderson, Synectics, USA
  • 3:00 BREAK
    3:30 Security Analysis
    Chair: John McDermott, James Madison Univ., USA

  • Using Checkable Types In Automatic Protocol Analysis, Steve Brackin, Arca Systems, USA
  • SCR: A Practical Approach to Building a High Assurance COMSEC System, James Kirby, Jr., Myla Archer, & Constance Heitmeyer, Naval Research Lab., USA
  • Application-Level Isolation Using Data Inconsistency Detection, Amgad Fayad, Sushil Jajodia, & Catherine McCollum, MITRE Corp., USA
  • Workflow
    Chair: LouAnna Notargiacomo, Trusted Computer Solutions, USA

  • A Prototype Secure Workflow Server, Douglas L. Long, Julie Baker, & Francis Fung, Odyssey Research Associates, USA
  • NAPOLEON: A Recipe for Workflow, Charles Payne, Dan Thomsen, Jessica Bogle, & Richard O’Brien, Secure Computing Corp., USA
  • Tools to Support Secure Enterprise Computing, Myong Kang, Brian Eppinger, & Judith Froscher, Naval Research Lab., USA
  • Authentication
    Chair: Chris McBride, DIAP, USA

  • The Cyber Café – User Authentication at Layer 2, Jeff Hayes, Xylan, USA
  • Practical and Acceptable Authentication: The Right Way and the Wrong Way, Jim Litchko, Litchko & Associate, Inc., USA
  • Security Technology and Architecture Implications of HIPAA, Jeremy Wyant, GTE Interworking - CyberTrust Solutions, USA
  • 5:30 RECEPTION
    Wednesday Conference Reception
    The reception is included in the conference registration fee.
    Guest ticket can be ordered on the pre-registration form for $35.00

    [ Thursday ] [ Friday ]