16th Annual Computer Security Applications Conference
December 11-15, 2000
New Orleans, Louisiana

Technical Program

Thursday, December 14, 2000

8:30 Invited Essayist Plenary Butler Lampson, MIT and Microsoft
10:00 BREAK
10:30 Access Control - 1
Chair: Carsten Benecke, Univ. of Hamburg, Germany

  • A Policy-Based Access Control Mechanism for Corporate Web §, Victoria Ungureanu, Farokh Vesuna, & Naftaly H. Minsky, Rutgers Univ., USA
  • Dynamic Access Control through Petri Net Workflows §, Konstantin Knorr, Univ. of Zurich, Switzerland
  • Framework for Role-Based Delegation Models §, Ezedin S. Barka, SETA Corp., & Ravi Sandhu, George Mason Univ., USA
  • Intrusion Detection - 2
    Chair: Matt Bishop, University of California at Davis, USA

  • A Network Audit System for Host-based Intrusion Detection (NASHID) in Linux §, Thomas E. Daniels & Eugene H. Spafford, Purdue Univ., USA
  • Less Harm, Less Worry or How to Improve Network Security by Bounding System Offensiveness §, Danilo Bruschi, Lorenzo Cavallaro, & Emilia Rosti, Univ. di Milano, Italy
  • A Self-Extension Monitoring for Security Management §, Heejin Jang & Sangwook Kim, Kyungpook National Univ., Republic of Korea
  • Managing the Threat
    Chair: Jim Gerretson, ACS Defense, USA

  • Insider Threat Detection: Las Vegas Style, Jim Litchko, Litchko & Associates, USA
  • How to Hit the Jackpot with a Security Investment, Keith Girt, Schumann Security Software, USA
  • Information Security Standard/Implementation Case Study, Reg Blake, BSI, Inc., USA, E. Douglas Harris, Univ. of Texas, USA
  • 12:00 LUNCH
    1:30 Panel: Collaboration - Can It Be Done Securely?
    Chair: Deborah Cooper, DC Associates, USA

  • William Dawson, IC CIO/IA, USA
  • Jeff Ingle, NSA, USA
  • Steve Lipner, Microsoft Corp., USA
  • Security Architecture
    Chair: Jay Kahn. The MITRE Corp., USA

  • Security Architecture for Federated Cooperative Information Systems §, Pierre Bieber, Dominique Raujol, & Pierre Siron, ONERA-CERT, France
  • Secure Compartmented Data Access over an Untrusted Network Using a COTS-based Architecture §, Dr. Paul C. Clark, Marion C. Meissner, & Karen O. Vance, SecureMethods Inc., USA
  • Security Architectures for Controlled Digital Information Dissemination §, Jaehong Park & Ravi Sandhu, George Mason Univ., & James Schifalacqua, SI International, USA
  • Management and Acquisition
    Chair: Tom Russell, Booz Allen & Hamilton, Inc., USA

  • A Pragmatic Approach to Purchasing Information Security products, Ben Rothke, Baltimore Technologies, USA
  • A Knowledge Management Approach to IA Policy & Reporting, Larry Johnson, Defense Logistics Agency, USA
  • A Return on Investment from Computer Security Technology (Strategies to Justify Your Security Budget), Greg White, Securelogix, USA
  • 3:00 BREAK
    3:30 Engineering and Analysis - 2
    Chair: Christoph Schuba, Sun Microsystems Labs., USA

  • Using Operating System Wrappers to Increase the Resiliency of Commercial Firewalls §, Jeremy Epstein & Linda Thomas, webMethods, & Eric Monteith, NAI Labs, USA
  • On Computer Viral Infection and the Effect of Immunization §, Chenxi Wang, John C. Knight, & Matt Elder, Univ. of Virginia, USA
  • ITS4: A Static Vulnerability Scanner for C and C++ Code §, John Viega & J. T. Bloch, Widevine Technologies, Tadayoshi Kohno & Gary McGraw, Citigal, USA
  • Public Key Infrastucture - 2
    Chair: Ann Marmor-Squires, TRW Inc., USA

  • A Novel Approach to On-line Status Authentication of Public-Key Certificates §, Eugenio Faldella & Marco Prandini, Univ. of Bologna, Italy
  • A Reliable, Scalable General-purpose Certificate Store §, Peter Gutmann, IBM Thomas J. Watson Research Center, USA
  • Introducing Decryption Authority into PKI §, Feng Bao, Kent Ridge Digital Labs, Singapore
  • Working With the Common Criteria
    Chair: Kris Britton, NSA, USA

  • Common Criteria Paradigm, Marvella Towns, National Security Agency, USA
  • NIAP, Terry Losonsky, National Security Agency, USA
  • Developing Protection Profiles - Getting Started, Douglas McGovern, VISA International, USA
  • 5:00 ADJOURN
    The Orange Book Wake
    Once upon a time, in a land of wonder and fantasy called Washington DC, the greatest minds in the land solved all the nation's security problems forever and encapsulated all information security knowledge in a wonderful book reverently called by people far and wide "The Orange Book." This book will soon cease to be national policy. We have come to give it a proper burial, New Orleans style, and perhaps say a few words of wisdom and humor over its passing. Join us for fun, merriment, music, and some light food. Leading the service and acting as Chief Pallbearer is none other than Steve Walker.
    Thursday Conference Dinner
    The dinner is included in the conference registration fee.
    Guest ticket can be ordered on the pre-registration form for $50.00
    § This symbol indicates papers that were anonymously peer reviewed by four or more reviewers before acceptance.

    [ Wednesday ] [ Friday ]