17th Annual Computer Security Applications Conference
December 10-14, 2001
New Orleans, Louisiana

Technical Program

Thursday, December 13, 2001

8:30 Invited Essayist Plenary Dr. Roger Schell, Aesec, USA
Information Security: The State of Science, Pseudoscience, and Flying Pigs
10:00 BREAK
10:30 Intrusion Detection II
Chair: Jody Heaney, The MITRE Corporation, USA

  • DAIS: A Real-time Data Attack Isolation System for Commercial Database Applications§, Peng Liu, University of Maryland Baltimore County, USA
  • CylantSecure: The Missing Piece of the Security Puzzle§, John Munson, University of Idaho, USA; Scott Wimer, Software Systems International, USA
  • eXpert-BSM: A Host-based Intrusion Detection Solution for Sun Solaris§, Ulf Lindqvist and Phillip Porras, SRI International, USA
  • Temporal Signatures for Intrusion Detection§, Song Li and Anita Jones, University of Virginia, USA
  • Secure Electronic Commerce
    Chair: Tim Ehrsam, Oracle, USA

  • Securing Web Servers against Insider Attack§, Shan Jiang, Sean Smith, and Kazuhiro Minami, Dartmouth College, USA
  • Enabling Hierarchical and Bulk-Distribution for Watermarked Content§, Germano Caronni, Sun Microsystems Laboratories, USA; Christoph Schuba, Sun Microsystems, GERMANY
  • CONSEPP: Convenient and Secure Electronic Payment Protocol based on X9.59§, Albert Levi and Cetin Koc, Oregon State University, USA
  • Wired versus Wireless Security: The Internet, WAP and i-mode for E-Commerce§, Paul Ashley, Heather Hinton, and Mark Vandenwauver, Tivoli Systems - An IBM Company, USA
  • Authentication
    Chair: John Lowry, BBNT Solutions, USA

  • Security Requirements for Remote Internet Voting Systems, Tom Vander Vlis, Booz Allen & Hamilton, USA
  • Dutch Burn Institute: Biometrics in the Health Care Industry, Ray Desrochers, Keyware, USA
  • Practical and Acceptable Authentication, Jim Litchko, Litchko & Associates, USA
  • Smart Cards, Biometrics and Tokens for VLANs/Subnet Access, Jeff Hayes, Alcatel, USA
  • 12:30 LUNCH
    1:30 Access Control II
    Chair: Ravi Sandhu, George Mason University, USA

  • A Component-based Architecture for Secure Data Publication§, Piero Bonatti, Ernesto Damiani and Pierangela Samarati, University of Milan, ITALY; Sabrina De Capitani di Vimercati, University of Brescia, ITALY
  • The Authorization Service of Tivoli Policy Director§, Guenter Karjoth, IBM Research, SWITZERLAND
  • Architecture and Applications for a Distributed Embedded Firewall§, Charles Payne and Tom Markham, Secure Computing, USA
  • PANEL - How Useful is Software Fault Injection?
    Chair: Jim Reynolds, Teknowledge, USA

  • Anup Ghosh, Cigital, USA
  • Hugh Thompson, Florida Institute of Technology, USA
  • Matt Bishop, University of California at Davis, USA
  • Defense-in-Depth
    Chair: Dave Luddy, NSA, USA

  • Integrating Defense-in-Depth into Your Infrastructure, Matthew Miller, RedSiren Technologies, USA
  • Defense-in-Depth Strategy for Combating Malicious Software, Ed Rodriguez, Booz Allen & Hamilton, USA
  • Good IT Security is BS! Jim Litchko, Litchko & Associates, USA
  • 3:00 BREAK
    3:30 FORUM - The Role of the Security Vendor CTO: Perspectives, Opinions, and Lessons Learned
    Chair: Jody Patilla, METASeS, USA

  • Ron Gula, Enterasys, USA
  • Gene Kim, Tripwire, USA
  • Chris Klaus, Internet Security Systems, USA
  • Paul Proctor, Centrax, USA
  • Reality vs. Security
    Chair: Dale Johnson, The MITRE Corporation, USA

  • Practical Automated Filter Generation to Explicitly Enforce Implicit Input Assumptions§, Valentin Razmov, University of Washington, USA; Daniel Simon, Microsoft Research, USA
  • Why Information Security is Hard - An Economic Perspective§, Ross Anderson, University of Cambridge, UK
  • Abuse-Case-Based Assurance Arguments§, John McDermott, Naval Research Laboratory, USA
  • Enterprise Protection
    Chair: Rick Wilson, NSA, USA

  • Reducing Intrusion Detection False Positives with a Scenario-specific Turning Matrix, Scott Zimmerman, Concurrent Technologies Corporation, USA
  • Implementation and Experimentation Using Quality of Service for Intrusion Tolerance, James Reynolds, Teknowledge, USA
  • Enabling Efficient, Consistent Certification and Accreditation Enterprise-Wide, Lon Berman, Xacta, USA
  • 5:00 ADJOURN
    § This symbol indicates papers that were anonymously peer reviewed by four or more reviewers before acceptance.

    [ Wednesday ] [ Friday ]