| 8:30 |
Invited Essayist Plenary |
Dr. Roger Schell, Aesec, USA
Information Security: The State of Science, Pseudoscience, and Flying Pigs
|
|
TRACK A |
TRACK B |
TRACK C |
| 10:00 |
BREAK |
| 10:30 |
Intrusion Detection II
Chair: Jody Heaney, The MITRE Corporation, USA
DAIS: A Real-time Data Attack Isolation System for Commercial Database Applications§,
Peng Liu, University of Maryland Baltimore County, USA
CylantSecure: The Missing Piece of the Security Puzzle§,
John Munson, University of Idaho, USA; Scott Wimer, Software Systems International, USA
eXpert-BSM: A Host-based Intrusion Detection Solution for Sun Solaris§,
Ulf Lindqvist and Phillip Porras, SRI International, USA
Temporal Signatures for Intrusion Detection§,
Song Li and Anita Jones, University of Virginia, USA
|
Secure Electronic Commerce
Chair: Tim Ehrsam, Oracle, USA
Securing Web Servers against Insider Attack§,
Shan Jiang, Sean Smith, and Kazuhiro Minami, Dartmouth College, USA
Enabling Hierarchical and Bulk-Distribution for Watermarked Content§,
Germano Caronni, Sun Microsystems Laboratories, USA; Christoph Schuba, Sun Microsystems, GERMANY
CONSEPP: Convenient and Secure Electronic Payment Protocol based on X9.59§,
Albert Levi and Cetin Koc, Oregon State University, USA
Wired versus Wireless Security: The Internet, WAP and i-mode for E-Commerce§,
Paul Ashley, Heather Hinton, and Mark Vandenwauver, Tivoli Systems - An IBM Company, USA
|
Authentication
Chair: John Lowry, BBNT Solutions, USA
Security Requirements for Remote Internet Voting Systems,
Tom Vander Vlis, Booz Allen & Hamilton, USA
Dutch Burn Institute: Biometrics in the Health Care Industry,
Ray Desrochers, Keyware, USA
Practical and Acceptable Authentication,
Jim Litchko, Litchko & Associates, USA
Smart Cards, Biometrics and Tokens for VLANs/Subnet Access,
Jeff Hayes, Alcatel, USA
|
| 12:30 |
LUNCH |
| 1:30 |
Access Control II
Chair: Ravi Sandhu, George Mason University, USA
A Component-based Architecture for Secure Data Publication§,
Piero Bonatti, Ernesto Damiani and Pierangela Samarati, University of Milan, ITALY; Sabrina De Capitani di Vimercati, University of Brescia, ITALY
The Authorization Service of Tivoli Policy Director§,
Guenter Karjoth, IBM Research, SWITZERLAND
Architecture and Applications for a Distributed Embedded Firewall§,
Charles Payne and Tom Markham, Secure Computing, USA
|
PANEL - How Useful is Software Fault Injection?
Chair: Jim Reynolds, Teknowledge, USA
Anup Ghosh, Cigital, USA
Hugh Thompson, Florida Institute of Technology, USA
Matt Bishop, University of California at Davis, USA
|
Defense-in-Depth
Chair: Dave Luddy, NSA, USA
Integrating Defense-in-Depth into Your Infrastructure,
Matthew Miller, RedSiren Technologies, USA
Defense-in-Depth Strategy for Combating Malicious Software,
Ed Rodriguez, Booz Allen & Hamilton, USA
Good IT Security is BS!
Jim Litchko, Litchko & Associates, USA
|
| 3:00 |
BREAK |
| 3:30 |
FORUM - The Role of the Security Vendor CTO: Perspectives, Opinions, and Lessons Learned
Chair: Jody Patilla, METASeS, USA
Ron Gula, Enterasys, USA
Gene Kim, Tripwire, USA
Chris Klaus, Internet Security Systems, USA
Paul Proctor, Centrax, USA
|
Reality vs. Security
Chair: Dale Johnson, The MITRE Corporation, USA
Practical Automated Filter Generation to Explicitly Enforce Implicit Input Assumptions§,
Valentin Razmov, University of Washington, USA; Daniel Simon, Microsoft Research, USA
Why Information Security is Hard - An Economic Perspective§,
Ross Anderson, University of Cambridge, UK
Abuse-Case-Based Assurance Arguments§,
John McDermott, Naval Research Laboratory, USA
|
Enterprise Protection
Chair: Rick Wilson, NSA, USA
Reducing Intrusion Detection False Positives with a Scenario-specific Turning Matrix,
Scott Zimmerman, Concurrent Technologies Corporation, USA
Implementation and Experimentation Using Quality of Service for Intrusion Tolerance,
James Reynolds, Teknowledge, USA
Enabling Efficient, Consistent Certification and Accreditation Enterprise-Wide,
Lon Berman, Xacta, USA
|
| 5:00 |
ADJOURN |
5:30
-
6:30 |
WORKS IN PROGRESS SESSIONS |