Technical Program

Thursday, December 12, 2002

8:30 Plenary Session Intro Daniel Faigin, Conference Chair, The Aerospace Corporation, USA
8:40 Invited Essayist Dr. Daniel Geer, @stake, Inc., USA
Penetration Testing: The Science of Insecurity
10:00 BREAK
10:30 Protection Against Malicious Software
Chair: John McHugh, Carnegie Mellon University, USA

  • Protecting Data from Malicious Software§, Matthew Schmid and Frank Hill, Cigital, USA, Anup Ghosh, DARPA, USA
  • Safe Virtual Execution Using Software Dynamic Translation§, Kevin Scott and Jack W. Davidson, University of Virginia, USA
  • Digging For Worms, Fishing For Answers§, CERIAS Intrusion Detection Research Group, Purdue University

  • Access Control
    Chair: Ravi Sandhu, SingleSignOn.Net, Inc. and George Mason University, USA

  • A Framework for Organisational Control Principles§, Andreas Schaad and Jonathan Moffett, University of York, UK
  • Reusable Components for Developing Security-Aware Applications§, Stefan Probst, Wolfgang Essmayr and Edgar Weippl, Software Competence Center Hagenberg, AUSTRIA
  • A Context-Aware Security Architecture for Emerging Applications§, Michael Covington, Prahlad Fogla, Zhiyuan Zhan and Mustaque Ahamad, Georgia Institute of Technology, USA
  • Boundary Protection
    Chair: John Craig, AT&T, USA

  • Port 25: Securing the Gaping Hole, Scott Petry, Postini, USA
  • Operationalizing Mutilevel Security aka: Guarding Solutions, Brian Hubbard, Booz Allen Hamilton, USA
  • Building a Next Generation Firewall, Dan Thomsen, Secure Computing, USA
  • 12:00 LUNCH
    1:30 Network Security II
    Chair: Germano Caronni, Sun Microsystems Laboratories, USA

  • Voice over IPsec: analysis and solutions§, Roberto Barbieri, Danilo Bruschi and Emilia Rosti, Università degli Studi di Milano, ITALY
  • Networking in The Solar Trust Model: Determining Optimal Trust Paths in a Decentralized Trust Network§, Michael Clifford, The Aerospace Corporation, USA
  • Gender-Preferential Text Mining of E-mail Discourse§, Malcolm Corney and Alison Anderson, and George Mohay, Queensland University of Technology, AUSTRALIA, Olivier de Vel, Defence Science and Technology Organisation, AUSTRALIA
  • FORUM - Enterprise Engineering and Security (Enterprise Frameworks and Architectures, and IA Patterns)
    Chair: Jody Heaney, The MITRE Corporation

  • Dr. Duane Hybertson, The MITRE Corporation
  • Dr. Ann Reedy, The MITRE Corporation
  • Susan Chapin, The MITRE Corporation
  • Malcolm Kirwan, The MITRE Corporation
  • Policy
    Chair: Mike Hale, Tresys Technology, USA

  • PKI Implementation Challenges, Michelle Ruppel, Saffire Systems, USA
  • Compliance Online: How to Protect Customer Privacy and Meet Other Regulatory Guidelines, Ken Beer, Tumbleweed, USA
  • Protecting Executives from Liabilities: Assessments and Solutions, Ulf Mattsson, Protegrity, USA
  • 3:00 BREAK
    3:30 FORUM - Themes and Highlights of the New Security Paradigms Workshop 2002
    Chairs: Christina Serban, AT&T Labs, USA, and O. Sami Saydjari, Cyber Defense Agency, LLC, USA

  • Michael Franz, UC Irvine, USA
  • Sal Stolfo, Columbia University, USA
  • V.N. Venkatakrishnan, SUNY Stony Brook, USA
  • Mary Ellen Zurko, IBM Corp., USA
  • Intrusion Detection
    Chair: Sara Weinberg, Mitretek Systems, USA

  • Evaluating the impact of automated intrusion response mechanisms§, Thomas Toth and Christopher Kruegel, Technical University Vienna, AUSTRIA
  • Architectures for Intrusion Tolerant Database Systems§, Peng Liu, Pennsylvania State University, USA
  • Detecting and Defending against Web-Server Fingerprinting§, Dustin Lee, Jeff Rowe & Karl Levitt, University of California, Davis, USA, Calvin Ko, Network Associates, USA
  • Enterprise Security
    Chair: Bill Stewart, Booz Allen Hamilton, USA

  • Release Management with Label Enforcement in Large Scale Digital Libraries, Jack Wool, Cryptek, USA
  • Host-Oriented Security Test Suite, Jim Finegan, MITRE, USA
  • The Big Five Challenges of Enterprise Network Security, Rod Murchison, Ingrian Networks, USA
  • 5:00 ADJOURN
    § This symbol indicates papers that were anonymously peer reviewed by four or more reviewers before acceptance.

    [ Wednesday ] [ Friday ]