18th Annual Computer Security Applications Conference
December 9-13, 2002
Las Vegas, Nevada

Technical Program

Technical Program Features and Organization

Track A and B sessions consist of technical papers, panels, and fora. All technical papers have undergone an anonymous peer review process and describe the latest developments in security implementations and applications-oriented research. Panel sessions are tailored to stimulate discussion of today's pressing issues. The fora sessions provide different perspectives on a single topic of interest or report the results of implementation activities. Track C presentations allow providers of products and/or services an opportunity to describe the innovative ways in which their products or services are being used to implement secure systems. The Case Studies will include presentations on capabilities and applications of information security products to realistic civil, defense, and commercial problems. This track will feature system integrators, designer, and architects from the government and private sector.

Wednesday, December 11, 2002
General Session

7:30 Registration
8:30 Opening Remarks Daniel Faigin, Conference Chair, The Aerospace Corporation, USA
8:35 Welcome to Las Vegas Hotel Manager
8:40 Distinguished Practitioner Earl Boebert, Sandia National Laboratories, USA
The Common Sense of System Design
9:50 Technical Program Introduction LouAnna Notargiacomo, Program Chair, Oracle Corporation, USA
10:00 BREAK
10:30 Network Security I
Chair: Christoph Schuba, Sun Microsystems, Inc., Germany

  • GOSSIB vs. IP Traceback Rumors§, Marcel Waldvogel, IBM Research, SWITZERLAND
  • Composable Tools For Network Discovery and Security Analysis§, Giovanni Vigna, Fredrik Valeur, Jingyu Zhou and Richard Kemmerer, University of California Santa Barbara, USA
  • Representing TCP/IP Connectivity For Topological Analysis of Network Security§, Ronald Ritchey, Brian O'Berry and Steven Noel, Center for Secure Information Systems, George Mason University, USA
  • Electronic Commerce
    Chair: Art Friedman, National Security Agency, USA

  • Regulating E-Commerce through Certified Contracts§, Victoria Ungureanu, Rutgers University, USA
  • With Gaming Technology towards Secure User Interfaces§, Hanno Langweg, University of Bonn, GERMANY
  • Protecting Web Usage of Credit Cards using One-Time Pad Cookie Encryption§, Donghua Xu, Chenghuai Lu and Andre Luiz Moura dos Santos, Georgia Institute of Technology, USA
  • Authentication
    Chair: Vic Lindberg, Titan Corp, USA

  • Investigating the Legacy System Challenge of Internet Connectivity, Martin Norman, Safestone Technologies, USA
  • A Practical Approach for Using the Common Criteria in System Evaluations, Ken Elliott, The Aerospace Corporation, USA
  • Forging Digital Signatures, Albert Levi, Sabanci University, TURKEY
  • 12:30 LUNCH
    1:30 Mobile Security
    Chair: Marshall Abrams, The MITRE Corporation, USA

  • Throttling Viruses: Restricting propagation to defeat malicious mobile code§, Matthew Williamson, Hewlett-Packard Labs, UK
  • Enforcing Resource Bound Safety for Mobile SNMP Agents§, Weijiang Yu and Aloysius Mok, University of Texas at Austin, USA
  • Security of Internet Location Management§, Tuomas Aura and Michael Roe, Microsoft Research, UK, Jari Arkko, Ericsson Research Nomadic Labs, FINLAND
  • PANEL - Wireless Security: Vulnerabilities and Countermeasures
    Chair: Dale Johnson, The MITRE Corporation, USA

  • Jeff Hayes, Alcatel, USA
  • Paul Innella, Tetrad Digital Integrity, USA
  • Viren Shah, Cigital, USA
  • Vipin Swarup, The MITRE Corporation, USA
  • e-Commerce
    Chair: Laura Montano, Booz Allen Hamilton, USA

  • The Key to Web Services Deployments: Security Standards Development, Darran Rolls, Waveset Technologies, Inc., USA
  • Long Term Storage for Electronically Signed Documents, Georg Lindsberger, Xcript Technologies, AUSTRIA
  • Controlling Digital Multi-Signature with Attribute Certificate, Paul Axayacatl FRAUSTO BERNAL, LGI2P Research Center, Ecole de Mines d'Ales, FRANCE
  • 3:00 BREAK
    3:30 Classic Papers
    Chair: Dan Thomsen, Secure Computing Corporation, USA

  • LOCK: A Historical Perspective§, O. Sami Saydjari, Cyber Defense Agency, LLC, USA
  • A Practical Approach to Identifying Storage and Timing Channels: Twenty Years Later§, Richard Kemmerer, University of California, Santa Barbara, USA
  • Thirty Years Later: Lessons from the Multics Security Evaluation§, Paul Karger, IBM Corporation, T. J. Watson Research Center, USA and Roger Schell, Aesec Corporation, USA
  • Security Architecture
    Chair: Jody Heaney, The MITRE Corporation, USA

  • Controlled Physical Random Functions§, Blaise Gassend, Dwaine Clarke, Marten van Dijk and Srinivas Devadas, Massachusetts Institute of Technology, USA
  • A Security Architecture for Object-Based Distributed Systems§, Bogdan Popescu, Maarten van Steen and Andrew Tanenbaum, Vrije Universiteit, Amsterdam, THE Netherlands
  • A Secure Directory Service based on Exclusive Encryption§, John Douceur, Atul Adya, Josh Benaloh, William Bolosky, and Gideon Yuval, Microsoft Research, USA
  • Wireless
    Chair: Rick Wilson, National Security Agency, USA

  • 802.1X: Secure Network Access for Wired and Wireless Network, Jeff Hayes, Alcatel, USA
  • Good Wireless Personal Area Network (WPAN) Protection: Don't Forget to Brush Your Bluetooth, Paul Innella, Tetrad Digital Integrity, USA
  • Issues in Wireless Security, Brian Miller, Booz Allen Hamilton, USA
  • 5:00 ADJOURN
    § This symbol indicates papers that were anonymously peer reviewed by four or more reviewers before acceptance.

    [ Thursday ] [ Friday ]