Technical Program

Thursday, December 11, 2003

8:30 Invited Essayist Lance Spitzner, Honeypot Technologies, Inc., USA
Honeypots: Catching the Insider Threat
10:00 BREAK
10:30 Software Safety and Program Correctness
Chair: Meg Weinberg, Mitretek Systems, Inc., USA

  • Isolated Program Execution: An Application Transparent Approach for Executing Untrusted Programs§, Zhenkai Liang, VN Venkatakrishnan and R. Sekar, Stony Brook University, USA
  • How to Unwittingly Sign Non-repudiable Documents with Java Applications§, Danilo Bruschi, Davide Fabris, Vincenzo Glave and Emilia Rosti, Universita Degli Studi di Milano, ITALY
  • Making Secure TCP Connections Resistant to Server Failures§, Hailin Wu, Andrew Burt and Ramki Thurimella, University of Denver, USA
  • Classic Papers
    Chair: Dan Thomsen, Tresys Technology, USA

  • PSOS Revisited§, Peter Neumann, SRI, USA
  • A Failure to Learn From the Past§, Eugene H. Spafford, Purdue University, USA
  • Def Computer Environment
    Chair: Ray Potter, CISCO, USA

  • Implementing Vaulting Technology, Alon Cohen, Cyber-Ark Software, Inc., USA
  • Model for a Scalable and Secure Electronic Parabanking, Abhilasha Bhargav, CERIAS, Purdue University, USA
  • An Approach to Employing Biometrics With No Hardware, No Software, No Training, Peter Tapling, Authentify, USA
  • 12:00 LUNCH
    1:30 Event Correlation
    Chair: Art Friedman, National Security Agency, USA

  • Collaborative Intrusion Detection System (CIDS): A Framework for Accurate and Efficient IDS§, Yu-Sung Wu, Bingrui Foo, Yongguo Mei and Saurabh Bagchi, Purdue University, USA
  • Attack Signature Matching and Discovery in Systems Employing Heterogeneous IDS§, Nathan Carey, George Mohay and Andrew Clark, Queensland University of Technology, AUSTRALIA
  • Log Correlation for Intrusion Detection: A Proof of Concept§, Cristina Abad, Jed Taylor, Cigdem Sengul and Yuanyuan Zhou, University of Illinois at Urbana-Champaign, USA; William Yurcik, National Center for Supercomputing Applications, USA; Ken Rowe, Science Applications International Corporation, USA
  • Security Engineering and Management
    Chair: Marshall Abrams, The MITRE Corporation, USA

  • Protecting Personal Data: Can IT Security Management Standards Help?§, Giovanni Iachello, Georgia Institute of Technology, USA
  • An Editor for Adaptive XML-Based Policy Management of IPSEC§, Raj Mohan, Indian Army, INDIA; Timothy E. Levin and Cynthia E. Irvine, Naval Postgraduate School, USA
  • Security Design in Online Games§, Jeff Yan, Cambridge University, UK
  • Crypto and Analysis
    Chair: Brian Hubbard, Booz Allen Hamilton, USA

  • Security Patterns, Ed Rodriguez, Booz Allen Hamilton, USA
  • A Consumer's Perspective on the Application of the Common Criteria, Nir Naaman, Metatron, Ltd.
  • Wireless Intrusion Detection Systems (WIDS), Dragan Pleskonjic, CONWEX
  • 3:00 BREAK
    3:30 Enterprise Security
    Chair: Harold Podell, General Accounting Office, USA

  • Security Analysis of the SAML Single Sign-on Browser/Artifact Profile §, Thomas Gross, IBM Research, SWITZERLAND
  • Scalable and Efficient PKI for Inter-Organizational Communication§, Arne Ansper, Ahto Buldas, Margus Freudenthal and Jan Willemson, Cybernetica, ESTONIA
  • A Policy Validation Framework for Enterprise Authorization Specification§, Ramaswamy Chandramouli, National Institute of Standards and Technology, USA
  • PANEL - Themes and Highlights of the New Security Paradigms Workshop 2003
    Chairs: O. Sami Saydjari, Cyber Defense Agency, USA, and Carla Marceau, ATC-NY, USA
    Chair: Ken Heist, General Dynamics Decision Systems, USA

  • ISSEP Government Perspective for Certification, Janet Oren, National Security Agency, USA
  • ISSEP - The Practitioner View, Christopher Pohl, Booz Allen Hamilton, USA
  • ISSEP - New Credentials Support Career-Enhancement Strategies, Dow Williamson, (ISC)2, USA
  • 5:00 ADJOURN
    § This symbol indicates papers that were anonymously peer reviewed by four or more reviewers before acceptance.

    [ Wednesday ] [ Friday ]