Technical Program – Thursday


Session Chair: Charles Payne, Adventium Labs, USA

Looking Back on the Bell-LaPadula Model
David Elliott Bell

The Pump: A Decade of Covert Fun
Myong H. Kang, Ira S. Moskowitz, and Stanley Chincheck
Naval Research Laboratory, USA

10:00 BREAK
10:30 Malware
Chair: Desiree Beck, The MITRE Corporation, USA

  • Design and Implementation of an Extrusion-Based Break-In Detector for Personal Computers§, Weidong Cui and Randy Katz University of California, Berkeley, USA, and Wai-tian Tan, Hewlett-Packard Laboratories, USA
  • Detecting Intra-enterprise Scanning Worms based on Address Resolution§, David Whyte, Paul C. van Oorschot and Evangelos Kranakis, Carleton University, Canada
  • Stealth Breakpoints§, Amit Vasudevan and Ramesh Yerraballi, University of Texas at Arlington, USA
  • PANEL - Highlights from the 2005 New Security Paradigms Workshop
    Chair: Abe Singer, San Diego Supercomputer Center, USA

    The New Security Paradigms Workshop, held 20-23 September, 2005 in Lake Arrowhead, California, provides a stimulating and highly interactive forum for innovative approaches to computer security. This panel will highlight selected papers focusing on major and provocative themes that emerged from the workshop.
    Security in Health Care
    Chair: Alexis Feringa, Booz Allen Hamilton, USA

  • The OneHealthPort Trusted Community: Simplifying Access to Information for Healthcare [ More Slides ], Pierangela Samarti, TriCipher Inc., USA
  • Curing Secure Remote Access Pains, Zachary Grant, Sun Healthcare, USA
  • Enterprise Single Sign-On: How City Hospital Cured Its Password Pain, Steve Furstenau, Imprivata, USA
  • 12:00 LUNCH
    1:30 Distributed System Security
    Chair: Michah Lerner, IPMetric, USA

  • mSSL: Extending SSL to Support Data Sharing Among Collaborative Clients§, Juni Li and Xun Kang, University of Oregon, USA
  • Layering a Publick-Key Distribution Service over Secure DNS§, John Jones, Daniel Berger, and Chinya Ravishankar, University of California, Riverside, USA
  • PorKI: Making User PKI Safe on Machines of Heterogeneous Trustworthiness§, Sara Sinclair and Sean W. Smith, Dartmouth College, USA
  • Access Control
    Chair: Konstantin Beznosov, University of British Columbia, Canada

  • Uniform Application-Level Access Control Enforcement of Organizationwide Policies§, Tine Verhanneman, Frank Piessens, Bart De Win and Wouter Joosen, Katholieke Universiteit Leuven, Belgium
  • Using Continuous Biometric Verification to Protect Interactive Login Sessions§, Sandeep Kumar, Terence Sim, Rajkumar Janakiraman, and Sheng Zhang, National University of Singapore, Singapore
  • Improved Port Knocking With Strong Authentication§, Rennie deGraaf, John Aycock, and Michael Jacobson, University of Calgary, Canada
  • Common Criteria
    Chair: Audrey Dale, NSA, USA

  • Writing a Protection Profile for a Security Service Package, Don Marks and John Hale, Univ. of Tulsa, USA
  • MILS, Multiple Independent Levels of Security, Carol Taylor and Jim Alves-Foss, Univ. of Idaho, USA
  • A Comprehensive Review of the National Information Assurance Partnership, Ed Schneider, Institute for Defense Analyses, USA
  • 3:00 BREAK
    3:30 Passwords and Applied Crypto
    Chair: Richard Smith, University of St. Thomas, USA

  • Graphical Passwords: A Survey§, Xiaoyuan Suo and Ying Zhu, Georgia State University, USA
  • Have the Cake and Eat It Too -- Infusing Usability Into Password Authentication Systems§, Sundararaman Jeyaraman and Umut Topkara, Purdue University, USA
  • Fault Attacks on Dual-Rail Encoded Systems§, Jason Waddle and David Wagner, University of California, Berkeley, USA
  • Defense in Depth / Database Security
    Chair: J. Thomas Haigh, Adventium Labs and Cyber Defense Agency LLC, USA

  • Survivability Architecture of a Mission Critical System: The DPASA Example§, Jennifer Chong, Partha Pal, Michael Atigetchi, Paul Rubel, and Franklin Webber, BBN Technologies, USA
  • Generating Policies for Defense in Depth§, Paul Rubel, BBN Technologies, USA, and Michael Ihde, University of Illinois at Urbana-Champaign, USA, and Steven Harp and Charles Payne, Adventium Labs, USA
  • Defensive Execution of Transactional Processes against Attacks§, Meng Yu, Monmouth University, USA, and Peng Liu, Penn State University, USA and Wanyu Zang
  • Privacy
    Chair: Daniel Faigin, The Aerospace Corporation, USA

  • Privacy Requirements Implemented with a JavaCard§, Anas Abou El Kalam, LIFO-CNRS, France, and Yves Deswarte, LAASCNRS, France
  • Privacy-Preserving Alert Correlation: A Concept Hierarchy Based Approach§, Dingbang Xu and Peng Ning, North Carolina State University, USA
  • Securing Email Archives through User Modeling§, Yiri Li and Anil Somayaji, Carleton University, Canada
  • 5:00 ADJOURN
    § This symbol indicates papers that were anonymously peer reviewed by four or more reviewers before acceptance.

    [ Monday Tutorials ] [ Tuesday ] [ Wednesday ] [ Friday Tutorials ]