| 7:30 |
Registration |
| 8:30 |
Opening Remarks |
Dan Thomsen, Conference Chair, Cyber Defense Agency LLC, USA |
| Welcome to Tucson |
Hotel Manager |
| Distinguished Practitioner |
Brian Snow, National Security Agency, USA
"We Need Assurance! |
| Technical Program Introduction |
Christoph Schuba, Program Chair, Sun Microsystems, Inc., USA |
| 10:00 |
BREAK |
|
TRACK A |
TRACK B |
TRACK C |
| 10:30 |
Software Security
Chair: Christoph Schuba, Sun Microsystems, Inc., USA
Model Checking An Entire Linux Distribution for Security Violations§, Benjamin Schwarz, Hao Chen, David Wagner, Geoff Morrison, Jacob West, Jeremy Lin, and Wei Tu, University of California, Berkeley, USA
Strengthening Software Self-Checksumming via Self-Modifying Code§, Jonathan Giffin, Mihai Christodorescu, and Louis Kruger, University of Wisconsin, Madison, USA
Countering Trusting Trust through Diverse Double-Compiling§, David A. Wheeler, Institute for
Defense Analyses, USA
|
Network Intrusion Detection
Chair: Peng Liu, Penn State Univ., USA
A Framework for Detecting Network-based Code Injection Attacks Targeting Windows and UNIX§, Stig Andersson, Andrew Clark, George Mohay, Bradley Schatz, and Jakub Zimmermann, Queensland University of Technology, Australia
Exploiting Independent State For Network Intrusion Detection§, Robin Sommer, Technische Universität München, Germany and Vern Paxson, ICSI and LBNL, USA
A Host-based Approach to Network Attack Chaining Analysis§, Paul Ammann, Joseph Pamula, and Julie Street, George Mason University, USA and Ronald Ritchey, Booz Allen Hamilton, USA
|
Security Management
Chair: Tom Fuhrman, Booz Allen Hamilton, USA
iTSafe - Awareness and Warning for the Non-technical Audiences,
Ian Bryant, iTSafe, England
Implementing Long-Term, Coarse Traffic Capture,
Michael Collins, CERT, USA
PATCHLINK UPDATE: Patch & Vulnerability Management Remedy for MidMichigan Medical Center,
Jim Czyzewski and Don Leatham, MidMichigan Medical Center, USA
|
| 12:00 |
LUNCH |
| 1:30 |
Security Designs
Chair: Art Friedman, NSA, USA
A Nitpicker's guide to a minimal-complexity secure GUI§, Norman Feske and Christian Helmuth, Technische Universität Dresden, Germany
A User-level Framework for Auditing and Monitoring§, Yongzheng Wu and Roland Yap, National University of Singapore, Singapore
TARP: Ticket-based Address Resolution Protocol§, Wesam Lootah, William Enck, and Patrick McDaniel, Penn State University, USA
|
Protocol Analysis
Chair: Pierangela Samarati, Università degli Studi di Milano, Italy
Verify Results of Network Intrusion Alerts Using Lightweight Protocol Analysis§, Jingmin Zhou, Adam Carlson, and Matt Bishop, University of California, Davis, USA
Improving the Security of TCG Specification§, Danilo Bruschi, Lorenzo Cavallaro, Andrea Lanzi and Mattia Monga, Universita` delgli Studi di Milano, Italy
Code Security Analysis of an Biometric Authentication System Using Automated Theorem Provers§, Jan Jürjens, Technische Universität München, Germany
|
Secure Access
Chair: Craig Sutherland, Tresys Technology, USA
A Secure Public Sector Workflow Management System,
Maarten Rits, SAP Research, France
Representing Reality in a Research Environment,
Sam Gorton, Skaion Corp. USA
Leveraging IPSec for Mandatory Access Control of Linux Network Communications,
Trent Jaeger, Penn State University, USA
|
| 3:00 |
BREAK |
| 3:30 |
Vulnerability Assessment
Chair: Ronald Ritchey, Booz Allen Hamilton, USA
Automated and Safe Vulnerability Assessment§, Fanglu Guo, Yang Yu, and Tzi-cker Chiueh, Stony Brook University, USA
Understanding Complex Network Attack Graphs through Clustered Adjacency Matrices§, Steven Noel and Sushil Jajodia, George Mason University, USA
Intrusion Detection in RBAC-administered Databases§, Elisa Bertino and Ashish Kamra, Purdue University, USA, and Evimaria Terzi, University of Helsinki, Finland, and Athena Vakali, Aristotle University, Greece
|
HOT TOPICS - How Does Information Assurance R&D Impact Information Assurance in Practice?
Chair: Doug Maughan, Department of Homeland Security, USA
Dr. Steve King DoD/DDR&E
Mr. Mark Powell FAA
Mr. Michael Brown FAA
The Federal Government has an impressive record of achievements in Information Technology R&D. However, there are also many cases where the R&D has lacked a transition partner and good results have languished. This may be the major challenge in the Federal Government R&D programs.
We bring together leaders in the Federal Government.s IA R&D program from both DoD and non-DoD agencies, as well as the Chief Technology Officers/Chief Security Officers (CSOs) of some major agencies to discuss how Information Assurance/Security R&D is impacting the operations of the agencies and how the needs of the operations organizations are being reflected in current R&D initiatives.
|
Managing the Enterprise
Chair: Jim Gerretson, DNovus, USA
Understanding Data Remanence Management ,
Steve Skolochenko, Booz Allen Hamilton, USA
Designing for Insecurity,
Drew Simonis, Symantec Corporation, USA
Integrating Storage Security into an Overall Security Architecture,
Bob Lockhart, NeoScale, USA
|
| 5:30 |
ADJOURN |
| 6:00 |
NISS Award and Reception |