Technical Program – Tuesday


7:30 Registration
8:30 Opening Remarks Dan Thomsen, Conference Chair, Cyber Defense Agency LLC, USA
Welcome to Tucson Hotel Manager
Distinguished Practitioner Brian Snow, National Security Agency, USA
"We Need Assurance!
Technical Program Introduction Christoph Schuba, Program Chair, Sun Microsystems, Inc., USA
10:00 BREAK
TRACK A TRACK B TRACK C
10:30 Software Security
Chair: Christoph Schuba, Sun Microsystems, Inc., USA

  • Model Checking An Entire Linux Distribution for Security Violations§, Benjamin Schwarz, Hao Chen, David Wagner, Geoff Morrison, Jacob West, Jeremy Lin, and Wei Tu, University of California, Berkeley, USA
  • Strengthening Software Self-Checksumming via Self-Modifying Code§, Jonathan Giffin, Mihai Christodorescu, and Louis Kruger, University of Wisconsin, Madison, USA
  • Countering Trusting Trust through Diverse Double-Compiling§, David A. Wheeler, Institute for Defense Analyses, USA
  • Network Intrusion Detection
    Chair: Peng Liu, Penn State Univ., USA

  • A Framework for Detecting Network-based Code Injection Attacks Targeting Windows and UNIX§, Stig Andersson, Andrew Clark, George Mohay, Bradley Schatz, and Jakub Zimmermann, Queensland University of Technology, Australia
  • Exploiting Independent State For Network Intrusion Detection§, Robin Sommer, Technische Universität München, Germany and Vern Paxson, ICSI and LBNL, USA
  • A Host-based Approach to Network Attack Chaining Analysis§, Paul Ammann, Joseph Pamula, and Julie Street, George Mason University, USA and Ronald Ritchey, Booz Allen Hamilton, USA
  • Security Management
    Chair: Tom Fuhrman, Booz Allen Hamilton, USA

  • iTSafe - Awareness and Warning for the Non-technical Audiences, Ian Bryant, iTSafe, England
  • Implementing Long-Term, Coarse Traffic Capture, Michael Collins, CERT, USA
  • PATCHLINK UPDATE: Patch & Vulnerability Management Remedy for MidMichigan Medical Center, Jim Czyzewski and Don Leatham, MidMichigan Medical Center, USA
  • 12:00 LUNCH
    1:30 Security Designs
    Chair: Art Friedman, NSA, USA

  • A Nitpicker's guide to a minimal-complexity secure GUI§, Norman Feske and Christian Helmuth, Technische Universitšt Dresden, Germany
  • A User-level Framework for Auditing and Monitoring§, Yongzheng Wu and Roland Yap, National University of Singapore, Singapore
  • TARP: Ticket-based Address Resolution Protocol§, Wesam Lootah, William Enck, and Patrick McDaniel, Penn State University, USA
  • Protocol Analysis
    Chair: Pierangela Samarati, Università degli Studi di Milano, Italy

  • Verify Results of Network Intrusion Alerts Using Lightweight Protocol Analysis§, Jingmin Zhou, Adam Carlson, and Matt Bishop, University of California, Davis, USA
  • Improving the Security of TCG Specification§, Danilo Bruschi, Lorenzo Cavallaro, Andrea Lanzi and Mattia Monga, Universita` delgli Studi di Milano, Italy
  • Code Security Analysis of an Biometric Authentication System Using Automated Theorem Provers§, Jan Jürjens, Technische Universität München, Germany
  • Secure Access
    Chair: Craig Sutherland, Tresys Technology, USA

  • A Secure Public Sector Workflow Management System, Maarten Rits, SAP Research, France
  • Representing Reality in a Research Environment, Sam Gorton, Skaion Corp. USA
  • Leveraging IPSec for Mandatory Access Control of Linux Network Communications, Trent Jaeger, Penn State University, USA
  • 3:00 BREAK
    3:30 Vulnerability Assessment
    Chair: Ronald Ritchey, Booz Allen Hamilton, USA

  • Automated and Safe Vulnerability Assessment§, Fanglu Guo, Yang Yu, and Tzi-cker Chiueh, Stony Brook University, USA
  • Understanding Complex Network Attack Graphs through Clustered Adjacency Matrices§, Steven Noel and Sushil Jajodia, George Mason University, USA
  • Intrusion Detection in RBAC-administered Databases§, Elisa Bertino and Ashish Kamra, Purdue University, USA, and Evimaria Terzi, University of Helsinki, Finland, and Athena Vakali, Aristotle University, Greece
  • HOT TOPICS - How Does Information Assurance R&D Impact Information Assurance in Practice?
    Chair: Doug Maughan, Department of Homeland Security, USA

    Dr. Steve King DoD/DDR&E
    Mr. Mark Powell FAA
    Mr. Michael Brown FAA

    The Federal Government has an impressive record of achievements in Information Technology R&D. However, there are also many cases where the R&D has lacked a transition partner and good results have languished. This may be the major challenge in the Federal Government R&D programs.

    We bring together leaders in the Federal Government.s IA R&D program from both DoD and non-DoD agencies, as well as the Chief Technology Officers/Chief Security Officers (CSOs) of some major agencies to discuss how Information Assurance/Security R&D is impacting the operations of the agencies and how the needs of the operations organizations are being reflected in current R&D initiatives.

    Managing the Enterprise
    Chair: Jim Gerretson, DNovus, USA

  • Understanding Data Remanence Management , Steve Skolochenko, Booz Allen Hamilton, USA
  • Designing for Insecurity, Drew Simonis, Symantec Corporation, USA
  • Integrating Storage Security into an Overall Security Architecture, Bob Lockhart, NeoScale, USA
  • 5:30 ADJOURN
    6:00 NISS Award and Reception
    § This symbol indicates papers that were anonymously peer reviewed by four or more reviewers before acceptance.

    [ Monday Tutorials ] [ Wednesday ] [ Thursday ] [ Friday Tutorials ]