Eleventh Annual Computer Security Applications Conference

Tutorial, Symposium, and Workshop Information

Conference Events for December 11th and 12th

ACSAC Tutorial Program--Monday Tutorials

Network Firewall Security

A Full Day Tutorial
8:30 am, Monday, December 11, 1995

Course Director: Mr. J. Garonzik & Mr. N. Laudermilch, Registration Code: 01
Trident Data Systems

Course Objective:
Standard products and conventions are publicly available to provide various levels of consistency, visibility, and assurance for TCP/IP networks and UNIX systems. This tutorial will provide the details of the most beneficial tools, an assessment of the difficulty in acquiring, porting, configuring, and deploying them, their relationships, costs, and benefits. This tutorial is intended for those who must protect investments in Automated Information Systems (AIS). UNIX, TCP/IP, and security technical content is moderate-to-high.

Course Outline:

  1. The Basis for Security
  2. Formation of a Security Posture
  3. Two Parts to Total AIS Security
  4. Host Based Security
  5. Perimeter Security (Firewalls)
  6. In-depth Tool Analysis & Examples

What Computer Security Can Learn from Other Assurance-based Disciplines: New Approaches to Quantitative Trustworthiness

A Full Day Tutorial
8:30 am Monday, December 11, 1995

Course Director: Dr. C. Michael, Registration Code: 02
Reliable Software Technologies Corporation

Course Objective:
From a theoretical standpoint, reliability assessment, probability of failure assessment, mean-time-to-catastrophic-failure assessment (safety), and testability assessment all quantify characteristics needed in assuring trustworthiness. Many computer security researchers and policy makers are ill-informed as to what has occurred in assurance assessment in several of security's sister fields: reliability, testing, dependability, safety, and fault-tolerance. This tutorial will teach the basics of quantitative quality assessment and explain how other disciplines have been able to provide quantitative measures. It will focus heavily on the application of two classes of methods to security: (1) assertions as heuristics for design-for-security and detectability, and (2) fault-injection methods for vulnerability assessment.

Course Outline:

  1. Introduction
  2. Software Reliability
  3. Assurance via Software Testing
  4. Software Metrics
  5. Software Safety
  6. Conclusion

Developing a Commercial Security Architecture

A Half Day Tutorial
8:30 am, Monday, December 11, 1995

Course Director: Mr. G. Stoneburner, Registration Code: 03
Boeing Defense & Space Group

Course Objective:
This tutorial presents both a methodology for achieving an enterprise-wide, distributed security architecture and the application of this methodology to one representative example of real-world, commercial information systems.

Course Outline:

  1. Introduction
  2. Architecture Purpose and Motivation
  3. Implementation Methodology
  4. Education
  5. Fundamental Principles
  6. Practical Application
  7. Summary/Closing

CORBA Security

A Half Day Tutorial
1:30 pm Monday, December 11, 1995

Course Director: Mr. B. Hartman, Registration Code: 04
Odyssey Research Associates

Course Objective:
Object technology (OT) is an important emerging paradigm supporting distributed computing. The Common Object Request Broker Architecture (CORBA) as promoted by the Object Management Group (OMG) is a standard set of interface specifications that supports interoperable distributed object-based computing. This tutorial describes the newly proposed CORBA security standard. CORBA Security is a framework that allows many different security and trust models. The framework is sufficiently flexible to allow both high-assurance labeled-based non-disclosure policies for DoD applications as well as commercially oriented policies that emphasize authentication and data integrity. This tutorial will discuss the conformance levels defined within the standard, and how traditional security concepts apply to CORBA. The tutorial also addresses security issues of interest within a distributed object-based architecture, including delegation, security domains, and establishment of a security context.

Course Outline:

  1. CORBA Introduction
  2. Introduction to CORBA Security
  3. Security Reference Model
  4. Security Architecture
  5. Views of CORBA Security
  6. Interoperability
  7. Trust Model

ACSAC Tutorial Program--Tuesday Tutorials

Protection Profiles and the Common Criteria

A Full Day Tutorial
8:30 am, Tuesday, December 12, 1995

Course Director: Mr. S. LaFountain & Ms. L. Ambuel Registration Code: 05
National Security Agency

Course Objective:
This tutorial will provide an understanding of how the new international Common Criteria (CC) for Information Technology (IT) will be used to define complete and cohesive sets of IT security functional and assurance requirements, called Protection Profiles (PPs). It will provide information about the CC, how it was developed and how it will be used. The tutorial attendees will develop a sample PP using the CC. The attendees will be encouraged to use their real-life experiences in developing these sample PPs. This tutorial session will be the first public session in which the developers of the CC will provide detailed instructions on how users of the criteria will go through the steps of building PPs.

Course Outline:

  1. CC Definition & Background
  2. CC Major Concepts
  3. Catalog of Functional Requirements
  4. Catalog of Assurance Requirements & Levels
  5. Building Protection Profiles

Preliminary Experience with Evolving Standards for Open Systems Security

A Full Day Tutorial
8:30 am, Tuesday, December 12, 1995

Course Director: Dr. H. Podell, Registration Code: 06
U.S. Government

Course Objective:
This tutorial provides an overview of selected evolving security standards and applications. This overview includes security standards for open systems, such as the security in Electronic Data Interchange (EDI) standards for Message Handling Systems (MHS), and secure messaging specifications, X.400 and X.435. Security applications will be discussed in medical information systems, Executive Information Systems, and internetworking Privacy Enhanced Mail (PEM). Discussion focuses on architectural issues, secure messaging standards, PEM, public key applications, and medical information systems security issues. Basic familiarity with information security issues is a prerequisite.

Course Outline:

  1. Cryptographic Issues
  2. Architecture Issues
  3. Secure Messaging Standards
  4. PEM
  5. Public Key Cryptography Applications
  6. Prototype Executive Information System & Prototype Using PEM
  7. Medical Information Systems Security Issues

High and Low Assurance: The Differences

A Half Day Tutorial
8:30 am, Tuesday, December 12, 1995

Course Director: Dr. C. Irvine, Registration Code: 07
Naval Postgraduate School

Course Objective:
This tutorial will illustrate how, for a particular evaluation class, system design and implementation techniques along with additional evidence combine to create a coherent view of the level of trust one can place in a system's ability to enforce its access control policy. After a look at Class C2, Classes B2, B3 and A1 will be examined to see how the evaluation requirements combine to create a coherent combination of functionality and assurance. The application of assurance requirements to more complex systems such as databases and networks will be presented. The course will end with a discussion of some emerging evaluation approaches.

Course Outline:

  1. Computer Security & the Need for Assurance
  2. The Reference Monitor to Control Access
  3. What is Assurance
  4. Assurance Through Coherent TCSEC Requirements
  5. Evaluation Class Comparisons
  6. Technological Limitations to Assurance
  7. Assurance for Networked Systems
  8. Assurance for Database Systems
  9. New Concepts for Assurance
  10. Summary

Authentication and Key Distribution Systems

A Half Day Tutorial
1:30 pm, Tuesday, December 12, 1995

Course Director: Dr. R. Oppliger, Registration Code: 08
Bundesamt fuer Informatik (BFI)

Course Objective:
There are several authentication and key distribution systems currently available that can be used in computer networks and distributed systems to provide end-to-end level security on the application layer. This tutorial motivates interest in the use of these systems on a global scale. Furthermore, the tutorial outlines the authentication and key distribution systems that are currently available, namely Kerberos (OSF DCE V1), NetSP, SPX, TESS and SESAME, and reviews them with regard to the security services they offer, the cryptographic techniques they use, their conformance with international standards, and their availability and exportability.

Course Outline:

  1. Introduction
  2. Kerberos (MIT)
  3. NetSP (IBM)
  4. SPX (DEC)
  5. TESS (University of Karlsruhe)
  6. SESAME (Bull, ICL & SNI)
  7. OSF DCE
  8. Conclusions

Symposium: INFOWAR-Defend

Symposium Director: J. Pohly
Defense Information Systems Agency (DISA)

A Full Two Day Symposium
8:30 am, Monday and Tuesday, December 11 and 12, 1995


In cooperation with the ACSAC, the USAF and DISA are co-sponsoring an INFOWAR-Defend (IW-D) symposium to foster a better community understanding of DoD's IW-D initiatives at the mid to senior management levels. The symposium will exchange information regarding the DoD Services' and Agencies' roles in this new, emerging area. In addition, the goal is to identify how the DoD community can work together to ensure a highly-integrated and coordinated approach to IW-D.

The symposium is unclassified, but will be open to U.S. citizens only. No contractors other than those sponsored by DoD organizations will be allowed. For information about this symposium including registration, contact Nancy Hancharik, telephone: 703/681-1344, DSN: 761-1344, e-mail: cissa@ncr.disa.mil.


  1. Overview-Keynote: An Historical Perspective of IW (P. Westerby)
  2. Laying the Foundation
  3. How Bad is it?
  4. How do I Respond? Organizational Perspective
  5. How do I Respond? Technical Solutions
  6. Training to the Problem
  7. How Do I Respond? Other Initiatives
  8. Where Do We Go From Here? The Future?

Issues 95: Electronic Commerce Special Workshop

Chair: H. Rubinovitz

Tuesday, December 12, 1995, 8:30 am - 4:30 pm

In recent years, electronic commerce (EC) has received much attention. Many of the EC issues are similar to their nonelectronic counterparts but require innovative solutions to maintain their integrity. Using the Internet or other media for EC has great potential but also poses a number of special challenges due to its lack of security mechanisms. Until security is completely solved, people are unlikely to utilize this technology. Some of the areas utilizing EC are electronic currency exchange, software copy protection, and publishing. Some of the issues are authentication, authorization, privacy, fraud, and legal issues. This workshop will focus on security issues associated with implementation, deployment, and management of EC applications.

ACM's Special Interest Group on Security, Audit, and Control (SIGSAC) sponsors this workshop. Registration is requested, although there is no charge for the workshop. Papers are encouraged and will be published in SIGSAC Review.

Please notify H. Rubinovitz, hhr@mitre.org, 617/271-3076, The MITRE Corporation, M/S A150, 202 Burlington Rd., Bedford, MA 01730, if you plan to attend.