 | | | |
Blaine Burnham,Director, Georgia Tech Information Security CenterDr. Burnham will recap the recent politics of information security and roll outa proposed "case for action." | | | | |
Session Chair: Dan Wallach,Rice University
MAPbox: Using Parameterized Behavior Classes to Confine UntrustedApplications
Anurag Acharya and Mandar Raje,University of California at Santa Barbara A Secure Java Virtual Machine
Leendert van Doorn,IBM T.J. Watson Research Center Encrypting Virtual Memory
Niels Provos,University of Michigan Deja Vu--A User Study: Using Images for Authentication
Rachna Dhamija and Adrian Perrig,University of California at Berkeley |
Dave Dittrich,University of Washington
Throughout 1999, groups around the world were involved in the development ofdistributed DoS (DDoS) attack programs which allowed the coordination ofliterally thousands of compromised computers. By January 1, 2000, four of theseDDoS tools had been identified by incident investigators and analyzed. February2000 brought DoS attacks against several e-commerce sites, and DDoS to theattention of the general public. Most current proposals deal only with a small part of the issue. We will look atthe larger picture of response to DDoS attacks. | | | | |
Session Chair: Ian Goldberg,University of California at Berkeley
Publius: A Robust, Tamper-Evident, Censorship-Resistant, and Source-AnonymousWeb Publishing System
Marc Waldman,New York University; and Aviel D. Rubin and Lorrie F.Cranor,AT&T Labs—Research Probabilistic Counting of Large Digital Signature Collections
Markus G. Kuhn,University of Cambridge, U.K. Can Pseudonymity Really Guarantee Privacy?
Josyula R. Rao and Pankaj Rohatgi,IBM T.J. Watson Research Center |
Duncan Campbell,IPTV Ltd., EPIC (Electronic Privacy Information Center), andInternational Consortium of Investigative Journalists
Communications intelligence (Comint) as an industrial activity has beenestablished globally for over 50 years. At the height of the Cold War, immenseresources were devoted by Western signals intelligence agencies to collectingcivilian communications of their own and other Western nations. Since then,agencies such as the U.S. National Security Agency have redefined their missionas "global access" to others' telecommunications. This talk reviews the development, scale, significance, and technical functionsof the Comint network run jointly by the English-speaking nations. Theincreasing impact of cryptography and other security measures suggests thatComint resources are likely to shift to network and terminal attacks. Theimplications of these moves will be discussed. | | | | |
Session Chair: Markus Kuhn,University of Cambridge, U.K.
An Open-Source Cryptographic Coprocessor
Peter Gutmann,University of Auckland, New Zealand Secure Coprocessor Integration with Kerberos V5
Naomaru Itoi,University of Michigan Analysis of the Intel Pentium's Ability to Support a Secure Virtual MachineMonitor
John Scott Robin,U.S. Air Force;and Cynthia E. Irvine,NavalPostgraduate School |
Mark Chen,Securify
"Public-key infrastructure": To many people, these words suggest a unifiedauthentication mechanism suitable for supporting a diverse array of securityrequirements. Public-key technology does solve some problems that are not easilymanaged with symmetric ciphers, but the practical deployment issues are complex,and obscured by the wordinfrastructure. This talk addresses thetrust-management pitfalls that lurk in the use of public-key technology inbusiness applications. It is particularly relevant for those who are consideringretaining the services of a commercial certification authority. | | |
Session Chair: Wietse Venema,IBM T.J.Watson Research Center
Detecting and Countering System Intrusions Using Software Wrappers
Calvin Ko, Timothy Fraser, Lee Badger, and Douglas Kilpatrick,INAI Labs Detecting Backdoors
Yin Zhang,Cornell University;and Vern Paxson,ACIRI Detecting Stepping Stones
Yin Zhang,Cornell University;and Vern Paxson,ACIRI Automated Response Using System-Call Delay
Anil Somayaji,University of New Mexico;and Stephanie Forrest,SantaFe Institute |
Suelette Dreyfus,Author
Modern cryptography is increasingly being used by human rights and nonprofitcommunity activist groups around the world to protect sensitive data fromgovernments and hostile organizations. A number of Truth Commissions, as well asgrassroots human rights groups interviewing victims of and witnesses to humanrights abuses, have relied on cryptographic software. This talk will look at a case study: the use of cryptography by a grassroots HRgroup and the Truth Commission in Guatemala to protect witnesses fromretribution, as well as to ensure the integrity of the data. It will concludewith a brief review of anti-cryptography laws around the globe, and how certaintypes of new technology may thwart these laws. | | | | |
Session Chair: Tara Whalen,Communications Research Centre Canada
CenterTrack: An IP Overlay Network for Tracking DoS Floods
Robert Stone,UUNET Technologies Inc. A Multi-Layer IPSEC Protocol
Yongguang Zhang and Bikramjit Singh,HRL Laboratories, LLC Defeating TCP/IP Stack Fingerprinting
Matthew Smart, G. Robert Malan, and Farnam Jahanian,University ofMichigan |
Ian Goldberg,Zero-Knowledge Systems
Much talk has been heard recently of "Privacy-Enhancing Technologies," whichostensibly allow a user to maintain his privacy while using some other,assumedly desirable, technologies. The underlying problem is that these othertechnologies degrade the user's privacy in the first place. This talk willdiscuss the "Nymity Slider" and will indicate how, keeping it in mind, we shouldaim to build future technology with privacy as important a part of the design asare security, performance, and correctness. | | | | |
Session Chair: Elizabeth Zwicky,Counterpane Internet Security
A Chosen Ciphertext Attack Against Several E-Mail Encryption Protocols
Jonathan Katz,Columbia University;and Bruce Schneier,CounterpaneInternet Security, Inc. PGP in Constrained Wireless Devices
Michael Brown and Donny Cheung,University of Waterloo, Canada;DarrelHankerson,Auburn University;Julio Lopez Hernandez,State Universityof Campinas, Brazil;and Michael Kirkup and Alfred Menezes,University ofWaterloo, Canada Shibboleth: Private Mailing List Manager
Matt Curtin,Interhack Posse |
Mudge,VP of Research and Development, @stake
When an intruder obtains elevated privileges on a remote system, the machine isusually placed in promiscuous mode to monitor traffic on the network, oftenrewarding the the intruder with such items as user names, passwords, email, andusage statistics. Machines on the network in promiscuous mode often indicatesthat those systems have been compromised. Once intruders have access, theycommonly fix the holes that were exploited and then install backdoors to allowfuture access. Such a system may well pass network security scans even though itremains compromised. This talk describes some network techniques that can beused to detect this situation. | | | | |
Session Chair: Peter Honeyman,CITI, University of MichiganDo you have interesting work you would like to share, or a cool idea that is notyet ready to be published? Symposium attendees provide valuable discussion andfeedback. Short, pithy, and fun, this Work-in-Progress Session (WiPs)introduces interesting new or ongoing work. We are particularly interested inpresentation of student work. Speakers should submit a one- or two-paragraph abstract to[email protected] by 6:00 pm on Wednesday, August 16, 2000. Please includeyour name, affiliation, and the title of your talk. The time available will bedistributed among the presenters with a minimum of 5 minutes and a maximum of 10minutes. The time limit will be strictly enforced. A schedule of presentationswill be posted at the symposium by noon on August 17. Experience has shown thatmost submissions are usually accepted. |
|
