PRELIMINARY PROGRAM2005 IEEE Symposium on Security and PrivacyMay 8-11, 2005The Claremont Resort
|
16:00-19:00 | Registration and Reception |
8:45-9:00 | Opening Remarks (Steve Tate, Michael Waidner) |
9:00-10:30 |
Session: Intrusion Detection (Wenke Lee) Language-Based Generation and Evaluation of NIDS Signatures Efficient Intrusion Detection using Automaton Inlining Semantics-Aware Malware Detection |
10:30-11:00 | Break |
11:00-12:00 |
Invited Talk (Vern Paxson) Physical Security -- the Good, the Bad, and the Ugly Physical security is an oft-overlooked but critical prerequisite for information security. Now that software has leaked into all aspects of modern life, physical security mechanisms often are badly designed, rely extensively on Security through Obscurity, contain substantial snake oil components, include back doors, use piece-part solutions which have nontrivial real-world interactions, and need to function in a system but ignore environmental context. I'll tell some stories about tests of outsourcing and colocation facilities, components and badge systems as examples of such security flaws. |
12:00-13:30 | Lunch |
13:30-14:30 |
Session: Sensor Networks (Birgit Pfitzmann) Distributed Detection of Node Replication Attacks in Sensor Networks Detection of Denial-Of-Message Attacks on Sensor Network Broadcasts |
14:30-15:00 | Break |
15:00-17:00 |
Session: 5-minute Work-in-progress Talks (Vern Paxson, Michael Waidner) |
9:00-10:30 |
Session: Access Control and Authentication (Virgil Gligor) Distributed Proving in Access-Control Systems On Safety in Discretionary Access Control Seeing-Is-Believing: Using Camera Phones For Human-Verifiable Authentication |
10:30-11:00 | Break |
11:00-12:00 | Invited Talk (Michael Waidner)
Model-driven Security We present an approach to integrating security into the system design process. Namely, models are made of system designs along with their security requirements, and security architectures are automatically generated from the resulting security-design models. We call the resulting approach "Model Driven Security" as it represents a specialization of model driven development to the domain of system security. To illustrate these ideas we present SecureUML, a modeling language based on UML for modeling system designs along with their security requirements. From SecureUML models, we automatically generate security architectures, built from declarative and procedural access control mechanisms, for distributed middleware-based applications. The process has been implemented in the ArcStyler tool, which generates security infrastructures based on Sun's Enterprise Java Bean standard. We report on case studies using this tool, which illustrate the flexibility and power of our approach. |
12:00-13:30 | Lunch |
13:30-15:00 |
Session: Integrity (Michael K. Reiter) A Generic Attack on Checksumming-Based Software Tamper Resistance Towards Constant Bandwidth Overhead Integrity Checking of Untrusted Data Bind: A Time-Of-Use Attestation Service For Secure Distributed System |
15:00-15:30 | Break |
15:30-17:00 |
Session: Cryptography and Protocols (Josh Benaloh) Relating Symbolic And Cryptographic Secrecy Low-Cost Traffic Analysis Of Tor Leap-Frog Packet Linking and Diverse Key Distributions for Improved Integrity In Network Broadcasts |
9:00-10:00 | Panel Discussion (Michael Backes)
Security in Ad-hoc and Sensor Networks Ad-hoc and sensor networks have recently received increasing attention in the security community. The panel aims to highlight new challenges in this area, addressing both open theoretical questions and issues concerning the usability of such networks in security-critical practical scenarios. |
10:00-10:30 | Break |
10:30-12:00 |
Worms and Network Forensics (Giovanni Vigna) Remote Physical Device Fingerprinting Polygraph: Automatically Generating Signatures For Polymorphic Worms Worm Origin Identification Using Random Moonwalks |
Last modified: Thu Apr 14 21:11:19 Romance Daylight Time 2005 |