1999 IEEE Symposium on Security and Privacy

	1999 IEEE Symposium on Security and Privacy Special 20th Anniversary Program May 9-12, 1999 The Claremont Resort Berkeley, California
Sponsored by the IEEE Technical Committee on Security and Privacy In cooperation with the International Association of Cryptologic Research Symposium Committee: John McLean, General Chair Jonathan Millen, Vice Chair Li Gong, Program Co-Chair Michael Reiter, Program Co-Chair FINAL PROGRAM

Report on the 1999 Symposium by Mary Ellen Zurko
Statement from George Davida , Chair of the First IEEE Security and Privacy Symposium
About the cover of the Twentieth Anniversary Proceedings
Didn't get your S&P 99 photo?

Want to order Proceedings?

Sunday, May 9, 1999

5:00 - 7:00pm	Registration
6:00 - 7:00pm	Reception

Monday, May 10, 1999

8:00 -	Registration
8:45 - 9:00	Welcome: Chairs
9:00 - 10:30	Systems Session Chair: Roger Needham, Microsoft Research Hardening COTS software with generic software wrappers Timothy Fraser, Lee Badger, Mark Feldman TIS Labs at Network Associates, Inc. Firmato: A novel firewall management toolkit Yair Bartal, Alain Mayer, Kobbi Nissim, Avishai Wool Lucent Bell Labs Flexible policy-directed code safety PDF, Gzipped PS, Slides (Slides require JavaScript enabled browser) David Evans, Andrew Twyman MIT
10:30 - 11:00	Coffee Break
11:00 - 12:00	Policy Session Chair: Ravi Sandhu, George Mason University Local reconfiguration policies Jonathan K. Millen SRI International A modular, user-centered authorization service built on an RBAC foundation Homepage , PDF , Slides (PPT) Mary Ellen Zurko, Richard T. Simon, Tom Sanfilippo Iris Associates, EMC, Groove Networks
12:00 - 2:00	Lunch
2:00 - 3:00	Verification Session Chair: John Mitchell, Stanford University Secure communications processing for distributed languages Martin Abadi, Cedric Fournet, Georges Gonthier Compaq Systems Research Center, Microsoft Research, and INRIA Verification of control flow based security policies T. Jensen, D. Le Metayer, T. Thorn IRISA
3:00 - 3:30	Coffee Break
3:30 - 5:00	Panel Discussion: Brief History of Twenty Years of Computer Security Research Panel Chair: Teresa Lunt, Xerox PARC Panelists: G.R. Blakley, Texas A&M University 20 years of cryptography Virgil Gligor, U Maryland 20 years of operating system security (Unix as one focus) Steve Lipner, MITRETEK 20 years of criteria development/commercial technology Jonathan K. Millen, SRI International 20 years of covert channel modeling and analysis John McLean, NRL 20 years of formal methods Steve Kent BBN/GTE 20 years of network security
8:00 - 9:00	Poster Session

Tuesday, May 11, 1999

9:00 - 10:30	Intrusion Detection Session Chair: Cynthia Irvine, Naval Postgraduate School A data mining framework for building intrusion detection models Wenke Lee, Sal Stolfo, Kui Mok Columbia University Detecting intrusions using system calls: Alternative data models Christina Warrender, Stephanie Forrest, Barak Pearlmutter University of New Mexico Detecting computer and network misuse through the production-based expert system toolset (P-BEST) Ulf Lindqvist, Phillip A. Porras Chalmers University of Technology, SRI International
10:30 - 11:00	Coffee Break
11:00 - 12:30	Panel Discussion: Near Misses and Hidden Treasures in Early Computer Security Research Panel Chair: Stan Ames, MITRE Panelists: Tom Berson, Anagram Labs and Xerox PARC Marv Schaefer, Arca Dick Kemmerer, UC Santa Barbara
12:30 - 2:00	Lunch
2:00 - 3:30	Information Flow Session Chair: John McHugh, Portland State University A multi-threading architecture for multilevel secure transaction processing HTML publication list, PDF via FTP, Compressed PS via FTP Haruna Isa, William R. Shockley, Cynthia E. Irvine U.S. Navy, Cyberscape Computer Services, and Naval Postgraduate School Specification and enforcement of classification and inference constraints, (Slides) Steven Dawson, Sabrina De Capitani di Vimercati, Pierangela Samarati SRI International and University of Milan A test for non-disclosure in security level translations David Rosenthal, Francis Fung Odyssey Research Associates
3:30 - 4:00	Coffee Break
4:00 - 5:30	Work-In-Progress: 5-Minute Talks (see below for details) Session Chair: Heather Hinton, Ryerson Polytechnic University
6:00 - 7:00	IEEE Security and Privacy Technical Committee meeting (open to all conference attendees)
8:00 - 9:00	Poster Session

Wednesday, May 12, 1999

9:00 - 10:00	Authentication and Key Exchange Session Chair: Dieter Gollmann, Microsoft Research Software smart cards via cryptographic camouflage , PS of paper , PDF of paper , PS of slides , PDF of slides D. Hoover, B. N. Kausik Arcot Systems Analysis of the internet key exchange protocol using the NRL protocol analyzer PS, PDF Catherine Meadows, Naval Research Laboratory
10:00 - 10:30	Coffee Break
10:30 - 12:15	Panel Discussion: Time Capsule -- Twenty Years From Now Panel Chair: Jim Anderson Panelists: Michael Reiter, Lucent Bell Labs Future of computing Roger Needham, Microsoft Research, Cambridge Future of hardware technology Howard Shrobe, MIT AI Lab Future of software technology Hilarie Orman, DARPA Future of networking Brian Snow, National Security Agency Future of Security
12:15	Conference Adjourns

Five-Minute Research Talks Session

A continuing feature of the symposium was a session of 5-minute talks. Abstracts of these talks were distributed at the Symposium. Below are the titles for this session.

Information Power Grid: Security Challenges for the 21st Century
Thomas H. Hinke, University of Alabama in Huntsville
The History and Future of Computer Attack
Daniel L. Lough, Nathaniel J. Davis IV, and Randy C. Marchany Virginia Polytechnic Institute and State University
Simulating Cyber Attacks, Defenses, and Consequences
Fred Cohen, Sandia National Laboratories and Fred Cohen & Associates
Developing a database of vulnerabilities to support the study of denial of service attacks
Tom Richardson, Jim Davis, Doug Jacobson, John Dickerson, and Laura Elkin, Iowa State University
System Assurance Methodology Using Attack Trees to Drive Design Improvements
Dale M. Johnson, TIS Labs at Network Associates
NetHose: A Tool for Finding Vulnerabilities in Network Stacks
Anup K. Ghosh, Frank Hill, and Matt Schmid, Reliable Software Technologies
High Assurance Smart Card Operating System
Paul A. Karger, David Toll, Vernon Austel, Elaine Palmer, IBM T. J. Watson Research Center, Jonathan W. Edwards, IBM Global Services, and Guenter Karjoth and James Riordan, IBM Zurich Research Laboratory
NCI Security Architecture
Peter Xiao, Garret Swart, and Steve Weinstein, Network Computer Inc.
A Scalable Approach to Access Control in Distributed Object Systems
Gregg Tally, Daniel Sterne, Durward McDonell, David Sherman, David Sames, Pierre Pasturel, TIS Labs at Network Associates
Security Approach for a Resource Management System
Cynthia Irvine and Tim Levin, Naval Postgraduate School
Using Software Fault Isolation to Enforce Non-Bypassability
Mark S. Feldman, TIS Labs at Network Associates
Porting Wrappers from UNIX to Windows NT: Lessons Learned
Larry Spector and Lee Badger, TIS Labs at Network Associates
Sequenced-Based Intrusion Detection using Generic Software Wrappers
Douglas Kilpatrick and Lee Badger, TIS Labs at Network Associates
Implementing Specification-Based Intrusion Detection using Wrappers
Calvin Ko, TIS Labs at Network Associates
JSIMS Security Architecture Development Process
Richard B. Neely, SAIC and Bonnie Danner, TRW
High Assurance Multilevel Secure Mail Service: Session Server and IMAP Server
Steven Balmer, Susan Bryer-Joyner, Brad Eads, Scott D. Heller and Cynthia E. Irvine, Naval Postgraduate School
Data Damming in Proprietary/Public Databases
Ira S. Moskowitz and Li Wu Chang, Naval Research Laboratory
Bridging Knowledge Representions in Support of Reasoning about the Properties of Composed Security Policy
J. Bret Michael, Naval Postgraduate School
Interactive Zero Knowledge Proofs: Identification Tools Based In Graph Theory Problems
C. Hernandez-Goya And P. Caballero-Gil, University Of La Laguna, Spain
A Note on the Role of Deception in Information Protection
Fred Cohen, Sandia National Laboratories and Fred Cohen & Associates
Sequential And Parallel Attacks On Certain Known Digital Signature Schemes
M.I. Dorta-Gonzalez, P. Caballero-Gil, and C. Hernández-Goya, University Of La Laguna, Spain

Last modified on Monday, June 7, 1999

NOTICE: All Department of Defense telecommunications and automated information systems and related equipment are for the communication, transmission, processing, and storage of U.S. Government information only. The systems and equipment are subject to authorized monitoring to ensure proper functioning, to protect against unauthorized use, and to verify the presence and performance of applicable security features. Such monitoring may result in the acquisition, recording, and analysis of all data being communicated, transmitted, processed, or stored in this system by a user. If monitoring reveals possible evidence of criminal activity, such evidence may be provided to law enforcement personnel. Anyone using this system expressly consents to such monitoring.