Organizers for the 8th ACM Conference on Computer and Communications Security (November 5-8, 2001, Philadelphia, PA USA) have announced the conference program and registration process. See www.bell-labs.com/user/reiter/ccs8/  for details.   The following papers will be presented:

• Error Tolerant Password Recovery, Niklas Frykholm. Ari Juels, RSA Laboratories, Bedford, MA, USA

• Twin Signatures: an Alternative to the Hash-and-Sign Paradigm. David Naccache, David Pointcheval, Jacques Stern, Dept Informatique - Ecole Normale Superieure, Paris, France

• Events in Security Protocols. Federico Crazzolara, Glynn Winskel, Computer Laboratory, University of Cambridge, Cambridge, England

• Formalizing GDOI Group Key Management Requirements in NPATRL. Catherine Meadows, Paul Syverson, Iliano Cervesato, Center for High Assurance Computer Systems, Naval Research Laboratory, Washington, USA

• An Efficient Security Verification Method for Programs with Stack Inspection. Naoya Nitta, Yoshiaki Takata, Hiroyuki Seki, Graduate School of Information Science, Nara Institute of Science and Technology

• OCB: An Authenticated-Encryption Mode for Emerging Cryptographic Standards. Phillip Rogaway, University of California at Davis, Davis, California, USA, Mihir Bellare, University of California at San Diego, La Jolla, California, USA, John Black, University of Nevada, Reno, Nevada, USA, Ted Krovetz, University of California at Davis, Davis, California, USA

• The Performance of Public Key-Enabled Kerberos Authentication in Mobile Computing Applications. Alan Harbitter, PEC Solutions, Inc., Fairfax, VA, Daniel A. Menascé, Department of Computer Science, George Mason University, Fairfax, VA

• Accountable-Subgroup Multisignatures. Silvio Micali, MIT LCS, Cambridge, MA, USA, Kazuo Ohta, Department of Information and Comunication Engineering, University of Electoro-Communications, Tokyo, Japan, Leonid Reyzin, MIT LCS, Cambridge, MA, USA

• Policy Algebras for Access Control - The Propositional Case. Duminda Wijesekera, Sushil Jajodia, Center for Secure Information Systems, George Mason University, Fairfax VA, USA

• A Chinese Wall Security Model for Decentralized Workflow Systems. Vijayalakshmi Atluri, Soon Ae Chun, Pietro Mazzoleni, MSIS Department and CIMIC, Rutgers University, Newark, NJ, USA

• On the Relationship between Strand Spaces and Multi-Agent Systems. Joseph Y. Halpern, Riccardo Pucella, Department of Computer Science, Cornell University, Ithaca, NY, USA

• Provably Authenticated Group Diffie-Hellman Key Exchange. Emmanuel Bresson, Ecole normale supérieure, Paris, France, Olivier Chevassut, Lawrence Berkeley National Laboratory, Berkeley, CA, USA, David Pointcheval, Ecole normale supérieure, Paris, France, Jean-Jacques Quisquater, Microelectronic laboratory, Louvain-la-Neuve, Belgium

• Tangler - A Censorship Resistant Publishing System Based On Document Entanglements. Marc Waldman, David Mazieres, Computer Science Department, New York University, New York, NY, USA

• Design and Implementation of a Flexible RBAC-Service in an Object-Oriented Scripting Language. Gustaf Neumann, Mark Strembeck, Department of Information Systems, New Media, Vienna University of Economics and BA, Vienna, Austria

• Delegation of Cryptographic Servers for Capture-Resilient Devices. Philip MacKenzie, Michael K. Reiter, Bell Labs, Lucent Technologies, Murray Hill, NJ, USA

• Distributed Credential Chain Discovery in Trust Management. Ninghui Li, Department of Computer Science, Stanford University, Stanford, CA, USA, William H. Winsborough, NAI Labs, Glenwood, MD, USA, John C. Mitchell, Department of Computer Science, Stanford University, Stanford, CA, USA

• Bounded-Process Cryptographic Protocol Analysis. Jonathan Millen, Vitaly Shmatikov, Computer Science Laboratory, SRI International, Menlo Park, CA, USA

• A New Approach to DNS Security (DNSSEC). Giuseppe Ateniese, Stefan Mangard, Department of Computer Science, The Johns Hopkins University, Baltimore, MD, USA

• On the Abuse-Freeness of the Garay-Jakobsson-MacKenzie Two-Party Protocol. Rohit Chadha, Department of Mathematics, University of Pennsylvania, Philadelphia, PA, USA, Max Kanovich, Andre Scedrov, Department of Computer and Information Science, University of Pennsylvania, Philadelphia, PA, USA

• Flexible Authentication of XML documents. Prem Devanbu, Michael Gertz, April Kwong, Chip Martel, Glen Nuckolls, Department of Computer Science, University of California, Davis, California, CA, USA, Stuart G. Stubblebine, CertCo, New York, NY, USA

• Securely Combining Public-Key Cryptosystems. Stuart Haber, InterTrust STAR Lab, Santa Clara, CA, Benny Pinkas, InterTrust STAR Lab, Princeton, NJ, USA

• Interoperable Strategies in Automated Trust Negotiation. Ting Yu, Marianne Winslett, Department of Computer Science, University of Illinois at Urbana-Champaign, Urbana, IL, USA, Kent Seamons, Department of Computer Science, Brigham Young Univeristy, Provo, Utah, USA

• The Faithfulness of Abstract Encryption. Joshua D. Guttman, F. Javier Thayer Fabrega, MITRE, Bedford, MA, USA, Lenore D. Zuck, Department of Computer Science, Yale University, New Haven, CT, USA

• Verifiable, Secret Shuffles of ElGamal Encrypted Data for Secure Multi-Authority Elections. C. Andrew Neff, VoteHere, Inc., Bellevue, WA, USA

• A Practical Forward Secure Group Signature Scheme. Dawn Song, University of California, Berkeley, Berkeley, CA, USA

• BiBa: A New Signature Scheme for Broadcast Authentication. Adrian Perrig, SIMS - UC Berkeley, Berkeley, CA, USA

• Paillier's Cryptosystem Revisited. Dario Catalano, Università di Catania, Italy, Rosario Gennaro, Nick Howgrave-Graham, IBM Research, Yorktown Heights, NY, USA, Phong Q. Nguyen, Ecole Normale Superieure, Paris, France

2002 TC Officers

At the Technical Committee on Security and Privacy meeting at the 2001 S&P symposium, the following folks were elected, drafted, or otherwise volunteered:

( effective January 2002)

Chair: 
         Michael Reiter
Past Chair: 
         Thomas A. Berson
Vice Chair: 
         Heather Hinton 
Chair, Subcommittee on Academic Affairs:
         Cynthia Irvine
Newsletter Editor:
         Jim Davis
Chair, Subcommittee on Standards:
         David Aucsmith
Chair, Subcomm. on Security Conferences:
         Jonathan Millen

2002 IEEE Symposium on Security and Privacy:

General Chair:
         Heather Hinton
Vice-Chair: 
         Bob Blakley
Program Chair: 
         Martín Abadi
Program Co-Chair:
         Steve Bellovin

Correspondence to Cipher:

NIST Seeks Comments on Security Risk Management Guide

One of the greatest computer security challenges faced by government agencies and businesses is figuring out how much is too much.

Doing nothing in the age of hackers and viruses is unwise. Still, spending too much time and money trying to thwart every conceivable computer security threat simply drains resources.

Computer scientists at the National Institute of Standards and Technology have drafted a risk management guide that helps managers sort out all the issues and set priorities. The document gives suggestions about how to approach risk assessment and mitigation in a computer security context.

It is organized by the three phases of an ongoing risk management process: performing a risk assessment, addressing the mitigation of that risk and evaluating the results. The guide also contains two appendices: a glossary of terms and a sample outline to use in documenting results.

A draft of the guide is available at  csrc.nist.gov/publications/drafts.html. A final version of the guide is expected by the end of the year.

NIST's Computer Security Division is accepting public comments on the document until August 15, 2001. These should be sent to Gary Stoneburner, NIST, 100 Bureau Dr., Stop 8930, Gaithersburg, Md. 20899-8930;  gary.stoneburner@nist.gov .