Monday October 6, 199
Optional Workshops
11:00 am-5:30 pm
II Common Criteria Protection Profile
III How to Establish an Incident Handling Capability
IV Connecting to the Internet
Tuesday October 7, 1997
Early Bird Sessions
8:30 am-10:00 am
Conference Overview
Student Papers in Electronic Commerce
Nick Pantiuk, IITRI, Chair
Cellular Technology and Security
Ryan Jones, University of Maryland
The Security of Electronic Banking
Yi-Jen Yang, University of Maryland
Extranet Security: A Technical Overview from a Business
Perspective
Jennifer Jordan, University of Maryland
Digital Coins Based on Hash Chain
Khanh Quoc Nguyen, University of Western Sydney, Nepean,
Australia
Information Security Videos
Ballroom I
Keynote Speaker
Robert T. Marsh, Chairman, Presidential Commission on
Critical Infrastructure Protection
Award Ceremony and Reception
Awards will be presented to vendors that have successfully
developed security product lines that have been approved by the NIST Validation
Program or the NCSC Trusted Computer System Evaluation Program. Certificates
also will be presented to participants in the Systems Security Engineering
Capability Maturity Model.
Wednesday October 8, 1997
Banquet
Best Paper and Best Student Paper Award
Ceremony and Reception
Best paper and best student paper awards will be presented at the National Cryptologic Museum at Fort Meade, Maryland. Directions and bus information will be available at the conference Information Booth. An awards reception will begin at 6:30 p.m. and end at 8:00 p.m. in the museum.
Friday October 10, 1997
This panel begins at 10:30 a.m.
Optional
Workshops Monday October 6th
11:00 am - 5:30 pm
Pre-registration is required.
Baltimore Convention Center
Cost: $100 per workshop
Workshop I:
Risk Management for Information Systems: A Quantitative Solution
|
Workshop III:
How to Establish an Incident Handling Capability
|
Workshop II:
Common Criteria Protection Profile
|
Workshop IV:
Connecting to the Internet
|
Tuesday, October 7, 1997 8:30 am - 10:00 am
Conference
Overview
Christopher Bythewood, National Security Agency This session is recommended for first time attendees.
It provides an overview of topics being presented this year.
|
Information
System Security Videos
Roger Quane, National Security Agency A selection of videos used in our training programs will
be shown.
|
Planning
Information Security
Paul Woodie, National Security Agency, Chair Information Security is Information Security
Secrets, Lies, and IT Security
The NPS CISR Graduate Program in INFOSEC: Six Years
of Experience
|
Student
Papers in Electronic Commerce
Nick Pantiuk, IITRI, Chair Cellular Technology and Security
The Security of Electronic Banking
Extranet Security: A Technical Overview from a Business
Perspective
Digital Coins Based on Hash Chain
|
Tuesday October 7th 2:00 - 3:30 PM
Track
A Internet Internet
Critical Elements of Security
Frameworks
Panelists: Michael Willett,
IBM
The panelists will examine the critical elements of security frameworks being proposed by computer industry leaders. They will also discuss issues to include interoperability and gaps among the different frameworks and products.
|
Track
D Debate
Legal & Liability Issues
for the Use of Cryptography
Panelists: Michael Scott Baum,
Verisign, Inc.
This session will debate the
following topics: Increasingly, encryption is seen as a major tool
for safeguarding information as it is stored or transmitted in electronic
form. What will constitute business "best practice" for use of encryption?
What will be required for "due care" in the use of encryption to
safeguard stored files and records? What are the liability concerns for
the use of powerful encryption products and who will bear the risks? How
can these risks be mitigated?
|
Track
G Policy / Administration / Management
Multilevel Security
A Multi-Level Secure Object-Oriented
Database Model
Use of SSH on a Compartmented
Mode Workstation
Multilevel Architectures
for Electronic Document Retrieval
|
Track
B Electronic Commerce
Business Models for Electronic
Commerce
A basic issue in the world of Commerce on the Internet is the development of an appropriate business model. Some examples are entertainment (Cable TV), Telecoms, Computing, and Publishing. Each industry has different views based on history, economics, and technology. This session will discuss their industryís experience and their applicability to Electronic Commerce.
|
Track
E Assurance / Criteria / Testing
Security Test Center
Panelists: Wayne Jansen, NIST
The panelists will discuss the goals, current projects, progress to date, and how users and industry may partner with the NIST/NSA sponsored Security Test Center.
|
Track
H Tutorials
Introduction to Information
Security
This tutorial presents a computer-based-training overview of the multi-disciplined practice of Information Systems Security (INFOSEC) guidelines and policies as well as the basic INFOSEC elements of Communications Security (COMSEC) and Computer Security (COMPUSEC). There is also a review on the information processing and outlines user responsibilities for handling data being stored, transmitted, or processed. |
Track
C Information Infrastructure
Infrastructure Vulnerabilities
Panelists: John Davis, Commisioner
PCCIP;
Director, NCSC
This panel will discuss information vulnerabilities of infrastructures on which our national security depends, including telecommunications/networks, transportation systems, banking/finance systems, and electric power distribution. Audience participation - asking questions and sharing points of view - will be encouraged. |
Track
F R & D
Role Based Access Control
Role Based Access Control
for the World Wide Web
Observations on the Real-World
Implementation of Role-Based Access Control
|
Track
I Professional Development
Dockmaster II, A Lessons
Learned: Balancing Security Technology Advancements & the Desire to
Field a System
Panelists: Cindy Hash, NSA
The panelists will share the lessons the the Dockmaster II PMO has learned during its development.
|
Session Break & Social Networking
Retun
to table of contents
Tuesday October 7th
4:00 - 5:30 PM
Track
A Internet
Security and Trust on the
World Wide Web
Panelists: Phil DesAutels, W3C
Panel and Status Report to include activities of the World Wide Web Consortium (W3C) and other Web Community happenings (Digital Signature Initiative, Security Working Group, and Electronic Payments Working Group).
|
Track
D Debate
Cryptography Debate
Panelists: TBD The panelists will debate the impact of the Administrations Crypto Policies, including export controls. Industry and Government perspectives will be presented and approaches to change will be discussed and created.
|
Track
G Policy / Administration / Management
Year 2000 (Y2K)
Panelists: Gregory Cirillo,
JD, Williams, Mullen, Christian & Dobbin
This panel will discuss the security implications of the Year 2000 problems. What is the effect of "clock roll-over?" The panelists will provide an overview of problems and solutions with a seven step process. Additionally, attendees responsible for Y2K issues in their organization are eligible for complementary copies of "Year 2000: Best Practices for Millennium Y2K Computing: Panic in Year Zero". |
Track
B Electronic Commerce
Security Architectures for
Electronic Commerce
Panelists: Bruce Schneier, Counterpane
Systems
This panel will discuss architectural requirements and examine the comparisons and applications of existing security architectures (NII & GII). Users will engage in electronic commerce only if they have confidence that their communications and information are protected from unauthorized access or modification. Providing this requisite security is a significant challenge. This panel will address security architecture considerations to enable our dreams for electronic commerce. |
Track
E Assurance / Criteria / Testing
The Systems Security Engineering
Capability Maturity Model
This session will provide an overview of security and security engineering, describe the need for a capability maturity model (CMM) for security engineering, present the current SSE-CMM, and illustrate the application of the SSE-CMM using a hypothetical case study.
|
Track
H Tutorials
A Systems Approach to INFOSEC
This tutorial provides a perspective of systems methodologies with applications to INFOSEC principles and disciplines. Attendees will gain an appreciation for the systems approach to problem solving, a technique that applicable to both technical and non-technical problems within and outside your organization.
|
Track
C Information Infrastructure
Information Warfare and the
Civilian Population
Panelists: TBD This panel will explore to what
extent must the U.S. civilian population be concerned regarding the possibility
of adversaries of the United States carrying out acts of Information Warfare
against our information systems.
|
Track
F R & D
New Security Paradigms Workshop
'97
Panelists: TBD This panel will select topics from the 1997 New Security Paradigms Workshop reflecting one or two important themes.
|
Track
I Professional Development
Network Security Framework
Panelists: TBD The panelists will describe the scope and intent of the Framework, how the framework aggregates and addresses user requirements for operational capabilities, the philosophy of protection which drives the framework to define security solutions, and the role of this framework as a solution-building tool for system security engineers. |
Tuesday,
5:45 PM
Conference Awards Reception
Baltimore Convention Center
Awards will be presented to vendors that have successfully developed security product lines that have been approved by the NIST Validation Program or the NCSC Trusted Computer System Evaluation Program. Certificates also will be presented to participants in the Systems Security Engineering Capability Maturity Model.
Wednesday, October 8th 8:30 - 10:00 AM
Track
A Internet
Experiences with Intrusion
Detection Systems
Panelists: Dan Esbensen, Touch
Technologies;
Intrusion detection (ID) systems are coming of age. Today's products include capabilities to look at intrusion detection at a system-of-systems level, report suspected intrusions to a home office, and react locally to suspected intrusions by automatically denying access to the suspected attacking node. The panelists, with experience as architects and users of these ID products, will discuss what's important and why it is for current and future capabilities. |
Track
D Debate
(Open)
|
Track
G Policy / Administration / Management
Certification & Accreditation
Panelists: David Murphy, NATO
The panelists will discuss the current perspective on strategies for the certification and accreditation process. |
Track
B Electronic Commerce
Secure Payment Protocols
Panelists: Steve Crocker, Cybercash
This panel will discuss implementation
experiences in electronic payment systems ranging from macropayment protocols,
micropayment protocol design and analysis. Example applications of electronic
malls will highlight the use of electronic payment mechanisms.
|
Track
E Assurance / Criteria / Testing
Alternate Assurances: Implementation
of Better Ways!
Panelists:
The panelists will discuss the
Trusted Capability Maturity Model, Network Rating Model, and Systems Security
Engineering Capability Maturity Model. The audience will be provided a
brief overview, current status, and future goals of the 3 models. Time
is provided for audience interaction in discussing details about these
models.
|
Track
H Tutorials
Risk Management I: A Systems
Approach to Threat
This tutorial provides the first of three foundation tutorials of Risk Management. The session is designed to help attendees answer the questions: what do we really need to protect, and who or what are we protecting it from? It takes a systems analysis approach to looking at the tangible and intangible things we value and the threats to them. The tutorial provides an overview of multi-disciplined threat, threat to information systems, and an overview to Information Warfare. The tutorial prepares the attendee for the Risk Management II and Risk Management III sessions later this week. |
Track
C Information Infrastructure
Infrastructure Protection:
Can Government and the Private Sector Work Together?
Panelists: TBD This panel will discuss and debate information sharing and cooperation among the government and private sector infrastructure providers that will be necessary to protect our Critical Infrastructures in the future. Audience participation-asking questions and sharing points of view-will be encouraged. |
Track
F R & D
Non-Military Cryptography:
Opportunities, Threats, and Implementations
From encryption to digital signatures to electronic commerce to secure voting-cryptography has moved out of the military and into the world. The speaker will address the future of non-military cryptography, the business opportunities, the risks, and work that needs to be done. Mr. Schneier will also address some of the common mistakes companies make implementing cryptography and provide tips on how to avoid them.
|
Track
I Professional Development
National Colloquium for Information
Systems Security Education
Panelists: Matthew Bishop, University
of California at Davis
The panelists will discuss the
highlights of the Colloquium Workshop held in April and the goals of the
National Colloquium for Information Systems Security Education.
|
Wednesday, October 8th 10:30 AM - 12 noon
Track
A Internet
CAPIs: Current Conventions
& Commercial Capabilities-The Developers Point of View
Panelists: Dave Balenson, TIS
This panel session will track progress in the emerging field of Cryptographic Application Programming Interfaces(CAPIs). Status of the major CAPIs in development and use today will be provided. In addition, vendors will discuss their lessons learned from the development and utilization of these CAPIs in their products. |
Track
D Debate
Issue for Discussion: Should
the Computer Security Act be Repealed?
Panelists: TBD This session will be devoted to a debate of the future of the Computer Security Act. Such issues as its applicability to the existing government systems environment, the impact of information warfare concepts, and the concerns of civil agencies with respect to the mandated adoption of national security community driven standards and technologies will be examined.
|
Track
G Policy / Administration / Management
Public Key Certificate Policies
Panelists: Santosh Chokhani,
Cynacom Solutions Inc.
The panel will discuss the current
status of Public Key (PK) Certificates as defined by ITU Recommendation
X.509 version 3. This discussion will be of interest to representatives
from Federal Agencies interested in the use of PK technology to provide
services to conduct their internal operations, industry participants interested
in using or providing certificate management services, and people interested
in the future of electronic communications and electronic commerce.
|
Track
B Electronic Commerce
Legislative Issues Associated
with Electronic Commerce
Panelists: Todd J. Mitty, NetDox
Electronic commerce is a matter of public policy. To that extent, it is legitimate for governments to set the terms and conditions under which electronic commerce (like its non-electronic counterparts) is conducted. This session will address the experience of those in the public and private sectors to establish laws and regulations that enable electronic commerce. Particular emphasis will be placed on the issues of security and reliability addressed in framing the laws. |
Track
E Assurance / Criteria / Testing
Integrity Engineering
Panelists: TBD This panel will discuss the identification and deployment of protection mechanisms, reduction of residual risks, and the determination of metrics of protective effectivity and efficiency for inter/intra-networked systems of systems. These systems are comprised of heteromorphic major applications and general support systems requiring disparate levels of integrity, consistency, and operational continuity.
|
Track
H Tutorials
Risk Management II: Introduction
to Vulnerabilities
This tutorial provides the second of three foundation tutorials of Risk Management. This tutorial continues with the methodology from Risk Management I, using a systems analysis approach to identify, analyze, and quantify system vulnerabilities.
|
Track C Information
Infrastructure
R&D for Infrastructure
Protection
Panelists: Nancy Wong, President's
Commission on Critical Infrastructure Protection
This panel will present a discussion of R&D activities needed or underway to focus technology in solving infrastructure assurance problems.
|
Track
F R & D
Database Security: Browsers,
Encryption, Certificates and More
Panelists: Tim Ehrsam, Oracle
Corporation
This session explores security problems and solutions with "new" database systems: those including web browsers and servers, systems requiring strong identification and authentication, single signon, multilevel systems and large mainframe and large warehouse systems.
|
Track
I Professional Development
NGI: Next Generation Internet
for the 21st Century
Panelists: TBD The panelists will discuss the Next Generation Internet (NGI) concept and the security requirements. The U.S. Government's investments in Internet technology has been very successful. Internet usages has dramatically expanded since 1988. In the 21st Century, the NGI will be the focus and environment for government, industry and the academia, as well as for individuals. Whether at home, office, or travel, people will use the Internet for working, anking, shopping, entertainment and communications. The security, privacy, integrity, reliability, and availability requirements will be developed, integrated and transparent to the users. |
Wednesday, October 8th 2:00 - 3:30 PM
Track A Internet
Public Key Infrastructures
(PKIs)
Panelists: Taher ElGamal, Netscape
Communications Corporation
This panel examines the significant
issues and challenges in the development and deployment of PKIs from the
perspectives of the PKI vendor and the PKI implementer.
|
Track
D Debate
Civilizing Cyberspace
Panelists: Dorothy Denning,
Georgetown University
The panelists will discuss the sociological effects twenty years from now of the INFOSEC technology, law, and customs we are putting into place now.
|
Track
G Policy / Administration / Management
Technical Internet Security
Policy
Panelists: John Pescatore, TIS;
This panel will discuss a new NIST special publication on technical internet security policy. Technical policy issues include the use and configuration of firewalls, virtual private networks , and interactive software. The panel will provide an overview of the NIST publication and will then discuss methods for using the guideline within organizations. |
Track
B Electronic Commerce
Is Digital Cash the Futire
of Money?
Panelists: Eric Hughes, Simple
Access
This Session will discuss the
pros and cons of digital money from a security perspective as well as a
societal/public policy perspective. Among the topics under discussion will
be the tensions between demands for secrecy and security and between security
and economic efficiency.
|
Track
E Assurance / Criteria / Testing
Future Strategies
A New Strategy for COTS in
Classified Systems
Outsourcing: A Certification
& Accreditation Dilemma
The Department of Defense
Information Assurance Support Environment
|
Track
H Tutorials
Network Security
This tutorial focuses on network security fundamentals and threats and provide a summary of traditional computer security concerns and objectives, relating the concepts to network security concerns. Security properties required of a trusted network are described in detail per the OSI security services model.
|
Track
C Information Infrastructure
Information Privacy and Human
Rights
Panelists: David Banisar, Electronic
Privacy Information Center (EPIC)
This session will examine various information age threats to personal privacy and the means by which Government and business can provide for the common privacy of all. |
Track
F R & D
Law Enforcement
Panelists: Mark Pollitt, Federal
Bureau of Investigation
|
Track
I Professional Development
National Training Standards
This session will present the final draft of the rewrite of the NIST publication 500-172. This document outlines the training standards which are referenced in Public Law 100-235. This is a complete rewrite of the previous publication and the contents has significant impact on all US Government agency personnel.
|
3:30 - 4:00 PM
Session Break & Social Networking
Wednesday, October 8th 4:00 - 5:30 PM
Track A Internet
Developing a PKI Solution
for Web Transactions: Lessons
Learned
Panelists: Phil Mellinger, First
Data;
The Federal Information Security Infrastructure Program is running a pilot initiative, Paperless Federal Transactions for the Public, involving PKI and applications. This panel discusses the philosophy of the pilot, how it works, what has been learned, and its future direction.
|
Track
D Debate
Copyright: Should Media Matter?
(How Much?)
Panelists:
This session will debate the following topics: The ease of copying material in digital form continues to exacerbate the historical tensions between copyright proprietors and users of copyrighted materials. WIPO recently rejected copyright proposals that would have greatly extended copyright protections on electronic information and databases, potentially curtailing the traditional U.S. copyright provisions for fair use. To what extent can we continue to rely on traditional notions that evolved in an analog paper-based world? Can principles such as fair use and the first-sale doctrine endure in the digital Global Information Infrastructure? |
Track
G Policy / Administration / Management
Metrics of Requirements
Security Modeling for Public
Safety Communication Specifications
Towards a Framework for Security
Measurement
Connecting Classified Nets
to the Outside World: Costs
and Benefits
|
Track
B Electronic Commerce
Who Pays if Things Go Wrong?
Panelist: Chuck Miller, General Counsel, Certco It is inevitable that even the best designed and operated electronic commerce systems will suffer errors and operational failures which can cause loss. In such cases where does liability lie? In a series of presentations and an audience debate, the panelists will raise the issues, citing examples of how things have worked for existing systems like payment systems, and how such models may evolve. In the final 30 minutes, the audience will participate in a structured/open debate. |
Track
E Assurance / Criteria / Testing
Awareness & Concerns
Cyberterrorism - Fact or
Fancy?
Protecting American Assets,
Who is Responsible
Who Should Really Manage
Information Security in the Federal Government?
|
Track
H Tutorials
|
Track
C Information Infrastructure
INFOSEC Technology Profession:
A Moving Bus
Panelists: TBD The panelists will address the question: Is INFOSEC a scientific or technical profession? Representatives from academia, who develop INFOSEC curricula in graduate degree programs will discuss the options for their graduates. Practitioners will address the pro's and con's of degreed programs vice other paths of becoming an INFOSEC professional.
|
Track
F R & D
Research
in Intrusion Detection
EMERALD: Event Monitoring
Enabling Responses to Anomalous Disturbances
An Application of Machine
Learning to Anomaly Detection
A Process of Data Reduction
in the Examination of Computer Related Evidence
Automated Information System
(AIS) Alarm System
|
Track
I Professional Development
How To Find and What to Buy: Current COTS Security Products Joan Pohly, DISA/IPMO, Co-Chair
This workshop will review currently available products which can be used in the computer security awareness or training programs without modification and major costs. The emphasis of this workshop is to help people get the awareness program going with current materials on the marketplace. Active audience participation will be encouraged.
|
7:00
PM
Conference Banquet
Hytatt Regency Inner Harbor
Hotel
Track
A Internet
Firewalls Are More Than Just
Bandages
Panelists: Tom Haigh, Secure
Computing Corporation
Firewalls started as a relatively static first-line of defense, but they have become a more central part of providing many protection services to an enterprise. This panel will look at the present roles played by firewalls and the directions for the future. Can they be effective against all of the emerging rich protocols associated with the World Wide Web? How will IPSEC affect them? What is the right mix of centralized firewall and distributed desktop protection features? |
Track
D Debate
Technology around the Next
Corner: The Future of INFOSEC
Panelists: Kathy Kincaid, IBM
Corporation
The telecommunications giants are investing for the long term, and Bill Gates plans to defy the tradition that a leader in one computer technology era is never a leader in the next. INFOSEC executives debate what ís to come in twenty years.
|
Track
G Policy / Administration / Management
Risks of Software Applications
Software Encryption in the
DoD
TRANSMAT Trusted Operations
for Untrusted Database Applications
|
Track
B Electronic Commerce
Smart Cards: Their Role in
Electronic Commerce
Panelists: Gilles Lisimaque,
Senior Vice President & CTO, Gemplus
This Session will focus on Smart Cards, Smart Card alternatives, and how they will be used in an Electronic Commerce environment.
|
Track
E Assurance / Criteria / Testing
Commercial Intrusion Detection
& Auditing: Installation,
Integration & Use from the Security Professional's Prospective
Panelists: Dan Gahafer, CACI
Inc.
There are several intrusion detection and auditing products commercially available to help protect computer systems and networks. The panelists will discuss their experiences with installation, configuration, ease of use, scalability, and overall capabilities of the products they use and maintain. The intent of the panel is to provide insight (war stories) to those attendees looking to implement a COTS intrusion detection solution from a non-vendor (customer) point of view. |
Track
H Tutorials
Crypto: Mechanism of Action of Modern Cryptographic Protocols Charles Abzug, Institute for Computer and Information Sciences This tutorial will present todayís cryptographic protocols, the principles by which they operate, their principal advantages and disadvantages, and a sampling of products using some of these protocols.
|
Track
C Information Infrastructure
Future Methods in a Cryptographic
Environment
Cryptographic Algorithm Metrics
Using Datatype-Preserving
Encryption to Enhance Data Warehouse Security
Multistage Algorithm for
Limited One-Way Functions
|
Track
F R & D
Public Key: Differing Views Tim Polk, NIST, Chair The Use of Belief Logics
in the Presence of Casual Consistency Attacks
Achieving Interoperability
Through Use of the Government of Canada Public Key Infrastructure
Implementation of Key Escrow
with Key Vectors to Minimize Potential Misuse of Key
|
Track
I Professional Development
Concerns in an Internet Environment A Risk Minimisation for Electronic
Commerce
Threats and Vulnerabilities
for C4I in Commercial Telecommunications: A Paradigm for Mitigation
Surviving Denial of Service
on the Internet
|
Session Break & Social Networking
Thursday, October 9th 10:30 AM - 12 noon
Track A Internet
Web Security Problems
Go Ahead, Visit Those Web
Sites, You Can't Get Hurt, Can You?
Web Spoofing: An Internet Con
Game
When JAVA Was One: Threats
from Hostile Byte Codes
Vulnerability of "Secure"
Web Browsers
|
Track
D Debate
The Data Encryption Standard:
20 Years Later
Panelists:
This panel will review the significance of DES to the information security field and to infosec products and practices. Panelists will discuss the impact of DES on academic research, cryptanalysis, algorithm and product development, standards, network security, application-level security, and business practices. |
Track
G Policy / Administration / Management
Risk Management
A New Paradigm for Performing
Risk Assessment
INFOSEC Risk Management:
Focused, Integrated & Sensible
Role-Based Risk Analysis
|
Track
B Electronic Commerce
Internet Commerce Security
for Electronic Malls, COINs and Commerce Service Providers
Panelists: TBD In this discussion, representatives from each of the three main Internet business models, commerce service providers, online malls, and Community of Interest Networks, will discuss the security issues they are facing, and the unique strategies and tactics in place that ensure a safe shopping experience for the hosted businesses and customers. The discussion will focus mainly on each model's key security strategy, the pros and cons of key standards such as SET for each business model, and how each business is using the technologies and standards available to benefit their customers today. |
Track
E Assurance / Criteria / Testing
Criteria: International Views
Application of the IT Baseline
Protection Manual
The Use of Information Technology
Security Assessment Criteria to Protect Specialized Computer Systems
The Extended Commercially
Oriented Functionality Class for Network-based IT Systems
|
Track
H Tutorials
Database Security
This tutorial focuses on database security issues from the standpoint of using database management systems to meet an organizationís security requirements. Topics include data security requirements, vulnerabilities, database design considerations, and implementation issues. Several architectural approaches to building multilevel database systems are presented including integrity lock, kernalized, layered, partitioned, and distributed. Other database security issues discussed include view versus relation discretionary controls, mandatory controls, inference, aggregation, and statistical inferences.
|
Track
C Information Infrastructure
Viruses: Today's Threats
Practical Defenses Against
Storage Jamming
What is Wild?
Secure Software Distribution
System
|
Track
F R & D
Internet: Surviving the Future
Security Tools - A "Try Before
You Buy" Web-Based Approach
Stupid Java Script Security
Tricks
Internet Protocol Next Generation:
Saving the Internet in the New Millennium
|
Track
I Professional Development
|
Visit the vendor exposition!
Over 100 INFOSEC vendors in the Convention Center Exhibition Hall sponsored by AFCEA.
Thursday, October 9th 2:00 - 3:30 PM
Track
A Internet
Internet Discussion: Tomorrow's
Security Issues
Panelists: A. Padgett Peterson,
P.E., Lockheed-Martin Corp.
Free flowing debate of the security issues concerning World Wide Web such as discussed in the 10:30 session earlier today. |
Track
D Debate
Crime in the 21st
Century: Wireless Fraud
Panelists: Dennis Walters, Comcast
Cellular Communications
The panelists will discuss and debate various issues regarding wireless fraud, emerging as the number 1 crime for the 21st century.
|
Track
G Policy / Administration / Management
Cryptographic Standards for
the Next Century
Panelists: Burt Kaliski, RSA
Laboratories
Cryptography is an important tool of electronic information. It can be used to provide many security services including confidentiality, integrity, authentication and non-repudiation. The Federal Government has increased the scope of their research to include confidentiality. The panelists will discuss their efforts to include: Adding support for confidentiality in the Public Key Infrastructure, Developing the Advanced Encryption Standard, Key Agreement and Management Standard, Key Recovery Demonstration Project. |
Track
B Electronic Commerce
Critical Components for an
Electronic Solution
Panelists: Daniel Poneman, Partner
Hogan & Hartson LLP
While other sessions have examined the critical security issues associated with particular Ecommerce environments and transactions, this session will examine more generally what are the security policy requirements from a governmental point of view, what are the consequences of governmental positions in an international, borderless market, are there "technological solutions" to these concerns? What are the requirements from a commercial perspective, can this perspective be reconciled with governmental views, does it need to be? How do the critical security components of Ecommerce get to market and embedded in systems? |
Track
E Assurance / Criteria / Testing
Common Criteria
Tony Mason, CESG, UK
This panel will discuss the major changes being made to the CC's structure and contents in version 2, the sponsoring organizations' implementation and maintenance plans, the status and results achieved by related implementation projects, the planned internationalization of the CC via ISO, and the expected impact of the CC project on the US and international IT security community.
|
Track
H Tutorials
How to be a Better Security
Officer
This tutorial focuses on the continued protection and accreditation of operational information systems. Topics include: virus prevention and eradication; access control evaluation and configuration; media clearing and purging; intrusion detection and handling; and dealing with risk.
|
Track
C Information Infrastructure
Practical Views of Network
Protocols
A Methodology for Mechanically
Verifying Protocols Using an Authentication Logic
A Practical Approach to Design
and Management of Secure ATM Networks
Distributed Network Management
Security
|
Track
F R & D
Wrappers, Composition, Architecture
Issues for Security and Survivability
Panelists: Lee Badger, TIS;
This panel will provide a brief summary of the DARPA security program goals and plans for wrappers, composition, architecture issues for security and survivability. |
Track
I Professional Development
|
Thursday, October 9th
4:00 - 5:30 PM
Track
A Internet
Practical Experience with
Virtual Private Networks
Panelists: Paul Lambert, Oracle
This panel will discuss experiences with and lessons learned from developing and implementing VPNs, and challenges (e.g., scalability, widespread deployment) and future needs (automated key management protocols, administration tools) for VPN solutions. Although there are multiple protocols that can be used to create VPNs (e.g., IPSEC, PPTP, SSH, SSL), the focus of the panel will be on the Network Layer (IP-level) VPNs. |
Track
D Debate
Can the Internet be Controlled?
Panelists: James Bidzos, RSA
Data Security, Inc.
When national boundaries are permeable, national INFOSEC policy may be irrelevant.
|
Track
G Policy / Administration / Management
Cyber Terrorism: Risk Assessment
and Response
Panelists: Mark Pollitt, FBI;
This panel will highlight the realities of Cyber Terrorism and educate the audience on its impact. The panel will provide an educated framework in which informed analysis can take place. The types of environments that are subject to attack will be discussed. The audience will also be presented with solutions from both industry and government perspectives to Cyber Terrorism issues. |
Track
B Electronic Commerce
Consumer Privacy Issues in
Electronic Commerce
Panelists: TBD
|
Track
E Assurance / Criteria / Testing
COTS Criteria-Based Evaluation
and Assessment Programs
Panelists:, Thomas J. Bunt, Louis Giles, David E. Luddy,NSA The Common Criteria is the result of an integrated attempt to align the trusted product evaluation criteria and activities of Canada, France, Germany, the Netherlands, the United Kingdom, and the United States into a single document. This panel will provide critical U.S. evaluation program status information to groups that will be directly impacted as a result of the CC implementation efforts. |
Track
H Tutorials
Risk Management III: Introduction
to Risk Assessment
This tutorial provides the third of three foundation tutorials of Risk Management. This tutorial continues with the methodology from Risk Management I & II, using a systems analysis approach to identify, analyze, and quantify risks.
|
Track
C Information Infrastructure
Case Study: Computer Security
Program Management Partnership: A Success Story
Panelists:
This panel will discuss how to create effective partnerships between an organization's computer security program management office, users and with auditors. This panel will help participants to fully integrate computer security awareness and responsibility throughout a business or agency. |
Track
F R & D
Survivability Technologies
Panelists: Phil Porras, SRI; Dan Schnackenberg, Boeing; Maureen Stillman, ORA; Stuart Staniford-Chen, University of California Davis This panel will provide a brief summary of the DARPA security program goals and plans for wrappers, composition, and architecture issues for security and survivability.
|
Track
I Professional Development
(OPEN) |
6:00
- 8:00 PM
Best Paper Awards
National Cryptologic Museum
Fort Meade, MD
Buses will be available.
Friday, October 10th 8:30 - 10:00 AM
Track
A Internet
Network Security - From a
User & Vendor Perspective
Panelists: Frank Hecker, Netscape
Communications, Inc.; Gregory Gilbert, NSA;
This panel will consider questions related to the implementation of Multi-level Information System Security Initiative (MISSI) products, applications, and infrastructure. The panelists have experience with current MISSI Beta Test activity, MISSI in NATO, Defense Message System pilot tests, the mid-1997 FORTEZZA infrastructure change, emerging FORTEZZA-compatible applications, and the MISSI product evaluation and approval process. |
Track
D Debate
Controlling Employees' Use
of the Internet
Panelists: Andy Grosso, Esq.,
Washington, DC
This panel will debate the pros and cons of controlling employees' use of the Internet. |
Track
G Policy / Administration / Management
Keeping Pace with Threats
in Networked Client/Server Environments
Panelists: Jim Mork, BSG, Inc.; This panel will discuss how information security managers can leverage technology to keep pace with the threat posed in the networked client/server environment. |
Track
B Electronic Commerce
Copyright & Intellectual
Property Issues Associated with Electronic Commerce
Panelists:
This Session will discuss the legal issues associated with Electronic Commerce regarding Copyright and IP from a local, national, and international perspective. |
Track
E Assurance / Criteria / Testing
Vendor Dialog on Evaluation
Programs
The Co-Chairs will lead the audience in a discussion of their experiences in performing TCSEC/TNI/TDI evaluations, opinions of TPEP and TTAP programs, use of the RAMP program, interpretations of the TCSEC, ITSEC evaluations, and the forthcoming Common Criteria evaluations. |
Track
H Tutorials
Infrastructure Security
This session will cover the fundamentals of encryption and the security services that are proposed for large infrastructures such as the NII and the DII. There is a movement in some quarters for providing a common set of security services that will support both types of infrastructures even though their missions are quite different. |
Track
C Information Infrastructure
Case Study: An Architecture
& Approach
Panelists: David Van Wie, Olin Sibert, James Horning, InterTrust Technologies Corporation This panel will discuss how one company executed their vision of electronic commerce, an architecture, and research directions. |
Track
F R & D
Manhattan Cyber Project
Panelists: Jim Christy, DoD
Representative, Infrastructure Protection Task Force
A few select members of the Manhattan Cyber Project will discuss their findings to date and future initiatives. Their mission is to improve on the availability and effectiveness of technology, people, and processes that safeguard critical infrastructure areas and U.S. corporations from the "cyber threat." The approach to accomplish this mission is based on developing and facilitating a coordinated "outreach" program with industry, government, and academia. |
Track
I Professional Development
|
Friday October 10, 1997 10:15 AM
1997 System Security Award
Winner Presentation
Presented by John Davis, NCSC &
Stuart Katzke, NIST
followed by the Closing Plenary
The future of computer-communication security will to a large extent be driven by the urgent needs of electronic commerce, while at the same time being hindered by the realities of the emerging computer and networking infrastructures. This session will address those realities, and will attempt to see into the future. Its scope will be fairly broad, encompassing systems, networks, financial applications, and digital commerce generally, from the primary viewpoint of security risks and their avoidance, but also cognizant of the social issues. It will also recognize that the problems are international, not just national. Many questions might arise in the course of the discussion. What
is achievable? What is likely? What are the most difficult obstacles to
be overcome? What research areas are not being adequately stressed? What
can we expect of technology? What are the intrinsic limitations? What are
the weakest links? What non-technological issues must be defended against,
such as human compromisibility? What are the tradeoffs (for example, among
cost-effectiveness, integrity, confidentiality, anonymity, accountability,
and law enforcement needs)? What residual risks will necessarily remain?
What should or should not governments do to ensure that electronic commerce
and related applications can take place dependably? What impacts are national
cryptological policies having on electronic commerce? What can be done
to ensure that critical components of the national infrastructure (including
telecommunications and electrical power) remain adequate?
|