Proceedings December 2001 New Orleans, Louisiana. Sponsored by. Applied Computer Security Associates. Los Alamitos, California

Size: px

Start display at page:

Download "Proceedings December 2001 New Orleans, Louisiana. Sponsored by. Applied Computer Security Associates. Los Alamitos, California"

Joleen Phillips
5 years ago
Views:

1 Proceedings 17th Annual Computer Security Applications Conference December 2001 New Orleans, Louisiana Sponsored by Applied Computer Security Associates Los Alamitos, California Washington Brussels Tokyo iii

Copyright 2001 by The Institute of Electrical and Electronics Engineers, Inc. All rights reserved Copyright and Reprint Permissions: Abstracting is permitted with credit to the source.

2 Copyright 2001 by The Institute of Electrical and Electronics Engineers, Inc. All rights reserved Copyright and Reprint Permissions: Abstracting is permitted with credit to the source. Libraries may photocopy beyond the limits of US copyright law, for private use of patrons, those articles in this volume that carry a code at the bottom of the first page, provided that the per-copy fee indicated in the code is paid through the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA Other copying, reprint, or republication requests should be addressed to: IEEE Copyrights Manager, IEEE Service Center, 445 Hoes Lane, P.O. Box 133, Piscataway, NJ The papers in this book comprise the proceedings of the meeting mentioned on the cover and title page. They reflect the authors opinions and, in the interests of timely dissemination, are published as presented and without change. Their inclusion in this publication does not necessarily constitute endorsement by the editors, the IEEE Computer Society, or the Institute of Electrical and Electronics Engineers, Inc. IEEE Computer Society Order Number PR01405 ISBN ISSN: Additional copies may be ordered from: IEEE Computer Society IEEE Service Center IEEE Computer Society Customer Service Center 445 Hoes Lane Asia/Pacific Office Los Vaqueros Circle P.O. Box 1331 Watanabe Bldg., P.O. Box 3014 Piscataway, NJ Minami-Aoyama Los Alamitos, CA Tel: Minato-ku, Tokyo Tel: Fax: JAPAN Fax: Tel: customer-service@ieee.org Fax: csbooks@computer.org tokyo.ofc@computer.org Editorial production by A. Denise Williams Cover art production by Joseph Daigle/Studio Productions Printed in the United States of America by The Printing House iv

3 Table of Contents 17th Annual Computer Security Applications Conference Message from the Conference Chair...xii Conference Committee... xiii Program Committee...xv Tutorial Committee...xvi Reviewers...xvii Speaker Biographies...xx WEDNESDAY 8:30 a.m., December 12 Distinguished Practitioner Castles in the Sand B. Blakley, Tivoli Systems, Inc., USA WEDNESDAY 10:30 a.m., December 12 TRACK A: Intrusion Detection I Chair: D. Faigin, The Aerospace Corporation, USA IntruDetector: A Software Platform for Testing Network Intrusion Detection Algorithms...3 T. Wan and X. Yang Mining Alarm Clusters to Improve Alarm Handling Efficiency...12 K. Julisch Managing Alerts in a Multi-Intrusion Detection Environment...22 F. Cuppens Implementing the Intrusion Detection Exchange Protocol...32 T. Buchheim, M. Erlinger, B. Feinstein, G. Matthews, R. Pollock, J. Betser, and A. Walther TRACK B: Security Architecture Chair: C. Schuba, Sun Microsystems, Germany Information Flow Analysis of Component-Structured Applications...45 P. Herrmann Security Policy Enforcement at the File System Level in the Windows NT Operating System Family...55 S. Wolthusen Java Security Extensions for a Java Server in a Hostile Environment...64 D. Wheeler, A. Conyers, J. Luo, and A. Xiong Genoa TIE, Advanced Boundary Controller Experiment...74 E. Monteith v

4 WEDNESDAY 1:30 p.m., December 12 TRACK A: Cryptography Chair: A. dos Santos, Georgia Tech, USA A JCA-Based Implementation Framework for Threshold Cryptography...85 Y. Huang, D. Rine, and X. Wang The Performance Measurement of Cryptographic Primitives on Palm Devices...92 D. Wong, H. Fuentes, and A. Chan Privacy-Preserving Cooperative Statistical Analysis W. Du and M. Atallah TRACK B Forum Chair: M. Erlinger, Harvey Mudd College, USA Experiences Implementing a Common Format for IDS Alerts B. Feinstein, Guardent, USA G. Matthews, NASA, USA S. Staniford, Silicon Defense, USA A. Walther, The Aerospace Corporation, USA WEDNESDAY 3:30 p.m., December 12 TRACK A: Access Control I Chair: M. Clifford, The Aerospace Corporation, USA Detecting Conflicts in a Role-Based Delegation Model A. Schaad Engineering of Role/Permission Assignments P. Epstein and R. Sandhu A Framework for Multiple Authorization Types in a Healthcare Application System R. Chandramouli Determining Privileges of Mobile Agents W. Jansen TRACK B: Classic Papers Chair: D. Thomsen, Secure Computing, USA Introduction to Classic Papers D. Thomsen Building Reliable Secure Computing Systems out of Unreliable Insecure Components J. Dobson and B. Randell A Security Model for Military Message Systems: Retrospective C. Landwehr, C. Heitmeyer, and J. McLean vi

5 An Information Flow Tool for Gypsy J. M c Hugh THURSDAY 8:30 a.m., December 13 Invited Essayist Plenary Information Security: Science, Pseudoscience, and Flying Pigs R. Schell, Aesec, USA THURSDAY 10:30 a.m., December 12 TRACK A: Intrusion Detection II Chair: J. Heaney, The MITRE Corporation, USA DAIS: A Real-Time Data Attack Isolation System for Commercial Database Applications P. Liu Watcher: The Missing Piece of the Security Puzzle J. Munson and S. Wimer expert-bsm: A Host-Based Intrusion Detection Solution for Sun Solaris U. Lindqvist and P. Porras Temporal Signatures for Intrusion Detection A. Jones and S. Li TRACK B: Secure Electronic Commerce Chair: T. Ehrsam, Oracle, USA Securing Web Servers against Insider Attack S. Jiang, S. Smith, and K. Minami Enabling Hierarchical and Bulk-Distribution for Watermarked Content G. Caronni and C. Schuba CONSEPP: CONvenient and Secure Electronic Payment Protocol Based on X A. Levi and Ç. Koç Wired versus Wireless Security: The Internet, WAP and imode for E-Commerce P. Ashley, H. Hinton, and M. Vandenwauver THURSDAY 1:30 p.m., December 13 TRACK A: Access Control II Chair: R. Sandhu, George Mason University, USA A Component-Based Architecture for Secure Data Publication P. Bonatti, E. Damiani, S. De Capitani, and P. Samarati The Authorization Service of Tivoli Policy Director G. Karjoth vii

6 Architecture and Applications for a Distributed Embedded Firewall C. Payne and T. Markham TRACK B Panel Chair: J. Reynolds, Teknowledge, USA How Useful is Software Fault Injection for Evaluating the Security of COTS Products? M. Bishop, University of California at Davis, USA A. Ghosh, Cigital, USA J. Whittaker, Florida Institute of Technology, USA THURSDAY 3:30 p.m., December 13 TRACK A Forum Chair: J. Patilla, METASeS, USA Security Vendor CTOs: Perspectives, Opinions, and Lessons Learned R. Gula, Enterasys, USA G. Kim, Tripwire, USA C. Klaus, Internet Security Systems, USA P. Proctor, Cybersafe, USA TRACK B: Reality vs. Security Chair: D. Johnson, The MITRE Corporation, USA Practical Automated Filter Generation to Explicitly Enforce Implicit Input Assumptions V. Razmov and D. Simon Why Information Security is Hard An Economic Perspective R. Anderson Abuse-Case-Based Assurance Arguments J. McDermott FRIDAY 8:30 a.m., December 14 TRACK A: PKI Chair: M. Abrams, The MITRE Corporation, USA A Regulated Approach to Certificate Management V. Ungureanu Restricting Access with Certificate Attributes in Multiple Root Environments A Recipe for Certificate Masquerading J. Hayes Secure Blue: An Architecture for a Scalable, Reliable, High Volume SSL Internet Server R. Mraz viii

7 TRACK B: Internet Security Chair: A. Friedman, NSA, USA Secure Anonymous Group Infrastructure for Common and Future Internet Applications N. Weiler Mitigating Distributed Denial of Service Attacks with Dynamic Resource Pricing D. Mankins, R. Krishnan, C. Boyd, J. Zao, and M. Frentz Requirements for a General Framework for Response to Distributed Denial-of-Service D. Gresty, Q. Shi, and M. Merabti FRIDAY 10:30 a.m., December 14 TRACK A: Applications Security Chair: J. Kahn, The MITRE Corporation, USA Trustworthiness in Distributed Electronic Healthcare Records Basis for Shared Care B. Blobel Application Intrusion Detection using Language Library Calls A. Jones and Y. Lin Verifiable Identifiers in Middleware Security U. Lang, D. Gollmann, and R. Schreiner TRACK B Panel Chair: T. Havighurst, NSA, USA Computing Without Wires (Or Even a Net): The Pitfalls, Potentials, and Practicality of Wireless Networking A. Entrichel, NSA, USA J. Bergman, Harris, USA J. Willis, NSA, USA H. Little, Research in Motion, Canada Author Index ix

Proceedings. Second IEEE International Workshop on Source Code Analysis and Manipulation

Proceedings. Second IEEE International Workshop on Source Code Analysis and Manipulation Proceedings Second IEEE International Workshop on Source Code Analysis and Manipulation Proceedings Second IEEE International Workshop on Source Code Analysis and Manipulation 1 October 2002 Montreal,