[230] in DCNS Development
[diane@usenix.org (Diane DeMartini): Security III Symposium Program &
daemon@ATHENA.MIT.EDU (Peter Roden)
Tue Jul 21 07:15:01 1992
Date: Tue, 21 Jul 92 06:13:02 EST
From: roden@MIT.EDU (Peter Roden)
To: developers@MIT.EDU
------- Forwarded Message
Date: Mon, 20 Jul 92 15:02:10 PDT
From: diane@usenix.org (Diane DeMartini)
To: composer@beyond.dreams.org, hogue@uwec.BITNET, miller@adm.csc.ncsu.edu,
ouster@cs.berkeley.edu, roden@Athena.MIT.EDU, rord@ucsd.edu,
stephen@eng.auburn.edu, stumm@eecg.toronto.edu, ted@ifs.umich.edu
Subject: Security III Symposium Program & Registration Material
Dear University Liaison,
The following are the electronic postable versions of the Security III
Symposium program and registration materials. I will also send you each
copies of our hard copy registration material for this workshop.
Please let me know if you have any questions, or if you need any
additional membership packages or materials.
Diane S. DeMartini
diane@usenix.org
************************************************************
USENIX THIRD UNIX SECURITY SYMPOSIUM
Baltimore, MD
September 14-16, 1992
Sponsored by USENIX in cooperation with the Computer
Emergency Response Team (CERT)
**********************************************************************
IMPORTANT SYMPOSIUM DATES & SCHEDULE OF EVENTS
Pre-Registration Deadline: September 8, 1992
REGISTRATION FEES AFTER THAT DATE WILL BE $50 HIGHER!
Hotel Reservation Deadline: August 24, 1992
Sunday, September 13 6:00pm - 9:00pm Registration/no host reception
Monday, September 14 9:00am - 5:00pm Tutorial Presentations
Tuesday, September 15 8:30 - 10:15 am Opening Remarks/Keynote Address
10:35 - 5:20 Technical Sessions
6:00pm - 8:00pm Symposium Reception
8:00pm - 10:00pm Birds of a Feather Sessions
Wednesday, September 16 9:00am - 5:35pm Technical Sessions
REGISTRATION INFORMATION
Register in advance to receive the lowest registration rates.
Attendance is limited in both the Tutorial Presentations and Technical
Sessions and pre-registration is strongly recommended. You may
register for only a tutorial, only the two-day technical sessions
program OR select both programs.
TUTORIAL REGISTRATION FEE
September 14
One Full-day tutorial - Only one tutorial can be selected $245.00
************
TECHNICAL SESSIONS REGISTRATION FEES
September 15 - 16
*Member Fee $225.00
Non-member Fee 290.00
Full-time Student Fee - Must provide copy of student I.D. 75.00
*The member rate applies to current individual members of the USENIX
Association, Sun User Group, EurOpen and AUUG.
Full-time students please note:
A limited number of scholarships are available for full-time students.
Contact the Conference Office for details.
Enjoy the Benefits of Becoming a USENIX Member - If you are not a
current USENIX member and wish to join, pay the non-member fee on the
registration form and check the special box requesting membership.
$65 of your non-member fee will be designated as dues in full for a
one-year individual USENIX Association membership.
PRE-REGISTRATION DEADLINE: SEPTEMBER 8, 1992.
REGISTRATION FEES AFTER THAT DATE WILL BE $50 HIGHER!
HOTEL INFORMATION
The Symposium headquarters will be:
Sheraton Inner Harbor Hotel ROOM RATES
300 South Charles Street $110 Single or Double Occupancy
Baltimore, MD 21201 (plus State and city tax)
Telephone # (410) 962-8300
To Make Your Reservation: Call the Hotel directly and ask for the
Reservations Desk. Tell reservations that you are a USENIX
Attendee to take advantage of our group rate. A one night's deposit
is required for all reservations. Should you desire to cancel your
reservation, you must notify the hotel at least 24 hours prior to your
scheduled arrival.
IMPORTANT: Room reservation deadline is August 24, 1992. Requests
for reservations received after the deadline will be handled on a
space and RATE available basis.
*******************************
UNIX SECURITY SYMPOSIUM PROGRAM
The goal of this symposium is to bring together security
practitioners, system administrators, system programmers, and anyone
with an interest in computer security as it relates to networks and
the UNIX operating system. The symposium will consist of a broad
range of topics including tutorials appropriate for a technial
audience, peer-reviewer technical presentations and panel sessions.
Attendees will have a unique opportunity to share their experiences
and ideas on UNIX system security.
TUTORIAL PROGRAM
Monday, September 14, 1992
Network Security: The Kerberos Approach
Dan Geer,Geer/Zolot Associates and Jon A. Rochlis, MIT
Intended Audience: Systems developers responsible for networked
workstation environments, particularly those whose environments may
include networks which are not themselves physically secure (i.e.,
``open'' networks) and systems managers concerned about the inherent
lack of security for managing today's network-based environments
(e.g., UNIX's .rhosts files).
The amazing and constantly growing numbers of machines and users
ensures that untrustworthy individuals have full access to the Internet.
Given the increasing importance of the information transmitted, it is
imperative to consider the basic security issues present as large open
networks replace isolated timesharing systems.
This tutorial will focus on the challenges of providing security for
cooperative work arrangements consistent with the location and scale
independence of today's open networking environment. Attendees will
gain an understanding of the kinds of security threats which result
from operating in an open environment, such as one composed of a
network of workstations and supporting servers. Effective approaches
to meeting these threats will be presented. Although emphasis will be
on the Kerberos system developed at MIT, public key techniques for
ensuring privacy and authentication on an open network will be explored.
The X.509 authentication model and the new Internet Privacy Enhanced
Electronic Mail RFC's will be discussed.
Internet System Administrator's Tutorial
Ed DeHart and Barb Fraser, Computer Emergency
Response Team
Intended Audience: This tutorial is designed for users and system
administrators of UNIX systems. It is especially suited for system
administrators of UNIX systems connected to a wide area network based
on TCP/IP such as the Internet. Some system administrator experience is
assumed.
The information presented in this tutorial is based on incidents
reported to the Computer Emergency Response Team. The topics covered
include:
System administration - defensive strategies
oPassword selection
o Default login shell for unused accounts
o Network daemon configuration
o Verification of system programs
o System configuration files
o Searching for hidden intruder files
o Staying current with software releases
o Standard accounting files
o NFS configuration
System administration - offensive strategies
o COPS
o /bin/passwd replacement programs
o TCP/IP packet filtering
o TCP/IP daemon wrapper programs
o Security in programming
Site-specific security policies
o Maintaining good security at your site
o Providing guidance to users
o Handling incidents in an effective
orderly fashion
o Reviewing Site Security Policy Hand
book (RFC 1244)
Incident handling
o What to do if your site is broken into?
*************
TECHNICAL PROGRAM
TUESDAY, SEPTEMBER 15
8:30 - 8:45 Opening Remarks
8:45 - 10.15 Keynote Address:
The Justice Department's Computer Crime Initiative
10:35 - 12:05 WAR STORIES
There Be Dragons
Steve Bellovin, AT&T Bell Laboratories
The Greatest Cracker-Case in Denmark: The Detecting, Tracing, and
Arresting of Two International Crackers
Joergen Bo Madsen, The Danish Computing Center for Research
and Education
Experiences of Internet Security in Italy
Alessandro Berni, Paolo Franchi, Joy Marino, University of Genova
1:30 - 3:00 TCP/IP NETWORK SECURITY
An Internet Gatekeeper
Herve Schauer, Christophe Wolfhugel, Herve Schauer Consultants
Network (In)Security Through IP Packet Filtering
D. Brent Chapman, Great Circle Associates
SOCKS
David Koblas, Independent Consultant
Michelle R. Kolas, Computer Sciences Corporation
3:20 - 5:20 TOOLS 1
TCP WRAPPER, a Tool for Network Monitoring, Access Control and
for Setting up Booby Traps
Wietse Venema, Eindhoven University of Technology
Restricting Network Access to System Daemons Under SunOS
William LeFebvre, Northwestern University
Centralized System Monitoring with Swatch
Stephen E. Hansen, E. Todd Atkins, Stanford University
Security Aspects of a UNIX PEM Implementation
James M. Galvin, David M. Balenson, Trusted Information Systems, Inc.
WEDNESDAY, SEPTEMBER 16
9:00 - 10:30 TOOLS 2
Introduction to the Shadow Password Suite
John F. Haugh, II, Locus Computing Corporation
Giving Customers the Tools to Protect Themselves
Shabbir J. Safdar, Purdue University
ESSENSE: A Knowledge Based Security Monitor
Linda Baillie, Gary W. Hoglund, Lisa Jansen, Eduardo M. Valcarce,
Digital Equipment Corporation
10:50 - 12:20 TOOLS 2 (Continued)
Anatomy of a Proactive Password Changer
Matt Bishop, Dartmouth College
Audit: A Policy Driven Security Checker for a Heterogeneous
Environment
Bjorn Satdeva, /sys/admin, inc.
Secure Superuser Access Via the Internet
Darrell Suggs, Clemson University
1:45 - 3:15 TRACK 1 - APPLIED RESEARCH
Specifying and Checking UNIX Security Constraints
Allan Heydon, DEC Systems Research Center; J.D. Tygar,
Carnegie Mellon University
A Secure Public Network Access Mechanism
J. David Thompson, Science Applications International Corp.
Kate Arndt, The MITRE Corp.
Network Security Via Private-Key Certificates
Don Davis, Geer/Zolot Associates, Ralph Swick, Digital
Equipment Corp.
1:45 - 3:15 TRACK 2 - MLS
POSIX 1003.6
Mike Ressler, Bellcore
Is There a C2 UNIX System in the House?
Jeremy Epstein, TRW Systems Division
Software Security for a Network Storage Service
Rena A. Haynes, Suzanne M. Kelly, Sandia National Laboratories
3:35 - 5:35 TRACK 1 - APPLIED RESEARCH (Continued)
SunOS, C2 and Kerberos - A Comparative Review
John N. Stewart, Syracuse University
Heterogeneous Intra-Domain Authentication
Bart De Decker, Els Van Herreweghen, Frank Piessens, K.U.Leuven
Observations on Reusable Password Choices
Eugene Spafford, Purdue University
POSIX Report
Mike Ressler, Bellcore
3:35 - 5:35 TRACK 2 - MLS (Continued)
Reconciling a Formal Model and a Prototype Implementation: Lessons
Learned in Implementing the ORGCON Policy
Marshall Abrams, Leonard LaPadula, Manette Lazear, Ingrid Olson,
The MITRE Corporation
UNIX Operating Services on a Multilevel Secure Machine
Bruno d'Ausbourg, CERT/ONERA France
Distributed Trusted UNIX Systems
Charisse Castagnoli, Charles Watt, SecureWare, Inc.
Standards Update
**********
Program Committee
Ed DeHart, Program Chair CERT
Matt Bishiop Dartmouth College
Bill Cheswick AT&T Bell Laboratories
Ana Maria De Alvare Silicon Graphics, Inc.
Jim Ellis CERT
Barbara Fraser CERT
Ken van Wyk CERT
**********
USENIX, the UNIX and Advanced Computing Systems professional and
technical organization, is a not-for-profit association dedicated to
* fostering innovation and communicating research and
technological developments,
* sharing ideas and experience, relevant to UNIX, UNIX-related
and advanced computing systems
* providing a forum for the exercise of critical thought and
airing of technical issues.
Founded in 1975, the Association sponsors two annual technical
conferences and frequent symposia and workshops addressing special
interest topics, such as C++, Mach, systems administration, and
security. USENIX publishes proceedings of its meetings,
a bi-monthly newsletter ;login:, a refereed technical quarterly,
Computing Systems, and is expanding its publishing role with
a book series on advanced computing systems. The Association
also actively participates in and reports on the activities of
various ANSI, IEEE and ISO standards efforts.
For membership information, please contact:
Email: office@usenix.org
Phone: 510/528-8649
Fax: 510/548-5738
For information on hotels and registration, please contact
the USENIX Conference office.
USENIX Conference Office
22672 Lambert St., Suite 613
El Toro, CA 92630
Telephone (714) 588-8649
FAX Number (714) 588-9706
Electronic Mail Address: conference@usenix.org
************************************************************
UNIX SECURITY SYMPOSIUM
Sponsored by the USENIX Association
and in Cooperation with the Computer Emergency Response Team (CERT)
SEPTEMBER 14 - 16, 1992
SHERATON INNER HARBOR HOTEL
BALTIMORE, MD
USENIX, the UNIX and Advanced Computing Systems Professional and Technical
Association, in cooperation with CERT, the Computer Emergency Response
Team, invites you to participate in the 3rd UNIX Security Symposium.
The goal of this symposium is to bring together security practitioners,
system administrators, system programmers and anyone with an interest in
computer security as it relates to networks and the UNIX operating system.
The symposium will consist of a broad range of topics including tutorials
appropriate for a technical audience and peer-reviewed technical
presentations. Attendees will have a unique opportunity to share their
experiences and ideas on UNIX system security.
PROGRAM COMMITTEE
Ed DeHart, Program Chair CERT
Matt Bishop Dartmouth College
Bill Cheswick Bell Laboratories
Ana Maria De Alvare Silicon Graphics, Inc.
Jim Ellis CERT
Barbara Fraser CERT
Ken van Wyk CERT
IMPORTANT SYMPOSIUM DATES & SCHEDULE OF EVENTS
Pre-Registration Deadline: September 8, 1992
Hotel Reservation Deadline: August 24, 1992
Sunday, September 13 6:00pm - 9:00pm Registration/no host reception
Monday, September 14 9:00am - 5:00pm Tutorial Presentations
Tuesday, September 15 XXXam - XXXpm Technical Sessions
6:00pm - 8:00pm Symposium Reception
8:00pm - 10:00pmBirds of a Feather Sessions
Wednesday, September 16 XXXam - XXXpm Technical Sessions
REGISTRATION INFORMATION
Register in advance to receive the lowest registration rates. Attendance is
limited in both the Tutorial Presentations and Technical Sessions and
pre-registration is strongly recommended. You may register for only a
tutorial, only the two-day technical sessions program OR select both
programs.
TUTORIAL REGISTRATION FEE
September 14
One Full-day tutorial - Only one tutorial can be selected $245.00
************
TECHNICAL SESSIONS REGISTRATION FEES
September 15 - 16
*Member Fee $225.00
Non-member Fee 290.00
Full-time Student Fee - Must provide copy of student I.D. 75.00
*The member rate applies to current individual members of the USENIX
Association, Sun User Group, EurOpen and AUUG.
Full-time students please note:
A limited number of scholarships are available for full-time students.
Contact the Conference Office for details.
Enjoy the Benefits of Becoming a USENIX Member - If you are not a
current USENIX member and wish to join, pay the non-member fee on the
registration form and check the special box requesting membership.
$65 of your non-member fee will be designated as dues in full for a
one-year individual USENIX Association membership.
PRE-REGISTRATION DEADLINE: SEPTEMBER 8, 1992.
REGISTRATION FEES AFTER THAT DATE WILL BE $50 HIGHER!
Please complete and return the enclosed registration form with your
payment. You may pay by check (MAKE CHECK PAYABLE TO USENIX CONFERENCE)
or use your VISA, MasterCard, Diners Club or American Express charge card.
Payment MUST accompany registration form. Purchase orders and vouchers are
NOT accepted. NOTE: You may FAX your registration form if paying by
credit card. (To avoid duplicate billing when faxing your registration, do
not mail an additional copy to the Conference Office. You may telephone
our office to confirm receipt of your fax.)
REFUND CANCELLATION POLICY: If you must CANCEL, all refund requests must
be in writing and postmarked no later than September 8, 1992. Direct your
letter to the USENIX Conference Office.
CONFERENCE PROCEEDINGS: One copy of the proceedings is included with your
Technical Sessions registration fee. If you wish to order additional
copies, you may contact the USENIX Association at Telephone (510) 528-8649,
or direct your email to: office@usenix.org.
HOTEL INFORMATION
The Symposium headquarters will be:
Sheraton Inner Harbor Hotel ROOM RATES
300 South Charles Street $110 Single or Double Occupancy
Baltimore, MD 21201 (plus State and city tax)
Telephone # (410) 962-8300
To Make Your Reservation: Call the Hotel directly and ask for the
Reservations Desk. Tell reservations that you are a USENIX Attendee to
take advantage of our group rate. A one night's deposit is required for
all reservations. Should you desire to cancel your reservation, you must
notify the hotel at least 24 hours prior to your scheduled arrival.
IMPORTANT: Room reservation deadline is August 24, 1992. Requests for
reservations received after the deadline will be handled on a space and
RATE available basis.
CHILD CARE SERVICES
If you need child care services during the Security Symposium, you may
contact the concierge desk at the Sheraton Hotel to make arrangements. The
USENIX Association will reimburse 50% of the child care charges when
services through the hotel have been arranged and child care services fall
during the Symposium hours.
AIRPORT TO HOTEL TRANSPORTATION
BALTIMORE/WASHINGTON INTERNATIONAL AIRPORT (BWI): BWI Shuttle Express
provides transportation from the airport to the Sheraton Inner Harbor
Hotel. Go outside on the first level baggage claim area and look for the
shuttle service signs. The shuttle runs every 1/2 hour and makes stops at
each of the major hotels. Fare is $8.00 one way and takes approximately 40
minutes. Taxi service is also available at an approximate cost of $20.00
one way.
Directions for those driving from 95 North or South: Take 395 North. Right
on Conway Street, left on Charles Street. Sheraton Inner Harbor is located
on the left.
POINTS OF INTEREST
Located along the shores of the Chesapeake Bay, Baltimore is a charming mix
of history, landmarks, culture and adventures. Enjoy the National Aquarium,
Maryland Science Center, The Baltimore Museum of Art and all the shops and
restaurants of Harborplace and The Gallery. Explore Baltimore's ethnic
neighborhoods, historic homes and internationally acclaimed museums.
Baltimore has something to offer everyone, come and enjoy!
FOR FURTHER SYMPOSIUM INFORMATION, PLEASE CONTACT:
USENIX Conference Office
22672 Lambert St., Suite 613
El Toro, CA 92630
Telephone (714) 588-8649
FAX Number (714) 588-9706
Electronic Mail Address: conference@usenix.org
Office Hours: 8:30am - 5:00pm Pacific Time
------- End of Forwarded Message
