REFEREED PAPERS

WEDNESDAY, AUGUST 16, 2000
9:00 am—10:15 am
Opening Remarks and Keynote Address: The Journey Ahead Blaine Burnham, Director, Georgia Tech Information Security Center Dr. Burnham will recap the recent politics of information security and roll out a proposed "case for action."
10:15 am—10:45 am Break
10:45 am—12:45 pm
REFEREED PAPERS OS Security Session Chair: Dan Wallach, Rice University MAPbox: Using Parameterized Behavior Classes to Confine Untrusted Applications Anurag Acharya and Mandar Raje, University of California at Santa Barbara A Secure Java Virtual Machine Leendert van Doorn, IBM T.J. Watson Research Center Encrypting Virtual Memory Niels Provos, University of Michigan Deja Vu--A User Study: Using Images for Authentication Rachna Dhamija and Adrian Perrig, University of California at Berkeley	INVITED TALKS Computer System Security: Is There Really a Threat? Dave Dittrich, University of Washington Throughout 1999, groups around the world were involved in the development of distributed DoS (DDoS) attack programs which allowed the coordination of literally thousands of compromised computers. By January 1, 2000, four of these DDoS tools had been identified by incident investigators and analyzed. February 2000 brought DoS attacks against several e-commerce sites, and DDoS to the attention of the general public. Most current proposals deal only with a small part of the issue. We will look at the larger picture of response to DDoS attacks.
12:45 pm—2:00 pm Lunch (on your own)
2:00 pm—3:30 pm
REFEREED PAPERS Democracy Session Chair: Ian Goldberg, University of California at Berkeley Publius: A Robust, Tamper-Evident, Censorship-Resistant, and Source-Anonymous Web Publishing System Marc Waldman, New York University; and Aviel D. Rubin and Lorrie F. Cranor, AT&T Labs—Research Probabilistic Counting of Large Digital Signature Collections Markus G. Kuhn, University of Cambridge, U.K. Can Pseudonymity Really Guarantee Privacy? Josyula R. Rao and Pankaj Rohatgi, IBM T.J. Watson Research Center	INVITED TALKS The Insecurity Industry Duncan Campbell, IPTV Ltd., EPIC (Electronic Privacy Information Center), and International Consortium of Investigative Journalists Communications intelligence (Comint) as an industrial activity has been established globally for over 50 years. At the height of the Cold War, immense resources were devoted by Western signals intelligence agencies to collecting civilian communications of their own and other Western nations. Since then, agencies such as the U.S. National Security Agency have redefined their mission as "global access" to others' telecommunications. This talk reviews the development, scale, significance, and technical functions of the Comint network run jointly by the English-speaking nations. The increasing impact of cryptography and other security measures suggests that Comint resources are likely to shift to network and terminal attacks. The implications of these moves will be discussed.
3:30 pm—4:00 pm Break
4:00 pm—5:30 pm
REFEREED PAPERS Hardware Session Chair: Markus Kuhn, University of Cambridge, U.K. An Open-Source Cryptographic Coprocessor Peter Gutmann, University of Auckland, New Zealand Secure Coprocessor Integration with Kerberos V5 Naomaru Itoi, University of Michigan Analysis of the Intel Pentium's Ability to Support a Secure Virtual Machine Monitor John Scott Robin, U.S. Air Force; and Cynthia E. Irvine, Naval Postgraduate School	INVITED TALKS Trust-Management Pitfalls of PKI Mark Chen, Securify "Public-key infrastructure": To many people, these words suggest a unified authentication mechanism suitable for supporting a diverse array of security requirements. Public-key technology does solve some problems that are not easily managed with symmetric ciphers, but the practical deployment issues are complex, and obscured by the word infrastructure. This talk addresses the trust-management pitfalls that lurk in the use of public-key technology in business applications. It is particularly relevant for those who are considering retaining the services of a commercial certification authority.
THURSDAY, AUGUST 17, 2000
9:00 am—10:45 am
REFEREED PAPERS Intrusion Detection Session Chair: Wietse Venema, IBM T.J.Watson Research Center Detecting and Countering System Intrusions Using Software Wrappers Calvin Ko, Timothy Fraser, Lee Badger, and Douglas Kilpatrick, INAI Labs Detecting Backdoors Yin Zhang, Cornell University; and Vern Paxson, ACIRI Detecting Stepping Stones Yin Zhang, Cornell University; and Vern Paxson, ACIRI Automated Response Using System-Call Delay Anil Somayaji, University of New Mexico; and Stephanie Forrest, Santa Fe Institute	INVITED TALKS The Practical Use of Cryptography in Human Rights Groups Suelette Dreyfus, Author Modern cryptography is increasingly being used by human rights and nonprofit community activist groups around the world to protect sensitive data from governments and hostile organizations. A number of Truth Commissions, as well as grassroots human rights groups interviewing victims of and witnesses to human rights abuses, have relied on cryptographic software. This talk will look at a case study: the use of cryptography by a grassroots HR group and the Truth Commission in Guatemala to protect witnesses from retribution, as well as to ensure the integrity of the data. It will conclude with a brief review of anti-cryptography laws around the globe, and how certain types of new technology may thwart these laws.
10:45 am—11:15 am Break
11:15 am—12:45 pm
REFEREED PAPERS Network Protection Session Chair: Tara Whalen, Communications Research Centre Canada CenterTrack: An IP Overlay Network for Tracking DoS Floods Robert Stone, UUNET Technologies Inc. A Multi-Layer IPSEC Protocol Yongguang Zhang and Bikramjit Singh, HRL Laboratories, LLC Defeating TCP/IP Stack Fingerprinting Matthew Smart, G. Robert Malan, and Farnam Jahanian, University of Michigan	INVITED TALKS Privacy-Degrading Technologies: How Not to Build the Future Ian Goldberg, Zero-Knowledge Systems Much talk has been heard recently of "Privacy-Enhancing Technologies," which ostensibly allow a user to maintain his privacy while using some other, assumedly desirable, technologies. The underlying problem is that these other technologies degrade the user's privacy in the first place. This talk will discuss the "Nymity Slider" and will indicate how, keeping it in mind, we should aim to build future technology with privacy as important a part of the design as are security, performance, and correctness.
12:45 am—2:00 pm Lunch (on your own)
2:00 pm—3:30 pm
REFEREED PAPERS E-mail Session Chair: Elizabeth Zwicky, Counterpane Internet Security A Chosen Ciphertext Attack Against Several E-Mail Encryption Protocols Jonathan Katz, Columbia University; and Bruce Schneier, Counterpane Internet Security, Inc. PGP in Constrained Wireless Devices Michael Brown and Donny Cheung, University of Waterloo, Canada; Darrel Hankerson, Auburn University; Julio Lopez Hernandez, State University of Campinas, Brazil; and Michael Kirkup and Alfred Menezes, University of Waterloo, Canada Shibboleth: Private Mailing List Manager Matt Curtin, Interhack Posse	INVITED TALKS Methods for Detecting Addressable Promiscuous Devices Mudge, VP of Research and Development, @stake When an intruder obtains elevated privileges on a remote system, the machine is usually placed in promiscuous mode to monitor traffic on the network, often rewarding the the intruder with such items as user names, passwords, email, and usage statistics. Machines on the network in promiscuous mode often indicates that those systems have been compromised. Once intruders have access, they commonly fix the holes that were exploited and then install backdoors to allow future access. Such a system may well pass network security scans even though it remains compromised. This talk describes some network techniques that can be used to detect this situation.
3:30 pm—4:00 pm Break
4:00 pm—5:30 pm
Work-in-Progress Session (WiPs) Session Chair: Peter Honeyman, CITI, University of Michigan Do you have interesting work you would like to share, or a cool idea that is not yet ready to be published? Symposium attendees provide valuable discussion and feedback. Short, pithy, and fun, this Work-in-Progress Session (WiPs) introduces interesting new or ongoing work. We are particularly interested in presentation of student work. Speakers should submit a one- or two-paragraph abstract to securitywips@usenix.org by 6:00 pm on Wednesday, August 16, 2000. Please include your name, affiliation, and the title of your talk. The time available will be distributed among the presenters with a minimum of 5 minutes and a maximum of 10 minutes. The time limit will be strictly enforced. A schedule of presentations will be posted at the symposium by noon on August 17. Experience has shown that most submissions are usually accepted.