Technical Sessions
|
|
WEDNESDAY, AUGUST 7, 2002 [Thursday, August 8]
[Friday, August 9]
|
8:45 am - 10:30 am Salon 7
|
Opening Remarks, Awards, and Keynote
Keynote Address: Information Security in the 21st Century
Whitfield Diffie, Distinguished Engineer at Sun Microsystems
Although its origins may be ancient, the first component of information security, communication security, was so expanded by the First World War that we might reasonably count its birth from that event. The second component, computer security, appeared with shared, on-line computer use in the 1960s. Now, in the early 21st century, many of the problems that plagued information security in the 20th century have receded, while others have expanded or changed. We will assess the field inherited from the past century and look at its prospects for the future.
|
10:30 am - 11:00 am Break
|
|
|
11:00 am - 12:30 pm
|
GENERAL TRACK
Salon 7
OS Security
Awarded Best Paper!
Security in Plan 9
Russ Cox, MIT LCS; Eric Grosse and Rob Pike, Bell Labs; Dave Presotto, Avaya Labs and Bell Labs; Sean Quinlan, Bell Labs
Linux Security Modules: General Security Support for the Linux Kernel
Chris Wright and Crispin Cowan, WireX Communications, Inc.; Stephen Smalley, NAI Labs; James Morris, Intercode Pty.; Greg Kroah-Hartman, IBM Linux Technology Center
Using CQUAL for Static Analysis of Authorization Hook Placement
Xiaolan Zhang, Antony Edwards, and Trent Jaeger, IBM T.J. Watson Research Center
|
INVITED
TALKS
Salons 4-6
Wireless Access Point Mapping
Simon D. Byers, AT&T LabsResearch
This talk relates our experiences in 2.4 GHz wireless AP mapping, giving a broad
sweep through various motivations, implementations, analyses, and applications.
This includes practical description of software, hardware, antennae, and other
devices that we have found useful to interact with and measure wireless devices.
We employ a very hands-on philosophy in our work and the talk. Given the current explosion in wireless deployment, formal research in this area has come to be
important. This talk will attempt to illustrate some of our directions.
|
12:30 pm - 2:00 pm Lunch (on your own)
|
|
|
2:00 pm - 3:30 pm
|
GENERAL TRACK
Salon 7
Intrusion Detection/Protection
Using Text Categorization Techniques for Intrusion Detection
Yihua Liao and V. Rao Vemuri, University of California, Davis
Detecting Manipulated Remote Call Streams
Jonathon T. Giffin, Somesh Jha, Barton P. Miller, University of Wisconsin, Madison
Type-Assisted Dynamic Buffer Overflow Detection
Kyung-suk Lhee and Steve J. Chapin, Syracuse University
|
INVITED
TALKS
Salons 4-6
Freedom to Tinker
Ed Felten, Princeton University
"Freedom to Tinker" is the freedom to understand, discuss, repair, and improve the technological devices you own. This freedom, which has been eroded by recent changes in market practices and the law, is the organizing principle behind an
increasing political and legal awareness among technologists. In this talk, Professor Felten will outline the ideas behind the freedom to tinker movement, using examples drawn from the current battles over copy protection.
|
3:30 pm - 4:00 pm Break
|
|
|
4:00 pm - 5:30 pm
Salon 7
|
GENERAL TRACK
Salon 7
Access Control
A General and Flexible Access-Control System for the Web
Lujo Bauer, Michael A. Schneider, and Edward W. Felten, Princeton University
Access and Integrity Control in a Public-Access, High-Assurance Configuration Management System
Jonathan S. Shapiro and John Vanderburgh, Johns Hopkins University
|
INVITED
TALKS
Salons 4-6
Biometric Authentication Technologies: Hype Meets the Test Results (PDF)
James L. Wayman, Director, Biometric Test Center, San Jose State University
Biometric authentication is automatic identification or identity verification based on behavioral and physiological characteristics. Its potential for securing financial transactions and controlling physical access has been recognized for over 40 years, but adoption has been considerably slower than predicted. One reason for this has been the unrealistic performance expectations placed on the technologies by both vendors and users. This talk will discuss biometric technologies and applications, performance metrics, and the results of the last 10 years of pilot projects and independent testing. We will explore what has worked, what hasn't, and why, with particular emphasis on the impact of biometrics on privacy.
|
THURSDAY, AUGUST 8, 2002
|
9:00 am - 10:30 am
|
GENERAL TRACK
Salon 7
Hacks/Attacks
Deanonymizing Users of the SafeWeb Anonymizing Service
David Martin, Boston University; Andrew Schulman, Software Litigation Consultant
VeriSign CZAG: Privacy Leak in X.509 Certificates
Scott G. Renfro, Yahoo!, Inc.
How to Own the Internet in Your Spare Time
Stuart Staniford, Silicon Defense; Vern Paxson, ICSI Center for Internet Research; Nicholas Weaver, University of California, Berkeley
|
INVITED
TALKS
Salons 4-6
Network Telescopes: Observing Small or Distant Security Events
David Moore, CAIDA, San Diego Supercomputer Center
A network telescope is a portion of routed IP address space on which little or no legitimate traffic exists. Monitoring unexpected traffic arriving at a network telescope yields a view of certain remote network events. Among the visible events are various forms of flooding DoS attacks, infection of hosts by Internet worms, and network scanning. In this presentation, we'll examine questions such as: How large should my network telescope be? How well can one go backwards from a local view to an estimate of the global phenomenon? How big (in packets sent) or long (in duration) must an event be to be seen? What can I see from my own backyard telescope?
|
10:30 am - 11:00 am Break
|
|
|
11:00 am - 12:30 pm
|
GENERAL TRACK
Salon 7
Sandboxing
Setuid Demystified
Hao Chen and David Wagner, University of California, Berkeley; Drew Dean, SRI International
Secure Execution via Program Shepherding
Vladimir Kiriansky, Derek Bruening, Saman Amarasinghe, MIT
A Flexible Containment Mechanism for Executing Untrusted Code
David S. Peterson, Matt Bishop, and Raju Pandey, University of California, Davis
|
INVITED
TALKS
Salons 4-6
Illusions of Security (PDF)
Paul Kocher, Cryptography Research, Inc.
For years, the standard yardstick for measuring cryptographic security has been key length. Unfortunately, real adversaries lack the propriety to limit themselves to tidy attacks such as brute force, factoring, and differential cryptanalysis. Worse, Moore's Law is driving vendors to build systems of exponentially increasing complexity without making security experts exponentially smarter to compensate. The resulting products have a minuscule chance of being extremely secure, and a large chance of being critically flawed. This talk will review basic engineering approaches that can improve assurance and will show how evaluators and attackers break overly complex, poorly tested designs.
|
12:30 pm - 2:00 pm Lunch (on your own)
|
|
|
2:00 pm - 3:30 pm
|
GENERAL TRACK
Salon 7
Web Security
SSLACC: A Clustered SSL Accelerator
Eric Rescorla, RTFM, Inc.; Adam Cain, Nokia, Inc.; Brian Korver, Xythos Software
Awarded Best Student Paper! Infranet: Circumventing Web Censorship and Surveillance
Nick Feamster, Magdalena Balazinska, Greg Harfst, Hari Balakrishnan, and David Karger, MIT
Trusted Paths for Browsers
Zishuang (Eileen) Ye, Sean Smith, Dartmouth College
|
INVITED
TALKS
Salons 4-6
Formal Methods and Computer Security
John C. Mitchell, Stanford University
Formal methods are variously considered to be arcane, tedious, and oblivious to
practical concerns. However, such techniques as specification, type checking, proofs
of correctness, and model checking, offer the power to analyze system properties under many or even infinitely many possible inputs and execution conditions without running an implemented system through all of the associated test cases. This talk
will summarize some of the successful applications of formal methods for security problems such as protocol analysis, mobile code security, access control, and
rights specifications.
|
3:30 pm - 4:00 pm Break
|
|
|
4:00 pm - 5:30 pm
|
GENERAL TRACK
Salon 7
Generating Keys and Timestamps
Toward Speech-Generated Cryptographic Keys on Resource-Constrained Devices
Fabian Monrose, Bell Labs, Lucent Technologies; Michael Reiter, Carnegie Mellon University; Qi Li, Daniel P. Lopresti, and Chilin Shih, Bell Labs, Lucent Technologies
Secure History Preservation Through Timeline Entanglement
Petros Maniatis and Mary Baker, Computer Science Department, Stanford University
|
INVITED
TALKS
Salons 4-6
"How Come We Still Don't Have IPSec, Dammit?"
John Ioannidis, AT&T LabsResearch
It has been over ten years since the IPSec effort was started at the IETF, and the
question of why it is still not a universally deployed protocol has been haunting us
for about half that time. I shall talk about what has gone wrong (as well as what
has gone right) for IPSec, how SSL/TLS and SSH have affected the development
and deployment of IPSec, why IPSec is still viewed as good only for VPNs, and other popular myths. I shall not point too many fingers (eight, plus two thumbs, will be enough); I will try to explore, however, what has to happen in the next couple of
years in order to see the desired widespread deployment of the protocol.
|
FRIDAY, AUGUST 9, 2002
|
9:00 am - 10:30 am
|
GENERAL TRACK
Golden Gate A\B
Deploying Crypto
Lessons Learned in Implementing and Deploying Crypto Software
Peter Gutmann, University of Auckland
Side-Channel Attacks on Symmetric Encryption Schemes: The Case for Authenticated Encryption
John Black and Hector Urtubia, University of Nevada, Reno
Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking
Markus Jakobsson and Ari Juels, RSA Laboratories; Ronald L. Rivest, MIT
|
INVITED
TALKS
Nob Hill A-D
Implications of the DMCA Anti-Circumvention for Security, Research, and Innovation
Pam Samuelson, University of California at Berkeley
The Digital Millennium Copyright Act of 1998 makes it illegal to circumvent access controls and to make or distribute circumvention technologies. It contains exceptions to enable legitimate computer security research, computer security testing, and interoperability among programs. This talk will look closely at the exceptions and at the DMCA caselaw to determine whether they adequately balance the interests of copyright owners and of follow-on innovators and researchers. It will also consider whether the U.S. Constitution may limit the application of the DMCA to some research- and innovation-related activities.
|
10:30 am - 11:00 am Break
|
|
|
11:00 am - 12:30 pm
|
Work-in-Progress Reports (WiPs)
Golden Gate A\B
Short, pithy, and fun, Work-in-Progress Reports introduce interesting new or ongoing work, and the USENIX audience provides valuable discussion and feedback.
If you have work you would like to share or a cool idea that's not quite ready for publication, send a one- or two-paragraph summary to sec02wips@usenix.org. We are particularly interested in presenting students' work. A schedule of presentations will be posted at the conference, and the speakers will be notified in advance. Work-in-Progress reports are five-minute presentations; the time limit will be strictly enforced.
Here is the latest List of Presentations.
|
|