WEDNESDAY, AUGUST 15, 2001
9:00 am - 10:30 am    (Grand Ballroom, Salons II/III/IV)
Opening Remarks, Awards, and Keynote Keynote Address: Web-Enabled Gadgets: Can We Trust Them? Richard M. Smith, CTO of the Privacy Foundation The new frontier for consumer electronic devices is the Internet. We are now seeing devices for the home--TV digital recorders, digital picture frames, two-way cable settop boxes--that offer new levels of convenience by connecting to Internet services. But can we trust these devices in our homes? Will manufacturers use them to collect even more data about us for marketing purposes? Will the Internet connections control how we are allowed to use these products? Will security holes in these devices create new backdoors for breaking into our home PCs? Richard Smith will try to answer these questions about this brave new world of consumer electronic devices. Much of the talk will be based on research conducted by the Privacy Foundation on the first wave of Web-enabled devices such as Tivo, UltimateTV, and digital picture frames.
10:30 am - 11:00 am   Break
11:00 am - 12:30 pm
REFEREED PAPER TRACK Capitol Ballroom, Salons F/G Denial of Service Session Chair: Steve Bellovin, AT&T Labs - Research Using Client Puzzles to Protect TLS Drew Dean, Xerox PARC, and Adam Stubblefield, Rice University Inferring Internet Denial-of-Service Activity David Moore, CAIDA; Geoffrey M. Voelker and Stefan Savage, University of California, San Diego MULTOPS: A Data-Structure for Bandwidth Attack Detection Thomer M. Gil, Vrije Universiteit/M.I.T., and Massimiliano Poletto, M.I.T.	INVITED TALKS Grand Ballroom, Salons I/II A Maze of Twisty Little Statutes, All Alike: The Electronic Communications Privacy Act of 1986 (and Its Application to Network Service Providers) Mark Eckenwiler, U.S. Department of Justice View the presentation in HTML form. In the United States, the Electronic Communications Privacy Act of 1986 (ECPA) governs the acquisition and disclosure of information--e.g., electronic mail, logs, subscriber identity--that lies at the core of computer network privacy. Unfortunately, ECPA's intricacies have bedeviled commentators, leading one appeals court to call ECPA "famous (if not infamous) for its lack of clarity." This introduction for laypeople will examine ECPA's rules by category (e.g., contents vs. transactional/account records), focusing especially on the rules governing law enforcement access to customer information.
12:30 pm - 2:00 pm   Lunch (on your own)
2:00 pm - 3:30 pm
REFEREED PAPER TRACK Capitol Ballroom, Salons F/G Hardware Session Chair: Dirk Balfanz, Xerox PARC Data Remanence in Semiconductor Devices Peter Gutmann, IBM T.J.Watson Research Center StackGhost: Hardware Facilitated Stack Protection Mike Frantzen, CERIAS, and Mike Shuey, Engineering Computer Network Improving DES Coprocessor Throughput for Short Operations Mark Lindemann, IBM T.J. Watson Research Center, and Sean W. Smith, Dartmouth College	INVITED TALKS Grand Ballroom, Salons I/II Loaning Your Soul to the Devil: Influencing Policy Without Selling Out Matt Blaze, AT&T Labs - Research All of a sudden, it seems, computer security and cryptology have become important not only as technical problems but as public policy issues. More to the point, we practitioners and researchers in computer security and cryptology often now find ourselves sought out not only for technical expertise but also by policymakers, lobbyists, and the media. Unfortunately, we're often surprised at just how ill-prepared we are for the public policy culture, and we risk finding ourselves misused, misunderstood or misquoted. It doesn't have to be that way. This talk will present a personal view of the relationship between science and public policy, focusing on the different value systems, protocols, and expectations found in the two worlds. It really is possible to maintain one's integrity while making a difference, even inside the Beltway.
3:30 pm - 4:00 pm   Break
4:00 pm - 5:30 pm
REFEREED PAPER TRACK Capitol Ballroom, Salons F/G Firewalls/Intrusion Detection Session Chair: Mudge, @stake Architecting the Lumeta Firewall Analyzer Avishai Wool, Lumeta Corporation Transient Addressing for Related Processes: Improved Firewalling by Using IPV6 and Multiple Addresses per Host Peter M. Gleitz and Steven M. Bellovin, AT&T Labs–Research Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics Mark Handley and Vern Paxson, ACIRI; Christian Kreibich, Technische Universität München	INVITED TALKS Grand Ballroom, Salons I/II Cops Are from Mars, Sysadmins Are from Pluto: Dealing with Law Enforcement Tom Perrine, San Diego Supercomputer Center View the presentation in PDF format. In today's Internet, it is inevitable that system administrators and security managers will have to interact with law enforcement. Both these groups are different from the mainstream, having their own goals, culture, language, and assumptions. This talk will show how these two cultures can communicate and interact to deal with intruders, abusers, SPAMers and other net denizens. It includes real-world experiences and stories drawn from eight years of security activities at a national laboratory and a university.
5:30 pm - 6:00 pm   Break
6:00 pm - 6:30 pm    (Grand Ballroom, Salons II/III/IV)
REFEREED PAPER TRACK Reading Between the Lines: Lessons from the SDMI Challenge You can view this paper in PDF form. Scott A. Craver, Min Wu, and Bede Liu, Princeton University; Adam Stubblefield, Ben Swartzlander, and Dan S. Wallach, Rice University; Drew Dean; and Edward W. Felten, Princeton University	INVITED TALKS This is a joint session with the General Track (see to left).
6:30 pm - 7:30 pm    (Grand Ballroom, Salons II/III/IV)
REFEREED PAPER TRACK Panel Discussion on SDMI/DMCA Moderator: Dan Wallach, Rice University Panelists: Edward W. Felten, Princeton University; Cindy Cohn, EFF; and Peter Jaszi, American University	INVITED TALKS This is a joint session with the General Track (see to left).
THURSDAY, AUGUST 16, 2001
9:00 am - 10:30 am
REFEREED PAPER TRACK Grand Ballroom, Salons I/II Operating Systems Session Chair: Teresa Lunt, Xerox PARC Security Analysis of the Palm Operating System and its Weaknesses Against Malicious Code Threats Kingpin and Mudge, @stake, Inc. Secure Data Deletion for Linux File Systems Steven Bauer and Nissanka B. Priyantha, MIT RaceGuard: Kernel Protection From Temporary File Race Vulnerabilities Crispin Cowan, Steve Beattie, Chris Wright, and Greg Kroah-Hartman, WireX Communications, Inc.	INVITED TALKS Grand Ballroom, Salons III/IV Changes in Deployment of Cryptography, and Possible Causes Eric Murray, SecureDesign LLC View the slide presentation in HTML form. SSL/TLS is arguably the most widely deployed cryptographic protocol and is readily characterized. Last year my survey of over 8,000 SSL servers found that about 25% of them used only weak "export"-level keys and cipher suites. With the wider deployment of TLS, more high-speed cryptographic hardware, and another year since the U.S. liberalized crypto export regulations, more sites have deployed strong crypto. This talk will discuss the results of this year's survey, the changes in crypto deployment that have occurred in the last year, and the possible causes of those changes.
10:30 am - 11:00 am   Break
11:00 am - 12:30 pm
REFEREED PAPER TRACK Grand Ballroom, Salons I/II Managing Code Session Chair: Trent Jaeger, IBM T.J. Watson Research Center Statically Detecting Likely Buffer Overflow Vulnerabilities David Larochelle and David Evans, University of Virginia FormatGuard: Automatic Protection From printf Format String Vulnerabilities Crispin Cowan, Matt Barringer, Steve Beattie, and Greg Kroah-Hartman, WireX Communications, Inc.; Mike Frantzen, Purdue University; and Jamie Lokier, CERN Detecting Format String Vulnerabilities with Type Qualifiers Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, and David Wagner, University of California at Berkeley	INVITED TALKS Grand Ballroom, Salons III/IV Reversing the Panopticon John Young, Cryptome.org, and Deborah Natsios, Cartome.org Cryptome welcomes documents for publication that are prohibited by governments worldwide--in particular, material on cryptology; dual-use technologies; and national security and intelligence open, secret, and classified documents. Cartome, a newly inaugurated companion site to Cryptome, is an archive of spatial and geographic documents on privacy, cryptography, dual-use technologies, and national security and intelligence communicated by imagery systems: cartography, photography, photogrammetry, steganography, climatography, seismography, geography, camouflage, maps, images, drawings, charts, diagrams, imagery intelligence (IMINT), and their reverse-panopticon and counter-deception potential.
12:30 pm - 2:00 pm   Lunch
2:00 pm - 3:30 pm
REFEREED PAPER TRACK Grand Ballroom, Salons I/II Authorization Session Chair: Carl Ellison, Intel Corporation Capability File Names: Separating Authorisation From User Management in an Internet File System Jude T. Regan and Christian D. Jensen, Trinity College Dublin Kerberized Credential Translation: A Solution to Web Access Control Olga Kornievskaia, Peter Honeyman, Bill Doster, and Kevin Coffman, CITI, University of Michigan The Dos and Don'ts of Client Authentication on the Web Kevin Fu, Emil Sit, Kendra Smith, and Nick Feamster, MIT	INVITED TALKS Grand Ballroom, Salons III/IV Designing Against Traffic Analysis Paul Syverson, U.S. Naval Research Laboratory Traffic analysis reveals who is communicating with whom and in what way. Thus, traffic-analysis-resistant communication is an essential building block for any technical guarantee of many aspects of privacy. This talk will describe some of the traffic analysis threats to communicants on the Internet and some of the systems that have been implemented to resist traffic analysis. The focus will be primarily on systems for connection-based communication, for example, the Anonymizer, Crowds, Freedom, and in particular Onion Routing. We will define security goals for such systems and look at how the systems meet those goals.
3:30 pm - 4:00 pm   Break
4:00 pm - 5:30 pm
REFEREED PAPER TRACK Grand Ballroom, Salons I/II Key Management Session Chair: Peter Gutmann, University of Aukland SC-CFS: Smartcard Secured Cryptographic File System Naomaru Itoi, CITI, University of Michigan Secure Distribution of Events in Content-Based Publish Subscribe Systems Lukasz Opyrchal and Atul Prakash, University of Michigan A Method for Fast Revocation of Public Key Certificates and Security Capabilities Dan Boneh, Stanford University; Xuhua Ding and Gene Tsudik, University of California, Irvine; and Chi Ming Wong, Stanford University	INVITED TALKS Grand Ballroom, Salons III/IV Countering SYN Flood Denial-of-Service (DoS) Attacks Ross Oliver, Tech Mavens View the presentation in PDF format. A great deal of attention has been focused on DoS attacks in the past year, but effective solutions have been slow in coming. This presentation will highlight the technical issues involved in combatting SYN floods and will describe three different defense methods: SynDefender, as implemented in Checkpoint's Firewall-1; syn proxying, as implemented by the Netscreen 100 firewall appliance; and syn cookies, as implemented in the Linux OS. A test configuration used to compare the effectiveness of these techniques will be described and will show the performance of these methods under an actual SYN flood attack.
FRIDAY, AUGUST 17, 2001
9:00 am - 10:30 am
REFEREED PAPER TRACK Grand Ballroom, Salons I/II Math Attacks! Session Chair: Ian Goldberg, Zero Knowledge Systems PDM: A New Strong Password-Based Protocol Charlie Kaufman, Iris Associates, and Radia Perlman, Sun Microsystems Laboratories You can view this slide presentation in PDF form. Defending Against Statistical Steganalysis Niels Provos, CITI, University of Michigan Timing Analysis of Keystrokes and Timing Attacks on SSH Dawn Xiaodong Song, David Wagner, and Xuqing Tian, University of California, Berkeley	INVITED TALKS Grand Ballroom, Salons III/IV Real Stateful TCP Packet Filtering in Ip-filter Guido van Rooij, Madison Gurkha BV View the presentation in PDF format. Ip-filter, an open-source packet-filtering engine, is available for a number of operating systems. Ip-filter comes with stateful packet filtering. In the TCP case, the state engine not only inspects the presence of ACK flags or looks at source and destination ports, but includes sequence numbers and window sizes in its filtering decision. This greatly reduces the window of opportunity for malicious packets to be passed through the packet filter. This talk will briefly discuss problems with the original state engine and then move on to the design of the new state engine and some implementation consequences. It will conclude with experiences with the state code and future work.
10:30 am - 11:00 am   Break
11:00 am - 12:30 pm    (Grand Ballroom, Salons II/III/IV)
Work-in-Progress Reports (WiPs) Session Chair: Patrick McDaniel, University of Michigan Short, pithy, and fun, Work-in-Progress Reports introduce interesting new or ongoing work. If you have work you would like to share or a cool idea that's not quite ready for publication, send a one- or two-paragraph summary to sec01wips@usenix.org. We are particularly interested in presenting students' work. A schedule of presentations will be posted at the conference, and the speakers will be notified in advance. Work-in-Progress reports are five-minute presentations; the time limit will be strictly enforced. View the WiPs in HTML.