Preliminary Program7th USENIX Security SymposiumJanuary 26-29, 1998
Tutorials |
M1 | Security on the World Wide Web |
M2 | Windows NT Security |
M3am | Certification: Identity, Trust, and Empowerment |
M4pm | Towards Secure Executable Content: Java Security |
T1 | Handling Computer and Network Security Incidents |
T2 | Network Security Profiles: What Every Hacker Already Knows About You, and What To Do About It |
T3am | Using Cryptography |
T4pm | Cryptography for the Internet |
Who should attend: Anyone responsible for running a web site who wants the understand the tradeoffs in making it secure. Anyone seeking to understand how the web is likely to be secured
The world wide web is perhaps the most important enabler (so far) of electronic commerce. It has grabbed the popular imagination and the engineering and marketing efforts of a generation of on-line entrepreneurs and consumers. But it was initially design with little if any thought to industrial strength security. Over the past several years numerous proposals have surfaced to secure the web. This course will survey them with the goal of understanding the strengths and weaknesses of each. The topics covered include:
Who should attend: System and network administrators, and programmers, who must work with NT systems and need to understand its security principles.
Windows NT is the result of an unusual marriage between disparate operating systems: a completely reworked replacement for Digital Equipment's VMS and Windows 3.1. On the one hand, there are security features to satisfy the most avid control freak: centralized control over user accounts, file sharing, desktop appearance, fine grained object access, encryption, a security monitor, and auditing sensitive enough to capture most security related events. On the other hand, it provides support for an API that has been the main target for virus writers, and application programmers who have never even considered the notion of security.
This tutorial explains the security mechanisms in Windows NT, and how it can best be used to improve the security of networked NT systems. This is not just a review of NT's security-related GUIs (although they are included), we will go behind the scenes and discover the file and directory hierarchy of the trusted computing block, Web server (IIS), registry and event logs, and system files and libraries. Where ever possible, we will explore the command line interfaces and tools for controlling and auditing security of NT systems.
In particular, we will learn about:
Who should attend: Programmers and managers who have to design or select systems using public key cryptography for strong access control or other situations in which the guarantee of trust is critical.
In 1976, Diffie and Hellman postulated a telephone directory, but with public keys instead of phone numbers, to take the place of couriers carrying keys between people to open secure channels. This suggestion has grown into public key certificates, binding names to keys, and to suggestions for national or global Public Key Infrastructures (PKIs). Many people advocate using such certificates or PKIs without realizing what they are getting in return. They take the word of professional cryptographers.
Professional cryptographers, meanwhile, are sloppy in their use of words -- using "name" and "identity" as if they were interchangeable -- and using "trust" without any qualifiers (as in "In God We Trust").
In fact, each kind of certificate empowers a public key in some way. This tutorial will teach people how to identify what kind of empowerment they need for their public keys and how to achieve that empowerment. It will describe a variety of different certificate formats (X.509, Attribute Cert, PGP, SDSI, SPKI, PolicyMaker) and describe the kind of empowerment each offers.
Time and interest permitting, the tutorial will also cover US Government proposals for using PKIs to achieve Government Access to Keys -- although this may be moot by the time of the tutorial (depending on congressional and judicial events).
Who should attend: Programmers, webmasters, and network administrators interested in how Java security is implemented, and how the benefits of Java compare with its risks.
Executable content systems like Java, ActiveX, and Postscript have become a normal part of surfing the Web. These systems are often integrated so seamlessly into browsers that users are unaware that they are doing anything extraordinary. This means many users do not recognize the extra security risks they are taking on by using such systems. Java is especially cool since it is cross-platform, object oriented, network-savvy, and uses modern memory management. In addition, Java's designers have attempted to create a system that simultaneously ensures type safety and allows dynamic class loading. Type safety plays an essential role in Java's security approach.
Java clearly has exciting benefits, but with these benefits come new risks. It is critical that Java perform in a secure fashion---something that its designers tried to ensure. How did they do it? How successful were they? Do the benefits of Java outweigh the risks?
This tutorial covers the three prongs of the fundamental Java security model, discusses some of Java's most famous flaws, covers the impact of code-signing on the Java sandbox, and talks about what to expect in the future from executable content systems in terms of security.
Who should attend: System and network administrators, security and management of computer resources. You should have some knowledge of current operating systems and networking.
Are you prepared to handle a security incident at your site? Responding to computer security incidents is a requirement for all organizations where computers and networks are an important part of the infrastructure. You will find out how to prepare for and handle security incidents with step-by-step information and examples from real world incidents.
You will learn about the need for comprehensive computer security incident handling capability, how to communicate that need to management and the user community, how to investigate an incident (as a handler, not as law enforcement), and how to establish and maintain the capability. Even if you are the only person tasked with security, this tutorial will help you prepare yourself and your organization.
Course outline:
Who should attend: Network, system, and firewall administrators; security auditors or audit recipients; people involved with responding to intrusions or responsible for network-based applications or systems which might be targets for hackers. Participants should understand the basics of TCP/IP networking. Examples may use UNIX commands or include C or scripting languages.
This course will be useful for people with any type of TCP/IP based system: whether it is a UNIX, Windows, NT, or mainframe based operating system or whether it is a router, firewall, or gateway network host.
There are four common stages to network-based host attacks: reconnaissance, target selection, exploitation, and cover-up. This course will review the tools and techniques hackers use in performing these types of activities. You will understand how to either be prepared for such attacks or how to stay one step ahead of them. Specifically, the course will focus on how to generate profiles of your systems remotely. Additionally, it will show some of the business implications of these network-based probes.
The course will focus primarily on tools that exploit many of the common TCP/IP based protocols (such as ICMP, SNMP, RPC, HTTP, SMTP) which support virtually all of the Internet applications -- such as mail, Web technologies, network management, and remote file systems. Many topics will be addressed at a detailed technical and administrative level. This course will primarily use examples of public domain tools because they are widely available and commonly used in these types of situations.
Topics include:
Who should attend: Those who need to understand how cryptography is used over the Internet to secure communications, establish authenticity, and provide for integrity. I stress the engineering discipline, and do not assume a strong background in mathematics.
Security is essential for business and social interactions, and the pre-computer world has developed many techniques to establish security: voice recognition on the telephone provides authentication, signatures on paper provide proof of intent, closed doors and walks in the park provide privacy, unforgeable currency provides for fairness. As more and more business and social interactions move onto the Internet, the challenge is to mirror these techniques as much as possible in this new world.
This tutorial shows how cryptography can help. By allowing for confidentiality, authentication, integrity, fairness, and many other things, cryptography can transform the Internet into a serious business tool. The Internet community has developed protocols to secure electronic mail, World Wide Web interactions, electronic commerce transactions, etc., which you will hear about.
Topics include:
Cryptography in a networked world
After completing this tutorial, you will understand how cryptography is currently used on the Internet . You will be able to vigorously debate the pros and cons of different systems, and cause commotions at IETF meetings.
Who should attend: Those who need to understand what cryptography: does and how it works. I stress the engineering discipline, and do not assume a strong background in mathematics.
From encryption to digital signatures to electronic commerce to secure voting, cryptography has become the enabling technology that allows us to take existing business and social constructs and move them to computer networks. But a lot of cryptography is bad, and the problem with bad cryptography is that it looks just like good cryptography; most people cannot tell the difference. Security is a chain: only as strong as the weakest link.
This tutorial is about cryptography as it is used in the real world: the algorithms, the protocols, and the implementations. I'll stress the whats and the hows rather than the whys. People building (or using) cryptography need to understand what it can do and can't do, and that it's not the panacea it's often made out to be.
Topics covered include:
No single tutorial can teach someone to be a cryptographer. After completing this tutorial, participants will be intelligent consumers of cryptography. The will understand cryptography's building blocks, how those building blocks are put together to make cryptographic system, and what the limitations of the science are.
Jim Duncan is manager of Network and Information Systems and principal systems administrator for Pennsylvania State University's Applied Research Laboratory, a multi-disciplinary research facility for the U.S. Navy and other sponsors. He is a contributor to RFC 1244, The Site Security Policy Handbook and has developed numerous policies, guidelines, and presentations on systems and network administration, computer security, incident handling, and ethics. Jim is an active member of the Penn State CERT team and has primary responsibility for incident handling at the Applied Research Lab.
Carl Ellison is a professional cryptographer who has been researching certification for over two years now. He is draft author for the IETF standard track certificate structure known as SPKI. In addition to his cryptography background, Carl has expertise in networking, operating systems, real time computer graphics, fault tolerance and digital signal processing.
Rik Farrow provides UNIX and Internet security consulting and training. He has been working with UNIX system security since 1984, and with TCP/IP networks since 1988. Rik has taught at the IRS, Department of Justice, NSA, US West, Canadian RCMP, Swedish Navy, and for many US and European user groups. He is the author of UNIX System Security and System Administrator's Guide to System V. Farrow writes two columns for ;login:, and a network security column for Network magazine
Daniel E. Geer, Jr. is vice president of CertCo, LLC, a market leader in digital certification for electronic commerce. Dr. Geer has a long history in network security and distributed computing management as an entrepreneur, consultant, teacher and architect. He holds a Doctor of Science in Biostatistics from Harvard University. A frequent speaker, popular teacher and member of several professional societies, he is active in USENIX where he has participated in most every activity. He is a co-author of the recently-publishedWeb Security Sourcebook.
Brad Johnson is a well-known authority in the field of distributed systems. He has participated in seminal industry initiatives like the Open Software Foundation, X/Open, and the IETF, and has published often about open systems. At SystemExperts he has led numerous security probes for major companies, revealing significant unrealized exposures. Prior to joining SystemExperts, Brad was one of the original members of the OSF DCE Evaluation Team, the group that identified, evaluated and selected technology to become the industry's first true interoperable middleware.
Gary McGraw is a research scientist with a dual PhD in Cognitive Science and Computer Science from Indiana University. Dr. McGraw is a noted speaker, consultant, and author on Java security. He recently completed Java Security: Hostile Applets, Holes, & Antidotes (with Professor Ed Felten of Princeton University). McGraw's second book, Software Fault Injection: Inoculating Programs Against Errors (with Dr. Jeff Voas) will be published in November. Dr. McGraw's has published his research in over forty technical publications. He is principal investigator on grants from the National Science Foundation, Rome Labs, and the Defense Advanced Research Projects Agency (DARPA).
Jon Rochlis is a senior consultant for SystemExperts Corp. He provides high level advice to businesses in the areas of network security, distributed systems design and management, high-availability, and electronic commerce. Before joining SystemExperts, Mr. Rochlis was engineering Manager with BBN Planet, a major national Internet service provider.
Bruce Schneier is president of Counterpane Systems, a cryptography and computer security consulting company. He is the author of Applied Cryptography, the seminal work in its field, selling over 80,000 copies and has translated into four languages. His papers have appeared at international conferences, and he has written dozens of articles on cryptography for major magazines. He designed the popular Blowfish encryption algorithm, still unbroken after years of cryptanalysis.
Bill Cheswick logged into his first computer in 1969 and has worked on operating system security for more than 25 years. Since joining Bell Laboratories in 1987, he has worked on network security, PC viruses, mailers, the Plan 9 operating system, and kernel hacking. He co-authored, with Steve Bellovin, the first full book on Internet security, Firewalls and Internet Security, Repelling the Wily Hacker. Cliff Stoll has called Ches "one of the seven avatars of the Internet."
Ches's current work includes various Internet munitions, a new edition of the book, and maybe a way to hunt down anonymous denial-of-service attacks.
Architecture
Session Chair: Steve Bellovin, AT&T Labs--Research
A Comparison of Methods for Implementing Adaptive Security Policies
Brian Loe, Michael Carney, Secure Computing CorporationThe CRISIS Wide Area Security Architecture
Eshwar Belani, Amin Vahdat, Thomas E. Anderson, Michael Dahlin University of California at Berkeley
Intrusion Detection
Session Chair: Mike Reiter, AT&T Labs--Research
Bro: A System for Detecting Network Intruders in Real-Time
Vern Paxson, Lawrence Berkeley National LaboratoryCryptographic Support for Secure Logs on Untrusted Machines
Bruce Schneier and John Kelsey, Counterpane SystemsStackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks
Crispan Cowan, Oregon Graduate InstituteData Mining Approaches for Intrusion Detection
Wenke Lee and Salvatore J. Stolfo, Columbia University
Network Security
Session Chair: Dave Balenson, Trusted Information Systems
Securing 'Classical IP over ATM Networks'
Carsten Benecke and Uwe Ellermann, Universitaet Hamburg, Fachbereich InformatikA Java Beans Component Architecture for Cryptographic Protocols
Pekka Nikander and Arto Karila, Helsinki University of TechnologySecure Videoconferencing
Peter Honeyman, Andy Adamson, Kevin Coffman, Janani Janakiraman, Rob Jerdonek, Jim Rees, CITI, University of Michigan
Distributed Systems
Session Chair: Hilarie Orman, DARPA/ITO
Unified Support for Heterogeneous Security Policies in Distributed Systems
Victoria Ungureanu and Naftaly H. Minsky, Rutgers UniversityOperating System Protection for Fine-Grained Programs
Trent Jaeger, Jochen Liedtke, Nayeem Islam, IBM T.J. Watson Research CenterExpanding and Extending the Security Features of Java
Karen R. Sollins and Nimisha V. Mehta, MIT Laboratory for Computer ScienceWorld Wide Web Security
Diane Coe, Concept5 TechnologiesTowards Web Security Using PLASMA
A. Krannig, Fraunhofer-Institute for Computer Graphics IGDSecurity of Web Browser Scripting Languages: Vulnerabilities, Attacks, and Remedies
Vinod Anupam and Alain Mayer, Bell Labs, Lucent TechnologiesFinite-state Analysis of SSL 3.0
John C. Mitchell, Vitaly Shmatikov, Ulrich Stern, Stanford University
Cryptography
Session Chair: Carlisle Adams, Nortel
Certificate Revocation and Certificate Update
Kobbi Nissim and Moni Naor, Weizmann Institute of ScienceAttack-Resistant Trust Metrics for Public Key Certification
Raph Levien and Alex Aiken, University of California at BerkeleySoftware Generation of Random Numbers for Cryptographic Purposes
Peter Gutmann, University of Auckland
The Security Product Market: Trends and Influences
Marcus Ranum, Network Flight Recorder, Inc.
Computer Security and Legal Liability
Steve Bellovin, AT&T Labs - Research
Factoring: Facts and Fables
Arjen K. Lenstra, Citibank, N.A.
Elliptic Curves -- Ready for Prime Time
Alfred Menezes, Auburn University
Securing Electronic Commerce: Applied Computer Security or Just Common Sense
Clifford Neuman, University of Southern California, Information Sciences Institute
Real World Security Practices
JoAnn Perry, Independent Consultant and Shabbir Safdar, Goldman, Sachs & Co.
![]() Last changed: Oct 31, 1997 efc |
|