Date: Tue, 16 Aug 94 15:06 EDT

Date: Tue, 16 Aug 94 15:06 EDT
From: [email protected]
Subject: Program Information: 17th National Computer Security Conference (long)

17th NATIONAL COMPUTER SECURITY CONFERENCE
October 11-14, 1994
Baltimore Convention Center
Baltimore, Maryland

CONFERENCE PROGRAM and REGISTRATION
Tuesday, October 11, 1994 10:00a.m. - 12:00 p.m.

OPENING PLENARY

Opening: George B. Mitchell and Irene Gilbert Perry
Welcome to Baltimore: Dennis Lego, Bureau of Management
Information Systems, City of Baltimore
Welcome to the Conference: James H. Burrows & Patrick R. Gallagher, Jr.
Keynote Address: The Honorable Sally Katzen
Administrator, Office of Information and Regulatory Affairs
Office of Management and Budget
Systems Security Award: Patrick R. Gallagher, Jr. and James H. Burrows
Award Address: Distinguished Awardee
Best Paper Awards: Dennis Gilbert and Christopher Bythewood
Close: Irene Gilbert Perry and George B. Mitchell

Tuesday, 2:00-3:30 p.m.

Track A - Intrusion Detection Chair: R.Bace, NSA
Testing Intrusion Detection Systems: Design Methodologies and Results from an
Early Prototype
N. Puketza, University of California, Davis
A Pattern Matching Model for Misuse Intrusion Detection
S. Kumar, Purdue University
Artificial Intelligence and Intrusion Detection: Current and Future Directions
J. Frank, University of California, Davis

Track B - Panel - The Development of Generally Accepted System Security
Principles (GSSP)
Chair: M. Swanson, NIST
Panelists: W. Ozier, ISSA GSSP Committee Chair
E. Roback, NIST
B. Guttman, NIST
This panel discusses the GSSP that NIST is developing under the auspices of
Information Systems Security Association (ISSA) in coordination with OMB and
with technical assistance from NSA.

Track C - Panel - Can Your Net Work Securely?
Chair: P. Neumann, SRI
Panelists: E. Boebert, Secure Computing Corp.
A. Goldstein, Digital Equipment Corp.
W. Diffie, SUN Microsystems
C. Neuman, USC-Information Sciences Institute
Distributed systems must often rely on components whose trustworthiness cannot
be assured. This panel explores related issues.

Track D - Panel - Model Information Security Programs
Chair: R.Owen,Jr., Texas Office of the Attorney General
Panelists: G. Burns, Monsanto Co.
S. Green, University of Houston
P. Sibert, Dept. of Energy
J. Wright, Information Resources Comm. Florida
This panel presents Information Security Programs from the state, federal,
private, and academic sectors, highlighting their similarities and differences:
requirements; security organizational structure; security management process;
and methods of security awareness.

Track E Tutorial - Security in the Future
Speakers: LtCdr A. Liddle, Royal Navy, Information Resources Management College
J. Sachs, Arca Systems, Inc.
This tutorial takes a view forward to security and its role in enterprises,
applications, and information infrastructures; with general threats to
information systems; and with the roles of security disciplines.

Special Session - Panel: International Harmonziation, the Common Criteria -
Progress & Status
Chair: E. Troy, NIST
Panelists: C. Ketley, European Commission (UK)
Y. Klein, European Commission (France)
H. Kreutz, European Commission (Germany)
A. Robison, CSE, Canada
M. Tinto, NSA, US
This panel discusses the Common Criteria Project, the input documents, the
timetable, and the public review process. Panelists provide the first public
overview of the draft Common Criteria document contents.

Tuesday 4:00-5:30 p.m.

Track A - Panel - Fuzzy Security: Formalizing Security as Risk Management
Chair: R. Nelson, Information Systems Security
Panelists: H. Hosmer, Data Security, Inc.
J. McLean, Naval Research Lab
S. Ovchinnikov, San Francisco State University
This panel explores strategies for building flexibility into the formal aspects
of computer security to produce more functional trusted systems. Panelists
present views radically different from the conventional security approach.

Track B - Security Standards and Taxonomic Structures Chair: W.Jansen, NIST
A Taxonomy for Security Standards
W. Jansen, NIST
The Graphical Display of a Domain Model of Information Systems Security
(INFOSEC) Through Semantic Networks
T. Smith, NSA
A New Attack on Random Pronounceable Password Generators
R. Ganesan, Bell Atlantic

Track C - Operational Security Enhancements Chair: D. Dodson, NIST
Controlled Execution UNIX
L. Badger, TlS
Architectures for C2 DOS/Windows-Based Personal Computers
J. Epstein, Cordant, Inc.
A Practical Hardware Device for System and Data Integrity as well as Malicious
Code Protection
T.E. Elliott, CSE

Track D - Panel - Interdisciplinary Perspectives on INFOSEC
Chair: M.E. Kabay, National Computer Security Assn.
An Anthropological View: Totem and Taboo in Cyberspace
M.E. Kabay, National Computer Security Assn.
Panelists: J. Craft, Systems Research and Applications Group
V. Black, Pace Un iv.
P. Black, Pace Univ.
E. Martin, Organization & Education Consultants
INFOSEC, like other areas of human endeavor, can benefit from the insights of
other disciplines. This panel, a diverse group of academics and practitioners,
present their insights.

Track E - Tutorial - Risk Management
Speaker: LtCdr A. Liddle, Royal Navy, Information Resources Management College
This tutorial focuses on the importance of an overall risk management
perspective to information system security, stressing risk tolerance as opposed
to risk avoidance. Topics include: risk models and differentiation; asset,
threat, vulnerability, and risk analysis; and technical vs. operational
decisions.

Special Session - Panel: Security Requirements for Distributed Systems
Chair: R. Dobry, NSA
Panelists: J. Cugini, NIST
V. Gligor, University of Maryland
T. Mayfield, Institute of Defense Analysis
The panelists describe what is entailed in providing security for distributed
systems and how they see their efforts fitting into the Common Criteria.

Wednesday, 9:00 - 10:30a.m.

Track A - Access Control Chair: D. Cooper Unisys
A Three Tier Architecture for Role Based Access Control
R. Sandhu, SETA Corp.
Using THETA to Implement Access Controls for Separation of Duties
R. Pascale, Odyssey Research Associates
Implementing Role Based, Clark-Wilson Enforcement Rules on a B1 On-Line
Transaction Processing System
B. Smith-Thomas, AT&T Bell Laboratories

Track B - Criteria Chair: G. Wagner, NSA
Development History for Procurement Guidance Using the Trusted Computer System
Evaluation Criteria (TCSEC)
Maj M. DeVilbiss, USA, NSA
Exporting Evaluation: An Analysis of US and Canadian Criteria for Trust
P. Olson, NSA
What Color is Your Assurance?
D. Wichers, Arca Systems, Inc.

Track C - Panel - Internet Firewalls
Chair: J.Wack NIST
Panelists: M. Ranum, TIS
B. McConnell, The MITRE Corp.
This panel discusses how firewalls work, policies that can be implemented by
firewalls, and updates on different firewall configurations to support
restricted access.

Track D - Panel - Ethical Issues in the National Information Infrastructure
Chair: J. Williams, MITRE Corp.
Panelists: D. Denning, Georgetown University
G. Hammonds, National Council of Negro Women
H. Hosmer, Data Security Inc.
E. Leighninger, Andover-Newton Seminary
M. Rotenberg, EPIC
Social, legal, and ethical values reflected in the design, implementation, and
management of the NII will be highly visible in the security policies supported
by the NII. This panel addresses broad issues such as equity vs. risk, privacy
vs. accountabillty, privacy vs. survelllance, and the international
ramifications.

Track E - Tutorial - Trust Concepts
Speaker: C. Abzug, Information Resources Management College
This tutorial focuses on the fundamental concepts and terminology of trust
technology. It includes descriptions of the Trusted Computer Systems Evaluation
Criteria (TCSEC) classes, how these classes differ and how to determine the
appropriate class for your operational environment.

Wednesday, 11:00a.m. - 12:30 p.m.

Track A - Panel - The Future of Role Based Access Control: Its Structure,
Mechanisms, and Environment
Chair: H.Feinstein, SETA Corp.
Panelists: M. Abrams, MITRE Corp.
D. Denning, Georgetown University
D. Ferraiolo, NIST
R. Sandhu, George Mason University
This panel addresses the various definitions of role based security and how
they differ from the traditional Bell-Lapadula model. Panelists represent
researchers and the user community.

Track B - Panel - Product and System Certification in Europe
Chair: K. Keus, BSI, Germany
Panelists: M. Ohlin, Swedish Defense Materiel Admin.
P. Cambell-Burns, Admiral Mngt. Services Ltd., UK
H. Kersten, BSI, Germany
A.C. Jennen, BSI, Germany
P. Overbeek, TNO Physics and Electronic Lab, NL
J. Wilde, Logica, UK
L. Borowski, CR2A, France
This panel, representing Certification bodies of the European Community,
discusses their experiences with the European Criteria.

Track C - Panel - Proven Detection Tools For Intrusion Prevention
Chair: M. Higgins, DISA/CISS
Panelists: E. Dehart, Carnegie Mellon University
S. Weeber, Lawrence Livermore National Lab
F. Avolio, Trusted Information Systems
D. Slade, Bell Communications Corp.
This panel addresses the uses, implementation, features, and lessons learned of
protection tools. Panelists wlll take audience through detection scenarios and
lessons learned from operational implementation.

Track D - Panel - Medical Information Privacy Current Legislative And Standards
Activities
Chair: M. Schwartz Summit Medical Systems, Inc.
Privacy and the Handling of Patient Related Information in the Public Swedish
Health Care System
T. Olhede, Swedish Institute for Health Services
Panelists: R. Gellman, U.S. House of Representatives
M. Donaldson, National Academy of Sciences
D. Miller, lrongate, Inc.
C. Waegemann, Medical Records Institute
G. Lang, The Harrison Avenue Corp.
This panel addresses the technical and human issues generated by the currently
available technology in the medical arena.

Track E - Tutorial - Trusted Networks
Speaker: R.K. Bauer, Arca Systems, Inc.
This tutorial focuses on basic points in network security and gives an overview
of the Trusted Network Interpretation (TNI). Topics include: network security
concerns and services, trusted network components, the TNI and its Evaluation
Classes, system composition and interconnection, and cascading.

Wednesday 2:00 - 3:30 p.m.

Track A - Database Developments Chair: M. Schaefer, Arca Systems, Inc.
Virtual View Model to Design a Secure Object-Oriented Database
F. Cuppens, ONERA/CERT
Achieving Database Security Through Data Replication: The SlNTRA Prototype
M. Kang, Naval Research Lab
The SeaView Prototype: Project Summary
T. Lunt, SRI International

Track B - Panel - New Concepts in Assurance
Chair: P.Toth, NIST
Panelists: L. Ambuel, NSA
D. Kimpton, CSE - Canada
K. Rochon, NSA
K. Ferraiolo, ARCA Systems
This panel discusses new concepts in the area of assurance for IT security
products and systems. Presentations include results oftwo workshops on
assurance: The Invitational Workshop on Information Technology Assurance and
Trustworthiness and the International Workshop on Development Assurance.

Track C - Panel - MLS System Solutions-A Continuing Debate Among the Critical
Players
Chair: J. Sachs, Arca Systems. Inc.
Panelists: J. Adams, SecureWare
M. Askew, GTE
G. Evans, ARCA
P. Klein, DISA
A. Leisenring, NSA
K. Thompson, USACOM
J. Seymour, Joint Staff
This panel debates issues associated with acquiring an MLS system.

Track D - Detecting and Deterring Computer Crime Chair: J. Holleran, NSA
The Electronic Intrusion Threat to National Security & Emergency Preparedness
Telecommunications: An Awareness Document
T. Phillips, Booz Allen & Hamilton, Inc.
Using Application Profiles to Detect Computer Misuse
N. Kelem, Trusted Information Systems
Can Computer Crime Be Deterred?
S. Sherizan, Ph.D, Data Security Systems, Inc.

Track E - Tutorial - Trusted Databases
Speaker: G.Smith, Arca Systems, Inc.
This tutorial focuses on security from a "database view" and gives an overview
of the Trusted Database Interpretation (TDI). Topis include: DBMS specific
security requirements, vulnerabilities, and challenges; database design
considerations; implementation issues; and use issues.

Wednesday 4:00 - 5:30 p.m

Track A - Panel - Inference Problem in Secure Database Systems
Chair: B. Thuraisingham, MITRE Corp.
An Inference Paradigm
D. Marks, NSA
Panelists: D. Marks, NSA
T. Lunt, SRI Intl.
T. Hinke, University of Alabama
M. Collins, MITRE Corp.
L. Kerschberg, George Mason University
This panel focuses on the practical developments made on the inference problem
over the past three years and provides direction for further work on this
problem.

Track B - Panel - New Challenges for C&A: The Price of Interconnectivity and
Interoperability
Chairs: Ellen Flahavin, NIST
Joel Sachs, ARCA
Panelists: A. Lee MITRE
E. O'Connor, IRS
H. Ruiz, DISA
S. Schanzer, CIA
E. Springer, OMB
This panel focuses on new challenges for certification and accreditation from a
variety of government perspectives including civil, defense, intelligence, and
multi-agency.

Track C - Putting Trusted Products Together
Chair: B. Burnham, NSA
Partitioning the Security Analysis of Complex Systems
H. Holm, NSA
The Composition Problem: An Analysis
G. King, Computer Science Corp.
Making Do With What You've Got
J. Jerryman, The Boeing Co.
Modern Multilevel Security (MLS): Practical Approaches for Integration,
Certification, and Accreditation
B. Neugent, The MITRE Corp.

Track D - Panel - Computer Crime on the Internet
Chair: C. Axsmith, Esq., ManTech Strategies Associates
Panelists: D. Parker, SRI Intl.
M. Pollitt, FBI
T. Chambers, Food & Drug Admin.
B. Fraser, CERT, Carnegie Mellon Univ.
M. Schoffstall, Performance Systems International
M. Fedor, Performance Systems International
This panel addresses computer crime issues related to Internet connections. The
issue will be dealt with from many angles to provide a practical and
wellrounded overview.

Track E - Tutorial - Criteria Comparisons
Speaker: C.Abzug, Information Resources Management College
This tutorial focuses on the differences and similarities of the national and
international criteria of Canada, the United States, and Europe. They are
compared and considered, both in the context of value to security engineering
today, and as foundations for the Common Criteria.

Wednesday, 7:O0p.m. Conference Banquet at the Hyatt Regency Inner Harbor Hotel
Harry B. DeMaio, Deloitte & Touche

Thursday, 9:00 - 10:30 a.m.

Track A - Panel - Key Escrowing: Today and Tomorrow
Chair: M.Smid, NIST
Panelists: J. Manning, NSA
M. Glimore, FBI
D. Denning, Georgetown University
This panel provides an in-depth technical view of the key escrow system
developed in conjunction with FIPS 185.

Track B - Panel - The Department of Defense Goal Security Architecture
Chair: W.T. Polk, NIST
Panelists: R. McAllister, NSA
C. Deutsch, NSA
J. Schafer, DISA
J. Coyle, Booz.Allen & Hamilton
This panel discusses the DGSA. The DGSA is derived from DoD Information System
Security Policy and reflects requirements for the support of multiple security
policies, distributed information processing, conductivity by common carriers,
users with different security attributes, and resources with varying degrees of
security protection.

Track C - Panel - Trusted Systems Interoperability Group
Chair: S. Wisseman, Arca Systems, Inc.
Panelists: P. Cummings, Digital Equipment Corp.
R. Sharp, AT&T Bell Laboratories
J. Edelheit, The MITRE Corp.
C. Watt, SecureWare, Inc.
G. Mitchell, NSA
This panel, discussing TSIG work since 1989, addresses problem progress in
providing multi-vendor interoperability among security enhanced and traditional
UNIX systems.

Track D - Risks and Threats Chair: D. Gambel, Northrup Grumman
Demonstrating the Elements of Information Security With Threats
D. Parker, SRI International
The Aerospace Risk Evaluation System (ARiES): Implementation of a Quantitative
Risk Analysis Methodology for Critical Systems
C. Lavine, The Aerospace Corp.
The Security-Specific Eight Stage Risk Assessment Methodology
D. Drake, Science Applications International Corp.

Track E - Tutorial - UNIX Security
Speaker: E. Schultz, Arca Systems, Inc.
This tutorial focuses on operational security with systems in an internetworked
environment, using UNIX as an example. It includes security weaknesses, methods
for improving security, and ways to detect and respond to attacks on UNIX
systems.

Thursday, 11:O0a.m.- 12:30p.m.

Track A - Panel - The Security Association Management Protocol (SAMP)
Chair: Maj T. Hewitt, USAF NSA
Panelists: D. Walters, NIST
D. Wheeler, Motorola
M. White, Booz. Allen & Hamilton
A. Reiss, NSA
J. Leppek, Harris Corporation
A security association is an agreement between two or more entities that
resolves all of the options (negotiable parameters) of the security mechanisms
that perform security services for communication. This panel addresses some of
the questions, design considerations, and requirements for security
associations.

Track B - Network Architecture Chair: H.Weiss, SPARTA, Inc.
BFE Applicability to LAN Environments
T. Benkart, ACC Network Systems
The Architecture of Triad: A Distributed, Real Time, Trusted System
E.J. Sebes, TIS
Constructing a High Assurance Mail Guard
R. Smith, Secure Computing

Track C - Panel - NSA Concurrent Systems Security Engineering Support To The
MLS TECNET Program
Chair: B. Hildreth, NSA
Panelists: M. Mayonado, Eagan, McAllister Assoc.
T. Acevedo, Pulse Engineering, Inc.
J. Himes, NSA
G. Wessel, NSA
R. Blair, NSA
R. White, Air Intelligence Agency
G. Hurlburt, Naval Air Warfare Center
This panel discusses the Concurrent System Security Engineering initiative that
NSA is applying to aid TECNET, the Test & Evaluation Community Network. TECNET
must evolve the capability for simultaneously processing unclassified and
classified data while supporting both cleared and uncleared users.

Track D - Panel - Current Issues & Trends in Trusted Product Evaluations
Chair: K. Bruso, NSA
Panelists: P. Toth, NIST
J. Arnold, NSA
C. McBride, NSA
L. King, NSA
M. Hale, NSA
J. Pedersen, NSA
This panel will highlight the significant accomplishments of trusted product
evaluations during the past year. Process improvements will be discussed with
particular attention given to the Trust Technology Assessment Program and the
Trusted Products Evaluation Program.

Track E - Tutorial - Windows NT Security
Speaker: J. Williams, Arca Systems, Inc.
This tutorial focuses on operational security with distributed PC- based
computing, using Windows NT as an example. It discusses security from the
perspectives of both clients and servers: exposures and vulnerability,
appropriate control measures, and recommended policies and practices.

Thursday, 2:00-3:30 p.m.

Track A - Networks and Distributed Systems
Chair: D. Schnackenberg, Boeing Defense & Space Group
Towards a Formal Verification of a Secure and Distributed System and its
Applications
K. Levitt University of California at Davis
Making Secure Dependencies Over a LAN Architecture - for Security Needs
B. d'Ausbourg, CERT/ONERA
Automatic Generation of High Assurance Security Guard Filters
V. Swarup, The MITRE Corp.

Track B - Panel - Multilevel Security (MLS) - Current Applications and Future
Directions I
Chair: Col. J. Sheldon, USA, DISA/CISS
Panelists: J. Wiand, USSOCOM
R. Myers, USACOM
E. Klutz, USACOM
LTC T. Surface, USPACOM
Maj K. Newland, USSPACECOM
P. Woodie, NSA
C. West, DISA
This panel covers applications and use of multilevel security (MLS) solutions
fielded at the US Unified Commands by the Department of Defense MLS Program,
and an overview of the NSA Multilevel Information System Security Initiative
(MISSI).

Track C - Security Implementations Chair: J.Anderson, J.P. Anderson Co.
Applying COMPUSEC to the Battlefield
S. Arkley, Computer Sciences Corp.
Security Requirements for Customer Network Management in Telecommunications
V. Varadharajan, Hewlett-Packard Labs.
Support for Security in Distributed Systems Using MESSIAHS
S. Chapin, Kent State University

Track D - Panel - Do You Have the Skills to be a Future INFOSEC Professionals?
Chair: V. Maconachy, DISA/CISS
Panelists: C. Schou, Idaho State University
R. Morris
G. Burns, Monsanto Corp.
This panel examines the types of skills that wlll be needed to cope with the
changing work environment and what types of individual initiatives are required
to keep up with advancing technologies and management challenges.

Track E - Tutorial - System Security Engineering, Certification, and
Accreditation
Speaker: J. Sachs, Arca Systems, Inc.
This tutorial focuses on engineering and assessment issues in integrating MLS
solutions using trusted products, developing the certification evidence, and
the accreditation process. Topics include: system security, assurance,
trade-offs, and methodologies.

Thursday, 4:00- 5:30p.m.

Track A - Formal Methods and Modeling Chair: S. Jajodia, George Mason
University
Belief in Correctness
M. Abrams, The MITRE Corp.
Towards a Privacy-Friendly Design and Use of IT-Security Mechanisms
S. Fischer-Hubner, University of Hamburg
Using a Semiformal Security Policy Model 2C a C2 Better
M. Schaefer, Arca Systems, Inc.

Track B - Panel - Multilevel Security (MLS) - Current Applications and Future
Direction II
Chair: Col. J. Sheldon, DISA/CISS
Panelists: J. Wiand, USSOCOM
R. Myers, USACOM
E. Klutz, USACOM
LTC T. Surface, USPACOM
Maj K. Newland, USSPACECOM
P. Woodie, NSA
C. West, DISA
This panel covers applications and use of multilevel security (MLS) solutions
fielded at the US Unified Commands by the Department of Defense MLS Program,
and an overview of the NSA Multilevel Information System Security Initiative
(MISSI).

Track C - Views on Vulnerability Chair: R. Wood, NSA
A Technical Approach for Determining the Importance of Information in
Computerized Alarm Systems
J. Lim, Lim & Orzechowski Assoc.
ASAM: A Security Certification and Accreditation Support Tool for DoD Automated
Information Systems
L. Remorca, Secure Solutions, Inc.
A Financial Management Approach for Selecting Optimal, Cost-Effective
Safeguards Upgrades for Computer- and Information- Security Risk Management
S.T. Smith, Barracana, Inc.

Track D - Real Lessons Chair: J. Campbell, NSA
Security Awareness and the Persuasion of Managers
D. Poindexter, CISS
The Network Memorandum of Agreement (MOA) Process: Lessons Learned
L. Jaworski, TIS
Independent Validation and Verification of Automated Information Systems the
Department of Energy
W. Hunteman, Los Alamos National Laboratory

Track E - Tutorial - Information System Security Officer's Challenges
Speaker: C. Bressinger, DoD Security Institute
This tutorial focuses on the continued protection and accreditation of
operational information systems. Topics include: virus prevention and
eradication; access control evaluation and configuration; media clearing and
purging; intrusion detection and handling; and dealing with risk.

Thursday, 6:00 p.m. Awards Ceremony followed by Awards Reception
at the Baltimore Convention Center

Friday, 9:00 - 10:30 a.m.

Track A - Panel - Highlights of the New Security Paradigms `94 Workshop
Chair: E. Leighninger, Co-Program Chair
Formal Semantics of Confidentiality in Multilevel Logic Databases
A. Spalka, University of Bonn
Healthcare Information Architecture: Elements of a New Paradigm
D.Essin & T. Lincoln
Communication, Information Security and Value
J. Dobson, University of Newcastle
Fuzzy Patterns In Data
T.Y. Lin, San Jose State University

Track B - Panel - Prominent Industry-Sponsored Security Architectures Currently
Under Development
Chair: M. McChesney, SecureWare
Panelists: R. Schell, Novell, GSA
B. Dwyer, Hewlett-Packard, DCE
This panel discusses the Distributed Computing Environment Security Servicing,
the NoveIl Global Security Architecture, and the Extended Global Security
Architecture; how they relate to one another and how they might evolve in the
future to provide compatible security functionality.

Track C - Panel - Provisions to Improve Security on the Internet
Chair: H. Highland
Panelists: F. Avolio, Trusted Information Systems, Inc.
S. Bellovin AT&T Bell Laboratories
M. Bishop, University of California, Davis
W. Cheswick, AT&T Bell Laboratories
Dr. J. David, The Fortress
Colonel F. Kolbrener
A. P. Peterson, P.E., Martin Marietta
This panel discusses what Internet has done to promote net security the
specific risks of operating under TCP/IP, and what can be done quickly and
easlly to promote net security.

Track D - Panel - Computers at Risk (CAR) Recommendations: Are They Still Valid?
Chair: H.Tipton, CISSP, Member of the CAR Committee, Member of the GSSP
Committee
Panelists: W. Ozier, Ozier Peterse & Assoc.
S. Walker, Trusted Information Systems
E. Boebert, Secure Computing Corp.
Panelists revisit the CAR committee recommendations in view of the information
security environment today.

Track E - Panel - IT Security Resources
Panelists: K. Everhart, NIST
M. Swanson, NIST
B. Lau, NSA
N. Lynch, NIST
This session presents an overview of major sources of information on IT
security and a model for acquiring, disseminating, and managing security-
relevant information resources.

Friday, 11:00 a.m. - 12:30 p.m. CLOSING PLENARY
"Security, Privacy, and Protection issues in Emerging Information
Infrastructures"
Distinguished Panel:
Professor Anthony Oettinger (Co-Chair)
Chairman
Program on Information Resources Policy
Harvard University
Dr. Brian Kahin (Co-Chair)
Director
Information Infrastructure Project
Science, Technology and Publlc Policy Program
Harvard University
Robert Lucky
Vice President
Applied Research
Bellcore
Fred M. Briggs
Senior Vice-President and Chief Engineering Officer
MCI

SPECIAL SESSIONS AND DEMONSTRATIONS

Electronic Groupware Tools to Address IT Security Challenges
Tues - Fri Room 305
Dr. Corey Schou of Idaho State University has developed an electronic group
decision support system that has been applied to a wide range of information
technology security questions, issues, and challenges. A portable version of
the system with approximately a dozen stations is available at the conference.
Attendees may "test drive" the system, view the results of a series of
workshops that addressed security training and professional development, and
"brainstorm" relevant questions and issues. Individuals are invited to request
a session that will focus on an issue of importance. All requests will be
honored as circumstances permit.

Trusted System Interoperability Group (TSIG) MLS Technologies Demonstration
Tues-Thurs Room 319
Many different MLS hardware and applications are used in this integrated, real
world demonstration. Hardware products include: single level personal
computers, MLS X terminals, MLS routers, MLS workstations, and MLS servers.
Applications include distributed MLS databases, networked MLS file systems, MLS
electronic mail, MLS file transfers and MLS remote logins.

Multilevel Information System Security Initiative (MlSSI) Product
Demonstrations Wed-Thurs Room 321
MISSI is evolving a series of products which, when combined, provide security
services for a wide variety of application environments. The products being
demonstrated at the NCSC include: In-Line Network Encryptors such as NES and
CANEWARE; Workstation Security Products such as MOSAIC; and Secure Server
Products such as the Secure Mail Guard. There will be simulations of Security
Management Services such as the Local Authority Workstation and the Directory.

The Learning Track Tues - Fri Room 303
The Federal Information System Security Educators' Association with the
Education, Training, and Awareness Working Group of the NSTISSC present a set
of sessions providing a view of current federal and private sector initiatives
related to security education, training, and awareness. Included are models
for training, reports on current activities, and displays of security training
materials and tools.

European Community Tues-Fri Room 302
The Information Technology Security Evaluation Facilities (ITSEF) in Europe and
the European Certification Bodies intend to inform the world community on
system and security product evaluations and will demonstrate the product
evaluation methodology.

Defense Information Systems Agency (DISA)/Center for Information Systems
Security (CISS) Tues- Fri Room 318
As a jointly-staffed DISA/NSA organization, CISS will present displays and
demonstrations to showcase services and products that directly support the
Department of Defense. The presentation will include a demonstration by the
Automated Systems Security Incident Support Team (ASSIST).

Air Force C4 Systems Security Initiatives Tues - Wed Room 301
The Air Force will present an overview of their system security initiatives
such as the Automated Security Incident Measurement project; on line surveys;
incident response; and trends in tool development, including demonstrations on
intrusion detection and risk management.

Intrusion Detection Workshop Thurs Room 301
This workshop will consist of several short presentations and discussion
periods. Sessions are expected to include: progress on ongoing intrusion system
development projects; experiences with the use of intrusion detection systems;
auditing; legal issues; privacy issues; network security issues; intrusion
scenarios; new techniques that can be applied to detect intruders; incident
response; and requirements for intrusion detection systems.

OTHER ACTIVITIES OF INTEREST

NSA INFOSEC Awareness Booth Tues - Fri Registration Area
Publications available include the INFOSEC Products and Services Catalog and
the NCSC's computer security technical guidelines - the Rainbow Series. The
booth also offers a variety of other publications providing INFOSEC information
most frequently requested by users, developers, operators, and administrators
of products and systems.

NIST Publications Booth Tues - Fri Registration Area
Information and publications on a variety of information systems security
issues are available. The NlST Computer Systems Laboratory Bulletins which
discuss security topics in depth are featured.

DOCKMASTER Tues-Fri Room 312
The NCSC's DOCKMASTER is a focal point for nationwide dissemination and
exchange of INFOSEC data through electronic mail and Bulletin Boards. Over 2000
users from federal government organizations, private companies, and academic
institutions participate in its forums and retrieve data on INFOSEC products,
conferences, and training.

NIST Bulletin Board Tues - Fri Room 312
A wide variety of computer security information is available to federal
agencies and to the public through the NIST Bulletin Board System. Information
posted on the system includes an events calendar, computer-based training,
software reviews, publications, bibliographies, lists of organizations, and
other government bulletin board numbers.

Book Exhibit Tues - Thurs Registration Area
A combined book exhibit representing a selection of leading publishing firms
and the latest selections in Computer Security is presented by Association Book
Exhibit, 6395. Washington Street, Alexandria, VA 22314.

The Information Systems Security Association (ISSA) Booth
Tues - Fri Registration Area
The ISSA is an association of InfoSec Practitioners whose aim is to enhance
professionalism through education, information exchange, and sharing among
those who do InfoSec day-to-day. The booth will contain newsletters, resource
guides, Guidelines for Information Valuation, and Generally Accepted Security
Principles (preliminary).

GENERAL INFORMATION

MEETING SITE
The conference will be held at the Baltimore Convention Center, 1 East Pratt
Street, Baltimore, Maryland, close to the Baltimore Inner Harbor area. The
opening plenary session will be held in Hall A, on the Exhibit Level (enter the
Pratt Street lobby). Registration and information services, and all other
technical sessions, will be held on the third floor Meeting Room Level. The
Convention Center is conveniently located close to the meeting hotels, the
major highways leading into Baltimore, numerous restaurants, shops, and
sightseeing attractions.

REGISTRATION
A registration fee is being charged to defray the costs of conducting the
conference.
BEFORE SEPTEMBER 9, 1994 AFTER SEPTEMBER 9, 1994
$235 $280
*Cancellations must be received by NIST no later than September 9, 1994 in
order to receive a refund. Please call Ms. Tammie Grice, at (301) 975-2775 for
guidance. THERE IS NO PROVISION FOR A STUDENT FEE.

To register, fill out the enclosed registration form and return it with payment
(if using a check, make it payable to NIST/17th National Computer Security
Conference) to the National Institute of Standards and Technology, Office of
the Comptroller, A807 Administration Building, Gaithersburg, Maryland 20899.
The registration desk at the Convention Center will be open from 6:30-8:30 p.m.
on Monday evening, October 10th, and will reopen each morning of the conference
at 8:00 a.m.

TRANSPORTATION
For those attendees not staying in Baltimore, daily bus service will be
provided from the National Computer Security Center (NCSC), 911 Elkridge
Landing Road, Linthicum, MD. The buses will run in a round-robin fashion from
the NCSC from 7:30 - 8:30 each morning. Buses will return to the NCSC at the
end of the sessions each day and following the Banquet and Awards Reception.

PROCEEDINGS
A hard copy of the conference proceedings will be included as part of the
registration packet. See information regarding Proceedings on CD Rom.

COMMUNICATIONS
Messages will be taken between the hours of 8:00 a.m. and 5:00 p.m. Tuesday
through Thursday, and between the hours of 8:00 a.m. and 12:00 noon, on Friday.
Please check the message board frequently. Attendees will not be called out of
a meeting except in cases of emergency. The phone numbers to be used for
leaving messages will be posted on the message board.

SPECIAL INTEREST ROOMS
There will be a limited number of rooms available for Special Interest
discussions ("birds of a feather," etc.). These rooms may be reserved in
one-hour increments and must not be used for commercial purposes. Reservations
may be made by calling the NCSC Conference Administrator at (301) 850-0272.
Room reservations will be posted on the message board for all open meetings.

FOOD FUNCTIONS
Coffee service will be provided to all attendees during registration each
morning and at mid-morning and mid-afternoon breaks. Attendees will be free at
lunch time to explore the many convenient restaurants or other sites near the
Convention Center.

BANQUET
The Conference Banquet will be held at the Hyatt Regency Inner Harbor on
Wednesday evening, October 12, with a cash bar reception beginning at 6:00
p.m., followed by dinner at 7:00 p.m. Mr. Harry DeMaio, National Marketing
Director of Information Protection Consulting for Deloitte and Touche will be
the dinner speaker. A coupon for this function, which may be exchanged for a
ticket on a first-come, first-served basis, will be included in your
registration kit.

AWARDS RECEPTION
On Thursday, October 13, an Awards Ceremony will be held on the Terrace Level
at the Convention Center starting at 6:00 p.m. Refreshments will follow in the
lower lobby. No ticket is required for this event, but please wear your name
tag.

HOUSING
Blocks of rooms have been reserved for conference attendees at a number of
hotels near the Convention Center, at special group rates. The hotels, with
their daily rates, are listed below in order of their proximity to the
Convention Center. To register for rooms at the special rates, return the
enclosed form directly to the Baltimore Housing Bureau, 100 Light Street, 12th
Floor, Baltimore, MD 21202, (fax number 410-659-7313) with a deposit of
$100.00, no later than September 9, 1994 After that date, we cannot guarantee
that rooms will be available at the special conference rate. RESERVE EARLY!
Please mail or fax the form, rather than telephoning for your reservations, as
this identifies you with the conference, and makes you eligible for the special
rates.

Single Double

Hyatt Regency Baltimore $128.00 (plus tax) $138.00 (plus tax)
300 Light Street
Baltimore, MD 21202

Days Inn Inner Harbor $69.00 (plus tax) $79.00 (plus tax)
100 Hopkins Place
Baltimore, MD 21201

Holiday Inn Inner Harbor
301 W. Lombard Street $ 69.50 (plus tax, govt) $ 69.50 (plus tax, govt)
Baltimore, MD 21201 $ 89.50 (plus tax, non-govt)

Radisson Plaza Lord Baltimore Hotel
20 West Baltimore Street
Baltimore, MD 21201 $ 78.00 (including tax) $ 93.00 (including tax)

Omni Inner Harbor Hotel
101 West Fayette Street $ 78.00 (including tax) $ 90.00 (including tax)
Baltimore,MD 21201

* The Radisson and Omni are an equal distance from the Convention Center.

FURTHER INFORMATION
For further information call Tammie Grice, the conference registrar, at (301)
975-2775.

CONFERENCE REGISTRATION FORM
17th National Computer Security Conference
October 11-14, 1994
Baltimore Convention Center
Baltimore, Maryland
NAME:____________________________________________________________
First and last name as it should appear on your badge
__________________________________
COMPANY: _______________________________________

ADDRESS: ________________________________________

CITY:_____________________ STATE:_________________ ZIP: ___________

COUNTRY: ______________ TELEPHONE NO:

E-Mail Address if available:_____________________________________________

Registration Fee $235.00 before September 9, 1994; $280.00 after September 9,
1994

Federal Government Employee? ________yes _________ no

Payment Enclosed in the Amount of: _____

Form of Payment:

___ Check. Make checks payable to NIST/17th National Computer Security
Conference. All checks must be drawn on U.S. banks only.
___ Purchase Order Attached. P.O. No.: _________
___ Federal Government Training Form

____ MasterCard ___Visa
Account No.: _____________ Exp. Date ______
Authorized Signature: ____________________________
PLEASE NOTE: No other credit cards will be accepted.

Please return conference registration form and payment to:

c/o 17th National Computer Security Conference
Office of the Comptroller
National Institute of Standards and Technology
Room A807, Administration Building
Gaithersburg, MD 20899
Credit card registration may be faxed to Tammie Grice at (301) 948-2067.

Is this the first time you have attended the National Computer Security
Conference?_________

Conference Participants List:
__ I do want my name on the Conference Participants List which is distributed
to conference attendees.
__ I do not want my name on the Conference Participants List.

It is our sincere desire to comply with both the letter and spirit of the
Americans with Disabilities Act of 1990. Attendees with special needs should
call (301) 975-2775 so we can ensure that your visit at our Conference is a
pleasurable one.

NOTICE

We are considering putting the conference proceedings along with those of the
last two or three conferences, on CD ROM. Please answer the following questions
to help us determine whether to proceed with this project, and if so, how many
disks to produce. Our objective is to keep the price at a minimum, but
sufficient to cover expenses. The price of the CD ROM will depend on the number
of copies expected to be sold, probably between $25 and $75.

This is NOT an order, nor a commitment!

Please DO NOT send payment!

If there is sufficient interest, orders will be taken at the conference.

I would be interested in purchasing the NCS Conference Proceedings on CD Rom as
follows:
___ copies, if the price per copy is $25
___ copies, if the price per copy is $35
___ copies, if the price per copy is $50
___ copies, if the price per copy is $75

Name:
Organization:
Address:
Phone:
E-mail:

END