Date: Thu, 16 Aug 90 23:58 EDT From: Jack Holleran Subject: 13th National Computer Security Conference, October 1-4, 1990 FEES: Before September 1, 1990 - $225.00 After September 1, 1990 - $250.00 LOCATION (100 yards from Woodley Park Metro Station) Omni Shoreham Hotel 2500 Calvert Street, NW Washington, DC 20008 Hotel Room Conference Rates Corporate Government Single $125 $ 93 Double $145 $108 Telephone: (202) 234-0700 TRANSPORTATION Bus transportation will be provided between the Omni Shoreham Hotel and three local sites: The National Institute of Standards and Technology, Administration Building in Gaithersburg, MD; The National Security Agency, Operations Building 3 (Gatehouse 8), Savage Road, Fort George G. Meade, MD; and The National Computer Security Center, Airport Square 11, 911 Elkridge Landing Road, Linthicum, MD Buses will depart at 7:15 a.m. each morning and return at the end of the afternoon sessions (approximately 5:30 p.m.) and after the banquet on Wednesday. Beginning at 9:30 p.m. on Tuesday evening, buses will depart for all locations (see above), including the Omni Shoreham Hotel, from the Smithsonian American History Museum. SPECIAL INTEREST ROOMS There will be several rooms available, on a first-come, first-served basis, for Special Interest discussions ("birds of a feather", etc). The rooms may be reserved in one-hour increments and should not be used for commercial purposes. Contact the staff at the reservation desk to reserve one of these rooms. FURTHER INFORMATION For further information, call Tammie Grice at (301) 975-2775. ----------------------------------------------------------------------- CONFERENCE REGISTRATION FORM 13th National Computer Security Conference October 1-4, 1990 Omni Shoreham Hotel 2500 Calvert Street Washington, DC 20008 NAME: _______________________________ COMPANY: _______________________________ ADDRESS: _______________________________ CITY: ___________ STATE: ________ ZIP: ____ COUNTRY: ___________ TELEPHONE NO: __________ Full Registrants Fee Students Registration Fee* Before Sep 1 @ $225 Before Sep 1 @ $50 __ After Sep 1 @ $250 After Sep 1 @ $75 __ *Please Note: A student's registration MUST be accompanied by a letter from his/her faculty advisor or professor, on university or college letterhead paper, testifying that the registrant is a full-time student. The student attendee will be entitled to participate in all conference events except the evening functions. Tickets for these events may be available at an extra fee. Payment Enclosed in the Amount of: _____ Form of Payment: ___ Check. Make checks payable to NIST/13th National Computer Security Conference. All checks must be drawn on U.S. banks only. ___ Purchase Order Attached. P.O. No.: __________ ___ Federal Government Training Form ___ MasterCard ___Visa Account No.: _______________ Exp. Date _______ Authorized Signature: _______________________ PLEASE NOTE: No other credit cards will be accepted. Please return conference registration form and payment to: c/o 13th National Computer Security Conference Office of the Comptroller National Institute of Standards and Technology Room A807, Administration Building Gaithersburg, MD 20899 Conference Participants List: __ I do want my name on the Conference Participants List which is distributed to conference attendees. __ I do not want my name on the Conference Participants List. Primarily, I plan to attend (see brochure) Track A___ Track B ___ Track C-I ___ Track C-II ___ Track D ___ ---------------------------------------------------------- HOTEL RESERVATION FORM 13th National Computer Security Conference 1-4 October 1990 Omni Shoreham Hotel 2500 Calvert Street Washington, DC 20008 To register for your accommodations, complete this form and return it DIRECTLY to the hotel NO LATER THAN SEPTEMBER 7. After that date, we cannot guarantee the availability of rooms nor the special group rates. All reservations must be accompanied by a first night's deposit. Please make your check payable to the Omni Shoreham or provide your credit card number and signature in the spaces provided below. Confirmation of your reservation will be sent to you directly from the hotel. NAME: _______________________________ COMPANY: _______________________________ ADDRESS: _______________________________ CITY: ___________ STATE: ________ ZIP: ____ COUNTRY: ___________ TELEPHONE NO: __________ (include country access code if appropriate) PLEASE RESERVE: Single Room(s) ________ Double Room(s) __________ Arrival Date: ________ Departure Date: _________ Person Sharing Room: ____________________________ RATES: Corporate Government* Single $125 $ 93 Double $145 $108 *Government per diem w/tax METHOD OF GUARANTEE: Deposit Enclosed: _____ Check One: ___ American Express ___ Visa ___MasterCard ___Diners Club ___Carte Blanche Credit Card #: _________________ Exp. Date: ______ Signature of Cardholder: ________________________ -------------------------------------------------------------- FINAL program for the 13th National Computer Security Conference Special National Computer Security Conference Sessions October 2, 1990 Opening Plenary Session 0900 Welcoming Remarks Conference Co-Chairs Irene Gilbert, National Institute of Standards and Technology Paul Peters, National Computer Security Center Patrick R. Gallagher, Jr. Director, National Computer Security Center Lynn McNulty, Associate Director for Computer Security National Computer Systems Laboratory National Institute of Standards and Technology Keynote Address The Honorable Robert G. Torricelli U. S. House of Representatives (D - NJ) Presentation: 1990 National Computer System Security Award 1830 Conference Reception Smithsonian American History Museum October 3, 1990 1600 Speak Out Irene Gilbert, National Institute of Standards and Technology Paul Peters, National Computer Security Center Session Chairs 1800 Conference Banquet (Omni Shoreham Regency Ballroom) Speaker: Ms. Michelle K. VanCleave Assistant Director for National Security Affairs Office of Science and Technology Policy Executive Office of the President October 4, 1990 1100 Closing Plenary Session Panel: Towards Harmonized International Security Criteria This session will include representatives of organizations from Europe and the United States discussing the security criteria and evaluation procedures being proposed for international use. The impact of current proposals and their evolution towards satisfying future user and vendor requirements will be presented. Stuart Katzke, Session Chair, National Institute of Standards and Technology 1225 Closing Remarks Conference Co-Chairs Irene Gilbert, National Institute of Standards and Technology Paul Peters, National Computer Security Center TRACK A - Research & Development MONDAY, OCTOBER 1 1600 Panel: Commercial Development & Evaluation of Trusted Systems: An Open Discussion -- Our Success to Date Frank Mayer, Session Chair, Sparta Steve LaFountain, National Computer Security Center; Daniel Schnackenberg, The Boeing Corporation; Captain Keith Frederick, USAF TUESDAY, OCTOBER 2 Verification Joshua Guttman, Session Chair, The MITRE Corporation 1030 Covert Storage Channel Analysis: A Worked Example Timothy Levin, Albert Tao, Gemini Computers, Inc. Steven Padilla, Trusted Information Systems, Inc. 1050 Verification of the C/30 Microcode Using the State Delta Verification System (SDVS) Jeffrey Cook, The Aerospace Corporation 1110 UNIX System V with B2 Security Craig Rubin, AT&T Bell Laboratories 1400 PANEL: Access Control: Time for A Retrospective Jonathan Millen, Session Chair, The MITRE Corporation Catherine McCullom, Unisys Earl Boebert, SCTC William Shockley, Digital Equipment Corporation Leonard LaPadula, MITRE Richard Graubart, MITRE Electronic Authentication & Biometrics William H. Murray, Session Chair 1600 Key Management Systems Combining X9.17 and Public Key Techniques Jon Graff, Cylink 1620 Electronic Document Authorization Addison Fischer, Fischer International Systems Corporation 1640 The Place of Biometrics in a User Authentication Taxonomy Alex Conn, John Parodi, Michael Taylor, Digital Equipment Corporation 1700 Non-Forgeable Personal Identification System Using Cryptography and Biometrics Glenn Rinkenberger, Ron Chandos, Motorola Government Electronics Group WEDNESDAY, OCTOBER 3 Intelligent Tools I: Auditing V. A. Ashby, Session Chair, The MITRE Corporation 0900 An Audit Trail Reduction Paradigm Based on Trusted Processes Zavdi Lichtman, John Kimmins, Bell Communications Research 0930 The Computerwatch Data Reduction Tool Cheri Dowell, Paul Ramstedt, AT&T Bell Laboratories 1000 Analysis of Audit and Protocol Data Using Methods from Artificial Intelligence Winfried R E. Weiss, Adalbert Baur, Siemens AG Intelligent Tools II: Intrusion Detection James Anderson, Session Chair, J.P. Anderson & Co. 1100 A UNIX Prototype for Intrusion and Anomaly Detection in Secure Networks J. R. Winkler, Planning Research Corporation 1130 A Neural Network Approach Towards Intrusion Detection Richard Simonian, Ronda Henning, Jonathan Reed, Kevin Fox, Harris Corporation 1400 Panel: Data Categorization and Labeling Dennis Branstad, Session Chair, National Institute of Standards and Technology Warren Schmidt, Sears Technology Services, Inc. Chairman, Data Categorization Working Group Russell Housley, XEROX Special Information Systems Chairman, DARPA Internet Labeling Group Noel Nazario, National Institute of Standards and Technology Organizer, NIST Labeling Workshop 1600 Panel: R&D Activities Michael Ware, Session Chair, National Computer Security Center Rob Johnson - Verification & Evaluation and Analysis John Campbell - Databases Wayne Weingaertner - Architectures Craig Hasson - Networks THURSDAY, OCTOBER 4 Modeling D. Elliott Bell, Session Chair, Trusted Information Systems, Inc. 0900 A Generalized Framework for Access Control: An Informal Description Marshall Abrams, Kenneth Eggers, Leonard LaPadula, Ingrid Olson, MITRE 0930 Automated Extensibility in THETA Joseph McEnerney, Randall Brown, D. G. Weber, Odyssey Research Associates Rammohan Varadarajan, Informix Software, Inc. 1000 Controlling Security Overrides Lee Badger, Trusted Information Systems, Inc. 1030 Lattices, Policies, and Implementations D. Elliott Bell, Trusted Information Systems, Inc. TRACK B - System MONDAY, OCTOBER 1 0900 NIST/NSA Services & Publications Ellen Flahavin, Session Chair, National Institute of Standards and Technology Shirley M. Radack, National Institute of Standards and Technology Kathleen Ingley, National Security Agency 1400 PANEL: Computer Security Standards Robert Rosenthal, Session Chair, National Institute of Standards and Technology E. J. Humphreys, British Telecom Russell Housley, XEROX Special Information Systems Michael Harrop, Canada Treasury Board Embedded Systems Earl Boebert, Session Chair, Secure Computing Technology Corporation 1600 The Role of "System Build" in Trusted Embedded Systems T. Vickers Benzel, M. M. Bernstein, R. J. Feiertag, Trusted Information Systems J. P. Alstad, C. M. Brophy, Hughes Aircraft Company 1630 Combining Security, Embedded Systems and Ada Puts the Emphasis on the RTE F.. Maymir-Ducharme, M. Armstrong, IIT Research Institute D. Preston, Catholic University TUESDAY, OCTOBER 2 1030 PANEL: Disclosure Protection of Sensitive Information Gene Troy, Session Chair, National Institute of Standards and Technology Ingrid Olson, MITRE Milan Kuchta, Department of National Defence System Security Centre Network Security I Steven Lipner, Session Chair, Digital Equipment Corporation 1400 Considerations for VSLAN(TM) Integrators and DAAs Greg King, Verdix Corporation 1430 Introduction to the Gemini Trusted Network Processor Michael Thompson, Roger Schell, Albert Tao, Timothy Levin, Gemini Computers Inc. 1500 An Overview of the USAFE Guard System Lorraine Gagnon, Logicon Inc. Network Security II John Michael Williams, Session Chair, Unisys 1600 Mutual Suspicion for Network Security Ruth Nelson, David Becker, Jennifer Brunell, John Heimann, GTE Government Systems 1630 A Security Policy for Trusted Client-Server Distributed Networks Russell Housley, Sammy Migues, Xerox Special Information Systems 1700 Network Security and the Graphical Representation Model Jared Dreicer, Laura Stolz, W. Anthony Smith, Los Alamos National Laboratory WEDNESDAY, OCTOBER 3 System Test & Integration Daniel Gambel, Session Chair, Grumman Data Systems 0900 Testing a Secure Operating System Michael Johnston, Vasiliki Sotiriou, TRW Systems Integration Group 0930 An Assertion-Mapping Approach to Software Test Design Greg Bullough, James Loomis, Peter Weiss, Amdahl Corporation 1000 Security Testing: The Albatross of Secure System Integration? Susan Walter, Grumman Data Systems Network Standards Marshall Abrams, Session Chair, The MITRE Corporation 1100 Low Cost Outboard Cryptographic Support for SILS and SP4 B. J. Herbison, Digital Equipment Corporation 1130 Layer 2 Security Services for Local Area Networks Richard Parker II, MITRE Operating Systems Teresa Lunt, Session Chair, SRI International 1400 Trusted MINIX: A Worked Example Albert Donaldson, ESCOM Corporation John Taylor Jr., General Electric M&DSO David Chizmadia, National Computer Security Center 1430 Security for Real-Time Systems Teresa Lunt, SRI International Franklin Reynolds, Keith Loepere, E. Douglas Jensen, Concurrent Computer Corporation 1500 Trusted XENIX(TM) Interpretation: Phase I D. Elliott Bell, Trusted Information System Inc. 1600 Panel: Vendors Activities Steve Nardone, Session Chair, National Computer Security Center George R. Mundy, Trusted Information Systems, Inc. Jan Roberts, Tandem Gaurang Shah, Verdix Corporation THURSDAY, OCTOBER 4 Viruses Bruce H. Custer, Session Chair, National Computer Security Center 0900 PACL's: An Access Control List Approach to Anti-Viral Security D. Cook, R. Olsson, J. Crossley, P. Kerchen, K. Levitt, R. Lo, University of California, Davis D. Wichers, Arca Systems, Inc. 0930 Static Analysis Virus Detection Tools for UNIX Systems K. Levitt, P. Kerchen, R. Lo, J. Crossley, G. Elkinbard, R. Olsson, University of California, Davis 1000 The Virus Intervention and Control Experiment James Molini, Chris Ruhl, Computer Sciences Corporation 1030 Classification of Computer Anomalies Klaus Brunnstein, Simone Fischer-H?ubner, Morton Swimmer, Virus Test Center (VTC), University of Hamburg TRACK C-I - Management & Administration MONDAY, OCTOBER 1 Contingency Planning & Disaster Recovery (Part I) Jack Holleran, Session Chair, National Computer Security Center 0900 Disaster Recovery / Contingency Planning Eileen S. Wesselingh, National Computer Systems Contingency Services 1100 PANEL: Professional Development Dain Gary, Session Chair, Mellon National Bank Sally Meglathery, Information System Security Association Marla Collier, International Professional Resources Contingency Planning & Disaster Recovery (Part II) Irene Gilbert, Session Chair, National Institute of Standards and Technology 1400 Disaster Recovery from $138 Million Fire Lloyd R. Smith, Jr., Information Systems Integrity 1600 PANEL: Plans and Assistance Jon Arneson, Session Chair, National Institute of Standards and Technology Edward Springer, Office of Management and Budget Christopher Bythewood, National Computer Security Center Rick Carr, William Colvin, National Aeronautics Space Administration TUESDAY, OCTOBER 2 Criteria: National & International Charles Pfleeger, Session Chair, Trusted Information Systems, Inc. 1030 Harmonised Criteria for the Security Evaluation of IT Systems and Products P. Casey, A. Brouwer, D. Herson, J. Pacault, F. Taal, U. Van Essen 1050 The VME High Security Option Tom Parker, ICL Defence Systems 1110 Rainbows and Arrows: How the Security Criteria Address Computer Misuse Peter Neumann, SRI International 1130 Civil and Military Application of Trusted Systems Criteria William Barker, Charles Pfleeger, Trusted Information Systems, Inc. 1400 Panel: Implementation of the Computer Security Act of 1987 Dennis Gilbert, Session Chair, National Institute of Standards and Technology Ed Springer, Office of Management and Budget Harold Segal, U.S. Office of Personnel Harold J. Podell, U.S. General Accounting Office Jon Arneson, National Institute of Standards and Technology Christopher Bythewood, National Computer Security Center Approaches to Trust Robert Lau, Session Chair, National Computer Security Center 1600 The CSO's Role in Computer Security Cindy Hash, National Computer Security Center 1630 Implementation and Usage of Mandatory Access Controls in an Operational Environment Leslie Gotch, Honeywell Federal Systems, Inc. Shawn Rovansek, National Computer Security Center 1700 Building Trust into a Multilevel File System Cynthia E. Irvine, Todd B. Ackeson, Michael F. Thompson, Gemini Computers, Inc. WEDNESDAY, OCTOBER 3 Risk Management 0900 Panel: Risk Management Irene Gilbert, Session Chair, National Institute of Standards and Technology Deborah Bodeau, MITRE Lance Hoffman, George Washington University Stuart Katzke, National Institute of Standards and Technology 1000 LAVA/CIS Version 2.0: A Software System for Vulnerability and Risk Assessment S. T. Smith, M. L. Jalbert, Los Alamos National Laboratory 1100 WORKFLOW: A Methodology for Performing a Qualitative Risk Assessment Paul Garnett, SYSCON Corporation 1130 Critical Risk Certification Methodology Nander Brown, U.S. Small Business Administration Acquisition Dennis Gilbert, Session Chair, National Institute of Standards and Technology 1400 Factors Effecting the Availability of Security Measures in Data Processing Components Robert H. Courtney, Jr., Robert Courtney, Incorporated 1430 Integrating Computer Security and Software Safety in the Life Cycle of Air Force Systems Albert C. Hoheb, The Aerospace Corporation 1500 Panel: Acquisition Discussion Barbara Guttman, National Institute of Standards and Technology Blaine Burnham, National Computer Security Center Integrity Peter G. Neumann, Session Chair, SRI International 1600 Integrity Mechanisms in Database Management Systems Ravi Sandhu, Sushil Jajodia, George Mason University 1630 A Taxonomy of Integrity Models, Implementations and Mechanisms Stephen Welke, J. Eric Roskos, John Boone, Terry Mayfield, Institute for Defense Analyses THURSDAY, OCTOBER 4 0900 Panel: National Computer Security Policy Lynn McNulty, Session Chair, National Institute of Standards and Technology TRACK C-II - Management & Administration MONDAY, OCTOBER 1 DATABASE MANAGEMENT John Campbell, DBMS Track Chair, National Computer Security Center 0900 TUTORIAL: Database Management Systems and Secure Database Management Systems John Campbell, National Computer Security Center 1100 Panel: A Year of Progress in Trusted Database Systems John Campbell, Session Chair James Pierce, Teradata Corporation Peter Sell, David Stewart, William Wesley, National Computer Security Center Linda Vetter, Oracle Corporation Helena Winkler-Parenty, Sybase Corporation 1400 Panel: Trusted Database Systems: The Tough Issues John Campbell, Session Chair Thomas Haigh, SCTC Sushil Jajodia, George Mason University Teresa Lunt, Stanford Research Institute Bhavani Thuraisingham, The MITRE Corporation Linda Vetter, Oracle Corporation Helena Winkler-Parenty, Sybase Corporation 1600 Panel: Multilevel Object Oriented Database Systems Ravi Sandhu, Session Chair, George Mason University Sushil Jajodia, George Mason University Teresa Lunt, Stanford Research Institute Catherine Meadows, Naval Research Laboratory Jonathan Millen, Bhavani Thuraisingham, The MITRE Corporation TUESDAY, OCTOBER 2 C2 Microcomputer Security Dennis Steinauer, Session Chair, National Institute of Standards and Technology 1030 C2 Security and Microcomputers Angel Rivera, Sector Technology 1100 Functional Implementation of C2 by 92 for Microcomputers Second Lieutenant Alan Berry, USAF/ Air Force Cryptologic Support Center 1400 Panel: Electronic Certification: Has Its Time Come? Miles Smid, Session Chair, National Institute of Standards and Technology Jerrold Powell, Department of the Tresury Christopher Martin, U.S. General Accounting Office David Norem, Office of the Secretary of Defense Oliver R. Smoot, Computer and Business Equipment Manufacturers Association 1600 Panel: Defense Message System (DMS) Security Robert W. Shirey, Session Chair, The MITRE Corporation Thomas W. Clarke, Defense Communications Agency Gregory L. Bergren, National Computer Security Center WEDNESDAY, OCTOBER 3 0900 Panel: IEEE Computer Society Limited Access to Knowledge and Information Robert Melford, Session Chair, RJ Melford Associates Ramon Barquin, Washington Consulting Group J. Timothy Headley, Esq., Baker & Botts Ralph J. Preiss, International Business Machines Jane Robinett, Polytechnic University 1100 Panel: Computer Emergency Response Team: Lessons Learned E. Eugene Schultz, Session Chair, Lawrence Livermore National Laboratory Richard Pethia, Software Engineering Institute, Carnegie Mellon University Jerome Dalton, AT&T Patricia Sisson, U. S. Sprint Ethics Larry Martin, Session Chair, SISS 1400 Discerning an Ethos for the INFOSEC Community: What Ought We Do? Eric Leighninger, Dynamics Research Corporation 1430 VIRUS ETHICS: Concerns and Resonsibilities of Individuals and Institutions John Cordani, Adelphi University Douglas Brown, OHC, Holy Cross Monastery 1500 Concerning Hackers Who Break into Computer Systems Dorothy Denning, Digital Equipment Corporation 1600 Panel: National Institute of Standards and Technology Activities Stuart Katzke, Session Chair,Chief, Computer Security Division Dennis Steinauer, Manager, Computer Security Management and Evaluation Group Miles Smid, Manager, Security Technology Group Robert Rosenthal, Manager, Protocol Security Group Gene Troy, Manager, Computer Security Assistance Group THURSDAY, OCTOBER 4 0900 Panel: Hackers: "Who are They?" Dorothy Denning, Session Chair, Digital Equipment Corporation Speakers: Frank Drake, Editor of W.O.R.M. Katie Hafner, author Gordon Meyer, Co-Editor, Computer Underground Digest Sheldon Zenner, Attorney Craig Neidorf, former publisher, Phrack Track D - The Computer Security Tutorial Track MONDAY, October 1 0900 Automated Information Security: Overview of the Tutorial LTC Gary Smith, USA, Track Chair, Information Resources Management College 0905 Security Overview and Threat MAJ Russell K. Brown, USA, Information Resources Management College 1100 Information Security Dennis Poindexter, Department of Defense Security Institute 1400 Life Cycle Management Requirements Stephan L. Ball, Army Logistics Management College 1600 Risk Management Irene Gilbert, National Institute of Standards and Technology TUESDAY, October 2, 1990 1030 Data Security Robert L. Payne, Information Resources Management College 1400 Physical, Personnel and Administrative Security Maj. James D. Penner, USAF, Information Resources Management College 1600 Office Automation Security Floyd Morgan, Army Logistics Management College WEDNESDAY, October 3, 1990 0900 Telecommunications Security Joe C. Daniel, General Service Administration Ronald G. Mayfield, General Service Administration 1100 Software Controls Lt Cdr Richard Fergusson, Royal Navy, Information Resources Management College 1400 Trusted Systems Concepts LTC Gary Smith, USA, Information Resources Management College 1600 Trusted Network Concepts Rick A Siebenaler, National Computer Security Center THURSDAY, October 4, 1990 0900 Tutorial Panel LTC Gary Smith, USA, Session Chair, IRMC Educator Sessions Tuesday, October 2, 1990 1400 Should Computer Security Awareness Replace Training? Joan Capel-Pohly, Session Chair, USAF/AFCSC A Reassessment of Computer Security Training Needs Dennis Poindexter, Department of Defense Security Institute Panel: Dennis Poindexter, Cathy Weyhausen, Eugene Kozik 1600 Components of an Effective Training Program Gary Smith, Session Chair, Information Resources Management College Information Security: The Development of Training Modules Corey Schou, John Kilpatrick, Idaho State University Determining Your Training Needs Adele Suchunsky, U.S. General Accounting Office Panel: Lauresa Stillwell, Adele Suchinsky, Corey Schou, Roger Quane Wednesday, October 3, 1990 0900 Training Vehicles: Cost Versus Effectiveness Lauresa Stillwell, Session Chair, Department of State Computer Based Training: The Right Choice? Althea Whieldon, Department of Defense Panel: Althea Whieldon, Tony Morgan, Cynthia Davis, Kenneth Barbi 1100 Training on a Shoe-String Budget Althea Whieldon, Session Chair, Department of Defense Awareness and Training in a World of Reduced Resources Joan Capel-Pohly, USAF/AFCSC Panel: Joan Capel-Pohly, Joe Pujals, Dale Barr ------------------------------