CSDL - Proceedings A

Message from the Conference Chair (PDF)

pp. xii

Conference Committee (PDF)

pp. xiii

Program Committee (PDF)

pp. xvi

Tutorial Committee (PDF)

pp. xvii

Reviewers (PDF)

pp. xviii

Reviewers (PDF)

pp. xviii

Distinguished Practitioner

The Common Sense of System Design

Track A: Network Security I - Chair: C. Schuba, Sun Microsystems, Inc., Germany

GOSSIB vs. IP Traceback Rumors (Abstract)

Marcel Waldvogel, IBM Research

pp. 5

PDF

Composable Tools For Network Discovery and Security Analysis (Abstract)

Giovanni Vigna, University of California Santa Barbara

Fredrik Valeur, University of California Santa Barbara

Jingyu Zhou, University of California Santa Barbara

Richard A. Kemmerer, University of California Santa Barbara

pp. 14

PDF

Representing TCP/IP Connectivity For Topological Analysis of Network Security (Abstract)

Ronald Ritchey, George Mason University

Brian O?Berry, George Mason University

Steven Noel, George Mason University

pp. 25

PDF

Track B: Electronic Commerce - Chair: A. Friedman, National Security Agency, USA

Regulating E-Commerce through Certified Contracts (Abstract)

Victoria Ungureanu, Rutgers University

pp. 35

PDF

With Gaming Technology towards Secure User Interfaces (Abstract)

Hanno Langweg, University of Bonn

pp. 44

PDF

Protecting Web Usage of Credit Cards Using One-Time Pad Cookie Encryption (Abstract)

Donghua Xu, Georgia Institute of Technology

Chenghuai Lu, Georgia Institute of Technology

Andre Dos Santos, Georgia Institute of Technology

pp. 51

PDF

Track A: Mobile Security - Chair: M. Abrams, The MITRE Corporation, USA

Throttling Viruses: Restricting propagation to defeat malicious mobile code (Abstract)

Matthew M. Williamson, HP Labs Bristol

pp. 61

PDF

Enforcing Resource Bound Safety for Mobile SNMP Agents (Abstract)

Weijiang Yu, University of Texas at Austin

Aloysius K. Mok, University of Texas at Austin

pp. 69

PDF

Security of Internet Location Management (Abstract)

Tuomas Aura, Microsoft Research

Michael Roe, Microsoft Research

Jari Arkko, Ericsson Research NomadicLab

pp. 78

PDF

Track B: Forum - Chair: D. Johnson, The MITRE Corporation, USA

Wireless Security: Vulnerabilities and Countermeasures (PDF)

Dale M. Johnson, The MITRE Corporation

pp. 91

Track A: Classic Papers - Chair: D. Thomsen, Secure Computing Corporation, USA

LOCK : An Historical Perspective (Abstract)

O. Sami Saydjari, Cyber Defense Agency

pp. 96

PDF

A Practical Approach to Identifying Storage and Timing Channels: Twenty Years Later (Abstract)

Richard A. Kemmerer, University of California Santa Barbara

pp. 109

PDF

Thirty Years Later: Lessons from the Multics Security Evaluation (Abstract)

Paul A. Karger, IBM Corp., T. J. Watson Research Center

Roger R. Schell, Aesec Corporation

pp. 119

PDF

Track B: Security Architecture - Chair: J. Heaney, The MITRE Corporation, USA

Controlled Physical Random Functions (Abstract)

Blaise Gassend, Massachusetts Institute of Technology

Dwaine Clarke, Massachusetts Institute of Technology

Marten van Dijk, Massachusetts Institute of Technology

Srinivas Devadas, Massachusetts Institute of Technology

pp. 149

PDF

A Security Architecture for Object-Based Distributed Systems (Abstract)

Bogdan C. Popescu, Vrije Universiteit

Maarten van Steen, Vrije Universiteit

Andrew S. Tanenbaum, Vrije Universiteit

pp. 161

PDF

A Secure Directory Service based on Exclusive Encryption (Abstract)

John R. Douceur, Microsoft Research

Atul Adya, Microsoft Research

Josh Benaloh, Microsoft Research

William J. Bolosky, Microsoft Research

Gideon Yuval, Microsoft Research

pp. 172

PDF

Invited Essayist Plenary

Penetration Testing: A Duet (Abstract)

Daniel Geer, @Stake

John Harthorne, @Stake

pp. 185

PDF

Track A: Protection against Malicious Software - Chair: J. McHugh, Carnegie Mellon University, USA

Protecting Data from Malicious Software (Abstract)

Matthew Schmid, Cigital, Inc.

Frank Hill, Cigital, Inc.

Anup K. Ghosh, DARPA

pp. 199

PDF

Safe Virtual Execution Using Software Dynamic Translation (Abstract)

Kevin Scott, University of Virginia

Jack Davidson, University of Virginia

pp. 209

PDF

Digging For Worms, Fishing For Answers (Abstract)

F. Buchholz, Purdue University

T. Daniels, Purdue University

J. Early, Purdue University

R. Gopalakrishna, Purdue University

R. Gorman, Purdue University

B. Kuperman, Purdue University

S. Nystrom, Purdue University

A. Schroll, Purdue University

A. Smith, Purdue University

pp. 219

PDF

Track B: Access Control - Chair: R. Sandhu, SingleSignOn.Net, Inc. and George Mason University, USA

A Framework for Organisational Control Principles (Abstract)

Andreas Schaad, University of York

Jonathan D. Moffett, University of York

pp. 229

PDF

Reusable Components for Developing Security-Aware Applications (Abstract)

Stefan Probst, Software Competence Center Hagenberg

Wolfgang Essmayr, Software Competence Center Hagenberg

Edgar Weippl, Software Competence Center Hagenberg

pp. 239

PDF

A Context-Aware Security Architecture for Emerging Applications (Abstract)

Michael J. Covington, Georgia Institute of Technology

Prahlad Fogla, Georgia Institute of Technology

Zhiyuan Zhan, Georgia Institute of Technology

Mustaque Ahamad, Georgia Institute of Technology

pp. 249

PDF

Track A: Network Security II - Chair: G. Caronni, Sun Microsystems Laboratories, USA

Voice over IPsec: Analysis and Solutions (Abstract)

Roberto Barbieri, Universit? degli Studi di Milano

Danilo Bruschi, Universit? degli Studi di Milano

Emilia Rosti, Universit? degli Studi di Milano

pp. 261

PDF

Networking in The Solar Trust Model: Determining Optimal Trust Paths in a Decentralized Trust Network (Abstract)

Michael Clifford, The Aerospace Corporation

pp. 271

PDF

Gender-Preferential Text Mining of E-mail Discourse (Abstract)

Malcolm Corney, Queensland University of Technology

Olivier de Vel, Defence Science and Technology Organisation

Alison Anderson, Queensland University of Technology

George Mohay, Queensland University of Technology

pp. 282

PDF

Enterprise Engineering And Security: Enterprise Frameworks and Architectures, and IA Patterns (PDF)

Track B: Forum - Chair: J. Heaney, The MITRE Corporation, USA

pp. 293

Track A: Forum - Chair: C. Serban, AT&T Labs and O.S. Saydjari, SRI Computer Science Laboratory

Themes and Highlights of the New Security Paradigms Workshop 2002 (PDF)

Cristina Serban, AT&T Labs

O. Sami Saydjari, SRI Computer Science Laboratory

pp. 297

Track B: Intrusion Detection - Chair: S. Weinberg, Mitretek Systems, USA

Evaluating the Impact of Automated Intrusion Response Mechanisms (Abstract)

Thomas Toth, Technical University Vienna

Christopher Kruegel, Technical University Vienna

pp. 301

PDF

Architectures for Intrusion Tolerant Database Systems (Abstract)

Peng Liu, Pennsylvania State University

pp. 311

PDF

Detecting and Defending against Web-Server Fingerprinting (Abstract)

Dustin Lee, University of California, Davis

Jeff Rowe, University of California, Davis

Calvin Ko, Network Associates, Inc.

Karl Levitt, University of California, Davis

pp. 321

PDF

Track A: Role-Based Access Control - Chair: J. Kahn, The MITRE Corporation, USA

Advanced Features for Enterprise-Wide Role-Based Access Control (Abstract)

Axel Kern, Systor Security Solutions GmbH

pp. 333

PDF

Access Control for Active Spaces (Abstract)

Geetanjali Sampemane, University of Illinois at Urbana-Champaign

Prasad Naldurg, University of Illinois at Urbana-Champaign

Roy H. Campbell, University of Illinois at Urbana-Champaign

pp. 343

PDF

A Model for Attribute-Based User-Role Assignment (Abstract)

Mohammad A. Al-Kahtani, George Mason University

Ravi Sandhu, SingleSignOn.net, Inc. and George Mason University

pp. 353

PDF

Track B: Forum - Chair: K. Levitt, University of California, Davis, USA

Intrusion Detection: Current Capabilities and Future Directions (Abstract)

Karl Levitt, University of California, Davis

pp. 365

PDF

Track A: Experience Reports - Chair: K. Eggers, CygnaCom Solutions - an Entrust company, USA

Did You Ever Have To Make Up Your Mind? What Notes Users Do When Faced With A Security Decision (Abstract)

Mary Ellen Zurko, IBM Software Group

Charlie Kaufman, IBM Software Group

Katherine Spanbauer, IBM Software Group

Chuck Bassett, IBM Software Group

pp. 371

PDF

A Financial Institution?s Legacy Mainframe Access Control System in Light of the Proposed NIST RBAC Standard (Abstract)

Andrew D. Marshall, TD Bank Financial Group

pp. 382

PDF

Security Architecture of the Austrian Citizen Card Concept (Abstract)

Herbert Leitold, Austria A-SIT

Arno Hollosi, Federal CIO Office

Reinhard Posch, Federal CIO Office

pp. 391

PDF

Track B: Detection - Chair: J. Epstein, webMethods, Inc., USA

Malicious Code Detection for Open Firmware (Abstract)

Frank Adelstein, ATC- NY

Matt Stillerman, ATC- NY

Dexter Kozen, Cornell University

pp. 403

PDF

Beyond the Perimeter: the Need for Early Detection of Denial of Service Attacks (Abstract)

John Haggerty, Liverpool John Moores University

Qi Shi, Liverpool John Moores University

Madjid Merabti, Liverpool John Moores University

pp. 413

PDF

A Toolkit for Detecting and Analyzing Malicious Software (Abstract)

Michael Weber, Cigital, Inc.

Matthew Schmid, Cigital, Inc.

Michael Schatz, Cigital, Inc.

David Geyer, George Mason University

pp. 423

PDF