Path: sparky!uunet!dtix!darwin.sura.net!zaphod.mps.ohio-state.edu!cis.ohio-state.edu!
ucbvax!usenix!carolyn
From: caro...@usenix.ORG (Carolyn Carr)
Newsgroups: comp.org.usenix,comp.org.uniforum,comp.org.sug,comp.os.misc,comp.misc
Subject: USENIX UNIX Security Symposium
Keywords: USENIX Association
Message-ID: <1185@usenix.ORG>
Date: 3 Sep 92 21:23:07 GMT
Organization: Usenix Association Office, Berkeley
Lines: 478


		USENIX THIRD UNIX SECURITY SYMPOSIUM

			Baltimore, MD
		    September 14-16, 1992

	Sponsored by USENIX in cooperation with the Computer
	         Emergency Response Team (CERT)

**********************************************************************
ATTENTION:  THE DEADLINE FOR MAKING A HOTEL RESERVATION HAS PASSED
AND THERE ARE BUT A FEW ROOMS LEFT AT THE HEADQUARTER's HOTEL FOR
USENIX ATTENDEES.

URGENT:  The Sheraton Inner Harbor Hotel has just alerted USENIX that
they are sold out of rooms for the Saturday preceding the Symposium,
and will probably sell all remaining sleeping rooms  soon.
(The Baltimore Orioles baseball team are in town the entire week, 
and since the stadium is nearby all hotels in the surrounding area 
will be sold out.)

PLEASE PHONE THE HOTEL NOW TO RESERVE YOUR ROOM:

HOTEL INFORMATION
The Symposium headquarters will be:

Sheraton Inner Harbor Hotel		ROOM RATES
300 South Charles Street		$110 Single or Double Occupancy
Baltimore, MD  21201		        (plus State and city tax)
Telephone # (410) 962-8300				

To Make Your Reservation:  Call the Hotel directly and ask for the
Reservations Desk.  Tell reservations that you are a USENIX
Attendee to take advantage of our group rate.  A one night's deposit
is required for all reservations.  Should you desire to cancel your
reservation, you must notify the hotel at least 24 hours prior to your
scheduled arrival.

IMPORTANT:  Room reservation deadline was August 24, 1992.  Requests
for reservations received after the deadline will be handled on a
space and RATE available basis.


**********************************************************************

IMPORTANT SYMPOSIUM DATES & SCHEDULE OF EVENTS

Pre-Registration Deadline:  September 8, 1992
REGISTRATION FEES AFTER THAT DATE WILL BE $50 HIGHER!
***************
THE HOTEL RESERVATION DEADLINE IS APPROACHING! RESERVE NOW!
Hotel Reservation Deadline:  August 24, 1992

Sunday, September 13	6:00pm - 9:00pm	 Registration/no host reception 

Monday, September 14	9:00am - 5:00pm	 Tutorial Presentations

Tuesday, September 15	8:30 - 10:15 am  Opening Remarks/Keynote Address
			10:35 -	5:20     Technical Sessions
			6:00pm - 8:00pm	 Symposium Reception

			8:00pm - 10:00pm Birds of a Feather Sessions

Wednesday, September 16	9:00am - 5:35pm	 Technical Sessions

REGISTRATION INFORMATION

Register in advance to receive the lowest registration rates.
Attendance is limited in both the Tutorial Presentations and Technical
Sessions and pre-registration is strongly recommended.  You may
register for only a tutorial, only the two-day technical sessions
program OR select both programs.  (See registration form at the end of
this posting.)

TUTORIAL REGISTRATION FEE 
September 14

One Full-day tutorial  - Only one tutorial can be selected	$245.00

************

TECHNICAL SESSIONS REGISTRATION FEES
September 15 - 16

*Member Fee		$225.00
Non-member Fee		 290.00 

Full-time Student Fee - Must provide copy of student  I.D.  75.00

*The member rate applies to current individual members of the USENIX
Association, Sun User Group, EurOpen and AUUG.

Full-time students please note:
A limited number of scholarships are available for full-time students.
Contact the Executive Office for details (d...@usenix.org).

Enjoy the Benefits of Becoming a USENIX Member -  If you are not a
current USENIX member and wish to join, pay the non-member fee on the
registration form and check the special box requesting membership. 
$65 of your non-member fee will be designated as dues in full for a
one-year individual USENIX Association membership.

PRE-REGISTRATION DEADLINE: SEPTEMBER  8, 1992.
REGISTRATION FEES AFTER THAT DATE  WILL BE $50 HIGHER!

		*******************************

		UNIX SECURITY SYMPOSIUM PROGRAM

The goal of this symposium is to bring together security
practitioners, system administrators, system programmers, and anyone
with an interest in computer security as it relates to networks and 
the UNIX operating system.  The symposium will consist of a broad
range of topics including tutorials appropriate for a technial
audience, peer-reviewer technical presentations and panel sessions.
Attendees will have a unique opportunity to share their experiences
and ideas on UNIX system security.

TUTORIAL PROGRAM
Monday, September 14, 1992

Network Security: The Kerberos Approach
Dan Geer,Geer/Zolot Associates and Jon A. Rochlis, MIT

Intended Audience: Systems developers responsible for networked
workstation environments, particularly those whose environments may 
include networks which are not themselves physically secure (i.e.,
``open'' networks) and systems managers concerned about the inherent
lack of security for managing today's network-based environments
(e.g., UNIX's .rhosts files).

The amazing and constantly growing numbers of machines and users
ensures that untrustworthy individuals have full access to the Internet.
Given the increasing importance of the information transmitted, it is
imperative to consider the basic security issues present as large open
networks replace isolated timesharing systems.

This tutorial will focus on the challenges of providing security for
cooperative work arrangements consistent with the location and scale 
independence of today's open networking environment. Attendees will
gain an understanding of the kinds of security threats which result
from operating in an open environment, such as one composed of a
network of workstations and supporting servers. Effective approaches
to meeting these threats will be presented. Although emphasis will be
on the Kerberos system developed at MIT, public key techniques for
ensuring privacy and authentication on an open network will be explored.
The X.509 authentication model and the new Internet Privacy Enhanced
Electronic Mail RFC's will be discussed.

Internet System Administrator's Tutorial

Ed DeHart and Barb Fraser, Computer Emergency 
Response Team

Intended Audience: This tutorial is designed for users and system
administrators of UNIX systems. It is especially suited for system
administrators of UNIX systems connected to a wide area network based
on TCP/IP such as the Internet. Some system administrator experience is 
assumed.

The information presented in this tutorial is based on incidents
reported to the Computer Emergency Response Team. The topics covered 
include:

System administration - defensive strategies	
 	oPassword selection 
	 o Default login shell for unused accounts
 	o Network daemon configuration 
	 o Verification of system programs
 	o System configuration files
 	o Searching for hidden intruder files 
 o Staying current with software releases 
 o Standard accounting files
 	o NFS configuration

System administration - offensive strategies
 	o COPS 
	 o /bin/passwd replacement programs 
 	o TCP/IP packet filtering
 	o TCP/IP daemon wrapper programs
 	o Security in programming

Site-specific security policies 
	o Maintaining good security at your site
 	o Providing guidance to users
 	o Handling incidents in an effective
 				orderly fashion
 	o Reviewing Site Security Policy Hand
 	 	book (RFC 1244)

 Incident handling
 	o What to do if your site is broken into?

			*************
TECHNICAL PROGRAM

TUESDAY, SEPTEMBER 15

8:30 -  8:45	Opening Remarks

8:45 - 10.15	Keynote Address:  
The Justice Department's Computer Crime Initiative

10:35 - 12:05	WAR STORIES

There Be Dragons
Steve Bellovin, AT&T Bell Laboratories

The Greatest Cracker-Case in Denmark:  The Detecting, Tracing, and 
Arresting of Two International Crackers
Joergen Bo Madsen, The Danish Computing Center for Research
and Education

Experiences of Internet Security in Italy
Alessandro Berni, Paolo Franchi, Joy Marino, University of Genova

1:30 -  3:00	TCP/IP NETWORK SECURITY
An Internet Gatekeeper
Herve Schauer, Christophe Wolfhugel, Herve Schauer Consultants

Network (In)Security Through IP Packet Filtering
D. Brent Chapman, Great Circle Associates

SOCKS
David Koblas, Independent Consultant
Michelle R. Koblas, Computer Sciences Corporation

3:20 - 5:20	TOOLS 1
TCP WRAPPER, a Tool for Network Monitoring, Access Control and
for Setting up Booby Traps
Wietse Venema, Eindhoven University of Technology

Restricting Network Access to System Daemons Under SunOS
William LeFebvre, Northwestern University

Centralized System Monitoring with Swatch
Stephen E. Hansen, E. Todd Atkins, Stanford University

Security Aspects of a UNIX PEM Implementation
James M. Galvin, David M. Balenson, Trusted Information Systems, Inc.

WEDNESDAY,  SEPTEMBER 16

 9:00 -  10:30	TOOLS 2
Introduction to the Shadow Password Suite
John F. Haugh, II, Locus Computing Corporation

Giving Customers the Tools to Protect Themselves
Shabbir J. Safdar, Purdue University

ESSENSE:  A Knowledge Based Security Monitor
Linda Baillie, Gary W. Hoglund, Lisa Jansen, Eduardo M. Valcarce,
Digital Equipment Corporation

10:50 - 12:20	TOOLS 2 (Continued)

Anatomy of a Proactive Password Changer
Matt Bishop, Dartmouth College

Audit:  A Policy Driven Security Checker for a Heterogeneous 
Environment
Bjorn Satdeva, /sys/admin, inc.

Secure Superuser Access Via the Internet
Darrell Suggs, Clemson University

1:45 -  3:15	TRACK 1 - APPLIED RESEARCH

Specifying and Checking UNIX Security Constraints
Allan Heydon, DEC Systems Research Center; J.D. Tygar,
Carnegie Mellon University

A Secure Public Network Access Mechanism
J. David Thompson, Science Applications International Corp.
Kate Arndt, The MITRE Corp.

Network Security Via Private-Key Certificates
Don Davis, Geer/Zolot Associates, Ralph Swick, Digital 
Equipment Corp.

1:45 -   3:15	TRACK 2 - MLS
POSIX 1003.6
Mike Ressler, Bellcore

Is There a C2 UNIX System in the House?
Jeremy Epstein, TRW Systems Division

Software Security for a Network Storage Service
Rena A. Haynes, Suzanne M. Kelly, Sandia National Laboratories

3:35  -  5:35	TRACK 1 - APPLIED RESEARCH  (Continued)

SunOS, C2 and Kerberos - A Comparative Review
John N. Stewart, Syracuse University

Heterogeneous Intra-Domain Authentication
Bart De Decker, Els Van Herreweghen, Frank Piessens, K.U.Leuven

Observations on Reusable Password Choices
Eugene Spafford, Purdue University

POSIX Report
Mike Ressler, Bellcore

3:35 -  5:35	TRACK 2 - MLS (Continued)

Reconciling a Formal Model and a Prototype Implementation:  Lessons

Learned in Implementing the ORGCON Policy
Marshall Abrams, Leonard LaPadula, Manette Lazear, Ingrid Olson,
The MITRE Corporation

UNIX Operating Services on a Multilevel Secure Machine
Bruno d'Ausbourg, CERT/ONERA France

Distributed Trusted UNIX Systems
Charisse Castagnoli, Charles Watt, SecureWare, Inc.

Standards Update

		   **********
Program Committee
Ed DeHart, Program Chair	CERT
Matt Bishiop			Dartmouth College
Bill Cheswick			AT&T Bell Laboratories
Ana Maria De Alvare		Silicon Graphics, Inc.
Jim Ellis			CERT
Barbara Fraser			CERT
Ken van Wyk			CERT

         	   **********

USENIX, the UNIX and Advanced Computing Systems professional and
technical organization, is a not-for-profit association dedicated to
  *  fostering innovation and communicating research and 
technological developments,
  *  sharing ideas and experience, relevant to UNIX, UNIX-related
and advanced computing systems
  *  providing a forum for the exercise of critical thought and
airing of technical issues.

Founded in 1975, the Association sponsors two annual technical
conferences and frequent symposia and workshops addressing special 
interest topics, such as C++, Mach, systems administration, and 
security.  USENIX publishes proceedings of its meetings, 
a bi-monthly newsletter ;login:, a refereed technical quarterly, 
Computing Systems, and is expanding its publishing role with
a book series on advanced computing systems.  The Association
also actively participates in and reports on the activities of
various ANSI, IEEE and ISO standards efforts.

For membership information, please contact:

	Email:	off...@usenix.org
	Phone:  510/528-8649
	Fax:    510/548-5738

For information on hotels and registration, please contact
the USENIX Conference office.

USENIX Conference Office
22672 Lambert St., Suite 613
El Toro, CA  92630
Telephone (714) 588-8649
FAX Number (714) 588-9706
Electronic Mail Address: confere...@usenix.org

.nf
.ce 14
***********************************************************************
       UNIX SECURITY SYMPOSIUM REGISTRATION FORM
***********************************************************************

REGISTRATION VIA EMAIL IS NOT ACCEPTED.
.sp
This form is provided for your convenience only and MUST be faxed
or mailed to the Conference Office.
.sp 
PLEASE COMPLETE AND RETURN this form along with full payment to: 

	USENIX CONFERENCE	
	22672 Lambert St., Suite 613
	El Toro, CA 92630
	Telephone: (714) 588-8649
	FAX: (714) 588-9706
        Office hours:  8:30am - 5:00pm Pacific Time	
************************************************************************
.sp
*  Please type or print clearly.
*  Please duplicate this form as needed.
*  If you don't want the address you are providing to be used for all
   future USENIX mailings, check here ____.
*  If you do NOT want to appear in the attendee list check here ____.
*  Is this your first USENIX Conference? ____yes ____no	
*  What is your affiliation:
	____Academic ____Commercial ____Government
.sp
NAME:	(first) _____________________ (last) ___________________________

FIRST NAME for BADGE:    _______________________________________________

COMPANY OR INSTITUTION:  ______________________________________________

MAILING ADDRESS:  ______________________________________________________

________________________________________________________________________

CITY:  __________________________  STATE:  ________  COUNTRY: __________

ZIP:________ PHONE: ____________  NETWORK ADDRESS:  ____________________
.ce 1
.sp
************************************************************************
TUTORIAL REGISTRATION FEE
September 14

Please check the box next to the tutorial you wish to attend.

Network Security: The Kerberos Approach  [__]
Internet System Administrator's Tutorial [__]

One full-day tutorial -
Only one tutorial can be selected.     $245   $___

SYMPOSIUM REGISTRATION FEES - September 15 -16, 1992

	*Current Member Fee		$225  $____
	 Non-member Fee		        $290  $____
	 Full-time Student Fee		$ 75  $____
         (must provide copy of student ID)
	
On-site registration fee applies if
postmarked after September 8.       Add $50   $____

*The member rate applies to current individual members of the USENIX
Association, Sun User Group, EurOpen and AUUG. (If you wish to join
USENIX Association, please pay the non-member fee and check membership
area below.)

USENIX MEMBERSHIP
						
Yes, I wish to join the USENIX Association.  Check here ____ 

$65 of your non-member workshop registration fee will be applied as
dues in full for a one-year individual membership in the USENIX Assoc.

			Total Amount Enclosed $____


*********************************************************************
PRE-REGISTRATION DEADLINE: September 8, 1992: TUTORIAL & TECHNICAL
SESSIONS REGISTRATION FEES INCREASE BY $50 EACH AFTER SEPTEMBER 8, 1992!

**********  PAYMENT MUST ACCOMPANY REGISTRATION FORM  *****************
 **********  REGISTRATION VIA EMAIL IS NOT ACCEPTED  ****************

*Purchase orders and vouchers are not accepted.

____   Payment enclosed.  (US Dollars)
____   Charge my:____VISA____Mastercard____American Express___DinersClub

Account Number: _________________________ Exp. Date:________________

Cardholder's signature:_____________________________________________

Cardholder's name (print please): __________________________________
You may FAX your registration form if you are paying by credit card.
FAX to the USENIX Conference Office (714)588-9706.  To avoid duplicate
billing, do not mail an additional copy.)


************************************************************************

CANCELLATION/ REFUND POLICY:

If you must CANCEL, all refund requests must be in writing and
postmarked no later than September 8, 1992.  Cancellations cannot be
taken over the telephone.

			  SCO's Case Against IBM

November 12, 2003 - Jed Boal from Eyewitness News KSL 5 TV provides an
overview on SCO's case against IBM. Darl McBride, SCO's president and CEO,
talks about the lawsuit's impact and attacks. Jason Holt, student and 
Linux user, talks about the benefits of code availability and the merits 
of the SCO vs IBM lawsuit. See SCO vs IBM.

Note: The materials and information included in these Web pages are not to
be used for any other purpose other than private study, research, review
or criticism.