Path: sparky!uunet!dtix!darwin.sura.net!zaphod.mps.ohio-state.edu!cis.ohio-state.edu!
ucbvax!usenix!carolyn
From: caro...@usenix.ORG (Carolyn Carr)
Newsgroups: comp.org.usenix,comp.org.uniforum,comp.org.sug,comp.os.misc,comp.misc
Subject: USENIX UNIX Security Symposium
Keywords: USENIX Association
Message-ID: <1185@usenix.ORG>
Date: 3 Sep 92 21:23:07 GMT
Organization: Usenix Association Office, Berkeley
Lines: 478
USENIX THIRD UNIX SECURITY SYMPOSIUM
Baltimore, MD
September 14-16, 1992
Sponsored by USENIX in cooperation with the Computer
Emergency Response Team (CERT)
**********************************************************************
ATTENTION: THE DEADLINE FOR MAKING A HOTEL RESERVATION HAS PASSED
AND THERE ARE BUT A FEW ROOMS LEFT AT THE HEADQUARTER's HOTEL FOR
USENIX ATTENDEES.
URGENT: The Sheraton Inner Harbor Hotel has just alerted USENIX that
they are sold out of rooms for the Saturday preceding the Symposium,
and will probably sell all remaining sleeping rooms soon.
(The Baltimore Orioles baseball team are in town the entire week,
and since the stadium is nearby all hotels in the surrounding area
will be sold out.)
PLEASE PHONE THE HOTEL NOW TO RESERVE YOUR ROOM:
HOTEL INFORMATION
The Symposium headquarters will be:
Sheraton Inner Harbor Hotel ROOM RATES
300 South Charles Street $110 Single or Double Occupancy
Baltimore, MD 21201 (plus State and city tax)
Telephone # (410) 962-8300
To Make Your Reservation: Call the Hotel directly and ask for the
Reservations Desk. Tell reservations that you are a USENIX
Attendee to take advantage of our group rate. A one night's deposit
is required for all reservations. Should you desire to cancel your
reservation, you must notify the hotel at least 24 hours prior to your
scheduled arrival.
IMPORTANT: Room reservation deadline was August 24, 1992. Requests
for reservations received after the deadline will be handled on a
space and RATE available basis.
**********************************************************************
IMPORTANT SYMPOSIUM DATES & SCHEDULE OF EVENTS
Pre-Registration Deadline: September 8, 1992
REGISTRATION FEES AFTER THAT DATE WILL BE $50 HIGHER!
***************
THE HOTEL RESERVATION DEADLINE IS APPROACHING! RESERVE NOW!
Hotel Reservation Deadline: August 24, 1992
Sunday, September 13 6:00pm - 9:00pm Registration/no host reception
Monday, September 14 9:00am - 5:00pm Tutorial Presentations
Tuesday, September 15 8:30 - 10:15 am Opening Remarks/Keynote Address
10:35 - 5:20 Technical Sessions
6:00pm - 8:00pm Symposium Reception
8:00pm - 10:00pm Birds of a Feather Sessions
Wednesday, September 16 9:00am - 5:35pm Technical Sessions
REGISTRATION INFORMATION
Register in advance to receive the lowest registration rates.
Attendance is limited in both the Tutorial Presentations and Technical
Sessions and pre-registration is strongly recommended. You may
register for only a tutorial, only the two-day technical sessions
program OR select both programs. (See registration form at the end of
this posting.)
TUTORIAL REGISTRATION FEE
September 14
One Full-day tutorial - Only one tutorial can be selected $245.00
************
TECHNICAL SESSIONS REGISTRATION FEES
September 15 - 16
*Member Fee $225.00
Non-member Fee 290.00
Full-time Student Fee - Must provide copy of student I.D. 75.00
*The member rate applies to current individual members of the USENIX
Association, Sun User Group, EurOpen and AUUG.
Full-time students please note:
A limited number of scholarships are available for full-time students.
Contact the Executive Office for details (d...@usenix.org).
Enjoy the Benefits of Becoming a USENIX Member - If you are not a
current USENIX member and wish to join, pay the non-member fee on the
registration form and check the special box requesting membership.
$65 of your non-member fee will be designated as dues in full for a
one-year individual USENIX Association membership.
PRE-REGISTRATION DEADLINE: SEPTEMBER 8, 1992.
REGISTRATION FEES AFTER THAT DATE WILL BE $50 HIGHER!
*******************************
UNIX SECURITY SYMPOSIUM PROGRAM
The goal of this symposium is to bring together security
practitioners, system administrators, system programmers, and anyone
with an interest in computer security as it relates to networks and
the UNIX operating system. The symposium will consist of a broad
range of topics including tutorials appropriate for a technial
audience, peer-reviewer technical presentations and panel sessions.
Attendees will have a unique opportunity to share their experiences
and ideas on UNIX system security.
TUTORIAL PROGRAM
Monday, September 14, 1992
Network Security: The Kerberos Approach
Dan Geer,Geer/Zolot Associates and Jon A. Rochlis, MIT
Intended Audience: Systems developers responsible for networked
workstation environments, particularly those whose environments may
include networks which are not themselves physically secure (i.e.,
``open'' networks) and systems managers concerned about the inherent
lack of security for managing today's network-based environments
(e.g., UNIX's .rhosts files).
The amazing and constantly growing numbers of machines and users
ensures that untrustworthy individuals have full access to the Internet.
Given the increasing importance of the information transmitted, it is
imperative to consider the basic security issues present as large open
networks replace isolated timesharing systems.
This tutorial will focus on the challenges of providing security for
cooperative work arrangements consistent with the location and scale
independence of today's open networking environment. Attendees will
gain an understanding of the kinds of security threats which result
from operating in an open environment, such as one composed of a
network of workstations and supporting servers. Effective approaches
to meeting these threats will be presented. Although emphasis will be
on the Kerberos system developed at MIT, public key techniques for
ensuring privacy and authentication on an open network will be explored.
The X.509 authentication model and the new Internet Privacy Enhanced
Electronic Mail RFC's will be discussed.
Internet System Administrator's Tutorial
Ed DeHart and Barb Fraser, Computer Emergency
Response Team
Intended Audience: This tutorial is designed for users and system
administrators of UNIX systems. It is especially suited for system
administrators of UNIX systems connected to a wide area network based
on TCP/IP such as the Internet. Some system administrator experience is
assumed.
The information presented in this tutorial is based on incidents
reported to the Computer Emergency Response Team. The topics covered
include:
System administration - defensive strategies
oPassword selection
o Default login shell for unused accounts
o Network daemon configuration
o Verification of system programs
o System configuration files
o Searching for hidden intruder files
o Staying current with software releases
o Standard accounting files
o NFS configuration
System administration - offensive strategies
o COPS
o /bin/passwd replacement programs
o TCP/IP packet filtering
o TCP/IP daemon wrapper programs
o Security in programming
Site-specific security policies
o Maintaining good security at your site
o Providing guidance to users
o Handling incidents in an effective
orderly fashion
o Reviewing Site Security Policy Hand
book (RFC 1244)
Incident handling
o What to do if your site is broken into?
*************
TECHNICAL PROGRAM
TUESDAY, SEPTEMBER 15
8:30 - 8:45 Opening Remarks
8:45 - 10.15 Keynote Address:
The Justice Department's Computer Crime Initiative
10:35 - 12:05 WAR STORIES
There Be Dragons
Steve Bellovin, AT&T Bell Laboratories
The Greatest Cracker-Case in Denmark: The Detecting, Tracing, and
Arresting of Two International Crackers
Joergen Bo Madsen, The Danish Computing Center for Research
and Education
Experiences of Internet Security in Italy
Alessandro Berni, Paolo Franchi, Joy Marino, University of Genova
1:30 - 3:00 TCP/IP NETWORK SECURITY
An Internet Gatekeeper
Herve Schauer, Christophe Wolfhugel, Herve Schauer Consultants
Network (In)Security Through IP Packet Filtering
D. Brent Chapman, Great Circle Associates
SOCKS
David Koblas, Independent Consultant
Michelle R. Koblas, Computer Sciences Corporation
3:20 - 5:20 TOOLS 1
TCP WRAPPER, a Tool for Network Monitoring, Access Control and
for Setting up Booby Traps
Wietse Venema, Eindhoven University of Technology
Restricting Network Access to System Daemons Under SunOS
William LeFebvre, Northwestern University
Centralized System Monitoring with Swatch
Stephen E. Hansen, E. Todd Atkins, Stanford University
Security Aspects of a UNIX PEM Implementation
James M. Galvin, David M. Balenson, Trusted Information Systems, Inc.
WEDNESDAY, SEPTEMBER 16
9:00 - 10:30 TOOLS 2
Introduction to the Shadow Password Suite
John F. Haugh, II, Locus Computing Corporation
Giving Customers the Tools to Protect Themselves
Shabbir J. Safdar, Purdue University
ESSENSE: A Knowledge Based Security Monitor
Linda Baillie, Gary W. Hoglund, Lisa Jansen, Eduardo M. Valcarce,
Digital Equipment Corporation
10:50 - 12:20 TOOLS 2 (Continued)
Anatomy of a Proactive Password Changer
Matt Bishop, Dartmouth College
Audit: A Policy Driven Security Checker for a Heterogeneous
Environment
Bjorn Satdeva, /sys/admin, inc.
Secure Superuser Access Via the Internet
Darrell Suggs, Clemson University
1:45 - 3:15 TRACK 1 - APPLIED RESEARCH
Specifying and Checking UNIX Security Constraints
Allan Heydon, DEC Systems Research Center; J.D. Tygar,
Carnegie Mellon University
A Secure Public Network Access Mechanism
J. David Thompson, Science Applications International Corp.
Kate Arndt, The MITRE Corp.
Network Security Via Private-Key Certificates
Don Davis, Geer/Zolot Associates, Ralph Swick, Digital
Equipment Corp.
1:45 - 3:15 TRACK 2 - MLS
POSIX 1003.6
Mike Ressler, Bellcore
Is There a C2 UNIX System in the House?
Jeremy Epstein, TRW Systems Division
Software Security for a Network Storage Service
Rena A. Haynes, Suzanne M. Kelly, Sandia National Laboratories
3:35 - 5:35 TRACK 1 - APPLIED RESEARCH (Continued)
SunOS, C2 and Kerberos - A Comparative Review
John N. Stewart, Syracuse University
Heterogeneous Intra-Domain Authentication
Bart De Decker, Els Van Herreweghen, Frank Piessens, K.U.Leuven
Observations on Reusable Password Choices
Eugene Spafford, Purdue University
POSIX Report
Mike Ressler, Bellcore
3:35 - 5:35 TRACK 2 - MLS (Continued)
Reconciling a Formal Model and a Prototype Implementation: Lessons
Learned in Implementing the ORGCON Policy
Marshall Abrams, Leonard LaPadula, Manette Lazear, Ingrid Olson,
The MITRE Corporation
UNIX Operating Services on a Multilevel Secure Machine
Bruno d'Ausbourg, CERT/ONERA France
Distributed Trusted UNIX Systems
Charisse Castagnoli, Charles Watt, SecureWare, Inc.
Standards Update
**********
Program Committee
Ed DeHart, Program Chair CERT
Matt Bishiop Dartmouth College
Bill Cheswick AT&T Bell Laboratories
Ana Maria De Alvare Silicon Graphics, Inc.
Jim Ellis CERT
Barbara Fraser CERT
Ken van Wyk CERT
**********
USENIX, the UNIX and Advanced Computing Systems professional and
technical organization, is a not-for-profit association dedicated to
* fostering innovation and communicating research and
technological developments,
* sharing ideas and experience, relevant to UNIX, UNIX-related
and advanced computing systems
* providing a forum for the exercise of critical thought and
airing of technical issues.
Founded in 1975, the Association sponsors two annual technical
conferences and frequent symposia and workshops addressing special
interest topics, such as C++, Mach, systems administration, and
security. USENIX publishes proceedings of its meetings,
a bi-monthly newsletter ;login:, a refereed technical quarterly,
Computing Systems, and is expanding its publishing role with
a book series on advanced computing systems. The Association
also actively participates in and reports on the activities of
various ANSI, IEEE and ISO standards efforts.
For membership information, please contact:
Email: off...@usenix.org
Phone: 510/528-8649
Fax: 510/548-5738
For information on hotels and registration, please contact
the USENIX Conference office.
USENIX Conference Office
22672 Lambert St., Suite 613
El Toro, CA 92630
Telephone (714) 588-8649
FAX Number (714) 588-9706
Electronic Mail Address: confere...@usenix.org
.nf
.ce 14
***********************************************************************
UNIX SECURITY SYMPOSIUM REGISTRATION FORM
***********************************************************************
REGISTRATION VIA EMAIL IS NOT ACCEPTED.
.sp
This form is provided for your convenience only and MUST be faxed
or mailed to the Conference Office.
.sp
PLEASE COMPLETE AND RETURN this form along with full payment to:
USENIX CONFERENCE
22672 Lambert St., Suite 613
El Toro, CA 92630
Telephone: (714) 588-8649
FAX: (714) 588-9706
Office hours: 8:30am - 5:00pm Pacific Time
************************************************************************
.sp
* Please type or print clearly.
* Please duplicate this form as needed.
* If you don't want the address you are providing to be used for all
future USENIX mailings, check here ____.
* If you do NOT want to appear in the attendee list check here ____.
* Is this your first USENIX Conference? ____yes ____no
* What is your affiliation:
____Academic ____Commercial ____Government
.sp
NAME: (first) _____________________ (last) ___________________________
FIRST NAME for BADGE: _______________________________________________
COMPANY OR INSTITUTION: ______________________________________________
MAILING ADDRESS: ______________________________________________________
________________________________________________________________________
CITY: __________________________ STATE: ________ COUNTRY: __________
ZIP:________ PHONE: ____________ NETWORK ADDRESS: ____________________
.ce 1
.sp
************************************************************************
TUTORIAL REGISTRATION FEE
September 14
Please check the box next to the tutorial you wish to attend.
Network Security: The Kerberos Approach [__]
Internet System Administrator's Tutorial [__]
One full-day tutorial -
Only one tutorial can be selected. $245 $___
SYMPOSIUM REGISTRATION FEES - September 15 -16, 1992
*Current Member Fee $225 $____
Non-member Fee $290 $____
Full-time Student Fee $ 75 $____
(must provide copy of student ID)
On-site registration fee applies if
postmarked after September 8. Add $50 $____
*The member rate applies to current individual members of the USENIX
Association, Sun User Group, EurOpen and AUUG. (If you wish to join
USENIX Association, please pay the non-member fee and check membership
area below.)
USENIX MEMBERSHIP
Yes, I wish to join the USENIX Association. Check here ____
$65 of your non-member workshop registration fee will be applied as
dues in full for a one-year individual membership in the USENIX Assoc.
Total Amount Enclosed $____
*********************************************************************
PRE-REGISTRATION DEADLINE: September 8, 1992: TUTORIAL & TECHNICAL
SESSIONS REGISTRATION FEES INCREASE BY $50 EACH AFTER SEPTEMBER 8, 1992!
********** PAYMENT MUST ACCOMPANY REGISTRATION FORM *****************
********** REGISTRATION VIA EMAIL IS NOT ACCEPTED ****************
*Purchase orders and vouchers are not accepted.
____ Payment enclosed. (US Dollars)
____ Charge my:____VISA____Mastercard____American Express___DinersClub
Account Number: _________________________ Exp. Date:________________
Cardholder's signature:_____________________________________________
Cardholder's name (print please): __________________________________
You may FAX your registration form if you are paying by credit card.
FAX to the USENIX Conference Office (714)588-9706. To avoid duplicate
billing, do not mail an additional copy.)
************************************************************************
CANCELLATION/ REFUND POLICY:
If you must CANCEL, all refund requests must be in writing and
postmarked no later than September 8, 1992. Cancellations cannot be
taken over the telephone.
|