andrea@usenix.ORG (Andrea Galleni) (09/05/90)
WORKSHOP PROCEEDINGS NOW AVAILABLE If you couldn't join us in Portland, the proceedings from the Second Security Workshop are now available for $13 to USENIX members and $16 to non-members (add $7 for foreign postage). You can place an order by phone or email using your VISA/MC. Telephone: 415-528-8649 Email: office@usenix.org Above price includes domestic shipping and handling charges. You can also mail a check or purchase order to: USENIX Association 2560 Ninth St., Suite 215 Berkeley CA 94710 The USENIX Association Staff --------------------------------------------------------------- TABLE OF CONTENTS S E C O N D S E C U R I T Y W O R K S H O P P R O G R A M M O N D A Y, A U G U S T 2 7 9:00 - 10:30 AUTHENTICATION The MITRE User Authentication System David Goldberg, MITRE A Survey of, and Improvements to, Password Security Daniel Klein, Software Engineering Institute, CMU An Extensible Password Changing Program Matt Bishop, Dartmouth College Password Security in a Large Distributed Environment Michele Crabb, NASA Ames Research Center 10:30 - 11:00 BREAK 11:00 - 12:00 POTPOURRI I An Automatic Policy Checker for Controlling Undesirable Program Behaviors Maria King, UCLA Computer Science Department Generic Security Service Application Program Interface John Linn, Digital Equipment Corporation An Expert Systems Approach to Security Inspection of UNIX Joseph Kuras, Digital Equipment Corporation 12:00 - 1:30 LUNCH 1:30 - 2:30 SECURE SYSTEMS AND TOOLS A Survey of Secure UNIX Operating Systems Raymond Wong, Oracle Corporation Roles for Users and Privileges for System Processes: High Trust Mechanisms for Low Trust Systems David Gill, MITRE Beyond Bell-LaPadula: A Security Model for Real Applications Pat Bahn, GTE 2:30 - 3:00 BREAK 3:00 - 5:00 ACCESS CONTROL Building Generalized Access Control on UNIX Marshall D. Abrams, Leonard J. LaPadula, Ingrid M. Olson, MITRE An Access Control List Approach to Anti-Viral Security David Wichers, ARCA Systems; Douglas Cook, Ronald Olsson, John Crossley, Paul Kerchen, Karl Levitt, Raymond Lo, Univ ersity of CA - Davis Frozen Files Frank Kardel, Friedrich Alexander University Extended Access Controls in UNIX System V: ACLs and Context Hermann Strack, University of Karlsruhe PANEL and discussion on access control Marshall D. Abrams, MITRE; Dr. David A. Gomberg, MITRE; Charles W. Flink II, AT&T Bell Laboratories T U E S D A Y, A U G U S T 2 8 9:00 - 10:30 AUTHENTICATION II How Crackers Crack Passwords Ana Maria De Alvare, Lawrence Livermore Laboratory Experiences with Kerberos Steven Lunt, Bellcore Public-Key-based Authentication Using Internet Certificates Joe Tardo, Kannan Alagappan, Richard Pitkin, Digital Equipment Corporation PANEL and discussion on authentication Kannan Alagappan, Digital Equipment Corporation Ana Maria de Alvare, Lawrence Livermore Laboratory Daniel V. Klein, Software Engineering Institute, CMU B. Clifford Neuman, University of Washington 10:30 - 11:00 BREAK 11:00 - 12:00 SECURITY CONSIDERATIONS AND THE ENVIRONMENT System Design and Verification for Secure Applications Under UNIX Richard Neely, Ford Aerospace Security Considerations of Going to a UNIX Based Supercomputer Operating System Gary Christoph, Los Alamos National Laboratory Perspectives and Solutions for Increasing Security in UNIX System Administration Bjorn Satdeva, /sys/admin, inc. 12:00 - 1:30 LUNCH 1:30 - 3:15 NETWORKED SYSTEMS Networked UNIX Without the Superuser Mark Carson, Janet Cugini, Sohail Malik, Mythili Kannan, Wen-Der Jiang, IBM Hardening Anonymous FTP Jeffrey Roth, Defense Logistics Agency Gateway Security Measures Jerry Carlin, Pacific Bell Communicating Vulnerabilities: Perils and Pitfalls David S. Brown and E. Eugene Schultz Jr., Lawrence Livermore National Laboratory PANEL and discussion on network security David S. Brown, Lawrence Livermore National Labs; Jerry Carlin, Pacific Bell; Jeffrey Roth, Defense Logistics Agency 3:15 - 3:45 BREAK 3:45 - 5:00 POTPOURRI II Security Breaches: Five Recent Incidents at Columbia University Fuat Baran, Howard Kaye, Margarita Suarez, Columbia University PANEL and discussion on security in large installations Gary Christoph, Los Alamos National Laboratory James Ellis, Pittsburgh Supercomputing Center Robert Van Cleef, NASA Ames Research Center Program Chair Matt Bishop Dept. of Mathematics and Computer Science Bradley Hall Dartmouth College Hanover, NH 03755