[comp.org.usenix] SECOND SECURITY WORKSHOP PROCEEDINGS AVAILABLE

andrea@usenix.ORG (Andrea Galleni) (09/05/90)

WORKSHOP PROCEEDINGS NOW AVAILABLE

If you couldn't join us in Portland, the proceedings from the
Second Security Workshop are now available for $13 to USENIX members
and $16 to non-members (add $7 for foreign postage).
You can place an order by phone or email using your VISA/MC.  
Telephone:  415-528-8649  Email: office@usenix.org

Above price includes domestic shipping and handling charges.

You can also mail a check or purchase order to:

USENIX Association 
2560 Ninth St., Suite 215 
Berkeley CA 94710

			The USENIX Association Staff 
 
---------------------------------------------------------------
TABLE OF CONTENTS



S E C O N D   S E C U R I T Y   W O R K S H O P   P R O G R A M

M O N D A Y,   A U G U S T   2 7

9:00 - 10:30	AUTHENTICATION 

		The MITRE User Authentication System
		 David Goldberg, MITRE
		A Survey of, and Improvements to, Password Security
	 	 Daniel Klein, Software Engineering Institute, CMU
		An Extensible Password Changing Program
		 Matt Bishop, Dartmouth College
		Password Security in a Large Distributed Environment
	 	 Michele Crabb, NASA Ames Research Center

10:30 - 11:00	BREAK

11:00 - 12:00	POTPOURRI I

		An Automatic Policy Checker for Controlling Undesirable 
		Program Behaviors
		 Maria King, UCLA Computer Science Department
		Generic Security Service Application Program Interface
	 	 John Linn, Digital Equipment Corporation
		An Expert Systems Approach to Security Inspection of UNIX
	 	 Joseph Kuras, Digital Equipment Corporation 

12:00 -  1:30	LUNCH

 1:30 -  2:30	SECURE SYSTEMS AND TOOLS	

		A Survey of Secure UNIX Operating Systems
	 	Raymond Wong, Oracle Corporation
		Roles for Users and Privileges for System Processes:
		High Trust Mechanisms for Low Trust Systems	
	 	 David Gill, MITRE
		Beyond Bell-LaPadula: A Security Model for Real Applications
	 	 Pat Bahn, GTE

  2:30 -  3:00	BREAK

  3:00 -  5:00	ACCESS CONTROL	

		Building Generalized Access Control on UNIX
	 	 Marshall D. Abrams, Leonard J. LaPadula, Ingrid M. Olson, MITRE
		An Access Control List Approach to Anti-Viral Security
	 	 David Wichers, ARCA Systems; Douglas Cook,
		 Ronald Olsson, John Crossley, Paul Kerchen,
		 Karl Levitt, Raymond Lo, Univ ersity of CA - Davis
		Frozen Files
	 	 Frank Kardel, Friedrich Alexander University
		Extended Access Controls in UNIX System V:  ACLs and Context
		 Hermann Strack, University of Karlsruhe
		PANEL and discussion on access control
		 Marshall D. Abrams, MITRE; Dr. David A. Gomberg, MITRE;
		 Charles W. Flink II, AT&T Bell Laboratories

T U E S D A Y,   A U G U S T   2 8

  9:00 - 10:30	AUTHENTICATION II

		How Crackers Crack Passwords
		 Ana Maria De Alvare, Lawrence Livermore Laboratory
		Experiences with Kerberos
		 Steven Lunt, Bellcore
		Public-Key-based Authentication Using Internet Certificates
		 Joe Tardo, Kannan Alagappan, Richard Pitkin,
		 Digital Equipment Corporation
		PANEL and discussion on authentication
		 Kannan Alagappan, Digital Equipment Corporation 
		 Ana Maria de Alvare, Lawrence Livermore Laboratory
		 Daniel V. Klein, Software Engineering Institute, CMU  
		 B. Clifford Neuman, University of Washington

10:30 - 11:00	BREAK

11:00 - 12:00	SECURITY CONSIDERATIONS AND THE ENVIRONMENT

		System Design and Verification for Secure Applications Under UNIX
	 	 Richard Neely, Ford Aerospace
		Security Considerations of Going to a UNIX Based Supercomputer
		Operating System
	 	 Gary Christoph, Los Alamos National Laboratory
		Perspectives and Solutions for Increasing Security in UNIX System Administration
		 Bjorn Satdeva, /sys/admin, inc.

12:00 -  1:30	LUNCH

 1:30 -  3:15  	NETWORKED SYSTEMS

		Networked UNIX Without the Superuser
	 	 Mark Carson, Janet Cugini, Sohail Malik,
		 Mythili Kannan, Wen-Der Jiang, IBM
		Hardening Anonymous FTP
	 	Jeffrey Roth, Defense Logistics Agency
		Gateway Security Measures
	  	Jerry Carlin, Pacific Bell
		Communicating Vulnerabilities: Perils and Pitfalls
		 David S. Brown and E. Eugene Schultz Jr., Lawrence
		 Livermore National Laboratory
		PANEL and discussion on network security
		 David S. Brown, Lawrence Livermore National Labs;
		 Jerry Carlin, Pacific Bell; Jeffrey Roth, Defense
		 Logistics Agency

 3:15 -  3:45	BREAK

 3:45 -  5:00  	POTPOURRI II	

		Security Breaches: Five Recent Incidents at Columbia University
	 	 Fuat Baran, Howard Kaye, Margarita Suarez, Columbia University
		PANEL and discussion on security in large installations
		 Gary Christoph, Los Alamos National Laboratory
		  James Ellis, Pittsburgh Supercomputing Center
		  Robert Van Cleef, NASA Ames Research Center

Program Chair

Matt Bishop
Dept. of Mathematics and Computer Science
Bradley Hall
Dartmouth College
Hanover, NH 03755