ebacic@cse.dnd.ca (ebacic) (03/28/91)
PRELIMINARY AGENDA The 1991 Third Annual Canadian Computer Security Symposium Hosted and Organized By The Canadian System Security Centre Communications Security Establishment Government of Canada 14 May 1991 - Tutorial Sessions 15 to 17 May 1991 - Symposium COST Symposium Registration by 12 April 1991 $240.75 (gst included) Symposium Registration after 12 April 1991 $321.00 ( " ) Tutorial and Symposium Registration by $347.75 ( " ) 12 April 1991 TUTORIALS (The Tutorials are offered in English) A. System Security, Ken Bauer or Joel Sachs, Arca Systems Inc. This custom one day tutorial is an abbreviated version of Arca's three day system and network security course based upon the U.S. "Orange Book" and often referred to as the TCSEC and the U.S. "Red Book", the Trusted Network Interpretation (TNI). It will cover Networking Overview, Network Security Services, Division C - Discretionary Protection Overview, Division B/A - Mandatory Protection Overview, TNI Part II: Other Security Services Overview and Network Component Evaluations Overview as well as system security mechanisms and selected network security products. B. Business Resumption Planning, Scott D. Ramsey, KPMG Peat Marwick Business Resumption Planning must be addressed as an organizational concern - not the sole responsibility of information technology. Many contingency plans are woefully inadequate as they focus only on the recovery of information technology capabilities. A resumption plan's primary objective should be to support the critical business functions required to sustain the organization during an emergency mode of operations. Resumption plans must be designed to respond to a variety of emergencies, and will vary in scope and complexity. Approaches can range from maintaining critical records manually to having a fully equipped computer centre to handle all critical applications and support staff for months. In between are numerous alternatives, at varying levels of expense and capabilities. In this seminar we will deal with each major aspect of resumption plan development, including typical problems encountered. We will discuss the design and use of information analysis forms, plus developing a sample table of contents for a generic resumption plan. C. UNIX System Security, Darrell L. Steckler, HFSI This tutorial introduces users and potential system administrators to the security concerns of a generic UNIX system. The attendee will see that with proper administration UNIX can be trusted to keep benign users from stepping on each others files. A discussion of the roles played by the users and the programmers will be included. Topics introduced will be security auditing of the system resources, proper management of the system files, file and directory permissions, and an undocumented feature of modem control. The tutorial will include discussion on what makes a secure system, user security, programmer security, system administrator security and a summary. The information presented in this tutorial will allow the attendee to establish a "C-2" level of security on their UNIX system. SESSIONS DAY 1 - WEDNESDAY, 15 MAY 1991 A. 8:00 - 9:00 a.m. Registration 9:00 - 9:10 a.m. Symposium Introduction 9:10 - 10:00 a.m. Welcoming Remarks and Keynote Address 10:00 - 10:30 a.m. **B R E A K** B. GOVERNMENT PROGRAMS 10:30 - 11:00 a.m. "Trusted Product Evaluation Program (TPEP)", Gary Maxwell, Communications Security Establishment 11:00 - 11:30 a.m. "The UK IT Security Evaluation and Certification Scheme", David W.M. Davis, Communications Electronics Security Group (CESG), UK 11:30 - 12:00 a.m. "EDP Security in the Canadian Government - A Historical Perspective", Grant McPhee, RCMP-SEIT (Security Evaluation and Inspection Team) 12:00 - 1:30 p.m. **L U N C H** C. COMPUTER SECURITY AND THE LAW 1:30 - 2:00 p.m. "Legal Aspects of Systems Security", Carol Bernstein, IBM Corporation, USA 2:00 - 2:30 p.m. "The RCMP's Experience in Criminal Investigations Involving Computers", Ian Ross, RCMP-SEIT (Security Evaluation and Inspection Team) D. ACCREDITATION 2:30 - 3:00 p.m. "The Accreditor's Toolbox", Horace B. Peele, Electronic Security Command, USA 3:00 - 3:30 p.m. **B R E A K** 3:30 - 4:00 p.m. Panel on Accreditation, Horace Peele, Treasury Board Secretariat, RCMP, Department of National Defence E. POLICY AND MANAGEMENT ISSUES 4:00 - 4:30 p.m. "Strategies For Advancement of Responsible Computing", Steen B. Frandsen, Info-Quest Corporation 4:30 - 5:00 p.m. "Control of End-User Computing - Out of Control?", Gary Voellmecke, The Coopers and Lybrand Group DAY 2 - THURSDAY, 16 MAY 1991 F. IDENTIFICATION AND AUTHENTICATION 8:30 - 9:00 a.m. "Identification and Authentication - Unified Password Generation", Ed G. Amoroso, AT & T Bell Laboratories 9:00 - 9:30 a.m. "Making the Case for Digital Signatures", Luke O'Connor, University of Waterloo Brian R. Bawden, Osler Hoskin & Harcourt 9:30 - 10:00 a.m. "Do You Know Who Is In Your System", Aubrey Osborne, RCMP-SEIT (Security Evaluation and Inspection Team) 10:00 - 10:30 a.m. **B R E A K** G. SYSTEM APPROACH TO SECURITY 10:30 - 11:00 a.m. "Secure Systems Evaluation Methodology and Market Driven Evaluations", Peter Callaway, IBM Corporation 11:00 - 11:30 a.m. "Secure System Integrator: An Honorable Profession", Virgil L. Gibson, Grumman Data Systems, USA 11:30 - 12:00 a.m. "An Electronic Approval and Routing Mechanism for the AECL-RC Information Warehouse", Rainer Kossman, Atomic Energy of Canada Ltd. Research (AECL) 12:00 - 1:30 p.m. **L U N C H** H. CRITERIA 1:30 - 2:00 p.m. "Availability", Carrie Liddy, Peat Marwick Stevenson & Kellogg 2:00 - 2:30 p.m. "Conformance Testing and Evaluation of Secure Systems: Standardization of Civilian Practices", Brad Tipler, Software Kinetics Ltd. 2:30 - 3:00 p.m. "A Proposal For Availability Criteria", Eugen Bacic and Milan Kuchta, CSE 3:00 - 3:30 p.m. **B R E A K** I. ASSURANCE TECHNIQUES 3:30 - 4:00 p.m. "Formal Verification Techniques for a Network Security Device", Hicham N. Adra and William Sandberg-Maitland, The CGI Group 4:00 - 4:30 p.m. "A Support Environment for the Software Development of Trusted Software", Peter Robert Daniel, GEC-Plessey Crypto, UK 4:30 - 5:00 p.m. "Security Testing as an Assurance Mechanism", Susan H. Walter, Grumman Data Systems, USA DAY 3 - FRIDAY, 17 MAY 1991 J. NETWORK SECURITY 8:30 - 9:00 a.m. "Public-Key Cryptography in OSI Standards", Warwick Ford and Brian O'Higgins, Bell-Northern Research Ltd. 9:00 - 9:30 a.m. "Security for OSI Networks", Paul A. Lambert, Motorola Government Electronics Group, USA 9:30 - 10:00 a.m. "The Network Management Audit", Gordon McKay, Peat Marwick Stevenson & Kellogg 10:00 - 10:30 a.m. **B R E A K** K. VIRUSES 10:30 - 11:00 a.m. "Computer Viruses and The American Business: Managing the Virus Threat", Peter S. Tippett, Certus International Corporation, USA 11:00 - 11:30 a.m. "Should the Canadian Forces Prepare Against the Threat of Computer Viruses", J.Y. Richard Viger, Department of National Defence, NDHQ 11:30 - 1:00 p.m. **L U N C H** L. RISK MANAGEMENT 1:00 - 1:30 p.m. "Insuring Survival", Roy L. Reese, Jr., US Social Security Administration 1:30 - 2:00 p.m. "Using a Risk Model in The Canadian Government", Mark W.L. Dennison, John P. Clayton, Kal C. Toth, CGI Group M. SECURITY ARCHITECTURE 2:00 - 2:30 p.m. "Trusting Untrusted Software to Run Multi-Level Secure; Storage Block Labeling for MLS Enforcement", Carlin Covey, Motorola Government Electronics Group 2:30 - 3:00 p.m. "Behavioral Security and System Composibility", Ping Lin, IBM Canada Laboratory, and E. Stewart Lee, University of Toronto 3:00 - 3:15 p.m. S Y M P O S I U M C L O S E SYMPOSIUM INFORMATION/INQUIRIES Enquiries about the Symposium content should be addressed to the Program Chairman, Robert Verrett, at the Canadian System Security Centre, Tel: (613) 991-7407, FAX: (613) 991-7500, EMAIL: "verrett@ncs.dnd.ca". Enquiries about the Tutorial content should be addressed to T.E. (Ted) Elliott, Tutorial Coordinator, at the Canadian System Security Centre, Tel: (613) 991-7407, FAX: (613) 991-7500, EMAIL: "elliot@ncs.dnd.ca". Administrative matters related to the Tutorials and Symposium, as well as registration enquiries, should be addressed to Karen Lowther, Symposium and Tutorial Administrator, Canadian System Security Centre, Communications Security Establishment, P.O. Box 9703, Terminal, Ottawa, Ontario K1G 3Z4 or by calling (613) 991-7513 and by FAX (613) 991-7500. HOTEL RESERVATION To register for your accommodations, please make arrangements directly with the hotel of your choice NO LATER THAN 12 APRIL 1991. We have reserved a block of rooms on a first-come, first-served basis. After that date, we cannot guarantee the availability of rooms nor the special group rates. Be sure to mention "The Third Annual Canadian Computer Security Symposium". Lodging will be paid for by the participant directly to the hotel. A pull-out hotel reservation form is found at the centre of this booklet. HOTEL COSTS Blocks of rooms have been reserved for Symposium attendees at a number of hotels near the Congress Centre, at special rates. The hotels, listed in order of their proximity to the Congress Centre, and their daily room rates, are as follows: Single Double Phone Fax The Westin Hotel $136 $136 (613) 560-7000 (613) 234-5396 Novotel Ottawa $ 95 $ 95 (613) 230-3033 (613) 230-7865 Lord Elgin Hotel $ 85 $ 93 (613) 235-3333 (613) 235-3223 Journey's End $ 75 $ 75 (613) 563-7511 (613) 563-2434 FURTHER INFORMATION/REGISTRATION PACKAGES Dorina Graves (991-7407) or Karen Lowther (991-7513) Communications Security Establishment 2323 Riverside Drive Billings Bridge Plaza, 4th Floor Office Tower Ottawa, Ontario K1H 8L5 Fax: (613) 991-7500 -- =========================== MODERATOR ============================== Steve Stevenson {steve,fpst}@hubcap.clemson.edu Department of Computer Science, comp.parallel Clemson University, Clemson, SC 29634-1906 (803)656-5880.mabell