ebacic@cse.dnd.ca (ebacic) (03/28/91)
PRELIMINARY AGENDA
The 1991 Third Annual Canadian
Computer Security Symposium
Hosted and Organized By
The Canadian System Security Centre
Communications Security Establishment
Government of Canada
14 May 1991 - Tutorial Sessions
15 to 17 May 1991 - Symposium
COST
Symposium Registration by 12 April 1991 $240.75 (gst included)
Symposium Registration after 12 April 1991 $321.00 ( " )
Tutorial and Symposium Registration by $347.75 ( " )
12 April 1991
TUTORIALS (The Tutorials are offered in English)
A. System Security, Ken Bauer or Joel Sachs, Arca Systems Inc.
This custom one day tutorial is an abbreviated version of Arca's three
day system and network security course based upon the U.S. "Orange
Book" and often referred to as the TCSEC and the U.S. "Red Book", the
Trusted Network Interpretation (TNI). It will cover Networking
Overview, Network Security Services, Division C - Discretionary
Protection Overview, Division B/A - Mandatory Protection Overview, TNI
Part II: Other Security Services Overview and Network Component
Evaluations Overview as well as system security mechanisms and selected
network security products.
B. Business Resumption Planning, Scott D. Ramsey, KPMG Peat Marwick
Business Resumption Planning must be addressed as an organizational
concern - not the sole responsibility of information technology. Many
contingency plans are woefully inadequate as they focus only on the
recovery of information technology capabilities. A resumption plan's
primary objective should be to support the critical business functions
required to sustain the organization during an emergency mode of
operations. Resumption plans must be designed to respond to a variety
of emergencies, and will vary in scope and complexity. Approaches can
range from maintaining critical records manually to having a fully
equipped computer centre to handle all critical applications and support
staff for months. In between are numerous alternatives, at varying
levels of expense and capabilities. In this seminar we will deal with each
major aspect of resumption plan development, including typical problems
encountered. We will discuss the design and use of information analysis
forms, plus developing a sample table of contents for a generic
resumption plan.
C. UNIX System Security, Darrell L. Steckler, HFSI
This tutorial introduces users and potential system administrators to
the security concerns of a generic UNIX system. The attendee will see
that with proper administration UNIX can be trusted to keep benign
users from stepping on each others files. A discussion of the roles
played by the users and the programmers will be included. Topics
introduced will be security auditing of the system resources, proper
management of the system files, file and directory permissions, and an
undocumented feature of modem control. The tutorial will include
discussion on what makes a secure system, user security, programmer
security, system administrator security and a summary. The
information presented in this tutorial will allow the attendee to
establish a "C-2" level of security on their UNIX system.
SESSIONS
DAY 1 - WEDNESDAY, 15 MAY 1991
A. 8:00 - 9:00 a.m. Registration
9:00 - 9:10 a.m. Symposium Introduction
9:10 - 10:00 a.m. Welcoming Remarks and Keynote Address
10:00 - 10:30 a.m. **B R E A K**
B. GOVERNMENT PROGRAMS
10:30 - 11:00 a.m. "Trusted Product Evaluation Program (TPEP)",
Gary Maxwell, Communications Security Establishment
11:00 - 11:30 a.m. "The UK IT Security Evaluation and Certification
Scheme", David W.M. Davis, Communications
Electronics Security Group (CESG), UK
11:30 - 12:00 a.m. "EDP Security in the Canadian Government - A
Historical Perspective", Grant McPhee, RCMP-SEIT
(Security Evaluation and Inspection Team)
12:00 - 1:30 p.m. **L U N C H**
C. COMPUTER SECURITY AND THE LAW
1:30 - 2:00 p.m. "Legal Aspects of Systems Security",
Carol Bernstein, IBM Corporation, USA
2:00 - 2:30 p.m. "The RCMP's Experience in Criminal Investigations
Involving Computers", Ian Ross, RCMP-SEIT (Security
Evaluation and Inspection Team)
D. ACCREDITATION
2:30 - 3:00 p.m. "The Accreditor's Toolbox",
Horace B. Peele, Electronic Security Command, USA
3:00 - 3:30 p.m. **B R E A K**
3:30 - 4:00 p.m. Panel on Accreditation,
Horace Peele, Treasury Board Secretariat, RCMP,
Department of National Defence
E. POLICY AND MANAGEMENT ISSUES
4:00 - 4:30 p.m. "Strategies For Advancement of Responsible Computing",
Steen B. Frandsen, Info-Quest Corporation
4:30 - 5:00 p.m. "Control of End-User Computing - Out of Control?",
Gary Voellmecke, The Coopers and Lybrand Group
DAY 2 - THURSDAY, 16 MAY 1991
F. IDENTIFICATION AND AUTHENTICATION
8:30 - 9:00 a.m. "Identification and Authentication - Unified Password
Generation", Ed G. Amoroso, AT & T Bell Laboratories
9:00 - 9:30 a.m. "Making the Case for Digital Signatures",
Luke O'Connor, University of Waterloo
Brian R. Bawden, Osler Hoskin & Harcourt
9:30 - 10:00 a.m. "Do You Know Who Is In Your System",
Aubrey Osborne, RCMP-SEIT (Security Evaluation and
Inspection Team)
10:00 - 10:30 a.m. **B R E A K**
G. SYSTEM APPROACH TO SECURITY
10:30 - 11:00 a.m. "Secure Systems Evaluation Methodology and Market
Driven Evaluations", Peter Callaway, IBM Corporation
11:00 - 11:30 a.m. "Secure System Integrator: An Honorable Profession",
Virgil L. Gibson, Grumman Data Systems, USA
11:30 - 12:00 a.m. "An Electronic Approval and Routing Mechanism for the
AECL-RC Information Warehouse", Rainer Kossman,
Atomic Energy of Canada Ltd. Research (AECL)
12:00 - 1:30 p.m. **L U N C H**
H. CRITERIA
1:30 - 2:00 p.m. "Availability",
Carrie Liddy, Peat Marwick Stevenson & Kellogg
2:00 - 2:30 p.m. "Conformance Testing and Evaluation of Secure Systems:
Standardization of Civilian Practices",
Brad Tipler, Software Kinetics Ltd.
2:30 - 3:00 p.m. "A Proposal For Availability Criteria",
Eugen Bacic and Milan Kuchta, CSE
3:00 - 3:30 p.m. **B R E A K**
I. ASSURANCE TECHNIQUES
3:30 - 4:00 p.m. "Formal Verification Techniques for a Network Security
Device", Hicham N. Adra and William
Sandberg-Maitland, The CGI Group
4:00 - 4:30 p.m. "A Support Environment for the Software Development
of Trusted Software", Peter Robert Daniel,
GEC-Plessey Crypto, UK
4:30 - 5:00 p.m. "Security Testing as an Assurance Mechanism",
Susan H. Walter, Grumman Data Systems, USA
DAY 3 - FRIDAY, 17 MAY 1991
J. NETWORK SECURITY
8:30 - 9:00 a.m. "Public-Key Cryptography in OSI Standards",
Warwick Ford and Brian O'Higgins, Bell-Northern
Research Ltd.
9:00 - 9:30 a.m. "Security for OSI Networks",
Paul A. Lambert, Motorola Government Electronics
Group, USA
9:30 - 10:00 a.m. "The Network Management Audit",
Gordon McKay, Peat Marwick Stevenson & Kellogg
10:00 - 10:30 a.m. **B R E A K**
K. VIRUSES
10:30 - 11:00 a.m. "Computer Viruses and The American Business:
Managing the Virus Threat", Peter S. Tippett,
Certus International Corporation, USA
11:00 - 11:30 a.m. "Should the Canadian Forces Prepare Against the Threat
of Computer Viruses", J.Y. Richard Viger,
Department of National Defence, NDHQ
11:30 - 1:00 p.m. **L U N C H**
L. RISK MANAGEMENT
1:00 - 1:30 p.m. "Insuring Survival",
Roy L. Reese, Jr., US Social Security Administration
1:30 - 2:00 p.m. "Using a Risk Model in The Canadian Government",
Mark W.L. Dennison, John P. Clayton, Kal C. Toth,
CGI Group
M. SECURITY ARCHITECTURE
2:00 - 2:30 p.m. "Trusting Untrusted Software to Run Multi-Level
Secure; Storage Block Labeling for MLS Enforcement",
Carlin Covey, Motorola Government Electronics Group
2:30 - 3:00 p.m. "Behavioral Security and System Composibility",
Ping Lin, IBM Canada Laboratory, and E. Stewart Lee,
University of Toronto
3:00 - 3:15 p.m. S Y M P O S I U M C L O S E
SYMPOSIUM INFORMATION/INQUIRIES
Enquiries about the Symposium content should be addressed to the
Program Chairman, Robert Verrett, at the Canadian System Security
Centre, Tel: (613) 991-7407, FAX: (613) 991-7500, EMAIL: "verrett@ncs.dnd.ca".
Enquiries about the Tutorial content should be addressed to T.E. (Ted)
Elliott, Tutorial Coordinator, at the Canadian System Security Centre,
Tel: (613) 991-7407, FAX: (613) 991-7500, EMAIL: "elliot@ncs.dnd.ca".
Administrative matters related to the Tutorials and Symposium, as well
as registration enquiries, should be addressed to Karen Lowther,
Symposium and Tutorial Administrator, Canadian System Security Centre,
Communications Security Establishment, P.O. Box 9703, Terminal,
Ottawa, Ontario K1G 3Z4 or by calling (613) 991-7513 and
by FAX (613) 991-7500.
HOTEL RESERVATION
To register for your accommodations, please make arrangements directly with the
hotel of your choice NO LATER THAN 12 APRIL 1991. We have reserved a
block of rooms on a first-come, first-served basis. After that date,
we cannot guarantee the availability of rooms nor the special group rates.
Be sure to mention "The Third Annual Canadian Computer Security
Symposium". Lodging will be paid for by the participant directly to the
hotel. A pull-out hotel reservation form is found at the centre of this
booklet.
HOTEL COSTS
Blocks of rooms have been reserved for Symposium attendees at a number
of hotels near the Congress Centre, at special rates. The hotels, listed
in order of their proximity to the Congress Centre, and their daily
room rates, are as follows:
Single Double Phone Fax
The Westin Hotel $136 $136 (613) 560-7000 (613) 234-5396
Novotel Ottawa $ 95 $ 95 (613) 230-3033 (613) 230-7865
Lord Elgin Hotel $ 85 $ 93 (613) 235-3333 (613) 235-3223
Journey's End $ 75 $ 75 (613) 563-7511 (613) 563-2434
FURTHER INFORMATION/REGISTRATION PACKAGES
Dorina Graves (991-7407) or Karen Lowther (991-7513)
Communications Security Establishment
2323 Riverside Drive
Billings Bridge Plaza, 4th Floor Office Tower
Ottawa, Ontario K1H 8L5
Fax: (613) 991-7500
--
=========================== MODERATOR ==============================
Steve Stevenson {steve,fpst}@hubcap.clemson.edu
Department of Computer Science, comp.parallel
Clemson University, Clemson, SC 29634-1906 (803)656-5880.mabell