Internet Society Frontpage

Events Membership
About the Internet Standards
Publications  Public Policy
About ISOC Education


NDSS Symposium 2000

NDSS 2000 3-4 February 2000 Dan Diego, California, USA

Network and Distributed System Security Symposium
Catamaran Resort Hotel
San Diego, California

2 February 2000 - Technical Tutorials
3-4 February 2000 - Symposium

Pre-Conference Technical Tutorials

(additional fee required)

NDSS 2000 includes six highly focused technical tutorials (four half-day and two full-day) conducted by security experts. Chock full of in-depth, practical information on current and emerging security technologies, these tutorials compliment the NDSS 2000 technical program and can be an important part of your professional development. They will give you a greater understanding of theories, practices, real-world applications, and critical issues involved in securing the Internet. Whatever your level of expertise, there is a course to help shorten your learning curve. You will leave with new ideas, options, and plans to help you succeed in your job. Our line-up of outstanding tutorials is intended for management, technical staff, network managers, and administrators. Select the ones that are right for you and sign up today!

Tutorial Schedule
Wednesday, February 2, 2000

9:00am - 5:00pm

9:00am - 12:30pm

1:30pm - 5:00pm

Tutorial #1: Network Security Protocol Standards
Instructor: Dr. Stephen Kent

This tutorial is an advanced course, a logical successor to the introductory material presented by the instructor at NDSS '98 and '99.

In this tutorial, the instructor analyzes security issues in the Internet environment, via examination of cryptographic-based, standard security protocols. The tutorial begins with a very brief review of network security concerns, terminology, and an analysis of security protocol layering issues. It then examines the topic of cryptographic key management, emphasizing public key technology and public-key certificate standards (specifically X.509 v3). Three major IETF security protocols are examined in detail: IPsec, TLS (SSL), and S/MIME.

Dr. Stephen Kent is the Chief Technical Officer for CyberTrust and Chief Scientist- Information Security of BBN Technologies (both part of GTE), where he has been engaged in network security R&D for over twenty years. He served on the Internet Architecture Board (IAB) for 10 years and on the board of directors for the International Association for Cryptologic Research (IACR) for seven years. He chaired the Privacy and Security Research Group in the Internet Research Task Force (IRTF) and co-chairs the PKIX Working Group in the Internet Engineering Task Force (IETF). He chaired the ACM Special Panel on Cryptography and Public Policy, served on the U.S. Presidential SKIPJACK review Panel, and chairs a technical advisory committee on key recovery for the Secretary of Commerce. He has served as a panel member, invited speaker, and on program committees for many security conferences and has authored numerous technical articles and two book chapters. Dr. Kent received a masters and a PhD in computer science from MIT, and is a fellow of the ACM.

Tutorial #2: Deployed and Emerging Security Systems for the Internet
Instructors: Dr. Radia Perlman & Mr. Charlie Kaufman

Who are you, and should you be doing that? These are the basic questions that a system connected to a network should be pondering. Network security protocols help to answer these in a secure way. This workshop gives an overview of how such protocols work, including the basics of cryptography, key distribution, and protocol design pitfalls. Armed with the theory, we then give an overview of many of the standards and commercially deployed systems, including X.509, PKIX, Kerberos, IPSEC, SSL/TLS, SSH, S/MIME, PGP, NT, Lotus Notes, and NetWare. Although this tutorial is technically deep, the only prerequisites are intellectual curiosity and a good night's sleep in the recent past.

Dr. Radia Perlman is a Distinguished Engineer at Sun Microsystems. She is known for her contributions to bridging (spanning tree algorithm) and routing (making link state routing practical and robust) as well as security (sabotage-proof networks). Radia is the author of the textbook "Interconnections: Bridges and Routers". She has a PhD in computer science from MIT. She was recently featured as one of the 25 people whose work has most influenced the industry in the 25th anniversary edition of Data Communications magazine.

Mr. Charlie Kaufman is Security Architect for Lotus Notes and Domino. He is a member of the National Research Council expert panel on Information Systems Trustworthiness. He is active in several IETF security efforts and is chair of the Web Transaction Security working group. He was previously Network Security Architect for Digital Equipment Corporation. He has lectured extensively on various aspects of computer security, and holds over twenty patents in the field.

Tutorial #3: Mobile Code Security and Java 2 Architecture
Instructor: Dr. Gary McGraw

As software applications become more distributed in order to leverage the power of the Internet, designs involving mobile code are becoming common. This trend is likely to accelerate under pressure from the embedded Internet systems market. The idea behind mobile code is actually quite simple---sending around data that can be automatically executed wherever it arrives, anywhere on the network. The problem is this: running someone else's code on your computer is a risky activity. Who is to say what the code might try to do and whether or not its activities will be malicious? This is not a new problem by any stretch of the imagination. In fact, it's really an old problem with a new twist. Nonetheless, the magnitude of the risks is impressive as anyone familiar with Melissa and ExploreZip knows. There are many well-known systems for creating and using mobile code. From a security perspective, Java clearly leads the pack. Java is especially cool since it is cross-platform, object oriented, network-savvy, and uses modern memory management. In addition, Java's designers have attempted to create a system that simultaneously ensures type safety, allows dynamic class loading, and offers policy-based fine-grained access control built on stack inspection. This tutorial uses Java as a case study of mobile code security architecture design. It covers both what works in the Java security architecture and what doesn't, including discussion of sandboxing and code-signing. We'll also briefly cover products offered by third-party vendors.

Gary McGraw, Ph.D., is Vice President of Corporate Technology at Reliable Software Technologies. He holds a dual PhD in Cognitive Science and Computer Science from Indiana University and a BA in Philosophy from the University of Virginia. Dr. McGraw is a noted authority on Java security and co-authored both "Java Security: Hostile Applets, Holes, & Antidotes" (Wiley, 1996) and "Securing Java: Getting down to business with mobile code" (Wiley, 1999), with Prof. Ed Felten of Princeton University. Along with RST co-founder and Chief Scientist Dr. Jeff Voas, McGraw wrote "Software Fault Injection: Inoculating Programs Against Errors" (Wiley, 1998). Dr. McGraw has written over fifty peer-reviewed technical publications, consults with major e-commerce vendors including Visa and the Federal Reserve, and is principal investigator on grants from DARPA and NIST's Advanced Technology Program. See his Web page at

Tutorial #4: Cryptography 101
Instructor: Dr. Aviel D. Rubin

This course will explore the basics of cryptography. How does it work? Why is it useful? And how much does it cost? We look at classical ciphers, symmetric ciphers, public key systems, hash functions, message authentication codes, key distribution, and certificates. This course will address what is and is not possible in network security, and examine the tradeoffs between security, cryptographic complexity, accountability, and cost. We approach cryptography as a tool and discuss how you can use it in protecting your existing networks. This tutorial is designed to go together with the Public Key Infrastucture tutorial, if you so desire.

Dr. Aviel D. Rubin is a Principal Technical Staff Member at AT&T Labs -Research, in the secure systems research department. He is also Adjunct Professor of Computer Science at New York University, where he teaches cryptography and computer security. He is the co-author of The Web Security Sourcebook. Avi holds a B.S., M.S.E., and Ph.D. from the University of Michigan in Ann Arbor ('89, '91, '94) in Computer Science and Engineering. He has served on several program committees for major security conferences and as the program chair for USENIX Security '98, USENIX Technical '99, and ISOC NDSS 2000. His URL is

Tutorial #6: An Introduction to Intrusion Detection Technology
Instructor: Mr. Mark Wood

This tutorial will introduce attendees to the current state of intrusion detection technology. Signature-based and anomaly detection-based approaches will be compared (e.g., how each one works, strengths and weaknesses of each, applicability to today's networks). You will gain an understanding of network-based, host-based, and application-based products, along with their strengths and weaknesses. We will address what intrusion detection systems can and cannot do today, and we will identify the major technical, operational, and business challenges facing this technology in the future. We will also discuss several interesting intrusion detection research possibilities.

In his role at Internet Security Systems (ISS), Mark Wood is responsible for the overall vision and management of ISS' intrusion detection product line, RealSecure. In particular, he has been specifically focused for the last two years on the ongoing and rapid evolution of the technology including the development of a new server sensor and continued enhancements to ISS' existing network and host based threat management technologies. Mark has been involved in shaping critical industry standardization efforts through his role as Requirements Editor for The Internet Engineering Task Force's Intrusion Detection Working Group. He is also a key member of the ICSA Intrusion Detection Consortium focused on shaping the future of the intrusion detection market. Mark holds a B.S. in Computer Science from Duke University and a M.S. in Computer Science from Georgia Institute of Technology.