1997 Symposium on
Network and Distributed Systems Security
(NDSS'97)
Hypermedia Proceedings, Slides, and Summary Report
Copyright © 1997 Institute of Electrical and Electronics Engineers. Reprinted from The Proceedings of the 1997 Symposium on Network and Distributed Systems Security.This material is posted here with permission of the IEEE. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by sending a blank email message to info.pub.permission@ieee.org
By choosing to view this document, you agree to all provisions of the copyright laws protecting it.
General Chair's Message
Program Chairs' Message
Organizing Committee
Program Committee
Privacy and Security Research Group
Author Index
Paper/Panel Index
Session 1: Things That Go Bump In The Net
Chair: Stephen T. Kent - BBN Corporation
Session 2: Panel - Security Of Downloadable Executable Content
Chair: Aviel D. Rubin - Bellcore (abstract, slides)
Session 3: Protocol Implementation And Analysis
Chair: Christoph Schuba - Purdue University
Session 4: Panel - Security Of The Internet Infrastructure
Chair: Russ Mundy - Trusted Information Systems (abstract, slides)
Session 5: Routing Security
Chair: Hilarie Orman - DARPA/ITO
Session 6: Security For The World Wide Web
Chair: Win Treese - OpenMarket, Inc.
Session 7: Public Key Management
Chair: Jonathan Trostle - CyberSafe
Session 8: Panel - Web Privacy And Anonymity
Chair: B. Clifford Neuman - USC Information Sciences Institute
(abstract, slides)
Welcome to the fourth annual Internet Society (ISOC) Symposium on Network and Distributed System Security! Each year we seek to bring together researchers, implementors, and users of network and distributed system security technologies to discuss today's important security issues and challenges. This year our Program Committee has once again done an outstanding job of selecting a mix of technical papers and panel presentations that describe promising new approaches to Internet security. As we are all aware, the use of the Internet is growing rapidly, and the the need for widespread deployment of usable and effective network and distributed system security solutions is increasing just as rapidly. I am confident that with our continued open dialog, sharing of experiences and ideas, and exploration of solutions, we can help to ensure the protection of this valuable resource.
I am grateful to the Internet Society for sponsoring the symposium, and especially to Martin Burack, the new Executive Director, who has taken a keen interest in the symposium and worked hard to ensure its success.
Many thanks are also in order to the folks who have spent considerable time and effort organizing the symposium. Torryn Brazell and the staff at the ISOC have done an incredible job handling the registrations and many other behind-the-scenes activities. Tom Hutton has again provided wonderful local arrangements. Steve Welke has done a top-notch job assembling the hard-copy proceedings and the CD-ROM. The Progam Co-Chairs, Cliff Neuman and Matt Bishop, and the entire program committee are to be commended for their fine effort pulling together an excellent technical program. Only with the collective hard work of all these individuals are we able to make the symposium a success.
Finally, I would like to thank all the authors who submitted papers and the panelists who are participating by sharing their knowledge and experiences.
David M. Balenson
Trusted Information Systems
balenson@tis.com
At this time last year, commercial entities were coming under increasing pressure to establish a presence in cyberspace and to make their services available on-line to consumers. This pressure has continued, but several high visibility attacks on Internet systems have caused a corresponding increase in pressure to solve the security problems resulting from such applications. Today one can hardly find an article about electronic commerce that doesn't discuss security in depth.
Besides concern about securing commercial applications, there is growing concern about protecting the network infrastructure itself. A recent attack against an Internet service provider highlighted the vulnerability of the network to long-awaited denial of service attacks. Though the particular attack was a brute force attack and not facilitated by compromising any routers, the results of this attack emphasized the need to protect the network, and several projects are now underway to protect the infrastructure - and especially network routers - from compromise.
Recent trends in software distribution have also made certain attacks easier to implement. In particular, the use of two technologies, Java and ActiveX, provide an easy means for an attacker to run software on a user's machine. Efforts are underway on many fronts to provide the means to certify applets as the code originally packaged and intended to be run by the user, and to constrain the actions of untrusted code to prevent behavior detrimental to the user's interests.
Finally, privacy has become an important topic on the Internet. Web users are concerned that information about their browsing might be used for marketing and other purposes that aren't authorized. The increased prevalence of "spamming" users with undesired e-mail has heightened this concern. There are several efforts underway to develop the means to protect users from intrusions upon their privacy.
This symposium was organized to encourage the wide-scale deployment of security technologies and to promote new research that can address the currently unmet security needs of the Internet community. In selecting papers and panels for the symposium, the program committee sought materials that describe promising new approaches to security problems that are practical and, to the extent possible, have been implemented.
We hope that this symposium will have a positive impact on the state of Internet security and we encourage you, as a participant in this symposium, to use this opportunity to actively participate in the dialog. Ask questions of the speakers, raise your important issues during relevant panel sessions, and let others know of your requirements, observations, and experiences in this important area.
|
Marina del Rey, California bcn@isi.edu |
Davis, California bishop@ucdavis.edu |
||||||
General Chair
David M. Balenson
Trusted Information Systems
balenson@tis.com
Program Chairs
|
USC Information Sciences Institute bcn@isi.edu |
Matt Bishop University of California, Davis bishop@ucdavis.edu |
||||||
Publications Chair
Stephen R. Welke
Institute for Defense Analyses
welke@ida.org
Registrations Chair
Torryn Brazell
The Internet Society
brazell@isoc.org
Local Arrangements Chair
Thomas Hutton
San Diego Supercomputer Center
hutton@sdslug.org
Steering Group
Internet Research Task Force, Privacy and Security Research Group
Members
Steven M. Bellovin - AT&T Labs Research
Thomas A. Berson - Anagram Laboratories
Douglas E. Engert - Argonne National Laboratory
Warwick Ford - VeriSign
Li Gong - JavaSoft
Richard Graveman - Bellcore
Burton S. Kaliski, Jr. - RSA Laboratories
Stephen T. Kent - BBN Corporation
Tom Longstaff - Carnegie Mellon University
Douglas Maughan - National Security Agency
Danny M. Nessett - Sun Microsystems
Hilarie Orman - University of Arizona
Michael Roe - University of Cambridge
Christoph Schuba - Purdue University
Jonathan Trostle - CyberSafe
Theodore Ts'o - Massachusetts Institute of Technology
Doug Tygar - Carnegie Mellon University
Vijay Varadharajan - University of Western Sydney
Roberto Zamparo - Telia Research
External Reviewers
Catherine Meadows - Naval Research Laboratory
Robert T. Morris - Harvard University
Ola Sjögren - Telia Research
David Wagner - University of California, Berkeley
Chair
Stephen T. Kent
BBN Corporation
kent@bbn.com
PSRG Committee Members
|
Trusted Information Systems balenson@tis.com Warwick Ford Burton S. Kaliski, Jr. B. Clifford Neuman Michael Roe Jeffrey I. Schiller |
University of California, Davis bishop@cs.ucdavis.edu Russell D. Housley Danny M. Nessett Richard L. Parker II Robert Rosenthal Roberto Zamparo |
||||||
Bellovin, S.M. (Probable Plaintext Cryptanalysis ...)
Brackin, S.H. (An Interface Specification ...)
Carracedo, J. (Hierarchical Organization ...)
Chadwick, D. (Trust Models in ICE-TEL)
Chuang, J.C.-I. (Distributed Authentication ...)
Cicovic, N.K. (Trust Models in ICE-TEL)
Dole, B. (Misplaced Trust: ...)
Garcia-Luna-Aceves, J.J. (Securing Distance-Vector Routing ...)
Hauser, R. (Reducing the Cost of Security ...)
Kent, S.T. (Securing the Nimrod ...)
Le Charlier, B. (Continuous Assessment of a Unix ...)
Lodin, S. (Misplaced Trust: ...)
Lopez, L. (Hierarchical Organization ...)
Martin, D.M. (Blocking Java Applets ...)
Mounji, A. (Continuous Assessment of a Unix ...)
Murthy, S. (Securing Distance-Vector Routing ...)
O'Malley, S. (Experimental Results of Covert ...)
Ogurtsov, N. (Experimental Results of Covert ...)
Orman, H. (Experimental Results of Covert ...)
Przygienda, T. (Reducing the Cost of Security ...)
Rajagopalan, S. (Blocking Java Applets ...)
Rubin, A.D. (Blocking Java Applets ...)
Schimpf, B.C. (Securing Web Access ...)
Schroeppel, S. (Experimental Results of Covert ...)
Sirbu, M.A. (Distributed Authentication ...)
Sirois, K.E. (Securing the Nimrod ...)
Smith, B.R. (Securing Distance-Vector Routing ...)
Spafford, E. (Misplaced Trust: ...)
Spatscheck, O. (Experimental Results of Covert ...)
Tsudik, G. (Reducing the Cost of Security ...)
Young, A. (Trust Models in ICE-TEL)
This page was last modified 9-April-1997.
Steve Welke (welke@ida.org)
Return to the ISOC home page