The Community for Technology Leaders
CSDL Home A ACSAC 2002
Computer Security Applications Conference, Annual (2002)
San Diego California
Dec. 9, 2002 to Dec. 13, 2002
ISSN: 1063-9527
ISBN: 0-7695-1828-1
TABLE OF CONTENTS

Multics security evaluation: vulnerability analysis (PDF)

P.A. Karger , HQ Electron. Syst. Div., Hanscom AFB, MA, USA
R.R. Schell , HQ Electron. Syst. Div., Hanscom AFB, MA, USA
pp. 127-146

Speaker Biographies (PDF)

pp. xx

Message from the Conference Chair (PDF)

pp. xii

Conference Committee (PDF)

pp. xiii

Program Committee (PDF)

pp. xvi

Tutorial Committee (PDF)

pp. xvii

Reviewers (PDF)

pp. xviii
Distinguished Practitioner

The Common Sense of System Design (PDF)

pp. null
Track A: Network Security I - Chair: C. Schuba, Sun Microsystems, Inc., Germany

GOSSIB vs. IP Traceback Rumors (Abstract)

Marcel Waldvogel , IBM Research
pp. 5

Composable Tools For Network Discovery and Security Analysis (Abstract)

Giovanni Vigna , University of California Santa Barbara
Fredrik Valeur , University of California Santa Barbara
Jingyu Zhou , University of California Santa Barbara
Richard A. Kemmerer , University of California Santa Barbara
pp. 14

Representing TCP/IP Connectivity For Topological Analysis of Network Security (Abstract)

Ronald Ritchey , George Mason University
Brian O?Berry , George Mason University
Steven Noel , George Mason University
pp. 25
Track B: Electronic Commerce - Chair: A. Friedman, National Security Agency, USA

Regulating E-Commerce through Certified Contracts (Abstract)

Victoria Ungureanu , Rutgers University
pp. 35

With Gaming Technology towards Secure User Interfaces (Abstract)

Hanno Langweg , University of Bonn
pp. 44

Protecting Web Usage of Credit Cards Using One-Time Pad Cookie Encryption (Abstract)

Donghua Xu , Georgia Institute of Technology
Chenghuai Lu , Georgia Institute of Technology
Andre Dos Santos , Georgia Institute of Technology
pp. 51
Track A: Mobile Security - Chair: M. Abrams, The MITRE Corporation, USA

Throttling Viruses: Restricting propagation to defeat malicious mobile code (Abstract)

Matthew M. Williamson , HP Labs Bristol
pp. 61

Enforcing Resource Bound Safety for Mobile SNMP Agents (Abstract)

Weijiang Yu , University of Texas at Austin
Aloysius K. Mok , University of Texas at Austin
pp. 69

Security of Internet Location Management (Abstract)

Tuomas Aura , Microsoft Research
Michael Roe , Microsoft Research
Jari Arkko , Ericsson Research NomadicLab
pp. 78
Track B: Forum - Chair: D. Johnson, The MITRE Corporation, USA

Wireless Security: Vulnerabilities and Countermeasures (PDF)

Dale M. Johnson , The MITRE Corporation
pp. 91
Track A: Classic Papers - Chair: D. Thomsen, Secure Computing Corporation, USA

LOCK : An Historical Perspective (Abstract)

O. Sami Saydjari , Cyber Defense Agency
pp. 96

A Practical Approach to Identifying Storage and Timing Channels: Twenty Years Later (Abstract)

Richard A. Kemmerer , University of California Santa Barbara
pp. 109

Thirty Years Later: Lessons from the Multics Security Evaluation (Abstract)

Paul A. Karger , IBM Corp., T. J. Watson Research Center
Roger R. Schell , Aesec Corporation
pp. 119
Track B: Security Architecture - Chair: J. Heaney, The MITRE Corporation, USA

Controlled Physical Random Functions (Abstract)

Blaise Gassend , Massachusetts Institute of Technology
Dwaine Clarke , Massachusetts Institute of Technology
Marten van Dijk , Massachusetts Institute of Technology
Srinivas Devadas , Massachusetts Institute of Technology
pp. 149

A Security Architecture for Object-Based Distributed Systems (Abstract)

Bogdan C. Popescu , Vrije Universiteit
Maarten van Steen , Vrije Universiteit
Andrew S. Tanenbaum , Vrije Universiteit
pp. 161

A Secure Directory Service based on Exclusive Encryption (Abstract)

John R. Douceur , Microsoft Research
Atul Adya , Microsoft Research
Josh Benaloh , Microsoft Research
William J. Bolosky , Microsoft Research
Gideon Yuval , Microsoft Research
pp. 172
Invited Essayist Plenary

Penetration Testing: A Duet (Abstract)

Daniel Geer , @Stake
John Harthorne , @Stake
pp. 185
Track A: Protection against Malicious Software - Chair: J. McHugh, Carnegie Mellon University, USA

Protecting Data from Malicious Software (Abstract)

Matthew Schmid , Cigital, Inc.
Frank Hill , Cigital, Inc.
Anup K. Ghosh , DARPA
pp. 199

Safe Virtual Execution Using Software Dynamic Translation (Abstract)

Kevin Scott , University of Virginia
Jack Davidson , University of Virginia
pp. 209

Digging For Worms, Fishing For Answers (Abstract)

F. Buchholz , Purdue University
T. Daniels , Purdue University
J. Early , Purdue University
R. Gopalakrishna , Purdue University
R. Gorman , Purdue University
B. Kuperman , Purdue University
S. Nystrom , Purdue University
A. Schroll , Purdue University
A. Smith , Purdue University
pp. 219
Track B: Access Control - Chair: R. Sandhu, SingleSignOn.Net, Inc. and George Mason University, USA

A Framework for Organisational Control Principles (Abstract)

Andreas Schaad , University of York
Jonathan D. Moffett , University of York
pp. 229

Reusable Components for Developing Security-Aware Applications (Abstract)

Stefan Probst , Software Competence Center Hagenberg
Wolfgang Essmayr , Software Competence Center Hagenberg
Edgar Weippl , Software Competence Center Hagenberg
pp. 239

A Context-Aware Security Architecture for Emerging Applications (Abstract)

Michael J. Covington , Georgia Institute of Technology
Prahlad Fogla , Georgia Institute of Technology
Zhiyuan Zhan , Georgia Institute of Technology
Mustaque Ahamad , Georgia Institute of Technology
pp. 249
Track A: Network Security II - Chair: G. Caronni, Sun Microsystems Laboratories, USA

Voice over IPsec: Analysis and Solutions (Abstract)

Roberto Barbieri , Universit? degli Studi di Milano
Danilo Bruschi , Universit? degli Studi di Milano
Emilia Rosti , Universit? degli Studi di Milano
pp. 261

Networking in The Solar Trust Model: Determining Optimal Trust Paths in a Decentralized Trust Network (Abstract)

Michael Clifford , The Aerospace Corporation
pp. 271

Gender-Preferential Text Mining of E-mail Discourse (Abstract)

Malcolm Corney , Queensland University of Technology
Olivier de Vel , Defence Science and Technology Organisation
Alison Anderson , Queensland University of Technology
George Mohay , Queensland University of Technology
pp. 282
Track B: Forum - Chair: J. Heaney, The MITRE Corporation, USA

Enterprise Engineering And Security: Enterprise Frameworks and Architectures, and IA Patterns (PDF)

pp. 293
Track A: Forum - Chair: C. Serban, AT&T Labs and O.S. Saydjari, SRI Computer Science Laboratory

Themes and Highlights of the New Security Paradigms Workshop 2002 (PDF)

Cristina Serban , AT&T Labs
O. Sami Saydjari , SRI Computer Science Laboratory
pp. 297
Track B: Intrusion Detection - Chair: S. Weinberg, Mitretek Systems, USA

Evaluating the Impact of Automated Intrusion Response Mechanisms (Abstract)

Thomas Toth , Technical University Vienna
Christopher Kruegel , Technical University Vienna
pp. 301

Architectures for Intrusion Tolerant Database Systems (Abstract)

Peng Liu , Pennsylvania State University
pp. 311

Detecting and Defending against Web-Server Fingerprinting (Abstract)

Dustin Lee , University of California, Davis
Jeff Rowe , University of California, Davis
Calvin Ko , Network Associates, Inc.
Karl Levitt , University of California, Davis
pp. 321
Track A: Role-Based Access Control - Chair: J. Kahn, The MITRE Corporation, USA

Advanced Features for Enterprise-Wide Role-Based Access Control (Abstract)

Axel Kern , Systor Security Solutions GmbH
pp. 333

Access Control for Active Spaces (Abstract)

Geetanjali Sampemane , University of Illinois at Urbana-Champaign
Prasad Naldurg , University of Illinois at Urbana-Champaign
Roy H. Campbell , University of Illinois at Urbana-Champaign
pp. 343

A Model for Attribute-Based User-Role Assignment (Abstract)

Mohammad A. Al-Kahtani , George Mason University
Ravi Sandhu , SingleSignOn.net, Inc. and George Mason University
pp. 353
Track B: Forum - Chair: K. Levitt, University of California, Davis, USA

Intrusion Detection: Current Capabilities and Future Directions (Abstract)

Karl Levitt , University of California, Davis
pp. 365
Track A: Experience Reports - Chair: K. Eggers, CygnaCom Solutions - an Entrust company, USA

Did You Ever Have To Make Up Your Mind? What Notes Users Do When Faced With A Security Decision (Abstract)

Mary Ellen Zurko , IBM Software Group
Charlie Kaufman , IBM Software Group
Katherine Spanbauer , IBM Software Group
Chuck Bassett , IBM Software Group
pp. 371

A Financial Institution?s Legacy Mainframe Access Control System in Light of the Proposed NIST RBAC Standard (Abstract)

Andrew D. Marshall , TD Bank Financial Group
pp. 382

Security Architecture of the Austrian Citizen Card Concept (Abstract)

Herbert Leitold , Austria A-SIT
Arno Hollosi , Federal CIO Office
Reinhard Posch , Federal CIO Office
pp. 391
Track B: Detection - Chair: J. Epstein, webMethods, Inc., USA

Malicious Code Detection for Open Firmware (Abstract)

Frank Adelstein , ATC- NY
Matt Stillerman , ATC- NY
Dexter Kozen , Cornell University
pp. 403

Beyond the Perimeter: the Need for Early Detection of Denial of Service Attacks (Abstract)

John Haggerty , Liverpool John Moores University
Qi Shi , Liverpool John Moores University
Madjid Merabti , Liverpool John Moores University
pp. 413

A Toolkit for Detecting and Analyzing Malicious Software (Abstract)

Michael Weber , Cigital, Inc.
Matthew Schmid , Cigital, Inc.
Michael Schatz , Cigital, Inc.
David Geyer , George Mason University
pp. 423
91 ms
(Ver 3.3 (11022016))