Check out the new USENIX Web site.
12th 
USENIX Security Symposium, August 4-8, 2003, Washington, DC, USA
USENIX '03 Home  | USENIX Home  | Events  | Publications  | Membership
Register Now!     TECHNICAL SESSIONS

WEDNESDAY, AUGUST 6    [Thursday, August 7]   [Friday, August 8]

9:00 am - 10:30 am

Opening Remarks, Awards, and Keynote

Keynote Address: Reflections on a Decade of Pseudonymity
Black Unicorn (a.k.a. A.S.L. von Bernhardi)

What is identity? What is reputation? What is trust? Are these concepts as self-explanatory as they generally appear? This talk will examine the shortcomings of several identity and reputation systems and explore their importance from the perspective of the practitioner designing critical systems and security architectures. We will also direct an eye to evolving social, legal, and technical expectations and how they impact our perceptions of these concepts.

photo of Black Unicorn Black Unicorn has served as a "Big 5" consultant, an entrepreneur, an intelligence professional, a banker, a lobbyist, and a sometime cypherpunk. A survey of his recent work includes modeling narcotics smuggling and money laundering dynamics, a study of concepts of money throughout history, and research into the behavioral economics of black markets. He is currently at work developing political risk-hedging methodologies for foreign exchange markets. 2003 marks the 10-year anniversary of the pseudonym "Black Unicorn."

10:30 am - 11:00 am   Break

11:00 am - 12:30 pm

REFEREED PAPERS

ATTACKS
Session Chair: John McHugh, CERT

Awarded Best Paper!
Remote Timing Attacks Are Practical

David Brumley and Dan Boneh, Stanford University

802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions
John Bellardo and Stefan Savage, University of California, San Diego

Denial of Service via Algorithmic Complexity Attacks
Scott A. Crosby and Dan S. Wallach, Rice University

INVITED TALKS

DISTRIBUTING SECURITY: DEFENDING WEB SITES WITH 13,000 SERVERS
Speaker: Andy Ellis, Akamai

Early models of Web site defense focused on the challenges of appropriately hardening a small cluster of machines and a simple network infrastructure against attack. With 13,000 distributed servers, a different set of challenges need to be overcome, from robust system management and monitoring to providing protection to backend servers.

ASK THE EXPERTS

IDS AND LOGGING
Tina Bird, Stanford University

Tina Bird, as a Computer Security Officer for Stanford University, works on the design and implementation of security infrastructure; providing security alerts for the 40,000-host network; healthcare information security; and extending Stanford's logging infrastructure. Tina moderates the Log Analysis and VPN mailing lists; with Marcus Ranum, she runs www.loganalysis.org. Tina has a B.S. in physics from the University of Notre Dame and a master's degree and Ph.D. in astrophysics from the University of Minnesota.

12:30 pm - 2:00 pm   Lunch (on your own)

2:00 pm - 3:30 pm

REFEREED PAPERS

COPING WITH THE REAL WORLD
Session Chair: Crispin Cowan, Immunix Inc.

Plug-and-Play PKI: A PKI Your Mother Can Use
Peter Gutmann, Auckland University

Analyzing Integrity Protection in the SELinux Example Policy
Trent Jaeger, Reiner Sailer, and Xiaolan Zhang, IBM T.J. Watson Research Center

Security Holes . . . Who Cares?
Eric Rescorla, RTFM, Inc.

INVITED TALKS

PROTECTING THE INTERNET INFRASTRUCTURE
Speaker: John Ioannidis, AT&T Labs--Research

All Internet services depend on two infrastructure components: the Domain Name System and the routing system. Neither has evolved with much security in mind. Both have depended instead on the friendly cooperation of the people who "run the network." These two essential components are increasingly the target of attacks. Even worse, they are frequently subject to misconfigurations (routing more so than DNS), and also heavily affected by distributed denial of service attacks. This talk gives an overview of the DNS and Internet routing, discusses their security vulnerabilities, and explores where we are and where we should be going to improve the situation.

ASK THE EXPERTS

CRYPTOGRAPHY
Matt Blaze, AT&T Labs—Research

Matt Blaze's research focuses on the architecture and design of secure systems based on cryptographic techniques, analysis of secure systems against practical attack models, and on finding new cryptographic primitives and techniques. This work has led directly to several new cryptographic concepts, including "Remotely-Keyed Encryption", "Atomic Proxy Cryptography", and "Master-Key Encryption." He co-invented the notion of Trust Management and his work has led to two trust management languages, KeyNote and PolicyMaker.

3:30 pm - 4:00 pm   Break

4:00 pm - 5:30 pm

REFEREED PAPERS

PANEL: ELECTRONIC VOTING
Moderator: Dan Wallach, Rice University
Panelists: David Elliot, Washington State, Office of the Secretary of State; David Dill, Stanford University; Douglas Jones, University of Iowa; Sanford Morganstein, Populex; Jim Adler, VoteHere; Brian O'Connor, Sequoia; Avi Rubin, Johns Hopkins University & Technical Director of the Hopkins Information Security Institute

The U.S. national elections in 2000 demonstrated numerous problems with punch-card voting systems. Many states are replacing such systems with new, computerized ones. Most of these record and tally the votes completely in software, which raises concerns if the software is either simply buggy or has been subjected to malicious tampering. Hundreds of computer scientists signed a petition demanding that these machines have a "voter-verifiable audit trail." Academic experts, government election specialists, and voting system manufacturers will discuss security requirements and mechanisms for managing our elections.

INVITED TALKS

INTERNET SECURITY: AN OPTIMIST GROPES FOR HOPE
Speaker: Bill Cheswick, Lumeta

By all accounts the Internet has grown more dangerous since its inception. Most of the expected attacks have appeared and become commonplace. Increasingly sophisticated malware has learned to hide in the deep bushes of verdant, wild software. Users can't keep up with these dangers, and it is hard enough for the professionals. Yet there are indications that things can get better. Many important Web sites get security right enough to support large business models. Those who run our most secure networks report that they repeatedly pass the pop quizzes of the attack du jour. We can use crypto when we want to, and many do. We can do better, and many of us are starting to.

ASK THE EXPERTS

FIREWALLS AND INTERNET SECURITY
Steve Bellovin, AT&T Labs—Research, IETF Security Area Director

Steve Bellovin is an AT&T Fellow in the Network Services Research Lab at AT&T Labs Research in Florham Park, New Jersey. He is the co-author of Firewalls and Internet Security: Repelling the Wily Hacker and holds several patents on cryptographic and network protocols. He served on a National Research Council study committee on information systems trustworthiness, is a member of the Internet Architecture Board, and is currently focusing on how to design systems that are inherently more secure. He also works on public policy questions relating to cryptography, Internet security, and the Internet in general.

THURSDAY, AUGUST 7, 2003   [Wednesday, August 6]    [Friday, August 8]
9:00 am - 10:30 am

REFEREED PAPERS

HARDENING I
Session Chair: David Wagner, University of California, Berkeley

PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities
Crispin Cowan, Steve Beattie, John Johansen, and Perry Wagle, Immunix, Inc.

Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits
Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar, Stony Brook University

High Coverage Detection of Input-Related Security Faults
Eric Larson and Todd Austin, University of Michigan

INVITED TALKS

WHEN POLICIES COLLIDE: WILL THE COPYRIGHT WARS ROLL BACK THE COMPUTER REVOLUTION?
Speaker: Mike Godwin, Public Knowledge

The last two years have seen an unprecedented effort by content companies--notably the movie studios--to press for legislative or regulatory requirements that could have closed down the open-platform, general- purpose computer as such. Where are these efforts going? What do they signify? What should we do about it?

ASK THE EXPERTS

PKI MODELS, DISTRIBUTED NESTED GROUPS, AND REVOCATION
Radia Perlman, Sun Microsystems

Radia Perlman is a Distinguished Engineer at Sun Microsystems. She is known for her contributions to bridging (spanning tree algorithm) and routing (link state routing), as well as security (sabotage- proof networks). She is the author of Interconnections: Bridges, Routers, Switches, and Internetworking Protocols, and co-author of Network Security: Private Communication in a Public World, two of the top 10 networking reference books, according to Network Magazine. She is one of the 25 people whose work has most influenced the networking industry, according to Data Communications Magazine. She holds about 50 issued patents, an S.B. and S.M in mathematics and a Ph.D. in computer science from MIT and an honorary doctorate from KTH, the Royal Institute of Technology in Sweden.

10:30 am - 11:00 am   Break

11:00 am - 12:30 pm

REFEREED PAPERS

DETECTION
Session Chair: Dawn Song, Carnegie Mellon University

Storage-based Intrusion Detection: Watching Storage Activity for Suspicious Behavior
Adam G. Pennington, John D. Strunk, John Linwood Griffin, Craig A.N. Soules, Garth R. Goodson, and Gregory R. Ganger, Carnegie Mellon University

Detecting Malicious Java Code Using Virtual Machine Auditing
Sunil Soman, Chandra Krintz, and Giovanni Vigna, University of California, Santa Barbara

Static Analysis of Executables to Detect Malicious Patterns
Mihai Christodorescu and Somesh Jha, University of Wisconsin, Madison

INVITED TALKS

PHYSICAL SECURITY: THE GOOD, THE BAD, AND THE UGLY
Speaker: Mark Seiden, MSB Associates

Physical security is an oft-overlooked but critical prerequisite for good information security. A bad guy with a console root login can obviously adversely affect behavior in basic or profound ways, but you may not know how trust can be completely breached by brief and seemingly limited physical exposure using spiffy/inexpensive tools available on Ebay. Another dirty little secret: When critically examined, physical security policies/mechanisms perhaps have *always* oozed snake oil, including back doors relying on "security through obscurity" and ignoring environmental context--the need to function in a system. Outsourcing/colocation often presents only the perception (seldom the actuality) of security. A badging system implementation turns out to be >200K LOC, rather than simply "wave badge at the reader and maybe let 'em in," and is as buggy as any large program.

ASK THE EXPERTS

APPLICATION-LEVEL SECURITY PROTOCOLS: PGP, S/MIME, SSL, AND SSH
Peter Gutmann, University of Auckland, New Zealand

Peter Gutmann arrived on earth some eons ago when his physical essence filtered down from the stars, and he took human(?) form. Once computers were invented he became involved in security research in the hope that enough insider knowledge would, at the right time, allow him to bypass electronic security measures on the first translight spacecraft and allow him to return to the stars. This is probably still some time away. Until then he spends his time as a researcher at the University of Auckland, poking holes in security systems and mechanisms (purely for practice), and throwing rocks at PKIs.

12:30 pm - 2:00 pm   Lunch (on your own)

2:00 pm - 3:30 pm

REFEREED PAPERS

APPLIED CRYPTO
Session Chair: Patrick McDaniel, AT&T Labs--Research

SSL Splitting: Securely Serving Data from Untrusted Caches
Chris Lesniewski-Laas and M. Frans Kaashoek, Massachusetts Institute of Technology

A New Two-Server Approach for Authentication with Short Secrets
John Brainard, Ari Juels, Burt Kaliski, and Michael Szydlo, RSA Laboratories

Domain-Based Administration of Identity-Based Cryptosystems for Secure Email and IPSEC
D. K. Smetters and Glenn Durfee, Palo Alto Research Center

INVITED TALKS

THE INTERNET AS THE ULTIMATE SURVEILLANCE NETWORK
Speaker: Richard M. Smith

This session will look at the economic, technological, and political forces which are changing the Internet into a worldwide surveillance network. As more intelligent devices are connected to the Internet, the Internet will become less of an information publisher and more of an information collector. Technologies which are pushing along this transformation include ubiquitous wireless IP networking, RFID tags, low-cost digital sensors, and XML. This session will look at trends in technology to help understand how this surveillance network will be used, who will control it, how it will be secured, and its potential impact on personal privacy.

ASK THE EXPERTS

NETWORK MAPPING
Bill Cheswick, Lumeta

Bill Cheswick has worked on (and against) operating system security for over 30 years. While at Bell Laboratories as a member of the Technical Staff, he did early work on firewall design and implementation, including the first circuit-level gateway, for which he coined the term "proxy". Ches also worked on PC viruses, mailers, Internet munitions, and the Plan 9 operating system. He co-authored the first full book on firewalls, and has since toured the world giving media interviews and entertaining post-lunch security talks. Cliff Stoll, who is given to overstatement, has called Ches "one of the seven avatars of the Internet."

In 1998, Ches started the Internet Mapping Project with Hal Burch. This work became the core technology of a Bell Labs spin-off, Lumeta Corporation, which explores the extent of corporate and government intranets and checks for host leaks that violate perimeter policies.

3:30 pm - 4:00 pm   Break

4:00 pm - 6:00 pm

PANEL: REVISITING TRUSTED COMPUTING

Moderator: David Farber, University of Pennsylvania
Panelists: Lucky Green; Leendert van Doorn, IBM; Bill Arbaugh, University of Maryland; Peter Biddle, Microsoft

Suddenly, cybersecurity is on the lips of senior government officials, high-level corporate executives, and even casual computer users who hadn't a clue what it was six months ago. Secure systems proposals, most notably the Trusted Computer Platform Alliance (TCPA), can generate considerable controversy. The hazy debate forming about this area ends up sounding like a choice between no secure computer systems and potential damage to our established copyright mechanisms and freedom of speech. Professor Farber will moderate an examination of this complex set of issues and the question of how to find an acceptable path forward.

ASK THE EXPERTS

HONEYD, HONEYPOTS
Niels Provos University of Michigan

Niels Provos is an experimental computer scientist conducting research in steganography and in computer and network security. He is a Ph.D. candidate at the University of Michigan, a member of the Honeynet project and an active contributor to open source projects.

FRIDAY, AUGUST 8, 2003   [Wednesday, August 6]    [Thursday, August 7]
9:00 am - 10:30 am

REFEREED PAPERS

HARDENING II
Session Chair: Steve Bellovin, AT&T Labs--Research

Preventing Privilege Escalation
Niels Provos, CITI, University of Michigan; Markus Friedl, GeNUA mbH; Peter Honeyman, CITI, University of Michigan

Dynamic Detection and Prevention of Race Conditions in File Accesses
Eugene Tsyrklevich and Bennet Yee, University of California, San Diego

Improving Host Security with System Call Policies
Niels Provos, CITI, University of Michigan

INVITED TALKS

THE INTERNET IS TOO SECURE ALREADY
Speaker: Eric Rescorla, RTFM, Inc.

The cryptographers and COMSEC engineers have given us an incredible number of fundamental security primitives. We now have good versions of essentially all the tools we know how to build at all. These tools are so good that attacks which are either impractical or entirely theoretical are nevertheless considered major successes. At the same time, the vast majority of traffic on the Internet is completely unprotected. These two phenomena are not unrelated. The flip side of the praise given for finding relatively small vulnerabilities is the massive amount of effort that developers feel they have to expend on fixing (and preventing) even quite small vulnerabilities. The inevitable result is that designers spend much more time enhancing security protocols than figuring out how to deploy them in real applications.

10:30 am - 11:00 am   Break

11:00 am - 12:30 pm

REFEREED PAPERS

THE ROAD LESS TRAVELED
Session Chair: Dan Boneh, Stanford University

Scrash: A System for Generating Secure Crash Information
Pete Broadwell, Matt Harren, and Naveen Sastry, University of California, Berkeley

Implementing and Testing a Virus Throttle
Jamie Twycross and Matthew M. Williamson, Hewlett-Packard Labs, Bristol

Awarded Best Student Paper!
Establishing the Genuinity of Remote Computer Systems

Rick Kennell and Leah H. Jamieson, Purdue University

INVITED TALKS

THE CASE FOR ASSURANCE IN SECURITY PRODUCTS
Speaker: Brian Snow, National Security Agency

Security products need to work as intended, especially in the presence of malice. This requires considerable effort during all phases of the life cycle, from design, through evaluation and field use, to the eventual retirement of the product. The mechanisms that assure the customer of robust performance differ from one part of the life cycle to the next. They include technical enhancements, human processes, and legal constraints, among others. The talk offers views from three perspectives: research, security service and product provisioning, and education and training.

12:30 pm - 2:00 pm   Lunch (on your own)

2:00 pm - 3:30 pm

WORK-IN-PROGRESS REPORTS
Chair: Kevin Fu, MIT

Short, pithy, and fun, Work-in-Progress Reports introduce interesting new or ongoing work, and the USENIX audience provides valuable discussion and feedback. If you have work you would like to share or a cool idea that's not quite ready for publication, send a one- or two-paragraph summary to sec03wips@usenix.org. We are particularly interested in presenting students' work. A schedule of presentations will be posted at the conference, and the speakers will be notified in advance. Work-in-Progress reports are five-minute presentations; the time limit will be strictly enforced.

?Need help? Use our Contacts page.

Last changed: 19 Aug. 2003 aw