Check out the new USENIX Web site.
11th USENIX Security Symposium, August 5-9, 2002, San Francisco Marriott, San Francisco, California, USA
SEC '02 Home  | Register/Hotel  | Tutorials  | Tech Sessions  | Activities/BoFs  | At a Glance
Register Now! Technical Sessions

WEDNESDAY, AUGUST 7, 2002   [Thursday, August 8]    [Friday, August 9]
8:45 am - 10:30 am     Salon 7

Opening Remarks, Awards, and Keynote

Keynote Address: Information Security in the 21st Century
Whitfield Diffie, Distinguished Engineer at Sun Microsystems

Although its origins may be ancient, the first component of information security, communication security, was so expanded by the First World War that we might reasonably count its birth from that event. The second component, computer security, appeared with shared, on-line computer use in the 1960s. Now, in the early 21st century, many of the problems that plagued information security in the 20th century have receded, while others have expanded or changed. We will assess the field inherited from the past century and look at its prospects for the future.

10:30 am - 11:00 am   Break

11:00 am - 12:30 pm

GENERAL TRACK
Salon 7

OS Security

Graphic of a penguin sitting in a glass containerAwarded Best Paper!
Security in Plan 9

Russ Cox, MIT LCS; Eric Grosse and Rob Pike, Bell Labs; Dave Presotto, Avaya Labs and Bell Labs; Sean Quinlan, Bell Labs

Linux Security Modules: General Security Support for the Linux Kernel
Chris Wright and Crispin Cowan, WireX Communications, Inc.; Stephen Smalley, NAI Labs; James Morris, Intercode Pty.; Greg Kroah-Hartman, IBM Linux Technology Center

Using CQUAL for Static Analysis of Authorization Hook Placement
Xiaolan Zhang, Antony Edwards, and Trent Jaeger, IBM T.J. Watson Research Center

INVITED TALKS
Salons 4-6

Wireless Access Point Mapping
Simon D. Byers, AT&T Labs—Research

This talk relates our experiences in 2.4 GHz wireless AP mapping, giving a broad sweep through various motivations, implementations, analyses, and applications. This includes practical description of software, hardware, antennae, and other devices that we have found useful to interact with and measure wireless devices. We employ a very hands-on philosophy in our work and the talk. Given the current explosion in wireless deployment, formal research in this area has come to be important. This talk will attempt to illustrate some of our directions.

12:30 pm - 2:00 pm   Lunch (on your own)

2:00 pm - 3:30 pm

GENERAL TRACK
Salon 7

Intrusion Detection/Protection

graphic of a man in a suit putting his fingers in a dike with lots of leaksUsing Text Categorization Techniques for Intrusion Detection
Yihua Liao and V. Rao Vemuri, University of California, Davis

Detecting Manipulated Remote Call Streams
Jonathon T. Giffin, Somesh Jha, Barton P. Miller, University of Wisconsin, Madison

Type-Assisted Dynamic Buffer Overflow Detection
Kyung-suk Lhee and Steve J. Chapin, Syracuse University

INVITED TALKS
Salons 4-6

Freedom to Tinker
Ed Felten, Princeton University

"Freedom to Tinker" is the freedom to understand, discuss, repair, and improve the technological devices you own. This freedom, which has been eroded by recent changes in market practices and the law, is the organizing principle behind an increasing political and legal awareness among technologists. In this talk, Professor Felten will outline the ideas behind the freedom to tinker movement, using examples drawn from the current battles over copy protection.

3:30 pm - 4:00 pm   Break

4:00 pm - 5:30 pm
Salon 7

GENERAL TRACK
Salon 7

Access Control

graphic of a police officer with his hand outstretched and signaling HALT! to several computer users holding certificatesA General and Flexible Access-Control System for the Web
Lujo Bauer, Michael A. Schneider, and Edward W. Felten, Princeton University

Access and Integrity Control in a Public-Access, High-Assurance Configuration Management System
Jonathan S. Shapiro and John Vanderburgh, Johns Hopkins University

INVITED TALKS
Salons 4-6

Biometric Authentication Technologies: Hype Meets the Test Results (PDF)
James L. Wayman, Director, Biometric Test Center, San Jose State University

Biometric authentication is automatic identification or identity verification based on behavioral and physiological characteristics. Its potential for securing financial transactions and controlling physical access has been recognized for over 40 years, but adoption has been considerably slower than predicted. One reason for this has been the unrealistic performance expectations placed on the technologies by both vendors and users. This talk will discuss biometric technologies and applications, performance metrics, and the results of the last 10 years of pilot projects and independent testing. We will explore what has worked, what hasn't, and why, with particular emphasis on the impact of biometrics on privacy.

THURSDAY, AUGUST 8, 2002
9:00 am - 10:30 am

GENERAL TRACK
Salon 7

Hacks/Attacks

graphic of a man in a fedora hat with hammer and chisel working on the exterior of a mainframe computer, as if making it more secureDeanonymizing Users of the SafeWeb Anonymizing Service
David Martin, Boston University; Andrew Schulman, Software Litigation Consultant

VeriSign CZAG: Privacy Leak in X.509 Certificates
Scott G. Renfro, Yahoo!, Inc.

How to Own the Internet in Your Spare Time
Stuart Staniford, Silicon Defense; Vern Paxson, ICSI Center for Internet Research; Nicholas Weaver, University of California, Berkeley

INVITED TALKS
Salons 4-6

Network Telescopes: Observing Small or Distant Security Events
David Moore, CAIDA, San Diego Supercomputer Center

A network telescope is a portion of routed IP address space on which little or no legitimate traffic exists. Monitoring unexpected traffic arriving at a network telescope yields a view of certain remote network events. Among the visible events are various forms of flooding DoS attacks, infection of hosts by Internet worms, and network scanning. In this presentation, we'll examine questions such as: How large should my network telescope be? How well can one go backwards from a local view to an estimate of the global phenomenon? How big (in packets sent) or long (in duration) must an event be to be seen? What can I see from my own backyard telescope?

10:30 am - 11:00 am   Break

11:00 am - 12:30 pm

GENERAL TRACK
Salon 7

Sandboxing

man looking at a child playing in a sandboxSetuid Demystified
Hao Chen and David Wagner, University of California, Berkeley; Drew Dean, SRI International

Secure Execution via Program Shepherding
Vladimir Kiriansky, Derek Bruening, Saman Amarasinghe, MIT

A Flexible Containment Mechanism for Executing Untrusted Code
David S. Peterson, Matt Bishop, and Raju Pandey, University of California, Davis

INVITED TALKS
Salons 4-6

Illusions of Security (PDF)
Paul Kocher, Cryptography Research, Inc.

For years, the standard yardstick for measuring cryptographic security has been key length. Unfortunately, real adversaries lack the propriety to limit themselves to tidy attacks such as brute force, factoring, and differential cryptanalysis. Worse, Moore's Law is driving vendors to build systems of exponentially increasing complexity without making security experts exponentially smarter to compensate. The resulting products have a minuscule chance of being extremely secure, and a large chance of being critically flawed. This talk will review basic engineering approaches that can improve assurance and will show how evaluators and attackers break overly complex, poorly tested designs.

12:30 pm - 2:00 pm   Lunch (on your own)

2:00 pm - 3:30 pm

GENERAL TRACK
Salon 7

Web Security

graphic of a man dressed up in superhero style clothing, symbolizing a molecule, while evil skulls symbolizing hackers look in the from the outsideSSLACC: A Clustered SSL Accelerator
Eric Rescorla, RTFM, Inc.; Adam Cain, Nokia, Inc.; Brian Korver, Xythos Software

Awarded Best Student Paper!
Infranet: Circumventing Web Censorship and Surveillance

Nick Feamster, Magdalena Balazinska, Greg Harfst, Hari Balakrishnan, and David Karger, MIT

Trusted Paths for Browsers
Zishuang (Eileen) Ye, Sean Smith, Dartmouth College

INVITED TALKS
Salons 4-6

Formal Methods and Computer Security
John C. Mitchell, Stanford University

Formal methods are variously considered to be arcane, tedious, and oblivious to practical concerns. However, such techniques as specification, type checking, proofs of correctness, and model checking, offer the power to analyze system properties under many or even infinitely many possible inputs and execution conditions without running an implemented system through all of the associated test cases. This talk will summarize some of the successful applications of formal methods for security problems such as protocol analysis, mobile code security, access control, and rights specifications.

3:30 pm - 4:00 pm   Break

4:00 pm - 5:30 pm

GENERAL TRACK
Salon 7

Generating Keys and Timestamps

graphic of man looking into the head of another manToward Speech-Generated Cryptographic Keys on Resource-Constrained Devices
Fabian Monrose, Bell Labs, Lucent Technologies; Michael Reiter, Carnegie Mellon University; Qi Li, Daniel P. Lopresti, and Chilin Shih, Bell Labs, Lucent Technologies

Secure History Preservation Through Timeline Entanglement
Petros Maniatis and Mary Baker, Computer Science Department, Stanford University

INVITED TALKS
Salons 4-6

"How Come We Still Don't Have IPSec, Dammit?"
John Ioannidis, AT&T Labs—Research

It has been over ten years since the IPSec effort was started at the IETF, and the question of why it is still not a universally deployed protocol has been haunting us for about half that time. I shall talk about what has gone wrong (as well as what has gone right) for IPSec, how SSL/TLS and SSH have affected the development and deployment of IPSec, why IPSec is still viewed as good only for VPNs, and other popular myths. I shall not point too many fingers (eight, plus two thumbs, will be enough); I will try to explore, however, what has to happen in the next couple of years in order to see the desired widespread deployment of the protocol.

FRIDAY, AUGUST 9, 2002
9:00 am - 10:30 am

GENERAL TRACK
Golden Gate A\B

Deploying Crypto

graphic of archaeologists looking at ancient scrollsLessons Learned in Implementing and Deploying Crypto Software
Peter Gutmann, University of Auckland

Side-Channel Attacks on Symmetric Encryption Schemes: The Case for Authenticated Encryption
John Black and Hector Urtubia, University of Nevada, Reno

Making Mix Nets Robust for Electronic Voting by Randomized Partial Checking
Markus Jakobsson and Ari Juels, RSA Laboratories; Ronald L. Rivest, MIT

INVITED TALKS
Nob Hill A-D

Implications of the DMCA Anti-Circumvention for Security, Research, and Innovation
Pam Samuelson, University of California at Berkeley

The Digital Millennium Copyright Act of 1998 makes it illegal to circumvent access controls and to make or distribute circumvention technologies. It contains exceptions to enable legitimate computer security research, computer security testing, and interoperability among programs. This talk will look closely at the exceptions and at the DMCA caselaw to determine whether they adequately balance the interests of copyright owners and of follow-on innovators and researchers. It will also consider whether the U.S. Constitution may limit the application of the DMCA to some research- and innovation-related activities.

10:30 am - 11:00 am   Break

11:00 am - 12:30 pm

Work-in-Progress Reports (WiPs)
Golden Gate A\B

Short, pithy, and fun, Work-in-Progress Reports introduce interesting new or ongoing work, and the USENIX audience provides valuable discussion and feedback.

If you have work you would like to share or a cool idea that's not quite ready for publication, send a one- or two-paragraph summary to sec02wips@usenix.org. We are particularly interested in presenting students' work. A schedule of presentations will be posted at the conference, and the speakers will be notified in advance. Work-in-Progress reports are five-minute presentations; the time limit will be strictly enforced.

Here is the latest List of Presentations.


?Need help? Use our Contacts page.
Last changed: 9 Sept. 2003 aw
Events calendar
USENIX home