Check out the new USENIX Web site.
USENIX Security Symposium, August 9-13, 2004, San Diego, CA, USA
USENIX '03 Home  | USENIX Home  | Events  | Publications  | Membership



Wednesday, August 11 | Thursday, August 12 | Friday, August 13

9:00 a.m.–10:30 a.m. Wednesday
Opening Remarks, Awards, and Keynote
Session Chair: Matt Blaze, University of Pennsylvania

Keynote Address: Back to the Future
William "Earl" Boebert, Sandia National Laboratory

The speaker will review his 30-year association with research into "predictable systems," that is, those that can be reasoned about a priori. Predictablity is the common thread running through security, safety, or reliability. He will cover those approaches that still appear to hold promise, and those which should not be attempted again under any circumstances.

10:30 a.m.–11:00 a.m.   Break
11:00 a.m.–12:30 p.m. Wednesday

Attack Containment
Session Chair: Angelos Keromytis, Columbia University

A Virtual Honeypot Framework
Niels Provos, Google, Inc.

Collapsar: A VM-Based Architecture for Network Attack Detention Center
Xuxian Jiang and Dongyan Xu, Purdue University

Very Fast Containment of Scanning Worms
Nicholas Weaver, International Computer Science Institute; Stuart Staniford, Nevis Networks; Vern Paxson, International Computer Science Institute and Lawrence Berkeley National Laboratory


RFID: Security and Privacy for Five-Cent Computers
Ari Juels, Principal Research Scientist, RSA Laboratories

RFID tags are microchip-enhanced, next-generation barcodes capable of transmitting a small amount of information over short distances. Poised to play an important role in the commercial world and increasingly to enter the hands of consumers, RFID devices bring a host of potential security and privacy problems in their wake. With a cost target of just several cents apiece, basic RFID tags possess only barebones computing resources. This talk will describe some approaches to security for this especially frugal computing environment.

12:30 p.m.–2:00 p.m.   Lunch (on your own)
2:00 p.m.–3:30 p.m. Wednesday

Panel: Capture the Flag
Moderator: Tina Bird, Stanford University
Panelists: Major Ronald Dodge, United States Military Academy; Marc Dougherty, Northeastern University; Chris Eagle, Naval Postgraduate School; Riley Eller, Special Projects Manager, CoCo Communications Corp.

Capture the Flag competitions are a popular mechanism for training new security professionals, for testing security software, and for giving old hands an opportunity to keep their skills honed. But they're surprisingly difficult to orchestrate. In this panel, we'll hear about Capture the Flag competitions from the organizational point of view, in both academic and "real world" environments, and discuss the use of Capture the Flag in training security personnel.


Fighting Computer Virus Attacks
Peter Szor, Chief Researcher, Symantec Corporation

Download Presentation Slides (zipped Powerpoint document, 7.1 MB)

Every month, critical vulnerabilities are reported on a wide variety of operating systems and applications. Computer virus attacks are quickly becoming the number one security problem which ranges between large scale social engineering attacks and exploiting critical vulnerabilities. Sophisticated attacks use polymorphism and even metamorphism mixed with cryptographically strong algorithms and self-updating which makes analysis and defense increasingly difficult.

This presentation will discuss the state of the art in computer viruses and computer virus defense. I will present some promising host-based prevention techniques that can stop entire classes of fast-spreading worms such W32/Sobig@mm and W32/Mydoom@mm as well as worms using buffer overflow attacks, such as Win32/CodeRed, Linux/Slapper, Win32/Slammer and Win32/Blaster. In-depth worm and exploit analysis are also discussed.

It is becoming increasingly important to find ways to bridge the gap between computer virus research and general security research. The primary goal of this presentation is to encourage the fight against computer viruses within the security community.

3:30 p.m.–4:00 p.m.   Break
4:00 p.m.–5:30 p.m. Wednesday

Protecting Software I
Session Chair: Sotiris Ioannidis, University of Pennsylvania

TIED, LibsafePlus: Tools for Runtime Buffer Overflow Protection
Kumar Avijit, Prateek Gupta, and Deepak Gupta, IIT Kanpur

Privtrans: Automatically Partitioning Programs for Privilege Separation
David Brumley and Dawn Song, Carnegie Mellon University

Avfs: An On-Access Anti-Virus File System
Yevgeniy Miretskiy, Abhijith Das, Charles P. Wright, and Erez Zadok, Stony Brook University


I Voted? How the Law Increasingly Restricts Independent Security Research
Cindy Cohn, Legal Director, Electronic Frontier Foundation

MP3 IconListen in MP3 format

Are our elections secure? Can we trust our insurance companies' websites to secure our medical information? Can I get a free download from an online music store? These questions are increasingly being asked as more of our fundamental activities and commerce move online or to digital technologies. Computer security experts, both professional and amateur, recognize that the best way to make our vital systems secure, and keep them that way, is through an ongoing, scientific cycle of widespread testing, review, attacks, publication and continued system development. Yet the law has increasingly created barriers to this process. The Computer Fraud and Abuse Act, the Digital Millennium Copyright Act, trade secret law and copyright law, for instance, have all created barriers to independent computer security research into some of the most important systems used by the public today. Ms. Cohn will discuss the legal issues facing independent security researchers, using the struggle to test electronic voting machines among other examples.

Wednesday, August 11 | Thursday, August 12 | Friday, August 13

9:00 a.m.–10:30 a.m. Thursday

Protecting Software II
Session Chair: Adrian Perrig, Carnegie Mellon University

Side Effects Are Not Sufficient to Authenticate Software
Umesh Shankar, Monica Chew, and J.D. Tygar, UC Berkeley

On Gray-Box Program Tracking for Anomaly Detection
Debin Gao, Michael K. Reiter, and Dawn Song, Carnegie Mellon University

Finding User/Kernel Pointer Bugs with Type Inference
Rob Johnson and David Wagner, UC Berkeley


Metrics, Economics, and Shared Risk at the National Scale (PDF)
Dan Geer, Verdasys, Inc.

MP3 IconListen in MP3 format

The more electronically interdependent we are the more risk we share. Daily we have to choose between default deny (safety) and default permit (freedom). If we prefer rational decision making, we will prefer that numbers—and, reflecting our sharing of risk, the Law of Large Numbers—drive our policy decisions at the national level. These numbers do not come from thin air or, if they do, they will merely contribute to the rising fraction of security practitioners who are charlatans. This talk is more challenge than prescription, thus to reflect the state of the art.

10:30 a.m.–11:00 a.m.   Break
11:00 a.m.–12:30 p.m. Thursday

The Human Interface
Session Chair: Greg Rose, Qualcomm

Graphical Dictionaries and the Memorable Space of Graphical Passwords
Julie Thorpe and Paul van Oorschot, Carleton University

On User Choice in Graphical Password Schemes
Darren Davis and Fabian Monrose, Johns Hopkins University; Michael K. Reiter, Carneige Mellon University

Design of the EROS Trusted Window System
Jonathan S. Shapiro, John Vanderburgh, and Eric Northup, Johns Hopkins University; David Chizmadia, Promia Inc.


Exploiting Software (PDF)
Gary McGraw, Cigital

Software vulnerability and software exploits are the root causes of a majority of computer security problems. But how does software break? How do attackers make software break on purpose? What tools can be used to break software? This talk is about making software beg for mercy. You will learn:

  • Why software exploits will continue to be a serious problem
  • When network security mechanisms fail
  • How attack patterns can be used to build better software
  • Why reverse engineering is an essential skill
  • Why rootkits are the apex of software exploits and how they work
  • Why the only answer is building better software
Some may argue that discussing software exploits in public is a bad idea. In fact, it's impossible to protect yourself if you don't know what you're up against. Come find out for yourself.
12:30 p.m.–2:00 p.m.   Lunch (on your own)
2:00 p.m.–3:30 p.m. Thursday

Panel: Patch Management
Moderator: Patrick McDaniel, AT&T Research
Panelists: Crispin Cowan, Immunix; Bob Cowles, Stanford Linear Accelerator; Eric Schultz

Much of the damage caused by contemporary viruses and worms is preventable. Administrators can minimize the effects of malicious code if they apply available software patches. Given the obvious payoff of applying patches in current operating systems, why are so many systems still vulnerable? This panel will explore the the complexities and dangers of patch management in current network environments. Panel members will describe their own experiences in dealing with patches and propose solutions for future of vulnerability patching.


Military Strategy in CyberSpace
Stuart Staniford, Nevis Networks

I will discuss basic principals of military strategy and then apply them to cyberspace. I will argue that cyber warfighting forces will eventually be large, well-trained, and operate with military discipline. Traditional strategic ideas such as concentration of force, deception, fog of war will be unchanged in the cyber arena. Ironically, the use of very open networking technologies for critical purposes, in a world where wars are still fought, is likely to lead to strong pressure to militarize civilian infrastructures. I will sketch what a cyberwar campaign might look like.

3:30 p.m.–4:00 p.m.   Break
4:00 p.m.–6:00 p.m. Thursday

Security Engineering
Session Chair: Carl Ellison, Microsoft

Copilot—a Coprocessor-based Kernel Runtime Integrity Monitor
Nick L. Petroni, Jr., Timothy Fraser, Jesus Molina, William A. Arbaugh, University of Maryland

Fixing Races for Fun and Profit: How to Use access(2)
Drew Dean, SRI International; Alan J. Hu, University of British Columbia

Network-in-a-Box: How to Set Up a Secure Wireless Network in Under a Minute
Dirk Balfanz, Glenn Durfee, Rebecca E. Grinter, Diana K. Smetters, and Paul Stewart, PARC

Design and Implementation of a TCG-based Integrity Measurement Architecture
Reiner Sailer, Xiaolan Zhang, Trent Jaeger, and Leendert van Doorn, IBM T. J. Watson Research Center


What Biology Can (and Can't) Teach Us About Security
David Evans, University of Virginia

Nature provides an existence proof that complex, robust behavior can be produced from remarkably simple programs. Nearly all species become extinct, but some manage to thrive in hostile environments full of competitors, predators and parasites. I will present some observations about security problems and solutions found in nature. Successful natural solutions provide useful inspiration, but substantial differences between the natural and virtual worlds make it challenging to apply nature's security approaches to computer security problems.

6:30 p.m.–7:30 p.m.   Poster Session and Reception

Wednesday, August 11 | Thursday, August 12 | Friday, August 13

9:00 a.m.–10:30 a.m. Friday

Forensics and Response
Session Chair: Niels Provos, Google

Privacy-Preserving Sharing and Correlation of Security Alerts
Patrick Lincoln, Phillip Porras, and Vitaly Shmatikov, SRI

Static Disassembly of Obfuscated Binaries
Christopher Kruegel, William Robertson, Fredrik Valeur, and Giovanni Vigna, UC Santa Barbara

Autograph: Toward Automated, Distributed Worm Signature Detection
Hyang-Ah Kim, Carnegie Mellon University, and Brad Karp, Intel Research and Carnegie Mellon University


Nuclear Weapons, Permissive Action Links, and the History of Public Key Cryptography (PDF)
Steve Bellovin, AT&T Labs—Research

MP3 IconListen in MP3 format

From a security perspective, command and control of nuclear weapons presents a challenge. The security mechanisms are supposed to be so good that they're impossible to bypass. But how do they work? Beyond that, there are reports linking these mechanisms to the early history of public key cryptography. We'll explore the documented history of both fields, and speculate on just how permissive action links—the "combination locks" on nuclear weapons—actually work.

10:30 a.m.–11:00 a.m.   Break
11:00 a.m.–12:30 p.m. Friday

Data Privacy
Session Chair: William Aiello, AT&T Labs—Research

Awarded Best Student Paper!
Fairplay—A Secure Two-Party Computation System
Dahlia Malkhi and Noam Nisan, Hebrew University; Benny Pinkas, HP Labs; Yaron Sella, Hebrew University

Tor: The Second-Generation Onion Router
Roger Dingledine and Nick Mathewson, The Free Haven Project; Paul Syverson, Naval Research Lab

Awarded Best Paper!
Understanding Data Lifetime via Whole System Simulation
Jim Chow, Ben Pfaff, Tal Garfinkel, Kevin Christopher, and Mendel Rosenblum, Stanford University


My Dad's Computer, Microsoft, and the Future of Internet Security
William R. Cheswick, Chief Scientist, Lumeta Corporation

Microsoft claims that they Really Mean It about their host security. Service Pack 2 is now available. Is it going to help? Are things going to get better? How are we doing on Internet security, and what might improve things?

With 13 years of service at Lucent/Bell Labs, Bill Cheswick has worked for nearly 30 years on operating-system security. He is co-author of one of the most highly regarded security books, Firewalls and Internet Security. Prior to Lucent, Cheswick spent nine years with System Computer Technology Corporation.

12:30 p.m.–2:00 p.m.   Lunch (on your own)
2:00 p.m.–4:00 p.m. Friday
Work-in-Progress Reports (WiPs) & Closing Remarks
Session Chair: Erez Zadok, Stony Brook University

Click here for a complete list of WiPs and Poster Sessions

?Need help? Use our Contacts page.

Last changed: 19 Oct. 2007 ac