Unified Support for Heterogeneous Security Policies in Distributed Systems
Victoria Ungureanu and Naftaly H. Minsky, Rutgers University

Operating System Protection for Fine-Grained Programs
Trent Jaeger, Jochen Liedtke, and Nayeem Islam, IBM T.J. Watson Research Center

Expanding and Extending the Security Features of Java
Karen R. Sollins and Nimisha V. Mehta, MIT Laboratory for Computer Science

In this talk I will give a quick introduction to elliptic curve cryptosystems, discuss their advantages, mention recent work done on studying their security, and some of the implementations being done.

Towards Web Security Using PLASMA
A. Krannig, Fraunhofer-Institute for Computer Graphics IGD

Security of Web Browser Scripting Languages: Vulnerabilities, Attacks, and Remedies
Vinod Anupam and Alain Mayer, Bell Labs, Lucent Technologies

Finite-State Analysis of SSL 3.0
John C. Mitchell, Vitaly Shmatikov, and Ulrich Stern, Stanford University

Internet commerce has made security critical and organizations finally recognize the need to provide security. Because electronic commerce often involves access to privileged data by customers, it is harder to secure these applications than traditional ones. Authentication, authorization, and encryption can be used to secure computers and communication channels, but there will always be vulnerabilities at the end points; attackers will break into the service provider's and end user's systems to steal or modify data. Once these basic security techniques have been applied, the greatest improvements in security can be obtained through the common sense technique of partitioning protected data so that authoritative and highly sensitive data is stored on computers that aren't directly connected to the internet. In this talk Dr. Neuman will describe the application of distributed system security techniques and data partitioning to the development electronic commerce applications.

Certificate Revocation and Certificate Update
Kobbi Nissim and Moni Naor, Weizmann Institute of Science

Attack-Resistant Trust Metrics for Public Key Certification
Raph Levien and Alex Aiken, University of California at Berkeley

Software Generation of Practically Strong Random Numbers
Peter Gutmann, University of Auckland

You have completed testing and are ready to recommend the implementation of a near-perfect technical solution to a control issue in your company. How confident are you that your management will allocate the dollars and manpower for your project? Will management support the implementation with the end users? Effective security controls must meet business objectives. We will discuss how we have successfully achieved this. You will learn ways to form a close alliance with management and key people to assure that security objectives are met and supported.