Check out the new USENIX Web site.
Security Symposium '99 - August 23-26, 1999 - Marriot, Washington,D.C., USA

Table of Contents
Questions? Contact the USENIX Conference Office


T1 — Tuesday, August 24 (T2, T3)

How Attackers Break Programs and How to Write Programs Securely

Matt Bishop, University of California, Davis

Who should attend:
Software developers or managers who need to understand what it takes to write programs that can successfully withstand malicious attempts at intrusion. Attendees should be familiar with the C language and basic UNIX programming techniques.

Intrusions exploit vulnerabilities, and the vast majority of those vulnerabilities are the result of programming errors. Security professionals and developers who know the difference between safe and unsafe code can be key players in two critical endeavors – writing software that doesn't create new vulnerabilities and evaluating code to determine whether it is vulnerable.

The goal of this course is to enable the attendee to write a secure setuid or setgid program in C (or any code that runs as root with privileges), and to know when it is (and is not) appropriate to write such a program. The course covers common errors in designing and writing privileged programs, and presents them in the context of where they were discovered and exploited. In this way, the course provides a prescription for safe programming and anecdotal information about why ignoring each of the prescriptions can lead to real-world compromise. This course also exposes program errors and shows how to avoid them.

Topics include:
• When to write a privileged program
• Basic design principles
• Basic implementation rules; compartmentalization, modularization
• Common problems and attacks
• Environment problems
• Buffer and other overflows
• Inconsistencies
• Error handling
• Style
• Common system and library calls that can cause problems
• The most common security problems with setuid programs
• What to avoid, including descriptions of some known security flaws in existing setuid programs
• Alternate approaches, including servers
• Walk-through of some programs and functions: how they implement the privileged code, good points, and weak points

Matt Bishop earned his Ph.D. at Purdue University, where he began working on problems of security in computer systems in general, and UNIX systems in particular. He subsequently worked at the Research Institute for Advanced Computer Science at NASA and taught courses in operating systems, computer security, and software engineering at Dartmouth College. He chaired the first USENIX Security Workshop and plays an active role in identifying and thwarting security threats. In 1993, Matt joined the faculty at the University of California at Davis.

T2 — Tuesday, August 24

Network Security Profiles: A Collection (Hodgepodge) of Stuff Hackers Know About You

Brad Johnson, SystemExperts Corporation

Who should attend:
Network, system, and firewall administrators; security auditors and those who are audited; people involved with responding to intrusions or responsible for network-based applications or systems that might be targets for hackers. Participants should understand the basics of TCP/IP networking. Examples will use actual tools and will also include small amounts of HTML, JavaScript, and TCL.

This course will be useful for anyone with any TCP/IP-based system--a UNIX, WindowsXX, Windows NT, or mainframe operating system, or a router, firewall, or gateway network host.

Whether network-based host intrusions come from the Internet, an extranet, or an intranet, they typically follow a common methodology: reconnaissance, vulnerability research, and exploitation. This tutorial will review the tools and techniques hackers (determined intruders) use to perform these activities. You will learn what types of protocols and tools they use, and you will become familiar with a number of current methods and exploits. The course will show how you can generate vulnerability profiles of your own systems. Additionally, it will review some of the important management policies and issues related to these network-based probes.

The course will focus primarily on tools that exploit many of the common TCP/IP based protocols, such as WWW, SSL, DNS, ICMP, and SNMP, that underlie virtually all Internet applications, including Web technologies, network management, and remote filesystems. Some topics will be addressed at a detailed technical level. This course will concentrate on examples drawn from public domain tools, because these tools are widely available and commonly used by hackers (and are free for you to use).

Topics include:
• Profiles: what can an intruder determine about your site remotely?
• Review of profiling methodologies: different "viewpoints" generate different types of profiling information
• Techniques: scanning, on-line research, TCP/IP protocol "mis"uses, denial of service, hacking clubs
• Important intrusion areas: discovery techniques, SSL, SNMP, WWW, DNS
• Tools: including scotty, strobe, netcat, SATAN, SAINT, ISS, mscan, sscan, queso, curl, Nmap, SSLeay/upget
• Management issues: defining policies and requirements to minimize intrusion risk

Topics NOT covered:
• Social engineering
• Buffer overflow exploits
• Browser (frame) exploits
• Shell privilege escalation

Brad Johnson is a well-known authority in the field of distributed systems. He has participated in seminal industry initiatives including the Open Software Foundation, X/Open, and the IETF, and has published often about open systems. At SystemExperts Brad has led numerous security probes for major companies, revealing significant unrealized exposures. Prior to joining SystemExperts, Brad was one of the original members of the OSF DCE Evaluation Team, the group that identified, evaluated, and selected technology to become the industry's first true interoperable middleware.

T3 — Tuesday, August 24

Cryptography — From the Basics Through PKI in 23,400 Seconds

Daniel Geer, CertCo, Inc.
Aviel Rubin, AT&T Labs – Research

Who should attend:
Corporate security officers, Webmasters, IT planners, and anyone who wants to augment their self-taught knowledge of modern security technology with an up-to-date, sophisticated look at what you have to work with.

This course addresses what is and is not possible in network security, and examines the tradeoffs between security, cryptographic complexity, accountability, and cost. We approach cryptography as a tool, not a calling, and we approach the idea of a Public Key Infrastructure as an investment you may or may not choose to make. Upon completing this course, you will be in a position to confidently evaluate and buy security technologies.

We will cover, as interactively as possible, what security really is and how to buy no more than you need. You will learn about alternatives for deploying and managing security in general and Public Key Infrastructure in particular, plus some guidance in evaluating them with respect to your needs. While we cannot solve your problems for you, we'd welcome students who are stalled out over seemingly unfathomable forks in the road, e.g., "How many CAs does a company need?" Possible answers include: one per hiring office, precisely one globally, it doesn't matter, none you outsource, however many you already have plus one for cross-certification, etc. We'll help you discover which answers are better (and why), and which approach is right for you.

Daniel E. Geer, Jr., is Vice President and Senior Strategist for CertCo, Inc., the market leader in digital certification for electronic commerce. Daniel was previously Director of Engineering at Open Market, Inc. He has been a successful entrepreneur in network security and distributed systems management culminating in the successful sale of his own company to OpenVision Technologies, where he subsequently served as Chief Scientist, Vice President of Technology, and Managing Director. He arranged the Public Key Infrastructure track of the Third USENIX Workshop on Electronic Commerce. His book with Marcus Ranum and Aviel Rubin, The Web Security Sourcebook (Wiley & Sons). He co-chaired the recent USENIX workshops on Embedded Systems and Intrusion Detection.

Aviel D. Rubin is a Principal Technical Staff Member at AT&T Labs – Research, in the secure systems research department. He is also Adjunct Professor of Computer Science at New York University, where he teaches cryptography and computer security. He is the co-author of The Web Security Sourcebook. Avi holds a B.S., M.S.E., and Ph.D. from the University of Michigan in Ann Arbor ('89, '91, '94) in Computer Science and Engineering. He has served on several program committees for major security conferences and as the program chair for USENIX Security '98, USENIX Technical '99, and ISOC NDSS 2000. His URL is

?Need help? Use our Contacts page.
First posted: May 1999
Last changed: May 1999
Conference Index
Events Calendar