The RISKS Digest
Volume 16 Issue 33

Tuesday, 23rd August 1994

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


Program Information: 17th National Computer Security Conference
Info on RISKS (comp.risks)

Program Information: 17th National Computer Security Conference (long)

Tue, 16 Aug 94 15:06 EDT
   [There is a 9 Sep 1994 deadline coming up for advance reg (saves $45, but
   there is no student reduction) and conference hotel rates.  As usual,
   RISKS runs only the program info (and in this case the full file is 42K).
   PLEASE E-mail Borodkin@DOCKMASTER.NCSC.MIL for full brochure.  OR, you may
   FTP risks-16.33ncs from the RISKS: archive directory on CRVAX.SRI.COM for
   the full brochure, or risks-16.33ncsx for just the missing stuff.  PGN]

October 11-14, 1994
Baltimore Convention Center
Baltimore, Maryland

Tuesday, October 11, 1994  10:00a.m. - 12:00 p.m.


Opening:   George B. Mitchell and Irene Gilbert Perry
Welcome to Baltimore:     Dennis Lego, Bureau of Management
                          Information Systems, City of Baltimore
Welcome to the Conference: James H. Burrows & Patrick R. Gallagher, Jr.
Keynote Address: The Honorable Sally Katzen
             Administrator, Office of Information and Regulatory Affairs
             Office of Management and Budget
Systems Security Award: Patrick R. Gallagher, Jr. and James H. Burrows
Award Address: Distinguished Awardee
Best Paper Awards: Dennis Gilbert and Christopher Bythewood
Close: Irene Gilbert Perry and George B. Mitchell

Tuesday, 2:00-3:30 p.m.

Track A - Intrusion Detection        Chair:  R.Bace, NSA
Testing Intrusion Detection Systems: Design Methodologies and Results from an
Early Prototype
  N. Puketza, University of California, Davis
A Pattern Matching Model for Misuse Intrusion Detection
  S. Kumar, Purdue University
Artificial Intelligence and Intrusion Detection: Current and Future Directions
  J. Frank, University of California, Davis

Track B - Panel - The Development of Generally Accepted System Security
Principles (GSSP)
Chair:  M.  Swanson, NIST
Panelists:  W. Ozier, ISSA GSSP Committee Chair
            E. Roback, NIST
            B. Guttman, NIST
This panel discusses the GSSP that NIST is developing under the auspices of
Information Systems Security Association (ISSA) in coordination with OMB and
with technical assistance from NSA.

Track C - Panel - Can Your Net Work Securely?
Chair:  P. Neumann, SRI
Panelists:  E. Boebert, Secure Computing Corp.
            A. Goldstein, Digital Equipment Corp.
            W. Diffie, SUN Microsystems
            C. Neuman, USC-Information Sciences Institute
Distributed systems must often rely on components whose trustworthiness cannot
be assured.  This panel explores related issues.

Track D - Panel - Model Information Security Programs
Chair: R.Owen,Jr., Texas Office of the Attorney General
Panelists:  G. Burns, Monsanto Co.
            S. Green, University of Houston
            P. Sibert, Dept. of Energy
            J. Wright, Information Resources Comm. Florida
This panel presents Information Security Programs from the state, federal,
private, and academic sectors, highlighting their similarities and differences:
requirements; security organizational structure; security management process;
and methods of security awareness.

Track E  Tutorial - Security in the Future
Speakers: LtCdr A. Liddle, Royal Navy, Information Resources Management College
          J. Sachs, Arca Systems, Inc.
This tutorial takes a view forward to security and its role in enterprises,
applications, and information infrastructures; with general threats to
information systems; and with the roles of security disciplines.

Special Session - Panel: International Harmonziation, the Common Criteria -
Progress & Status
Chair:      E. Troy, NIST
Panelists:  C. Ketley, European Commission (UK)
            Y. Klein, European Commission (France)
            H. Kreutz, European Commission (Germany)
            A. Robison, CSE, Canada
            M. Tinto, NSA, US
This panel discusses the Common Criteria Project, the input documents, the
timetable, and the public review process. Panelists provide the first public
overview of the draft Common Criteria document contents.

Tuesday 4:00-5:30 p.m.

Track A - Panel - Fuzzy Security: Formalizing Security as Risk Management
Chair: R. Nelson, Information Systems Security
Panelists:  H. Hosmer, Data Security, Inc.
            J. McLean, Naval Research Lab
            S. Ovchinnikov, San Francisco State University
This panel explores strategies for building flexibility into the formal aspects
of computer security to produce more functional trusted systems. Panelists
present views radically different from the conventional security approach.

Track B - Security Standards and Taxonomic Structures     Chair: W.Jansen, NIST
A Taxonomy for Security Standards
  W. Jansen, NIST
The Graphical Display of a Domain Model of Information Systems Security
(INFOSEC) Through Semantic Networks
  T. Smith, NSA
A New Attack on Random Pronounceable Password Generators
  R. Ganesan, Bell Atlantic

Track C - Operational Security Enhancements    Chair: D. Dodson, NIST
Controlled Execution UNIX
  L. Badger, TlS
Architectures for C2 DOS/Windows-Based Personal Computers
  J. Epstein, Cordant, Inc.
A Practical Hardware Device for System and Data Integrity as well as Malicious
Code Protection
  T.E. Elliott, CSE

Track D - Panel - Interdisciplinary Perspectives on INFOSEC
Chair:  M.E. Kabay, National Computer Security Assn.
An Anthropological View: Totem and Taboo in Cyberspace
  M.E. Kabay,  National Computer Security Assn.
Panelists:  J. Craft, Systems Research and Applications Group
            V. Black, Pace Un iv.
            P. Black, Pace Univ.
            E. Martin, Organization & Education Consultants
INFOSEC, like other areas of human endeavor, can benefit from the insights of
other disciplines.  This panel, a diverse group of academics and practitioners,
present their insights.

Track E - Tutorial - Risk Management
Speaker: LtCdr A. Liddle, Royal Navy, Information Resources Management College
This tutorial focuses on the importance of an overall risk management
perspective to information system security, stressing risk tolerance as opposed
to risk avoidance. Topics include: risk models and differentiation; asset,
threat, vulnerability, and risk analysis; and technical vs. operational

Special Session - Panel:  Security Requirements for Distributed Systems
Chair: R. Dobry, NSA
Panelists:  J. Cugini, NIST
            V. Gligor, University of Maryland
            T. Mayfield, Institute of Defense Analysis
The panelists describe what is entailed in providing security for distributed
systems and how they see their efforts fitting into the Common Criteria.

Wednesday, 9:00 - 10:30a.m.

Track A - Access Control        Chair:  D. Cooper Unisys
A Three Tier Architecture for Role Based Access Control
  R. Sandhu, SETA Corp.
Using THETA to Implement Access Controls for Separation of Duties
  R. Pascale, Odyssey Research Associates
Implementing Role Based, Clark-Wilson Enforcement Rules on a B1 On-Line
Transaction Processing System
  B. Smith-Thomas, AT&T Bell Laboratories

Track B  - Criteria       Chair:  G. Wagner, NSA
Development History for Procurement Guidance Using the Trusted Computer System
Evaluation Criteria (TCSEC)
  Maj M. DeVilbiss, USA, NSA
Exporting Evaluation: An Analysis of US and Canadian Criteria for Trust
  P. Olson, NSA
What Color is Your Assurance?
  D. Wichers, Arca Systems, Inc.

Track C - Panel - Internet Firewalls
Chair:     J.Wack NIST
Panelists:  M. Ranum, TIS
            B. McConnell, The MITRE Corp.
This panel discusses how firewalls work, policies that can be implemented by
firewalls, and updates on different firewall configurations to support
restricted access.

Track D - Panel - Ethical Issues in the National Information Infrastructure
Chair: J. Williams, MITRE Corp.
Panelists:  D. Denning, Georgetown University
            G. Hammonds, National Council of Negro Women
            H. Hosmer, Data Security Inc.
            E. Leighninger, Andover-Newton Seminary
            M. Rotenberg, EPIC
Social, legal, and ethical values reflected in the design, implementation, and
management of the NII will be highly visible in the security policies supported
by the NII. This panel addresses broad issues such as equity vs. risk, privacy
vs. accountabillty, privacy vs. survelllance, and the international

Track E - Tutorial - Trust Concepts
Speaker:  C. Abzug, Information Resources Management College
This tutorial focuses on the fundamental concepts and terminology of trust
technology. It includes descriptions of the Trusted Computer Systems Evaluation
Criteria (TCSEC) classes, how these classes differ and how to determine the
appropriate class for your operational environment.

Wednesday,  11:00a.m. - 12:30 p.m.

Track A - Panel - The Future of Role Based Access Control: Its Structure,
Mechanisms, and Environment
Chair:      H.Feinstein, SETA Corp.
Panelists:  M. Abrams, MITRE Corp.
            D. Denning, Georgetown University
            D. Ferraiolo, NIST
            R. Sandhu, George Mason University
This panel addresses the various definitions of role based security and how
they differ from the traditional Bell-Lapadula model.  Panelists represent
researchers and the user community.

Track B - Panel - Product and System Certification in Europe
Chair:  K. Keus, BSI, Germany
Panelists:  M. Ohlin, Swedish Defense Materiel Admin.
            P. Cambell-Burns, Admiral Mngt. Services Ltd., UK
            H. Kersten, BSI, Germany
            A.C. Jennen, BSI, Germany
            P. Overbeek, TNO Physics and Electronic Lab, NL
            J. Wilde, Logica, UK
            L. Borowski, CR2A, France
This panel, representing Certification bodies of the European Community,
discusses their experiences with the European Criteria.

Track C - Panel - Proven Detection Tools For Intrusion Prevention
Chair:      M. Higgins, DISA/CISS
Panelists:  E. Dehart, Carnegie Mellon University
            S. Weeber, Lawrence Livermore National Lab
            F. Avolio, Trusted Information Systems
            D. Slade, Bell Communications Corp.
This panel addresses the uses, implementation, features, and lessons learned of
protection tools. Panelists wlll take audience through detection scenarios and
lessons learned from operational implementation.

Track D - Panel - Medical Information Privacy Current Legislative And Standards
Chair:       M. Schwartz Summit Medical Systems, Inc.
Privacy and the Handling of Patient Related Information in the Public Swedish
Health Care System
  T. Olhede, Swedish Institute for Health Services
Panelists:  R. Gellman, U.S. House of Representatives
            M. Donaldson, National Academy of Sciences
            D. Miller, lrongate, Inc.
            C. Waegemann, Medical Records Institute
            G. Lang, The Harrison Avenue Corp.
This panel addresses the technical and human issues generated by the currently
available technology in the medical arena.

Track E - Tutorial - Trusted Networks
Speaker: R.K. Bauer, Arca Systems, Inc.
This tutorial focuses on basic points in network security and gives an overview
of the Trusted Network Interpretation (TNI). Topics include: network security
concerns and services, trusted network components, the TNI and its Evaluation
Classes, system composition and interconnection, and cascading.

Wednesday  2:00 - 3:30 p.m.

Track A - Database Developments          Chair: M. Schaefer, Arca Systems, Inc.
Virtual View Model to Design a Secure Object-Oriented Database
  F. Cuppens, ONERA/CERT
Achieving Database Security Through Data Replication:  The SlNTRA Prototype
  M. Kang, Naval Research Lab
The SeaView Prototype: Project Summary
  T. Lunt, SRI International

Track B - Panel - New Concepts in Assurance
Chair:  P.Toth, NIST
Panelists:  L. Ambuel, NSA
            D. Kimpton, CSE - Canada
            K. Rochon, NSA
            K. Ferraiolo, ARCA Systems
This panel discusses new concepts in the area of assurance for IT security
products and systems.  Presentations include results oftwo workshops on
assurance: The Invitational Workshop on Information Technology Assurance and
Trustworthiness and the International Workshop on Development Assurance.

Track C - Panel - MLS System Solutions-A Continuing Debate Among the Critical
Chair: J. Sachs, Arca Systems. Inc.
Panelists:  J. Adams, SecureWare
            M. Askew, GTE
            G. Evans, ARCA
            P. Klein, DISA
            A. Leisenring, NSA
            K. Thompson, USACOM
            J. Seymour, Joint Staff
This panel debates issues associated with acquiring an MLS system.

Track D - Detecting and Deterring Computer Crime        Chair: J. Holleran, NSA
The Electronic Intrusion Threat to National Security & Emergency Preparedness
Telecommunications: An Awareness Document
  T. Phillips, Booz Allen & Hamilton, Inc.
Using Application Profiles to Detect Computer Misuse
  N. Kelem, Trusted Information Systems
Can Computer Crime Be Deterred?
  S. Sherizan, Ph.D, Data Security Systems, Inc.

Track E - Tutorial - Trusted Databases
Speaker:  G.Smith, Arca Systems, Inc.
This tutorial focuses on security from a "database view" and gives an overview
of the Trusted Database Interpretation (TDI). Topis include: DBMS specific
security requirements, vulnerabilities, and challenges; database design
considerations; implementation issues; and use issues.

Wednesday  4:00 - 5:30 p.m

Track A - Panel - Inference Problem in Secure Database Systems
Chair: B. Thuraisingham, MITRE Corp.
An Inference Paradigm
  D. Marks, NSA
Panelists:  D. Marks, NSA
            T. Lunt, SRI Intl.
            T. Hinke, University of Alabama
            M. Collins, MITRE Corp.
            L. Kerschberg, George Mason University
This panel focuses on the practical developments made on the inference problem
over the past three years and provides direction for further work on this

Track B - Panel - New Challenges for C&A: The Price of Interconnectivity and
Chairs: Ellen Flahavin, NIST
        Joel Sachs, ARCA
Panelists:  A. Lee MITRE
            E. O'Connor, IRS
            H. Ruiz, DISA
            S. Schanzer, CIA
            E. Springer, OMB
This panel focuses on new challenges for certification and accreditation from a
variety of government perspectives including civil, defense, intelligence, and

Track C - Putting Trusted Products Together
Chair:     B. Burnham, NSA
Partitioning the Security Analysis of Complex Systems
  H. Holm, NSA
The Composition Problem:  An Analysis
  G. King, Computer Science Corp.
Making Do With What You've Got
  J. Jerryman, The Boeing Co.
Modern Multilevel Security (MLS): Practical Approaches for Integration,
Certification, and Accreditation
  B. Neugent, The MITRE Corp.

Track D - Panel - Computer Crime on the Internet
Chair:  C. Axsmith, Esq., ManTech Strategies Associates
Panelists:  D. Parker, SRI Intl.
            M. Pollitt, FBI
            T. Chambers, Food & Drug Admin.
            B. Fraser, CERT, Carnegie Mellon Univ.
            M. Schoffstall, Performance Systems International
            M. Fedor, Performance Systems International
This panel addresses computer crime issues related to Internet connections. The
issue will be dealt with from many angles to provide a practical and
wellrounded overview.

Track E - Tutorial - Criteria Comparisons
Speaker: C.Abzug, Information Resources Management College
This tutorial focuses on the differences and similarities of the national and
international criteria of Canada, the United States, and Europe. They are
compared and considered, both in the context of value to security engineering
today, and as foundations for the Common Criteria.

Wednesday, 7:O0p.m.  Conference Banquet at the Hyatt Regency Inner Harbor Hotel
 Harry B. DeMaio, Deloitte & Touche

Thursday, 9:00 - 10:30 a.m.

Track A - Panel - Key Escrowing: Today and Tomorrow
Chair:  M.Smid, NIST
Panelists:  J. Manning, NSA
            M. Glimore, FBI
            D. Denning, Georgetown University
This panel provides an in-depth technical view of the key escrow system
developed in conjunction with FIPS 185.

Track B - Panel - The Department of Defense Goal Security Architecture
Chair:     W.T. Polk, NIST
Panelists:  R. McAllister, NSA
            C. Deutsch, NSA
            J. Schafer, DISA
            J. Coyle, Booz.Allen & Hamilton
This panel discusses the DGSA. The DGSA is derived from DoD Information System
Security Policy and reflects requirements for the support of multiple security
policies, distributed information processing, conductivity by common carriers,
users with different security attributes, and resources with varying degrees of
security protection.

Track C - Panel - Trusted Systems Interoperability Group
Chair:  S. Wisseman, Arca Systems, Inc.
Panelists:  P. Cummings, Digital Equipment Corp.
            R. Sharp, AT&T Bell Laboratories
            J. Edelheit, The MITRE Corp.
            C. Watt, SecureWare, Inc.
            G. Mitchell, NSA
This panel, discussing TSIG work since 1989, addresses problem progress in
providing multi-vendor interoperability among security enhanced and traditional
UNIX systems.

Track D - Risks and Threats     Chair: D. Gambel, Northrup Grumman
Demonstrating the Elements of Information Security With Threats
  D. Parker, SRI International
The Aerospace Risk Evaluation System (ARiES): Implementation of a Quantitative
Risk Analysis Methodology for Critical Systems
  C. Lavine, The Aerospace Corp.
The Security-Specific Eight Stage Risk Assessment Methodology
  D. Drake, Science Applications International Corp.

Track E - Tutorial - UNIX Security
Speaker:    E. Schultz, Arca Systems, Inc.
This tutorial focuses on operational security with systems in an internetworked
environment, using UNIX as an example. It includes security weaknesses, methods
for improving security, and ways to detect and respond to attacks on UNIX

Thursday, 11:O0a.m.- 12:30p.m.

Track A - Panel - The Security Association Management Protocol (SAMP)
Chair:  Maj T. Hewitt, USAF NSA
Panelists:  D. Walters, NIST
            D. Wheeler, Motorola
            M. White, Booz. Allen & Hamilton
            A. Reiss, NSA
            J. Leppek, Harris Corporation
A security association is an agreement between two or more entities that
resolves all of the options (negotiable parameters) of the security mechanisms
that perform security services for communication. This panel addresses some of
the questions, design considerations, and requirements for security

Track B - Network Architecture   Chair:  H.Weiss, SPARTA, Inc.
BFE Applicability to LAN Environments
  T. Benkart, ACC Network Systems
The Architecture of Triad: A Distributed, Real Time, Trusted System
  E.J. Sebes, TIS
Constructing a High Assurance Mail Guard
  R. Smith, Secure Computing

Track C - Panel - NSA Concurrent Systems Security Engineering Support To The
Chair:  B. Hildreth, NSA
Panelists:  M. Mayonado, Eagan, McAllister Assoc.
            T. Acevedo, Pulse Engineering, Inc.
            J. Himes, NSA
            G. Wessel, NSA
            R. Blair, NSA
            R. White, Air Intelligence Agency
            G. Hurlburt, Naval Air Warfare Center
This panel discusses the Concurrent System Security Engineering initiative that
NSA is applying to aid TECNET, the Test & Evaluation Community Network. TECNET
must evolve the capability for simultaneously processing unclassified and
classified data while supporting both cleared and uncleared users.

Track D - Panel - Current Issues & Trends in Trusted Product Evaluations
Chair: K. Bruso, NSA
Panelists:  P. Toth, NIST
            J. Arnold, NSA
            C. McBride, NSA
            L. King, NSA
            M. Hale, NSA
            J. Pedersen, NSA
This panel will highlight the significant accomplishments of trusted product
evaluations during the past year. Process improvements will be discussed with
particular attention given to the Trust Technology Assessment Program and the
Trusted Products Evaluation Program.

Track E - Tutorial - Windows NT Security
Speaker: J. Williams, Arca Systems, Inc.
This tutorial focuses on operational security with distributed PC- based
computing, using Windows NT as an example. It discusses security from the
perspectives of both clients and servers: exposures and vulnerability,
appropriate control measures, and recommended policies and practices.

Thursday,  2:00-3:30 p.m.

Track A - Networks and Distributed Systems
                Chair:  D. Schnackenberg, Boeing Defense & Space Group
Towards a Formal Verification of a Secure and Distributed System and its
  K. Levitt University of California at Davis
Making Secure Dependencies Over a LAN Architecture - for Security Needs
  B. d'Ausbourg, CERT/ONERA
Automatic Generation of High Assurance Security Guard Filters
  V. Swarup, The MITRE Corp.

Track B - Panel - Multilevel Security (MLS) - Current Applications and Future
Directions I
Chair: Col. J. Sheldon, USA, DISA/CISS
Panelists:  J. Wiand, USSOCOM
            R. Myers, USACOM
            E. Klutz, USACOM
            LTC T. Surface, USPACOM
            Maj K. Newland, USSPACECOM
            P. Woodie, NSA
            C. West, DISA
This panel covers applications and use of multilevel security (MLS) solutions
fielded at the US Unified Commands by the Department of Defense MLS Program,
and an overview of the NSA Multilevel Information System Security Initiative

Track C - Security Implementations        Chair: J.Anderson, J.P. Anderson Co.
Applying COMPUSEC to the Battlefield
  S. Arkley, Computer Sciences Corp.
Security Requirements for Customer Network Management in Telecommunications
  V. Varadharajan, Hewlett-Packard Labs.
Support for Security in Distributed Systems Using MESSIAHS
  S. Chapin, Kent State University

Track D - Panel - Do You Have the Skills to be a Future INFOSEC Professionals?
Chair:     V. Maconachy, DISA/CISS
Panelists:  C. Schou, Idaho State University
            R. Morris
            G. Burns, Monsanto Corp.
This panel examines the types of skills that wlll be needed to cope with the
changing work environment and what types of individual initiatives are required
to keep up with advancing technologies and management challenges.

Track E - Tutorial - System Security Engineering, Certification, and
Speaker:    J. Sachs, Arca Systems, Inc.
This tutorial focuses on engineering and assessment issues in integrating MLS
solutions using trusted products, developing the certification evidence, and
the accreditation process. Topics include: system security, assurance,
trade-offs, and methodologies.

Thursday, 4:00- 5:30p.m.

Track A - Formal Methods and Modeling     Chair: S. Jajodia, George Mason
Belief in Correctness
  M. Abrams, The MITRE Corp.
Towards a Privacy-Friendly Design and Use of IT-Security Mechanisms
  S. Fischer-Hubner, University of Hamburg
Using a Semiformal Security Policy Model 2C a C2 Better
  M. Schaefer, Arca Systems, Inc.

Track B - Panel - Multilevel Security (MLS) - Current Applications and Future
Direction II
Chair:  Col. J. Sheldon, DISA/CISS
Panelists:  J. Wiand, USSOCOM
            R. Myers, USACOM
            E. Klutz, USACOM
            LTC T. Surface, USPACOM
            Maj K. Newland, USSPACECOM
            P. Woodie, NSA
            C. West, DISA
This panel covers applications and use of multilevel security (MLS) solutions
fielded at the US Unified Commands by the Department of Defense MLS Program,
and an overview of the NSA Multilevel Information System Security Initiative

Track C - Views on Vulnerability     Chair: R. Wood, NSA
A Technical Approach for Determining the Importance of Information in
Computerized Alarm Systems
  J. Lim, Lim & Orzechowski Assoc.
ASAM: A Security Certification and Accreditation Support Tool for DoD Automated
Information Systems
  L. Remorca, Secure Solutions, Inc.
A Financial Management Approach for Selecting Optimal, Cost-Effective
Safeguards Upgrades for Computer- and Information- Security Risk Management
  S.T. Smith, Barracana, Inc.

Track D - Real Lessons          Chair: J. Campbell, NSA
Security Awareness and the Persuasion of Managers
  D. Poindexter, CISS
The Network Memorandum of Agreement (MOA) Process: Lessons Learned
  L. Jaworski, TIS
Independent Validation and Verification of Automated Information Systems the
Department of Energy
  W. Hunteman, Los Alamos National Laboratory

Track E - Tutorial - Information System Security Officer's Challenges
Speaker:  C.  Bressinger, DoD Security Institute
This tutorial focuses on the continued protection and accreditation of
operational information systems. Topics include: virus prevention and
eradication; access control evaluation and configuration; media clearing and
purging; intrusion detection and handling; and dealing with risk.

Thursday, 6:00 p.m.  Awards Ceremony followed by Awards Reception
                     at the Baltimore Convention Center

Friday, 9:00 - 10:30 a.m.

Track A - Panel - Highlights of the New Security Paradigms `94 Workshop
Chair: E. Leighninger, Co-Program Chair
Formal Semantics of Confidentiality in Multilevel Logic Databases
  A. Spalka, University of Bonn
Healthcare Information Architecture: Elements of a New Paradigm
  D.Essin & T. Lincoln
Communication, Information Security and Value
  J. Dobson, University of Newcastle
Fuzzy Patterns In Data
  T.Y. Lin, San Jose State University

Track B - Panel - Prominent Industry-Sponsored Security Architectures Currently
Under Development
Chair: M. McChesney, SecureWare
Panelists:  R. Schell, Novell, GSA
            B. Dwyer, Hewlett-Packard, DCE
This panel discusses the Distributed Computing Environment Security Servicing,
the NoveIl Global Security Architecture, and the Extended Global Security
Architecture; how they relate to one another and how they might evolve in the
future to provide compatible security functionality.

Track C - Panel - Provisions to Improve Security on the Internet
Chair:     H. Highland
Panelists:  F. Avolio, Trusted Information Systems, Inc.
            S. Bellovin AT&T Bell Laboratories
            M. Bishop, University of California, Davis
            W. Cheswick, AT&T Bell Laboratories
            Dr. J. David, The Fortress
            Colonel F. Kolbrener
            A. P. Peterson, P.E., Martin Marietta
This panel discusses what Internet has done to promote net security the
specific risks of operating under TCP/IP, and what can be done quickly and
easlly to promote net security.

Track D - Panel - Computers at Risk (CAR) Recommendations: Are They Still Valid?
Chair:  H.Tipton, CISSP, Member of the CAR Committee, Member of the GSSP
Panelists:  W. Ozier, Ozier Peterse & Assoc.
            S. Walker, Trusted Information Systems
            E. Boebert, Secure Computing Corp.
Panelists revisit the CAR committee recommendations in view of the information
security environment today.

Track E - Panel - IT Security Resources
Panelists:  K. Everhart, NIST
            M. Swanson, NIST
            B. Lau, NSA
            N. Lynch, NIST
This session presents an overview of major sources of information on IT
security and a model for acquiring, disseminating, and managing security-
relevant information resources.

Friday, 11:00 a.m. - 12:30 p.m.  CLOSING PLENARY
"Security, Privacy, and Protection issues in Emerging Information
Distinguished Panel:
Professor Anthony Oettinger (Co-Chair)
 Program on Information Resources Policy
 Harvard University
Dr. Brian Kahin (Co-Chair)
 Information Infrastructure Project
 Science, Technology and Publlc Policy Program
 Harvard University
Robert Lucky
 Vice President
 Applied Research
Fred M. Briggs
 Senior Vice-President and Chief Engineering Officer

Please report problems with the web pages to the maintainer