Date: Tue, 16 Aug 94 15:06 EDT From: Borodkin@DOCKMASTER.NCSC.MIL Subject: Program Information: 17th National Computer Security Conference (long) 17th NATIONAL COMPUTER SECURITY CONFERENCE October 11-14, 1994 Baltimore Convention Center Baltimore, Maryland CONFERENCE PROGRAM and REGISTRATION Tuesday, October 11, 1994 10:00a.m. - 12:00 p.m. OPENING PLENARY Opening: George B. Mitchell and Irene Gilbert Perry Welcome to Baltimore: Dennis Lego, Bureau of Management Information Systems, City of Baltimore Welcome to the Conference: James H. Burrows & Patrick R. Gallagher, Jr. Keynote Address: The Honorable Sally Katzen Administrator, Office of Information and Regulatory Affairs Office of Management and Budget Systems Security Award: Patrick R. Gallagher, Jr. and James H. Burrows Award Address: Distinguished Awardee Best Paper Awards: Dennis Gilbert and Christopher Bythewood Close: Irene Gilbert Perry and George B. Mitchell Tuesday, 2:00-3:30 p.m. Track A - Intrusion Detection Chair: R.Bace, NSA Testing Intrusion Detection Systems: Design Methodologies and Results from an Early Prototype N. Puketza, University of California, Davis A Pattern Matching Model for Misuse Intrusion Detection S. Kumar, Purdue University Artificial Intelligence and Intrusion Detection: Current and Future Directions J. Frank, University of California, Davis Track B - Panel - The Development of Generally Accepted System Security Principles (GSSP) Chair: M. Swanson, NIST Panelists: W. Ozier, ISSA GSSP Committee Chair E. Roback, NIST B. Guttman, NIST This panel discusses the GSSP that NIST is developing under the auspices of Information Systems Security Association (ISSA) in coordination with OMB and with technical assistance from NSA. Track C - Panel - Can Your Net Work Securely? Chair: P. Neumann, SRI Panelists: E. Boebert, Secure Computing Corp. A. Goldstein, Digital Equipment Corp. W. Diffie, SUN Microsystems C. Neuman, USC-Information Sciences Institute Distributed systems must often rely on components whose trustworthiness cannot be assured. This panel explores related issues. Track D - Panel - Model Information Security Programs Chair: R.Owen,Jr., Texas Office of the Attorney General Panelists: G. Burns, Monsanto Co. S. Green, University of Houston P. Sibert, Dept. of Energy J. Wright, Information Resources Comm. Florida This panel presents Information Security Programs from the state, federal, private, and academic sectors, highlighting their similarities and differences: requirements; security organizational structure; security management process; and methods of security awareness. Track E Tutorial - Security in the Future Speakers: LtCdr A. Liddle, Royal Navy, Information Resources Management College J. Sachs, Arca Systems, Inc. This tutorial takes a view forward to security and its role in enterprises, applications, and information infrastructures; with general threats to information systems; and with the roles of security disciplines. Special Session - Panel: International Harmonziation, the Common Criteria - Progress & Status Chair: E. Troy, NIST Panelists: C. Ketley, European Commission (UK) Y. Klein, European Commission (France) H. Kreutz, European Commission (Germany) A. Robison, CSE, Canada M. Tinto, NSA, US This panel discusses the Common Criteria Project, the input documents, the timetable, and the public review process. Panelists provide the first public overview of the draft Common Criteria document contents. Tuesday 4:00-5:30 p.m. Track A - Panel - Fuzzy Security: Formalizing Security as Risk Management Chair: R. Nelson, Information Systems Security Panelists: H. Hosmer, Data Security, Inc. J. McLean, Naval Research Lab S. Ovchinnikov, San Francisco State University This panel explores strategies for building flexibility into the formal aspects of computer security to produce more functional trusted systems. Panelists present views radically different from the conventional security approach. Track B - Security Standards and Taxonomic Structures Chair: W.Jansen, NIST A Taxonomy for Security Standards W. Jansen, NIST The Graphical Display of a Domain Model of Information Systems Security (INFOSEC) Through Semantic Networks T. Smith, NSA A New Attack on Random Pronounceable Password Generators R. Ganesan, Bell Atlantic Track C - Operational Security Enhancements Chair: D. Dodson, NIST Controlled Execution UNIX L. Badger, TlS Architectures for C2 DOS/Windows-Based Personal Computers J. Epstein, Cordant, Inc. A Practical Hardware Device for System and Data Integrity as well as Malicious Code Protection T.E. Elliott, CSE Track D - Panel - Interdisciplinary Perspectives on INFOSEC Chair: M.E. Kabay, National Computer Security Assn. An Anthropological View: Totem and Taboo in Cyberspace M.E. Kabay, National Computer Security Assn. Panelists: J. Craft, Systems Research and Applications Group V. Black, Pace Un iv. P. Black, Pace Univ. E. Martin, Organization & Education Consultants INFOSEC, like other areas of human endeavor, can benefit from the insights of other disciplines. This panel, a diverse group of academics and practitioners, present their insights. Track E - Tutorial - Risk Management Speaker: LtCdr A. Liddle, Royal Navy, Information Resources Management College This tutorial focuses on the importance of an overall risk management perspective to information system security, stressing risk tolerance as opposed to risk avoidance. Topics include: risk models and differentiation; asset, threat, vulnerability, and risk analysis; and technical vs. operational decisions. Special Session - Panel: Security Requirements for Distributed Systems Chair: R. Dobry, NSA Panelists: J. Cugini, NIST V. Gligor, University of Maryland T. Mayfield, Institute of Defense Analysis The panelists describe what is entailed in providing security for distributed systems and how they see their efforts fitting into the Common Criteria. Wednesday, 9:00 - 10:30a.m. Track A - Access Control Chair: D. Cooper Unisys A Three Tier Architecture for Role Based Access Control R. Sandhu, SETA Corp. Using THETA to Implement Access Controls for Separation of Duties R. Pascale, Odyssey Research Associates Implementing Role Based, Clark-Wilson Enforcement Rules on a B1 On-Line Transaction Processing System B. Smith-Thomas, AT&T Bell Laboratories Track B - Criteria Chair: G. Wagner, NSA Development History for Procurement Guidance Using the Trusted Computer System Evaluation Criteria (TCSEC) Maj M. DeVilbiss, USA, NSA Exporting Evaluation: An Analysis of US and Canadian Criteria for Trust P. Olson, NSA What Color is Your Assurance? D. Wichers, Arca Systems, Inc. Track C - Panel - Internet Firewalls Chair: J.Wack NIST Panelists: M. Ranum, TIS B. McConnell, The MITRE Corp. This panel discusses how firewalls work, policies that can be implemented by firewalls, and updates on different firewall configurations to support restricted access. Track D - Panel - Ethical Issues in the National Information Infrastructure Chair: J. Williams, MITRE Corp. Panelists: D. Denning, Georgetown University G. Hammonds, National Council of Negro Women H. Hosmer, Data Security Inc. E. Leighninger, Andover-Newton Seminary M. Rotenberg, EPIC Social, legal, and ethical values reflected in the design, implementation, and management of the NII will be highly visible in the security policies supported by the NII. This panel addresses broad issues such as equity vs. risk, privacy vs. accountabillty, privacy vs. survelllance, and the international ramifications. Track E - Tutorial - Trust Concepts Speaker: C. Abzug, Information Resources Management College This tutorial focuses on the fundamental concepts and terminology of trust technology. It includes descriptions of the Trusted Computer Systems Evaluation Criteria (TCSEC) classes, how these classes differ and how to determine the appropriate class for your operational environment. Wednesday, 11:00a.m. - 12:30 p.m. Track A - Panel - The Future of Role Based Access Control: Its Structure, Mechanisms, and Environment Chair: H.Feinstein, SETA Corp. Panelists: M. Abrams, MITRE Corp. D. Denning, Georgetown University D. Ferraiolo, NIST R. Sandhu, George Mason University This panel addresses the various definitions of role based security and how they differ from the traditional Bell-Lapadula model. Panelists represent researchers and the user community. Track B - Panel - Product and System Certification in Europe Chair: K. Keus, BSI, Germany Panelists: M. Ohlin, Swedish Defense Materiel Admin. P. Cambell-Burns, Admiral Mngt. Services Ltd., UK H. Kersten, BSI, Germany A.C. Jennen, BSI, Germany P. Overbeek, TNO Physics and Electronic Lab, NL J. Wilde, Logica, UK L. Borowski, CR2A, France This panel, representing Certification bodies of the European Community, discusses their experiences with the European Criteria. Track C - Panel - Proven Detection Tools For Intrusion Prevention Chair: M. Higgins, DISA/CISS Panelists: E. Dehart, Carnegie Mellon University S. Weeber, Lawrence Livermore National Lab F. Avolio, Trusted Information Systems D. Slade, Bell Communications Corp. This panel addresses the uses, implementation, features, and lessons learned of protection tools. Panelists wlll take audience through detection scenarios and lessons learned from operational implementation. Track D - Panel - Medical Information Privacy Current Legislative And Standards Activities Chair: M. Schwartz Summit Medical Systems, Inc. Privacy and the Handling of Patient Related Information in the Public Swedish Health Care System T. Olhede, Swedish Institute for Health Services Panelists: R. Gellman, U.S. House of Representatives M. Donaldson, National Academy of Sciences D. Miller, lrongate, Inc. C. Waegemann, Medical Records Institute G. Lang, The Harrison Avenue Corp. This panel addresses the technical and human issues generated by the currently available technology in the medical arena. Track E - Tutorial - Trusted Networks Speaker: R.K. Bauer, Arca Systems, Inc. This tutorial focuses on basic points in network security and gives an overview of the Trusted Network Interpretation (TNI). Topics include: network security concerns and services, trusted network components, the TNI and its Evaluation Classes, system composition and interconnection, and cascading. Wednesday 2:00 - 3:30 p.m. Track A - Database Developments Chair: M. Schaefer, Arca Systems, Inc. Virtual View Model to Design a Secure Object-Oriented Database F. Cuppens, ONERA/CERT Achieving Database Security Through Data Replication: The SlNTRA Prototype M. Kang, Naval Research Lab The SeaView Prototype: Project Summary T. Lunt, SRI International Track B - Panel - New Concepts in Assurance Chair: P.Toth, NIST Panelists: L. Ambuel, NSA D. Kimpton, CSE - Canada K. Rochon, NSA K. Ferraiolo, ARCA Systems This panel discusses new concepts in the area of assurance for IT security products and systems. Presentations include results oftwo workshops on assurance: The Invitational Workshop on Information Technology Assurance and Trustworthiness and the International Workshop on Development Assurance. Track C - Panel - MLS System Solutions-A Continuing Debate Among the Critical Players Chair: J. Sachs, Arca Systems. Inc. Panelists: J. Adams, SecureWare M. Askew, GTE G. Evans, ARCA P. Klein, DISA A. Leisenring, NSA K. Thompson, USACOM J. Seymour, Joint Staff This panel debates issues associated with acquiring an MLS system. Track D - Detecting and Deterring Computer Crime Chair: J. Holleran, NSA The Electronic Intrusion Threat to National Security & Emergency Preparedness Telecommunications: An Awareness Document T. Phillips, Booz Allen & Hamilton, Inc. Using Application Profiles to Detect Computer Misuse N. Kelem, Trusted Information Systems Can Computer Crime Be Deterred? S. Sherizan, Ph.D, Data Security Systems, Inc. Track E - Tutorial - Trusted Databases Speaker: G.Smith, Arca Systems, Inc. This tutorial focuses on security from a "database view" and gives an overview of the Trusted Database Interpretation (TDI). Topis include: DBMS specific security requirements, vulnerabilities, and challenges; database design considerations; implementation issues; and use issues. Wednesday 4:00 - 5:30 p.m Track A - Panel - Inference Problem in Secure Database Systems Chair: B. Thuraisingham, MITRE Corp. An Inference Paradigm D. Marks, NSA Panelists: D. Marks, NSA T. Lunt, SRI Intl. T. Hinke, University of Alabama M. Collins, MITRE Corp. L. Kerschberg, George Mason University This panel focuses on the practical developments made on the inference problem over the past three years and provides direction for further work on this problem. Track B - Panel - New Challenges for C&A: The Price of Interconnectivity and Interoperability Chairs: Ellen Flahavin, NIST Joel Sachs, ARCA Panelists: A. Lee MITRE E. O'Connor, IRS H. Ruiz, DISA S. Schanzer, CIA E. Springer, OMB This panel focuses on new challenges for certification and accreditation from a variety of government perspectives including civil, defense, intelligence, and multi-agency. Track C - Putting Trusted Products Together Chair: B. Burnham, NSA Partitioning the Security Analysis of Complex Systems H. Holm, NSA The Composition Problem: An Analysis G. King, Computer Science Corp. Making Do With What You've Got J. Jerryman, The Boeing Co. Modern Multilevel Security (MLS): Practical Approaches for Integration, Certification, and Accreditation B. Neugent, The MITRE Corp. Track D - Panel - Computer Crime on the Internet Chair: C. Axsmith, Esq., ManTech Strategies Associates Panelists: D. Parker, SRI Intl. M. Pollitt, FBI T. Chambers, Food & Drug Admin. B. Fraser, CERT, Carnegie Mellon Univ. M. Schoffstall, Performance Systems International M. Fedor, Performance Systems International This panel addresses computer crime issues related to Internet connections. The issue will be dealt with from many angles to provide a practical and wellrounded overview. Track E - Tutorial - Criteria Comparisons Speaker: C.Abzug, Information Resources Management College This tutorial focuses on the differences and similarities of the national and international criteria of Canada, the United States, and Europe. They are compared and considered, both in the context of value to security engineering today, and as foundations for the Common Criteria. Wednesday, 7:O0p.m. Conference Banquet at the Hyatt Regency Inner Harbor Hotel Harry B. DeMaio, Deloitte & Touche Thursday, 9:00 - 10:30 a.m. Track A - Panel - Key Escrowing: Today and Tomorrow Chair: M.Smid, NIST Panelists: J. Manning, NSA M. Glimore, FBI D. Denning, Georgetown University This panel provides an in-depth technical view of the key escrow system developed in conjunction with FIPS 185. Track B - Panel - The Department of Defense Goal Security Architecture Chair: W.T. Polk, NIST Panelists: R. McAllister, NSA C. Deutsch, NSA J. Schafer, DISA J. Coyle, Booz.Allen & Hamilton This panel discusses the DGSA. The DGSA is derived from DoD Information System Security Policy and reflects requirements for the support of multiple security policies, distributed information processing, conductivity by common carriers, users with different security attributes, and resources with varying degrees of security protection. Track C - Panel - Trusted Systems Interoperability Group Chair: S. Wisseman, Arca Systems, Inc. Panelists: P. Cummings, Digital Equipment Corp. R. Sharp, AT&T Bell Laboratories J. Edelheit, The MITRE Corp. C. Watt, SecureWare, Inc. G. Mitchell, NSA This panel, discussing TSIG work since 1989, addresses problem progress in providing multi-vendor interoperability among security enhanced and traditional UNIX systems. Track D - Risks and Threats Chair: D. Gambel, Northrup Grumman Demonstrating the Elements of Information Security With Threats D. Parker, SRI International The Aerospace Risk Evaluation System (ARiES): Implementation of a Quantitative Risk Analysis Methodology for Critical Systems C. Lavine, The Aerospace Corp. The Security-Specific Eight Stage Risk Assessment Methodology D. Drake, Science Applications International Corp. Track E - Tutorial - UNIX Security Speaker: E. Schultz, Arca Systems, Inc. This tutorial focuses on operational security with systems in an internetworked environment, using UNIX as an example. It includes security weaknesses, methods for improving security, and ways to detect and respond to attacks on UNIX systems. Thursday, 11:O0a.m.- 12:30p.m. Track A - Panel - The Security Association Management Protocol (SAMP) Chair: Maj T. Hewitt, USAF NSA Panelists: D. Walters, NIST D. Wheeler, Motorola M. White, Booz. Allen & Hamilton A. Reiss, NSA J. Leppek, Harris Corporation A security association is an agreement between two or more entities that resolves all of the options (negotiable parameters) of the security mechanisms that perform security services for communication. This panel addresses some of the questions, design considerations, and requirements for security associations. Track B - Network Architecture Chair: H.Weiss, SPARTA, Inc. BFE Applicability to LAN Environments T. Benkart, ACC Network Systems The Architecture of Triad: A Distributed, Real Time, Trusted System E.J. Sebes, TIS Constructing a High Assurance Mail Guard R. Smith, Secure Computing Track C - Panel - NSA Concurrent Systems Security Engineering Support To The MLS TECNET Program Chair: B. Hildreth, NSA Panelists: M. Mayonado, Eagan, McAllister Assoc. T. Acevedo, Pulse Engineering, Inc. J. Himes, NSA G. Wessel, NSA R. Blair, NSA R. White, Air Intelligence Agency G. Hurlburt, Naval Air Warfare Center This panel discusses the Concurrent System Security Engineering initiative that NSA is applying to aid TECNET, the Test & Evaluation Community Network. TECNET must evolve the capability for simultaneously processing unclassified and classified data while supporting both cleared and uncleared users. Track D - Panel - Current Issues & Trends in Trusted Product Evaluations Chair: K. Bruso, NSA Panelists: P. Toth, NIST J. Arnold, NSA C. McBride, NSA L. King, NSA M. Hale, NSA J. Pedersen, NSA This panel will highlight the significant accomplishments of trusted product evaluations during the past year. Process improvements will be discussed with particular attention given to the Trust Technology Assessment Program and the Trusted Products Evaluation Program. Track E - Tutorial - Windows NT Security Speaker: J. Williams, Arca Systems, Inc. This tutorial focuses on operational security with distributed PC- based computing, using Windows NT as an example. It discusses security from the perspectives of both clients and servers: exposures and vulnerability, appropriate control measures, and recommended policies and practices. Thursday, 2:00-3:30 p.m. Track A - Networks and Distributed Systems Chair: D. Schnackenberg, Boeing Defense & Space Group Towards a Formal Verification of a Secure and Distributed System and its Applications K. Levitt University of California at Davis Making Secure Dependencies Over a LAN Architecture - for Security Needs B. d'Ausbourg, CERT/ONERA Automatic Generation of High Assurance Security Guard Filters V. Swarup, The MITRE Corp. Track B - Panel - Multilevel Security (MLS) - Current Applications and Future Directions I Chair: Col. J. Sheldon, USA, DISA/CISS Panelists: J. Wiand, USSOCOM R. Myers, USACOM E. Klutz, USACOM LTC T. Surface, USPACOM Maj K. Newland, USSPACECOM P. Woodie, NSA C. West, DISA This panel covers applications and use of multilevel security (MLS) solutions fielded at the US Unified Commands by the Department of Defense MLS Program, and an overview of the NSA Multilevel Information System Security Initiative (MISSI). Track C - Security Implementations Chair: J.Anderson, J.P. Anderson Co. Applying COMPUSEC to the Battlefield S. Arkley, Computer Sciences Corp. Security Requirements for Customer Network Management in Telecommunications V. Varadharajan, Hewlett-Packard Labs. Support for Security in Distributed Systems Using MESSIAHS S. Chapin, Kent State University Track D - Panel - Do You Have the Skills to be a Future INFOSEC Professionals? Chair: V. Maconachy, DISA/CISS Panelists: C. Schou, Idaho State University R. Morris G. Burns, Monsanto Corp. This panel examines the types of skills that wlll be needed to cope with the changing work environment and what types of individual initiatives are required to keep up with advancing technologies and management challenges. Track E - Tutorial - System Security Engineering, Certification, and Accreditation Speaker: J. Sachs, Arca Systems, Inc. This tutorial focuses on engineering and assessment issues in integrating MLS solutions using trusted products, developing the certification evidence, and the accreditation process. Topics include: system security, assurance, trade-offs, and methodologies. Thursday, 4:00- 5:30p.m. Track A - Formal Methods and Modeling Chair: S. Jajodia, George Mason University Belief in Correctness M. Abrams, The MITRE Corp. Towards a Privacy-Friendly Design and Use of IT-Security Mechanisms S. Fischer-Hubner, University of Hamburg Using a Semiformal Security Policy Model 2C a C2 Better M. Schaefer, Arca Systems, Inc. Track B - Panel - Multilevel Security (MLS) - Current Applications and Future Direction II Chair: Col. J. Sheldon, DISA/CISS Panelists: J. Wiand, USSOCOM R. Myers, USACOM E. Klutz, USACOM LTC T. Surface, USPACOM Maj K. Newland, USSPACECOM P. Woodie, NSA C. West, DISA This panel covers applications and use of multilevel security (MLS) solutions fielded at the US Unified Commands by the Department of Defense MLS Program, and an overview of the NSA Multilevel Information System Security Initiative (MISSI). Track C - Views on Vulnerability Chair: R. Wood, NSA A Technical Approach for Determining the Importance of Information in Computerized Alarm Systems J. Lim, Lim & Orzechowski Assoc. ASAM: A Security Certification and Accreditation Support Tool for DoD Automated Information Systems L. Remorca, Secure Solutions, Inc. A Financial Management Approach for Selecting Optimal, Cost-Effective Safeguards Upgrades for Computer- and Information- Security Risk Management S.T. Smith, Barracana, Inc. Track D - Real Lessons Chair: J. Campbell, NSA Security Awareness and the Persuasion of Managers D. Poindexter, CISS The Network Memorandum of Agreement (MOA) Process: Lessons Learned L. Jaworski, TIS Independent Validation and Verification of Automated Information Systems the Department of Energy W. Hunteman, Los Alamos National Laboratory Track E - Tutorial - Information System Security Officer's Challenges Speaker: C. Bressinger, DoD Security Institute This tutorial focuses on the continued protection and accreditation of operational information systems. Topics include: virus prevention and eradication; access control evaluation and configuration; media clearing and purging; intrusion detection and handling; and dealing with risk. Thursday, 6:00 p.m. Awards Ceremony followed by Awards Reception at the Baltimore Convention Center Friday, 9:00 - 10:30 a.m. Track A - Panel - Highlights of the New Security Paradigms `94 Workshop Chair: E. Leighninger, Co-Program Chair Formal Semantics of Confidentiality in Multilevel Logic Databases A. Spalka, University of Bonn Healthcare Information Architecture: Elements of a New Paradigm D.Essin & T. Lincoln Communication, Information Security and Value J. Dobson, University of Newcastle Fuzzy Patterns In Data T.Y. Lin, San Jose State University Track B - Panel - Prominent Industry-Sponsored Security Architectures Currently Under Development Chair: M. McChesney, SecureWare Panelists: R. Schell, Novell, GSA B. Dwyer, Hewlett-Packard, DCE This panel discusses the Distributed Computing Environment Security Servicing, the NoveIl Global Security Architecture, and the Extended Global Security Architecture; how they relate to one another and how they might evolve in the future to provide compatible security functionality. Track C - Panel - Provisions to Improve Security on the Internet Chair: H. Highland Panelists: F. Avolio, Trusted Information Systems, Inc. S. Bellovin AT&T Bell Laboratories M. Bishop, University of California, Davis W. Cheswick, AT&T Bell Laboratories Dr. J. David, The Fortress Colonel F. Kolbrener A. P. Peterson, P.E., Martin Marietta This panel discusses what Internet has done to promote net security the specific risks of operating under TCP/IP, and what can be done quickly and easlly to promote net security. Track D - Panel - Computers at Risk (CAR) Recommendations: Are They Still Valid? Chair: H.Tipton, CISSP, Member of the CAR Committee, Member of the GSSP Committee Panelists: W. Ozier, Ozier Peterse & Assoc. S. Walker, Trusted Information Systems E. Boebert, Secure Computing Corp. Panelists revisit the CAR committee recommendations in view of the information security environment today. Track E - Panel - IT Security Resources Panelists: K. Everhart, NIST M. Swanson, NIST B. Lau, NSA N. Lynch, NIST This session presents an overview of major sources of information on IT security and a model for acquiring, disseminating, and managing security- relevant information resources. Friday, 11:00 a.m. - 12:30 p.m. CLOSING PLENARY "Security, Privacy, and Protection issues in Emerging Information Infrastructures" Distinguished Panel: Professor Anthony Oettinger (Co-Chair) Chairman Program on Information Resources Policy Harvard University Dr. Brian Kahin (Co-Chair) Director Information Infrastructure Project Science, Technology and Publlc Policy Program Harvard University Robert Lucky Vice President Applied Research Bellcore Fred M. Briggs Senior Vice-President and Chief Engineering Officer MCI SPECIAL SESSIONS AND DEMONSTRATIONS Electronic Groupware Tools to Address IT Security Challenges Tues - Fri Room 305 Dr. Corey Schou of Idaho State University has developed an electronic group decision support system that has been applied to a wide range of information technology security questions, issues, and challenges. A portable version of the system with approximately a dozen stations is available at the conference. Attendees may "test drive" the system, view the results of a series of workshops that addressed security training and professional development, and "brainstorm" relevant questions and issues. Individuals are invited to request a session that will focus on an issue of importance. All requests will be honored as circumstances permit. Trusted System Interoperability Group (TSIG) MLS Technologies Demonstration Tues-Thurs Room 319 Many different MLS hardware and applications are used in this integrated, real world demonstration. Hardware products include: single level personal computers, MLS X terminals, MLS routers, MLS workstations, and MLS servers. Applications include distributed MLS databases, networked MLS file systems, MLS electronic mail, MLS file transfers and MLS remote logins. Multilevel Information System Security Initiative (MlSSI) Product Demonstrations Wed-Thurs Room 321 MISSI is evolving a series of products which, when combined, provide security services for a wide variety of application environments. The products being demonstrated at the NCSC include: In-Line Network Encryptors such as NES and CANEWARE; Workstation Security Products such as MOSAIC; and Secure Server Products such as the Secure Mail Guard. There will be simulations of Security Management Services such as the Local Authority Workstation and the Directory. The Learning Track Tues - Fri Room 303 The Federal Information System Security Educators' Association with the Education, Training, and Awareness Working Group of the NSTISSC present a set of sessions providing a view of current federal and private sector initiatives related to security education, training, and awareness. Included are models for training, reports on current activities, and displays of security training materials and tools. European Community Tues-Fri Room 302 The Information Technology Security Evaluation Facilities (ITSEF) in Europe and the European Certification Bodies intend to inform the world community on system and security product evaluations and will demonstrate the product evaluation methodology. Defense Information Systems Agency (DISA)/Center for Information Systems Security (CISS) Tues- Fri Room 318 As a jointly-staffed DISA/NSA organization, CISS will present displays and demonstrations to showcase services and products that directly support the Department of Defense. The presentation will include a demonstration by the Automated Systems Security Incident Support Team (ASSIST). Air Force C4 Systems Security Initiatives Tues - Wed Room 301 The Air Force will present an overview of their system security initiatives such as the Automated Security Incident Measurement project; on line surveys; incident response; and trends in tool development, including demonstrations on intrusion detection and risk management. Intrusion Detection Workshop Thurs Room 301 This workshop will consist of several short presentations and discussion periods. Sessions are expected to include: progress on ongoing intrusion system development projects; experiences with the use of intrusion detection systems; auditing; legal issues; privacy issues; network security issues; intrusion scenarios; new techniques that can be applied to detect intruders; incident response; and requirements for intrusion detection systems. OTHER ACTIVITIES OF INTEREST NSA INFOSEC Awareness Booth Tues - Fri Registration Area Publications available include the INFOSEC Products and Services Catalog and the NCSC's computer security technical guidelines - the Rainbow Series. The booth also offers a variety of other publications providing INFOSEC information most frequently requested by users, developers, operators, and administrators of products and systems. NIST Publications Booth Tues - Fri Registration Area Information and publications on a variety of information systems security issues are available. The NlST Computer Systems Laboratory Bulletins which discuss security topics in depth are featured. DOCKMASTER Tues-Fri Room 312 The NCSC's DOCKMASTER is a focal point for nationwide dissemination and exchange of INFOSEC data through electronic mail and Bulletin Boards. Over 2000 users from federal government organizations, private companies, and academic institutions participate in its forums and retrieve data on INFOSEC products, conferences, and training. NIST Bulletin Board Tues - Fri Room 312 A wide variety of computer security information is available to federal agencies and to the public through the NIST Bulletin Board System. Information posted on the system includes an events calendar, computer-based training, software reviews, publications, bibliographies, lists of organizations, and other government bulletin board numbers. Book Exhibit Tues - Thurs Registration Area A combined book exhibit representing a selection of leading publishing firms and the latest selections in Computer Security is presented by Association Book Exhibit, 6395. Washington Street, Alexandria, VA 22314. The Information Systems Security Association (ISSA) Booth Tues - Fri Registration Area The ISSA is an association of InfoSec Practitioners whose aim is to enhance professionalism through education, information exchange, and sharing among those who do InfoSec day-to-day. The booth will contain newsletters, resource guides, Guidelines for Information Valuation, and Generally Accepted Security Principles (preliminary). GENERAL INFORMATION MEETING SITE The conference will be held at the Baltimore Convention Center, 1 East Pratt Street, Baltimore, Maryland, close to the Baltimore Inner Harbor area. The opening plenary session will be held in Hall A, on the Exhibit Level (enter the Pratt Street lobby). Registration and information services, and all other technical sessions, will be held on the third floor Meeting Room Level. The Convention Center is conveniently located close to the meeting hotels, the major highways leading into Baltimore, numerous restaurants, shops, and sightseeing attractions. REGISTRATION A registration fee is being charged to defray the costs of conducting the conference. BEFORE SEPTEMBER 9, 1994 AFTER SEPTEMBER 9, 1994 $235 $280 *Cancellations must be received by NIST no later than September 9, 1994 in order to receive a refund. Please call Ms. Tammie Grice, at (301) 975-2775 for guidance. THERE IS NO PROVISION FOR A STUDENT FEE. To register, fill out the enclosed registration form and return it with payment (if using a check, make it payable to NIST/17th National Computer Security Conference) to the National Institute of Standards and Technology, Office of the Comptroller, A807 Administration Building, Gaithersburg, Maryland 20899. The registration desk at the Convention Center will be open from 6:30-8:30 p.m. on Monday evening, October 10th, and will reopen each morning of the conference at 8:00 a.m. TRANSPORTATION For those attendees not staying in Baltimore, daily bus service will be provided from the National Computer Security Center (NCSC), 911 Elkridge Landing Road, Linthicum, MD. The buses will run in a round-robin fashion from the NCSC from 7:30 - 8:30 each morning. Buses will return to the NCSC at the end of the sessions each day and following the Banquet and Awards Reception. PROCEEDINGS A hard copy of the conference proceedings will be included as part of the registration packet. See information regarding Proceedings on CD Rom. COMMUNICATIONS Messages will be taken between the hours of 8:00 a.m. and 5:00 p.m. Tuesday through Thursday, and between the hours of 8:00 a.m. and 12:00 noon, on Friday. Please check the message board frequently. Attendees will not be called out of a meeting except in cases of emergency. The phone numbers to be used for leaving messages will be posted on the message board. SPECIAL INTEREST ROOMS There will be a limited number of rooms available for Special Interest discussions ("birds of a feather," etc.). These rooms may be reserved in one-hour increments and must not be used for commercial purposes. Reservations may be made by calling the NCSC Conference Administrator at (301) 850-0272. Room reservations will be posted on the message board for all open meetings. FOOD FUNCTIONS Coffee service will be provided to all attendees during registration each morning and at mid-morning and mid-afternoon breaks. Attendees will be free at lunch time to explore the many convenient restaurants or other sites near the Convention Center. BANQUET The Conference Banquet will be held at the Hyatt Regency Inner Harbor on Wednesday evening, October 12, with a cash bar reception beginning at 6:00 p.m., followed by dinner at 7:00 p.m. Mr. Harry DeMaio, National Marketing Director of Information Protection Consulting for Deloitte and Touche will be the dinner speaker. A coupon for this function, which may be exchanged for a ticket on a first-come, first-served basis, will be included in your registration kit. AWARDS RECEPTION On Thursday, October 13, an Awards Ceremony will be held on the Terrace Level at the Convention Center starting at 6:00 p.m. Refreshments will follow in the lower lobby. No ticket is required for this event, but please wear your name tag. HOUSING Blocks of rooms have been reserved for conference attendees at a number of hotels near the Convention Center, at special group rates. The hotels, with their daily rates, are listed below in order of their proximity to the Convention Center. To register for rooms at the special rates, return the enclosed form directly to the Baltimore Housing Bureau, 100 Light Street, 12th Floor, Baltimore, MD 21202, (fax number 410-659-7313) with a deposit of $100.00, no later than September 9, 1994 After that date, we cannot guarantee that rooms will be available at the special conference rate. RESERVE EARLY! Please mail or fax the form, rather than telephoning for your reservations, as this identifies you with the conference, and makes you eligible for the special rates. Single Double Hyatt Regency Baltimore $128.00 (plus tax) $138.00 (plus tax) 300 Light Street Baltimore, MD 21202 Days Inn Inner Harbor $69.00 (plus tax) $79.00 (plus tax) 100 Hopkins Place Baltimore, MD 21201 Holiday Inn Inner Harbor 301 W. Lombard Street $ 69.50 (plus tax, govt) $ 69.50 (plus tax, govt) Baltimore, MD 21201 $ 89.50 (plus tax, non-govt) Radisson Plaza Lord Baltimore Hotel 20 West Baltimore Street Baltimore, MD 21201 $ 78.00 (including tax) $ 93.00 (including tax) Omni Inner Harbor Hotel 101 West Fayette Street $ 78.00 (including tax) $ 90.00 (including tax) Baltimore,MD 21201 * The Radisson and Omni are an equal distance from the Convention Center. FURTHER INFORMATION For further information call Tammie Grice, the conference registrar, at (301) 975-2775. CONFERENCE REGISTRATION FORM 17th National Computer Security Conference October 11-14, 1994 Baltimore Convention Center Baltimore, Maryland NAME:____________________________________________________________ First and last name as it should appear on your badge __________________________________ COMPANY: _______________________________________ ADDRESS: ________________________________________ CITY:_____________________ STATE:_________________ ZIP: ___________ COUNTRY: ______________ TELEPHONE NO: E-Mail Address if available:_____________________________________________ Registration Fee $235.00 before September 9, 1994; $280.00 after September 9, 1994 Federal Government Employee? ________yes _________ no Payment Enclosed in the Amount of: _____ Form of Payment: ___ Check. Make checks payable to NIST/17th National Computer Security Conference. All checks must be drawn on U.S. banks only. ___ Purchase Order Attached. P.O. No.: _________ ___ Federal Government Training Form ____ MasterCard ___Visa Account No.: _____________ Exp. Date ______ Authorized Signature: ____________________________ PLEASE NOTE: No other credit cards will be accepted. Please return conference registration form and payment to: c/o 17th National Computer Security Conference Office of the Comptroller National Institute of Standards and Technology Room A807, Administration Building Gaithersburg, MD 20899 Credit card registration may be faxed to Tammie Grice at (301) 948-2067. Is this the first time you have attended the National Computer Security Conference?_________ Conference Participants List: __ I do want my name on the Conference Participants List which is distributed to conference attendees. __ I do not want my name on the Conference Participants List. It is our sincere desire to comply with both the letter and spirit of the Americans with Disabilities Act of 1990. Attendees with special needs should call (301) 975-2775 so we can ensure that your visit at our Conference is a pleasurable one. NOTICE We are considering putting the conference proceedings along with those of the last two or three conferences, on CD ROM. Please answer the following questions to help us determine whether to proceed with this project, and if so, how many disks to produce. Our objective is to keep the price at a minimum, but sufficient to cover expenses. The price of the CD ROM will depend on the number of copies expected to be sold, probably between $25 and $75. This is NOT an order, nor a commitment! Please DO NOT send payment! If there is sufficient interest, orders will be taken at the conference. I would be interested in purchasing the NCS Conference Proceedings on CD Rom as follows: ___ copies, if the price per copy is $25 ___ copies, if the price per copy is $35 ___ copies, if the price per copy is $50 ___ copies, if the price per copy is $75 Name: Organization: Address: Phone: E-mail: END