home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The 640 MEG Shareware Studio 2
/
The 640 Meg Shareware Studio CD-ROM Volume II (Data Express)(1993).ISO
/
info
/
vl5_148.zip
/
VL5-148.TXT
Wrap
Internet Message Format
|
1992-09-12
|
37KB
Return-Path: <virus-l@lehigh.edu>
Received: from CS2.CC.Lehigh.EDU by abacus (SunOS 4.1/SMI-4.1-01)
with sendmail 4.1/SMI-4.1-01 id AA16749; Wed, 9 Sep 92 16:24:47 +0200
Errors-To: krvw@cert.org
Received: from (localhost) by CS2.CC.Lehigh.EDU with SMTP id AA22033
(5.65c/IDA-1.4.4 for <vhcguest@abacus.hgs.se>); Wed, 9 Sep 1992 09:28:26 -0400
Date: Wed, 9 Sep 1992 09:28:26 -0400
Message-Id: <9209091325.AA22646@barnabas.cert.org>
Comment: Virus Discussion List
Originator: virus-l@lehigh.edu
Errors-To: krvw@cert.org
Reply-To: <virus-l@lehigh.edu>
Sender: virus-l@lehigh.edu
Version: 5.5 -- Copyright (c) 1991/92, Anastasios Kotsikonas
From: Kenneth R. van Wyk <krvw@cert.org>
To: Multiple recipients of list <virus-l@lehigh.edu>
Subject: VIRUS-L Digest V5 #148
Status: RO
VIRUS-L Digest Wednesday, 9 Sep 1992 Volume 5 : Issue 148
Today's Topics:
re: Virus Armour (PC)
Possible Virus Infection - info pls (PC)
Re: Bug in F-PROT? (PC)
Re: Fingerprinting self-modifying files
New virus that scanv95b cannot pick it up!!!(HELP) (PC)
MBDF Authors Plead (Mac)
Beta testers needed for new security tool (UNIX)
Interactive UNIX virus? (UNIX)
New files on risc (PC)
Re: New Files On Risc (pc)
15th NCS Conference Program
VIRUS-L is a moderated, digested mail forum for discussing computer
virus issues; comp.virus is a non-digested Usenet counterpart.
Discussions are not limited to any one hardware/software platform -
diversity is welcomed. Contributions should be relevant, concise,
polite, etc. (The complete set of posting guidelines is available by
FTP on cert.sei.cmu.edu or upon request.) Please sign submissions with
your real name. Send contributions to VIRUS-L@LEHIGH.EDU.
Information on accessing anti-virus, documentation, and back-issue
archives is distributed periodically on the list. A FAQ (Frequently
Asked Questions) document and all of the back-issues are available by
anonymous FTP on cert.org (192.88.209.5). Administrative mail
(comments, suggestions, and so forth) should be sent to me at:
<krvw@CERT.ORG>.
Ken van Wyk
----------------------------------------------------------------------
Date: Fri, 04 Sep 92 11:56:09 -0400
From: "David M. Chess" <chess@watson.ibm.com>
Subject: re: Virus Armour (PC)
>From: suresh@papaya.iss.nus.sg (Suresh Thennarangam - Research Scholar)
>While this seems somewhat plausible I wonder if Intel's chip designers
>didn't make the 80x86 processors smart enough to detect memory changes
>in the vicinity of the current instruction and reload the pre-fetch
>queue in response.
They didn't.
>Well, if not then this is a hazard for programs that modify themselves
>during runtime.
Yep, it is! Don't do that... *8)
DC
------------------------------
Date: Fri, 04 Sep 92 12:23:18 -0400
From: Roger Thompson <70451.3621@compuserve.com>
Subject: Possible Virus Infection - info pls (PC)
>From: ede890psft@vx24.cc.monash.edu.au
Hi Earle,
You really don't have enough information yet to determine whether or
not you have any new virus. I can think of any number of reasons why
your young mate's (I'm an Oz too) machine should play up the way it
is, ranging from slippery fingers to incompatible Dos's.
Your best shot at this stage is to use a more up-to-date scanner to
look at it. If you are determined to resolve the problem, you should
also use a checksummer to see if any executables are changing.
Just monitor the situation and see if you get any more activity.
Roger Thompson
Leprechaun Software.
------------------------------
Date: Fri, 04 Sep 92 20:51:38 -0400
From: glauber@ele.puc-rio.br (Glauber Maciel Santos)
Subject: Re: Bug in F-PROT? (PC)
>I was using F-PROT 2.04c from a bootable DOS 5.0 diskette. After
>booting from the A: drive, I wanted to scan another diskette in the A:
>drive. F-PROT produced unintelligible messages, such as "cotaaly
>tanmcyng, ico staro%Nnurta...". Another user here reported the same
>phenomenon. Does anyone have an explanation and/or fix for this
>problem?
I remember having read a file in the FP-205.ZIP packet which
explains that the author hasn't corrected this problem yet and doesn't
intend to do so in the near future. I guess I'm not mistaken, but I
don't have this file with me at present in order to confirm this.
If you run F-PROT from drive a: you can't scan diskettes in
the same drive because F-PROT needs to access itself.
Despite this, I consider F-PROT to be the best antivirus
program ever written. The rate at which its updates appear is
amazing! I always upload its newest version to several Brazilian BBSs
and it seems to be taking the place McAfee's programs held here..
Congratulations to Frisk!
Glauber M. Santos
Dept. of Electrical Engineering
PUC/RJ - Brazil
------------------------------
Date: 04 Sep 92 11:24:58 +1200
From: "Mark Aitchison, U of Canty; Physics" <PHYS169@csc.canterbury.ac.nz>
Subject: Re: Fingerprinting self-modifying files
suresh@papaya.iss.nus.sg (Suresh Thennarangam - Research Scholar) writes:
> Is there general agreement that fingerprinting files with a relaible
> method is the most foolproof way of detecting virus infection ?
Yes, but assuming the files can be checked without the possibility of
a virus already in memory, to return the wrong file information, or
(possibly) that the change detector does such a good job of bypassing
DOS and BIOS that it cannot be fooled.
> How would one apply this technique to some programs that modify their
> disk-images ?
Basically the answer is to divide the files into sections, and have
separate checks for each section, and perhaps "know" the nature of the
changes that are allowed. Quite often, the start of the file (be it
.EXE or .COM) doesn't get changed by self-modifying programs, but does
by viruses. There is another method, which I am still experimenting
with, that is relatively insensitive to typical self-modification
effects (and mutations of viruses), but is computationally intensive.
> Does the MS-Windows distribution contain any such binary files that
> are self-modifying ?
I don't know, but probably! The version munging option in MSDOS 5
supposedly used some self-modification. The number of programs that
modify themselves (or other programs!) is relatively small (but still
annoying), so can be handled as exceptions.
Mark Aitchison, University of Canterbury, New Zealand.
------------------------------
Date: 06 Sep 92 14:18:19 +0000
From: chanm@server.uwindsor.ca (CHAN HENRY )
Subject: New virus that scanv95b cannot pick it up!!!(HELP) (PC)
I just found out that my computer is attacked by a new virus(may be).
The signatures of that virus is always attack the "format.com" file.
When I viewed the file, the file contain "-stack!--stack!--stack!--"
string. And this string has about 10 or more "-stack!-" in it.
In my friends' cases, it attacked the borlandc directory(Borland C++
3.0). The directory /borlandc/opernach (spelling?) has lots of junks,
also with the word "-stack!-" and cannot be deleted. Also the virus
rewrite the file "config.sys" with a long string of repeated
"-stack!-".
It seems that the virus will trigger by different kind of software and do
different things.
Does anyone has any clue about this?
If anyone has any information about this virus (how to delete the virus etc.)
Please email me as soon as possible.
Thanks for helping!!
Henry Chan
=============================================================================
e-mail:chanm@server.uwindsor.ca
hchan@engn.uwindsor.ca
VLSI Research Group
U. of Windsor
=============================================================================
------------------------------
Date: Sat, 05 Sep 92 18:26:49 -0400
From: mha@baka.ithaca.ny.us (Mark Anbinder)
Subject: MBDF Authors Plead (Mac)
Three former Cornell students, who had been facing a total of forty
computer tampering and related charges in connection with the creation
and release of the MBDF virus affecting Macintosh computers this
February, struck a plea-bargain agreement here in Ithaca yesterday.
David Blumenthal and Mark Pilgrim, each of whom had been facing felony
first degree computer tampering charges, pleaded guilty to one count
each of second degree computer tampering, a misdemeanor. Randall
Swanson pleaded guilty to a reduced charge of disorderly conduct.
Swanson was not originally implicated in the case when the virus was
traced to Blumenthal and Pilgrim, but was charged this summer.
None of the three are currently enrolled for the fall semester at
Cornell University. While the University is prohibited by federal law
from revealing the outcome of disciplinary action against students,
unofficial word has it that some of the students have been expelled
from the University, and the other(s) suspended for at least one year.
A 27 August memorandum from William Streett, the Dean of Cornell's
College of Engineering, referred to an unnamed group of students who
had been charged with violating Cornell's Code of Academic Integrity
"as a result of improper and unauthorized use of computers and network
systems." Streett said that the punishments in these cases "include
expulsion and suspension for a year or more." The memo went on to
remind students of their responsibility in maintaining academic
integrity standards in their computer use, and suggested that students
with special talents in computing and network systems "put these to
constructive use by tutoring other students or through volunteer work
with one of the local social service agencies."
- --
Mark H. Anbinder mha@baka.ithaca.ny.us
BAKA Computers, Inc. QuickMail QM-QM 607-257-2614
200 Pleasant Grove Road Phax 607-257-2657
Ithaca, NY 14850 Phone 607-257-2070
Q: How many tech support people does it take to change a light bulb?
A: We have an exact copy of the light bulb here and it seems to be
working fine. Can you tell me what kind of system you have? Okay,
just exactly how dark is it? Okay. There could be four or five
things wrong. Have you tried the light switch?
------------------------------
Date: Sat, 05 Sep 92 15:39:18 +0000
From: genek@mentor.cc.purdue.edu (Gene Kim)
Subject: Beta testers needed for new security tool (UNIX)
Announcing the pending availability of
Tripwire: A Unix File Integrity Checker
This message is being posted to various newsgroups and mailing
lists to gather a group of beta-testers for a new security tool called
Tripwire. Tripwire was written by Gene Kim, currently at Purdue
University, under the direction of Professor Gene Spafford.
Tripwire should be of significant interest to system
administrators concerned about timely detection of system file
tampering on their Unix hosts.
Goal of Tripwire:
=================
With the advent of increasingly sophisticated and subtle
account break-ins on Unix systems, the need for tools to aid the
detection of unauthorized modification of files becomes clear.
Tripwire is a tool that aids system administrators and users in
monitoring a designated set of files for any changes. Used with
system files on a regular basis, Tripwire can notify system
administrators of corrupted or tampered files, so damage control
measures can be taken in a timely manner.
Tripwire is a system file integrity checker, a utility that
compares a designated set of files and directories against
information stored in a previously generated database. Any
differences are flagged and logged, and optionally, a user is
notified through mail. When run against system files on a
regular basis, changes in critical system files would be spotted
at the next time-interval when Tripwire is run, so damage
control measures may be implemented immediately. With
Tripwire, system administrators can conclude with a high degree
of certainty that a given set of files remain untouched from
unauthorized modifications, provided the program and database are
appropriately protected (e.g., stored on read-only disk).
Tripwire uses message digest algorithms (cryptographic
checksums) to detect changes in a hard-to-spoof manner. This
should be able to detect significant changes to critical files,
including those caused by insertion of backdoors or viruses. It
also monitors changes to file permissions, modification times,
and other significant changes to inodes as selected by the system
administrator on a per-file/directory basis.
What we need:
=============
As of this writing, Tripwire runs successfully on both BSD
and System V variants of Unix. Among the operating systems
Tripwire has run on are:
SunOS 5.x (SVR4)
SunOS 4.x (BSD 4.3)
Dynix 3.x (BSD 4.2)
Compiling Tripwire should be as simple as editing the config.h
file to set the appropriate #defines, and typing 'make'.
A pool of beta-testers is needed to ensure that Tripwire
works predictably on a wide variety of systems. Of particular
interest are system administrators using the following operating
systems:
AIX
AUX
BSD4.4
HP/UX
Mach
NextOS
OSF/1
SVR3.x
Ultrix
Unicos
Xenix
System III
Versions 6, 7, 8, & 9 :-)
other versions we didn't list
A config.h file allows you to tailor Tripwire around your
system specifics, such as the locations of system utilities (like
sort and diff), and desired lookup pathnames to your Tripwire
database files.
Possible porting trouble-spots are generally restricted to
dirent(S5)/direct(BSD) funkiness and #defines that changed for
POSIX compliance (such as those in <sys/types.h> for stat.st_mode).
Hopefully the process of beta-testing will highlight any
problems before any widely-released distribution. It is also
hoped that reasonable system defaults for a wide variety of
systems can be gathered from a diverse set of beta-testers.
This would allow useful plug-and-play builds for the majority of
Tripwire users.
What you'd get as a beta-tester:
================================
The entire source to Tripwire, manual pages, a README, and
the Tripwire design document.
What you'd need to do:
======================
You will need to install the code on your system and run
it. You will need to report back any bugfixes, enhancements,
optimizations or other code-diddling that you believe useful. If
you build a configuration file for a new system, you will need
to send this back. You will have to collect some performance
data. You will need to provide some honest, critical feedback on
utility, clarity, documentation, etc.
You will need to do all this by about October 21.
Are you interested?
===================
If so, please fill out the form at the end of this message, and
send it to (genek@mentor.cc.purdue.edu). We will only take two or
three respondents for each system type for the beta test.
Please allow some time for processing and selection of
beta-testers. I promise to reply to all requests as
expeditiously as possible.
A formal release of Tripwire is planned for sometime in
November. Watch this space for details!
Gene Kim
September 4, 1992
===============================================================================
Name:
Email address:
System configuration:
machine type
operating system
version
Site information: (completely optional)
type of site (ie: university, corporate, military, etc...)
comments on machine security
(ie: numerous break-in attempts on our dialback servers,
repeated intrusions through network, etc...)
===============================================================================
------------------------------
Date: Mon, 07 Sep 92 12:02:46 +0000
From: anl433!hoffmann@uunet.UU.NET (Stephan Hoffmann)
Subject: Interactive UNIX virus? (UNIX)
In the first days of september 1992 several UNIX-systems in our place
got damaged. Files in the /etc - directory had been changed to special
files, so that they had to be removed, before the system could be
brought up again.
Is anything known about similar problems elsewhere? Maybe, there's a
virus!
Best regards
Stephan Hoffmann
- --
NAME Stephan Hoffmann
EMAIL hoffmann%anl433.uucp@Germany.EU.net
SNAIL Siemens AG, ANL A433SI, Gruendlacher Str. 248, 8510 Fuerth, Germany.
PHONE +49-911-3089-469 (work) +49-911-3089-290 (FAX)
------------------------------
Date: Sat, 05 Sep 92 18:02:05 -0400
From: James Ford <JFORD@UA1VM.UA.EDU>
Subject: New files on risc (PC)
Thanks to user response, I have been able to place the following files
on risc.ua.edu (130.160.4.7) in the directory /pub/ibm-antivirus:
virx24.zip - VirX v2.4
vds210t.zip - Virus Detection System v2.10
vsig9208.zip - Virus signatures, Aug 1992
- ----------
Left to themselves, things tend to go from bad to worse.
- ----------
James Ford - Consultant II, Seebeck Computer Center
The University of Alabama (in Tuscaloosa, Alabama)
jford@ua1vm.ua.edu, jford@seebeck.ua.edu
Work (205)348-3968 fax (205)348-3993
------------------------------
Date: Sat, 05 Sep 92 04:18:17 -0000
From: Nemrod_Kedem@f0.n972.z9.virnet.bad.se (Nemrod Kedem)
Subject: Re: New Files On Risc (pc)
> The following files have been placed on risc.ua.edu (130.160.4.7) in the
> directory /pub/ibm-antivirus for anonymous FTP:
> fp-205.zip - FProt v2.05
> vsumx208.zip - Virus Summary Listing.
> It is time for the once-in-a-blue-moon checking of files on
> risc.ua.edu. Please send email to jford@risc.ua.edu if any of these
> files are out of date or just should not be there. Thanks.
> vshell10.zip
If it's what I think it is (VSHELL from Chief D.R.) ... It out of date for
over 18 months.
Lates version (VSHL202U.ZIP) is avaliable on McAfee's HomeBase BBS or
Freqable from it's support home (2:403/138@Fidonet or 9:972/0@VirNet)
under the magic name of VSHELL.
Regards,
Rudy.
------------------------------
Date: Fri, 04 Sep 92 16:46:42 -0400
From: Jack Holleran <Holleran@DOCKMASTER.NCSC.MIL>
Subject: 15th NCS Conference Program
Program: 15th National Computer Security Conference
Registration Information: Tammie Grice (301) 975-2775
Tuesday October 13
10:00a.m.
Hall E
Opening Plenary
Welcome: Mayor Kurt L. Schmoke, Baltimore City (invited)
James H. Burrows and Patrick R. Gallagher, Jr.
Keynote Speaker: Roland Huber, Commission of the European Communities
Systems Security Award Ceremony
Best Paper Awards
Wednesday October 14
Conference Banquet (7:00p.m.)
Speaker: Dr. Peter G. Neumann
SRI International
Thursday October 15
Conference Awards Reception (6:00p.m.)
Friday October 16
11:00a.m.
Room 307 - 308 - 309
CLOSING PLENARY
E. Troy, Chair, NIST
Panel Discussion
International Standards:
A Path to International Harmonization
Panelists:
D. Herson,United Kingdom ; S. Knapskog, ISO/SC27/WG3; U. Van Essen,
Germany; R. Verrett, Canada
Technical Program
2:00p.m.
Hall E
Panel - Criteria I: Perspectives and Progress on International Criteria
E. Troy, Chair, NIST
"The IT Security Evaluation Manual"
Y. Klein, Service Central de la Securite des Systemes d'Information,
Paris, France
Panelists:
LTC R. Ross, NSA; D. Ferraiolo, NIST; E. Bacic, Canada; J. Wood,
European Communities
Room 309
Covert Channels, Part I: Analysis
Dr. B. Burnham, Chair, NSA
"Architectural Implications of Covert Channels"
N. Proctor, SRI International
"A Foundation for Covert Channel Analysis"
T. Fine,Secure Computing Corporation
"A Tool for Covert Storage Channel Analysis of the UNIX Kernel"
D. Willcox, Motorola Microcomputer Group
Room 307-308
Panel: The TPEP and Product Innovation
R. Henning, Chair, Harris Corporation;
Panelists:
J.Adams, SecureWare; L. Baron, Sun Microsystems; W. Boebert, Secure
Computing Corporation; Dr. M. Branstad, Trusted Information Systems, Inc.;
Dr. R. Schell, Gemini Computers
Room 301-303
Threats and Security Overview
LtCdr. A. Liddle, Royal Navy, National Defense University
Room 319-321
Panel: Virus I:
Virus Attacks & Counterattacks - Real-World Experiences
J. Litchko, Chair, Trusted Information Systems, Inc.
Panelists:
L. Mandeville, Miller, Belis & O'Neil, P.C.; J. Keyes, NASA;
G. Wellham, Maryland National Financial, Inc.
Room 305
New Security Paradigms (Part I)
2:00-5:30p.m.
H. Hosmer, Chair, Data Security, Inc.
"A New Paradigm for Trusted Systems"
Dr. D. Denning, Georgetown University
Discussion Leader: Dr. L. LaPadula, The Mitre Corporation
"New Paradigms for High Assurance Software"
Dr. J. McLean, Naval Research Laboratory
Discussion Leader: E. Leighninger, Dynamics Research Corporation
"Managing Complexity in Secure Networks"
Dr. D. Bailey, Galaxy Systems
Discussion Leader: Dr. M. Abrams, The Mitre Corporation
"Best Paper of the New Security Paradigms Workshop"
Discussion Leader: E. Leighninger, Dynamics Research Corporation
Panel Discussion
Dr. J. Dobson, Newcastle upon Tyne; Dr. D. Bailey, Galaxy Systems;
Dr. D. Denning, Georgetown University; H. Hosmer, Data Security,
Inc.; Dr. L. LaPadula, The Mitre Corporation; Dr. J. McLean, Naval
Research Laboratory
4:00p.m.
Hall E
International Harmonization
E. Flahavin, Chair, NIST
"Re-Use of Evaluation Results"
J. Smith, CESG
Panel: TMach as a Symbol of International Harmonization
Panelists:
B. Boesch, DARPA; Dr. M. Branstad, Trusted Information Systems, Inc.; C.
Ketley, U.K. Government; K. Keus, German Government
Room 309
Panel - Covert Channels, Part II: Overt Truths Behind Covert Channels
P. Neumann, Chair, SRI International
Panelists:
R. Morris, NSA; J. Millen, The Mitre Corporation;
V. Gligor, University of Maryland
Room 307-308
Evolving Security Requirements
F. Mayer, Chair, Aerospace Corp.
"Extending Our Hardware Base: A Worked Example"
N. McAuliffe, Trusted Information Systems, Inc.
"Evolving Criteria for Evaluation: The Challenge for the International
Integrator of the 90's" J. Fowler, Grumman Data Systems
"The Need for a Multilevel Secure (MLS) Trusted User Interface"
G. Factor, Digital Equipment Corp.
Room 317
Information Technology Security Requirements Panel
D. Gilbert, Chair, NIST
Panelists:
N. Lynch, NIST;S. Pitcher, Department of Commerce; M. Swanson,
NIST; Dr. W. Maconochy, NSA
Room 301-303
Physical, Personnel, and Administrative Security
H. Looney, National Defense University
Room 319-321
Viruses II: VIRUS Proposed Approaches
J. Anderson, Chair, J. P. Anderson Company
"Software Forensics: Can We Track Code to its Authors?"
Dr. E. Spafford, Purdue University
"Precise Identification of Computer Viruses"
T. Polk, NIST
"Data Security for Personal Computers"
P. Bicknell, The MITRE Corporation
October 14
9:00a.m.
ROOM 309
DBMS I: Security in Database Management Systems
C. Meadows, Chair, Naval Research Lab
"Enforcing Entity and Referential Integrity in Multilevel Secure Databases"
V. Doshi, The MITRE Corporation
"A Multilevel Secure Database Management System Benchmark"
L. Schlipper, The MITRE Corporation
"Protected Groups: An Approach to Integrity and Secrecy in an Object-Oriented
Database" J. Slack, Kansas State University
"Implications of Monoinstantiation in a Normally Polyinstantiated Multilevel
Secure Database" F. Kramer, Digital Equipment Corporation
Room 307-308
Perspectives on MLS System Solution Acquisition - A Debate
by the Critical Players Involved
J. Sachs, Chair, ARCA Systems Inc.
"An Approach for Multilevel Security (MLS) Acquisition"
W. Neugent, The Mitre Corporation
Panelists:
T. Clarke, Defense Information Systems Agency; A. Cuomo, NSA; G. Evans,
Loral Western Development Labs; Col. J. Hackman, USAF, Joint Chiefs of
Staff; B. Loiter, Digital Equipment Corporation; H.O. Lubbes, Naval Research
Lab; Dr. W. Wilson, Arca Systems Inc.
Room 317
Network Security
W. H. Murray, Chair, Consultant
"Toward a Model of Security for a Network of Computers
P. Farrell, George Mason University
"Risk Management of Complex Networks
R. Cox, CTA
"A Local Area Network Security Architecture
L. Carnahan, NIST
"Priorities for LAN Security: A Case Study of a Federal Agency's LAN Security
S. Chang, NIST
Room 301-303
Trusted Systems Concepts
Dr. C. Abzug, National Defense University
Room 319-321
Panel - Information Systems Security Organization: Retooling for the Future
Dr. W. Maconachy, Chair, NSA
Panelists:
S. Barnett, NSA; R. Quane, National Cryptologic School; A. Whieldon, NSA
Room 305
New Security Paradigms (Part II)
9:00-12:00a.m.
Dr. J. Dobson, Chair, Newcastle upon Tyne
"The Multipolicy Paradigm" H. Hosmer, Data Security, Inc.
Discussion Leader: Dr. T. Haigh, Secure Computing Corporation
"Metapolicies II" H. Hosmer, Data Security, Inc.
Discussion Leader: Dr. L. LaPadula, The Mitre Corporation
"Separation Machines" Dr. J. Graff, Amdahl
Discussion Leader: M. Smith, AT&T
"Mediation and Separation in Contemporary Information Technology Systems"
J. Heaney, The Mitre Corporation
Discussion Leader: E. Leighninger, Dynamics Research Corporation
11:00a.m.
Room 309
Panel - DBMS II: New Initiatives in Data Base Management Systems
C. McBride, Chair, NSA
Panelists:
L. Vetter, Oracle; R. Varadarajan, Informix; M. Tinto, NSA; Dr. D Downs,
The Aerospace Corporation
Room 307-308
Issues in Trust & Specification
M. Woodcock, Chair, U.S. Naval Academy
"Issues in the Specification of Secure Composite Systems"
J. Hemenway, Grumman Data Systems
"A Note on Compartmented Mode: To B2 or Not B2?"
Dr. T.M.P. Lee, Trusted Information Systems, Inc.
Room 317
Panel - Addressing U.S. Government Security Requirements for OSI
N. Nazario, Chair, NIST
Panelists:
T. Humphreys, XISEC Consultants, U.K.; T. Bartee, IDA D. Walters, NIST
Room 301-303
Trusted Networks
R. Kenneth Bauer, Arca Systems, Inc.
Room 319-321
Panel - ISSA Initiatives
D. Gary, Chair, Carnegie Mellon University
2:00p.m.
Room 309
Panel: The Electronic Certification: The Time has Come, Part I
M. Smid, Chair, NIST
Panelists:
C. Martin, Government Accounting Office; B. Johnson, Army Corp of Engineers;
K. Rose, NSA;
Room 307-308
"The New TPEP Process"
S. Nardone, Chair, NSA
"Concept Paper - An Overview of the Proposed Trust Technology
Assessment Program" P. Toth, NIST
Room 317
Panel: Forming A Computer Security Incident Response Capability (CSIRC)
D. Steinauer, Chair, NIST
Panelists:
R. Pethia, Carnegie Mellon University; Dr. E. Schultz,
Eugene Schultz and Associates; J. Wack, NIST
Room 301-303
Trusted Database Systems
Dr. G. Smith, Arca Systems, Inc.
Room 319-321
Panel: Publications, Services, and Bulletin Boards
R. Lau, Chair, NSA
Panelists:
C. Hash, NSA; S. Radack, NIST; M. Schanken, NSA; M. Swanson, NIST
Room 305
2:00p.m. - 5:30 p.m.
Group Decision Support for Developing a Curriculum DACUM
Dr. Corey Schou, Idaho State University
4:00p.m.
Room 309
Panel: The Electronic Certification: The Time has Come, Part II
D. Dodson, Chair, NIST
Panelists:
G. Ostrem, Datakey; W. Bialick, NSA; L. Shomo, NASA; L. McNulty, NIST
Room 307-308
Panel and Paper
Current Information Security Initiatives within the U.S. Armed Forces
LTC R. Ross, Chair, USA
"Standard Certification - Progression"
Captain C. Pierce, USAF, AFCSC
Panel Discussion:
Challenges Facing Certification and Accreditation Efforts of the
Military Services
Panelists:
B. Zomback, U.S. Army; L. Merritt, U.S. Air Force; J. Mildner, U.S. Navy
Room 317
Panel: Health Care
G. Lang, Chair, The Harrison Avenue Corp.
"Application Layer Security Requirements of a Medical Information System"
D. Hamilton, Hewlett Packard
Panelists:
B. Bahramian, Beta Management Systems, Inc.; P. Fallon, Toshiba America
Information Systems; S. Price-Francis, Canon Canada, Inc.; M. Schwartz,
Summit Medical Systems, Inc.
Room 301-303
Trusted Integration & System Certification
J. Sachs, Arca Systems, Inc.
Room 319-321
Student Papers
Dr. H. Highland, Chair, Compulit
"PM: A Unified Automated Deduction Tool for Verification"
G. Fink, UC Davis
"Finding Security Flaws in Concurrent and Sequential Designs Using Planning
Techniques" D. Frincke, UC Davis
"Electronic Measurement of Software Sharing for Computer Virus
Epidemiology" L. de La Beaujardiere, UC Santa Barbara
October 15
9:00a.m.
Room 309
Panel - Intrusion Detection: Can we Build Models of Intrusions
T. Lunt, Chair, SRI International
Panelists:
T. Garvey, SRI International; S. Snapp, Haystack Laboratories, Inc.;
D. Icove, FBI; Dr. K. Levitt, UC Davis
Room 307-308
Certification & Accreditation Experiences in Civil Agencies
A. Friedman, Chair, The MITRE Corporation
"Accreditation: Is It a Security Requirement or a Good Management Practice?"
T. Anderson, USATREX International Inc.
Panelists:
S. Smith, FAA; P. Camero, DEA; F. Brant, DoS; W. Donovan, FEMA
Room 317
Operational Policies
R. Shilinski, Chair, NCSC
"Some More Thoughts on the Buzzword "Security Policy""
D. Chizmadia, NSA
"Operational Support of Downgrading in a Multi-Level Secure System"
D. Nelson, Digital Equipment Corporation
"Security Within the DODIIS Reference Model"
B. McKenney, The MITRE Corporation
Room 301-303
Trusted Systems Concepts
Dr. C. Abzug, National Defense University
Room 319-321
Panel: The National Research Educational Network (NREN):
A Proposed Security Policy & Status Report
S. Wolff,, Chair, National Science Foundation
Panelists:
Dr. D. Branstad, NIST; Dr. S. Kent, BBN; Dr. S. Crocker,
Trusted Information Systems, Inc.; V. Cerf, CNRI
Cryptography
Dr. H. Highland, Chair, Compulit
"New Dimensions In Data Security"
K. Mundt, CE Infosys
"The Kinetic Protection Device"
M. Bianco, Hughes Aircraft Company
"Provably Weak Cryptographic Systems"
Dr. J. Higgins, Brigham Young University
9:00-11:00a.m.
Forming an Incident Response Capability
Dr. Gene Schultz, Eugene Schultz and Assciates
11:00a.m.
Room 309
Panel: Security Protocols for Open Systems
P. Lambert, Chair Motorola
Panelists:
R. Housley, XEROX; D. Maughan, NSA; D. Solo, BBN; D. Walters,
NIST; M. White, Booz-Allen & Hamilton
Room 307-308
INFOSEC Design and Certification Initiatives
D. Arnold, Chair, NSA
"General Issues to be Resolved in Achieving Multilevel Security "
W. Neugent, The Mitre Corporation
Panelists:
CDR. D. Campbell, USN, NSA; R. Flowers, NSA; S. Westendorf, NSA
Room 317
Panel - What Senior Federal Managers Think About Security
C. Bythewood, Chair, NCSC
E. Springer, Office of Management and Budget
I. Gilbert Perry, NIST
Room 301-303
Trusted Networks
J. Sachs, Arca Systems Inc.
Room 319-321
Panel: Federal Information Systems Security Educators' Association (FISSEA)
Dr. W. Maconachy, Chair, NSA
Dr. C. Schou, Idaho State University; J. Pohly, U.S.A.F.; D. de Zafra,
Public Health Service; V. Marshall, Booz-Allen & Hamilton;, B. Guffie,
Social Security Administration
Room 323
Intrusion Detection
T. Lunt, Chair, SRI International
"Intrusion and Anomaly Detection: ISOA Update"
J. Winkler, PRC, Inc.
"Internetwork Security Monitor: An Intrusion Detection System for Large Scale
Networks" T. Heberlein, University of California - Davis
2:00p.m.
Room 309
ACCESS CONTROL
D. Dodson, Chair, NIST
"Role Based Access Control" R. Kuhn, NIST
"Knowledge-Based Inference Control in a Multilevel Secure Database
Management System" Dr. B. Thuraisingham, The MITRE Corporation
"A TCB Subset For Integrity and Role-Based Access Control"
D. Sterne, Trusted Information Systems, Inc.
Room 307-308
Multilevel Security (MLS) Prototyping and Integration: Lessons
Learned and DoD Directions
C. West, Chair, Defense Information Systems Agency
Panelists:
R. Hale, NRL; Major R. LeSieur, USAF, ESC; E. Schwartz, NSA;
C. Cross-Davison, DIA
Room 317
PANEL - Privacy I - Domestic Privacy: Roll of Honor and Hall of Shame
W. Madsen, Chair
"E-Mail Privacy and the Law"
C. Axsmith, Esq., ManTech Strategic Associates, Ltd.
Panelists:
L. Schaefer, The MITRE Corporation; J. Abernathy, The Houston Chronicle
Room 301-303
Trusted Database Systems
Dr. G. Smith, ARCA Systems, Inc.
Room 319-321
Considerations for Assurance
T. Malarkey, Chair, NSA
"A Model of Risk Management in the Development Life Cycle"
Capt C. Pierce, USAF, AFCSC
"Concept for a Smart Card Kerberos"
M. Krajewski, Jr., The MITRE Corporation
"Operating System Support for Trusted Applications"
R. Graubert The MITRE Corporation
"Potential Benefits from Implementing the Clark-Wilson Integrity Model Using
an Object-Oriented Approach" C. Schiller, Science Applications International
Corporation
Room 323
Defense Against Computer Aids
H. Peele, Air Force Intelligence Command
Room 305
2:00-5:30 p.m.
Making it Work: Applying INFOSEC to the Real World
C. Barker, T. Parenty-Winkler, Trusted Information Systems, Inc.
4:00p.m.
Room 309
Data Assurances
Profesor S. Jajodia, Chair, George Mason University
"Integrity and Assurance of Service Protection in a Large, Multipurpose,
Critical System" H. Johnson, Information Intelligence Sciences, Inc.
"An Example Complex Application for High Assurance Systems" S. Padilla,
SPARTA
"Mandatory Policy Issues of High Assurance Composite Systems"
J. Fellows, Grumman Data Systems
Room 307-308
Trusted Network Products
P. Woodie, Chair, NSA
"Towards a Policy-Free Protocol Supporting a Secure X Window System"
M. Smith, AT&T Bell Laboratories
"An SDNS Platform for Trusted Products"
E. Borgoyne, Motorola
"SDNS Security Management"
W. Jansen, NIST
Room 317
Panel: Privacy II - International Data Privacy: Roll of Honor
and Hall of Shame
W. Madsen, Chair, CSC
Panelists:
G. Montigny, Privacy Commision of Canada; E. Hendricks, Privacy Times
Room 301-303
Trusted Integration & System Integration
Dr. W. Wilson, Arca Systems Inc.
Room 319-321
Trust Documentation
W. Geer, Chair, AFCSC
"Current Endorsed Tools List (ETL) Examples: Lessons Learned"
C. Garvey, TRW Systems Integration Group
"Companion Document Series to the Trusted Database Management System
Interpretation" L. Notargiacomo, The MITRE Corporation
"Assessing Modularity in Trusted Computing Bases"
Dr. D. Baker, The Aerospace Corporation
Room 323
Panel: Electronic Crime: An Investigative Perspective
Jack Holleran, Chair, National Computer Security Center
Speakers:
Special Agent Jack Lewis, Electronic Crimes Branch, Secret Service
Special Agent Mark Pollett, Federal Bureau of Investigation
October 16
9:00a.m.
Room 309
Panel: R&D Future Needs
B. Snow, Chair, NSA
Panelists:
Dr. S. Kent, BBN; W. Boebert, Secure Computing Corporation
Room 307-308
Information Security Engineering
ENS S. Mitchell, USN, Chair, NSA
"Information System Security Engineering: Cornerstone to the Future"
Dr. D. Howe, NSA
"Network Security via DNSIX, Integration of DNSIX and CMW Technology"
H. Heller, Harris Corporation
"Issues to Consider When Using Evaluated Products to Implement Secure Mission
Systems" Lt Col W. Price, USAF, Air Force Space Command
Room 317
Panel: Privacy III -
Government Surveillance Policy and Capabilities
as the Telephone Network Goes Digital --- The
FBI's Digital Telephony Initiative
Dr. L. Hoffman, Chair, George Washington University
Panelists:
A. Bayse, FBI; J. Edwards, NORTEL Federal Systems, Inc.;
J. Podesta, Podesta Associates
Room 301-303
Access Policies Mechanisms
M. Schaefer, Chair, CTA, Inc.
"Implementation Considerations for the Typed Access Matrix Model in a
Distributed Environment" G. Suri, George Mason University
"A Lattice Interpretation of the Chinese Wall Policy" Professor R. Sandhu,
George Mason University
"Experience with a Penetration Analysis Method and Tool"
Dr. S. Gupta, University of Maryland
Room 319-321
Data Distribution
K. Rowe, Chair, NSA
"A Tamper-Resistant Seal for Trusted Distribution and Life-Cycle Integrity
Assurance" M. Bianco, Hughes Aircraft Company
"Use of a Case Tool to Define the Specifications of a Trusted Guard"
R. Lazar, The MITRE Corporation
"A Security Reference Model for a Distributed Object System and its
Application" V. Varadharajan, Hewlett-Packard Labs., U.K.
Room 305
9:00a.m. - 5:30p.m.
Intrusion Detection Workshop
Teresa Lunt, SRI International
------------------------------
End of VIRUS-L Digest [Volume 5 Issue 148]
******************************************