Return-Path: Received: from CS2.CC.Lehigh.EDU by abacus (SunOS 4.1/SMI-4.1-01) with sendmail 4.1/SMI-4.1-01 id AA16749; Wed, 9 Sep 92 16:24:47 +0200 Errors-To: krvw@cert.org Received: from (localhost) by CS2.CC.Lehigh.EDU with SMTP id AA22033 (5.65c/IDA-1.4.4 for ); Wed, 9 Sep 1992 09:28:26 -0400 Date: Wed, 9 Sep 1992 09:28:26 -0400 Message-Id: <9209091325.AA22646@barnabas.cert.org> Comment: Virus Discussion List Originator: virus-l@lehigh.edu Errors-To: krvw@cert.org Reply-To: Sender: virus-l@lehigh.edu Version: 5.5 -- Copyright (c) 1991/92, Anastasios Kotsikonas From: Kenneth R. van Wyk To: Multiple recipients of list Subject: VIRUS-L Digest V5 #148 Status: RO VIRUS-L Digest Wednesday, 9 Sep 1992 Volume 5 : Issue 148 Today's Topics: re: Virus Armour (PC) Possible Virus Infection - info pls (PC) Re: Bug in F-PROT? (PC) Re: Fingerprinting self-modifying files New virus that scanv95b cannot pick it up!!!(HELP) (PC) MBDF Authors Plead (Mac) Beta testers needed for new security tool (UNIX) Interactive UNIX virus? (UNIX) New files on risc (PC) Re: New Files On Risc (pc) 15th NCS Conference Program VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a non-digested Usenet counterpart. Discussions are not limited to any one hardware/software platform - diversity is welcomed. Contributions should be relevant, concise, polite, etc. (The complete set of posting guidelines is available by FTP on cert.sei.cmu.edu or upon request.) Please sign submissions with your real name. Send contributions to VIRUS-L@LEHIGH.EDU. Information on accessing anti-virus, documentation, and back-issue archives is distributed periodically on the list. A FAQ (Frequently Asked Questions) document and all of the back-issues are available by anonymous FTP on cert.org (192.88.209.5). Administrative mail (comments, suggestions, and so forth) should be sent to me at: . Ken van Wyk ---------------------------------------------------------------------- Date: Fri, 04 Sep 92 11:56:09 -0400 From: "David M. Chess" Subject: re: Virus Armour (PC) >From: suresh@papaya.iss.nus.sg (Suresh Thennarangam - Research Scholar) >While this seems somewhat plausible I wonder if Intel's chip designers >didn't make the 80x86 processors smart enough to detect memory changes >in the vicinity of the current instruction and reload the pre-fetch >queue in response. They didn't. >Well, if not then this is a hazard for programs that modify themselves >during runtime. Yep, it is! Don't do that... *8) DC ------------------------------ Date: Fri, 04 Sep 92 12:23:18 -0400 From: Roger Thompson <70451.3621@compuserve.com> Subject: Possible Virus Infection - info pls (PC) >From: ede890psft@vx24.cc.monash.edu.au Hi Earle, You really don't have enough information yet to determine whether or not you have any new virus. I can think of any number of reasons why your young mate's (I'm an Oz too) machine should play up the way it is, ranging from slippery fingers to incompatible Dos's. Your best shot at this stage is to use a more up-to-date scanner to look at it. If you are determined to resolve the problem, you should also use a checksummer to see if any executables are changing. Just monitor the situation and see if you get any more activity. Roger Thompson Leprechaun Software. ------------------------------ Date: Fri, 04 Sep 92 20:51:38 -0400 From: glauber@ele.puc-rio.br (Glauber Maciel Santos) Subject: Re: Bug in F-PROT? (PC) >I was using F-PROT 2.04c from a bootable DOS 5.0 diskette. After >booting from the A: drive, I wanted to scan another diskette in the A: >drive. F-PROT produced unintelligible messages, such as "cotaaly >tanmcyng, ico staro%Nnurta...". Another user here reported the same >phenomenon. Does anyone have an explanation and/or fix for this >problem? I remember having read a file in the FP-205.ZIP packet which explains that the author hasn't corrected this problem yet and doesn't intend to do so in the near future. I guess I'm not mistaken, but I don't have this file with me at present in order to confirm this. If you run F-PROT from drive a: you can't scan diskettes in the same drive because F-PROT needs to access itself. Despite this, I consider F-PROT to be the best antivirus program ever written. The rate at which its updates appear is amazing! I always upload its newest version to several Brazilian BBSs and it seems to be taking the place McAfee's programs held here.. Congratulations to Frisk! Glauber M. Santos Dept. of Electrical Engineering PUC/RJ - Brazil ------------------------------ Date: 04 Sep 92 11:24:58 +1200 From: "Mark Aitchison, U of Canty; Physics" Subject: Re: Fingerprinting self-modifying files suresh@papaya.iss.nus.sg (Suresh Thennarangam - Research Scholar) writes: > Is there general agreement that fingerprinting files with a relaible > method is the most foolproof way of detecting virus infection ? Yes, but assuming the files can be checked without the possibility of a virus already in memory, to return the wrong file information, or (possibly) that the change detector does such a good job of bypassing DOS and BIOS that it cannot be fooled. > How would one apply this technique to some programs that modify their > disk-images ? Basically the answer is to divide the files into sections, and have separate checks for each section, and perhaps "know" the nature of the changes that are allowed. Quite often, the start of the file (be it .EXE or .COM) doesn't get changed by self-modifying programs, but does by viruses. There is another method, which I am still experimenting with, that is relatively insensitive to typical self-modification effects (and mutations of viruses), but is computationally intensive. > Does the MS-Windows distribution contain any such binary files that > are self-modifying ? I don't know, but probably! The version munging option in MSDOS 5 supposedly used some self-modification. The number of programs that modify themselves (or other programs!) is relatively small (but still annoying), so can be handled as exceptions. Mark Aitchison, University of Canterbury, New Zealand. ------------------------------ Date: 06 Sep 92 14:18:19 +0000 From: chanm@server.uwindsor.ca (CHAN HENRY ) Subject: New virus that scanv95b cannot pick it up!!!(HELP) (PC) I just found out that my computer is attacked by a new virus(may be). The signatures of that virus is always attack the "format.com" file. When I viewed the file, the file contain "-stack!--stack!--stack!--" string. And this string has about 10 or more "-stack!-" in it. In my friends' cases, it attacked the borlandc directory(Borland C++ 3.0). The directory /borlandc/opernach (spelling?) has lots of junks, also with the word "-stack!-" and cannot be deleted. Also the virus rewrite the file "config.sys" with a long string of repeated "-stack!-". It seems that the virus will trigger by different kind of software and do different things. Does anyone has any clue about this? If anyone has any information about this virus (how to delete the virus etc.) Please email me as soon as possible. Thanks for helping!! Henry Chan ============================================================================= e-mail:chanm@server.uwindsor.ca hchan@engn.uwindsor.ca VLSI Research Group U. of Windsor ============================================================================= ------------------------------ Date: Sat, 05 Sep 92 18:26:49 -0400 From: mha@baka.ithaca.ny.us (Mark Anbinder) Subject: MBDF Authors Plead (Mac) Three former Cornell students, who had been facing a total of forty computer tampering and related charges in connection with the creation and release of the MBDF virus affecting Macintosh computers this February, struck a plea-bargain agreement here in Ithaca yesterday. David Blumenthal and Mark Pilgrim, each of whom had been facing felony first degree computer tampering charges, pleaded guilty to one count each of second degree computer tampering, a misdemeanor. Randall Swanson pleaded guilty to a reduced charge of disorderly conduct. Swanson was not originally implicated in the case when the virus was traced to Blumenthal and Pilgrim, but was charged this summer. None of the three are currently enrolled for the fall semester at Cornell University. While the University is prohibited by federal law from revealing the outcome of disciplinary action against students, unofficial word has it that some of the students have been expelled from the University, and the other(s) suspended for at least one year. A 27 August memorandum from William Streett, the Dean of Cornell's College of Engineering, referred to an unnamed group of students who had been charged with violating Cornell's Code of Academic Integrity "as a result of improper and unauthorized use of computers and network systems." Streett said that the punishments in these cases "include expulsion and suspension for a year or more." The memo went on to remind students of their responsibility in maintaining academic integrity standards in their computer use, and suggested that students with special talents in computing and network systems "put these to constructive use by tutoring other students or through volunteer work with one of the local social service agencies." - -- Mark H. Anbinder mha@baka.ithaca.ny.us BAKA Computers, Inc. QuickMail QM-QM 607-257-2614 200 Pleasant Grove Road Phax 607-257-2657 Ithaca, NY 14850 Phone 607-257-2070 Q: How many tech support people does it take to change a light bulb? A: We have an exact copy of the light bulb here and it seems to be working fine. Can you tell me what kind of system you have? Okay, just exactly how dark is it? Okay. There could be four or five things wrong. Have you tried the light switch? ------------------------------ Date: Sat, 05 Sep 92 15:39:18 +0000 From: genek@mentor.cc.purdue.edu (Gene Kim) Subject: Beta testers needed for new security tool (UNIX) Announcing the pending availability of Tripwire: A Unix File Integrity Checker This message is being posted to various newsgroups and mailing lists to gather a group of beta-testers for a new security tool called Tripwire. Tripwire was written by Gene Kim, currently at Purdue University, under the direction of Professor Gene Spafford. Tripwire should be of significant interest to system administrators concerned about timely detection of system file tampering on their Unix hosts. Goal of Tripwire: ================= With the advent of increasingly sophisticated and subtle account break-ins on Unix systems, the need for tools to aid the detection of unauthorized modification of files becomes clear. Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner. Tripwire is a system file integrity checker, a utility that compares a designated set of files and directories against information stored in a previously generated database. Any differences are flagged and logged, and optionally, a user is notified through mail. When run against system files on a regular basis, changes in critical system files would be spotted at the next time-interval when Tripwire is run, so damage control measures may be implemented immediately. With Tripwire, system administrators can conclude with a high degree of certainty that a given set of files remain untouched from unauthorized modifications, provided the program and database are appropriately protected (e.g., stored on read-only disk). Tripwire uses message digest algorithms (cryptographic checksums) to detect changes in a hard-to-spoof manner. This should be able to detect significant changes to critical files, including those caused by insertion of backdoors or viruses. It also monitors changes to file permissions, modification times, and other significant changes to inodes as selected by the system administrator on a per-file/directory basis. What we need: ============= As of this writing, Tripwire runs successfully on both BSD and System V variants of Unix. Among the operating systems Tripwire has run on are: SunOS 5.x (SVR4) SunOS 4.x (BSD 4.3) Dynix 3.x (BSD 4.2) Compiling Tripwire should be as simple as editing the config.h file to set the appropriate #defines, and typing 'make'. A pool of beta-testers is needed to ensure that Tripwire works predictably on a wide variety of systems. Of particular interest are system administrators using the following operating systems: AIX AUX BSD4.4 HP/UX Mach NextOS OSF/1 SVR3.x Ultrix Unicos Xenix System III Versions 6, 7, 8, & 9 :-) other versions we didn't list A config.h file allows you to tailor Tripwire around your system specifics, such as the locations of system utilities (like sort and diff), and desired lookup pathnames to your Tripwire database files. Possible porting trouble-spots are generally restricted to dirent(S5)/direct(BSD) funkiness and #defines that changed for POSIX compliance (such as those in for stat.st_mode). Hopefully the process of beta-testing will highlight any problems before any widely-released distribution. It is also hoped that reasonable system defaults for a wide variety of systems can be gathered from a diverse set of beta-testers. This would allow useful plug-and-play builds for the majority of Tripwire users. What you'd get as a beta-tester: ================================ The entire source to Tripwire, manual pages, a README, and the Tripwire design document. What you'd need to do: ====================== You will need to install the code on your system and run it. You will need to report back any bugfixes, enhancements, optimizations or other code-diddling that you believe useful. If you build a configuration file for a new system, you will need to send this back. You will have to collect some performance data. You will need to provide some honest, critical feedback on utility, clarity, documentation, etc. You will need to do all this by about October 21. Are you interested? =================== If so, please fill out the form at the end of this message, and send it to (genek@mentor.cc.purdue.edu). We will only take two or three respondents for each system type for the beta test. Please allow some time for processing and selection of beta-testers. I promise to reply to all requests as expeditiously as possible. A formal release of Tripwire is planned for sometime in November. Watch this space for details! Gene Kim September 4, 1992 =============================================================================== Name: Email address: System configuration: machine type operating system version Site information: (completely optional) type of site (ie: university, corporate, military, etc...) comments on machine security (ie: numerous break-in attempts on our dialback servers, repeated intrusions through network, etc...) =============================================================================== ------------------------------ Date: Mon, 07 Sep 92 12:02:46 +0000 From: anl433!hoffmann@uunet.UU.NET (Stephan Hoffmann) Subject: Interactive UNIX virus? (UNIX) In the first days of september 1992 several UNIX-systems in our place got damaged. Files in the /etc - directory had been changed to special files, so that they had to be removed, before the system could be brought up again. Is anything known about similar problems elsewhere? Maybe, there's a virus! Best regards Stephan Hoffmann - -- NAME Stephan Hoffmann EMAIL hoffmann%anl433.uucp@Germany.EU.net SNAIL Siemens AG, ANL A433SI, Gruendlacher Str. 248, 8510 Fuerth, Germany. PHONE +49-911-3089-469 (work) +49-911-3089-290 (FAX) ------------------------------ Date: Sat, 05 Sep 92 18:02:05 -0400 From: James Ford Subject: New files on risc (PC) Thanks to user response, I have been able to place the following files on risc.ua.edu (130.160.4.7) in the directory /pub/ibm-antivirus: virx24.zip - VirX v2.4 vds210t.zip - Virus Detection System v2.10 vsig9208.zip - Virus signatures, Aug 1992 - ---------- Left to themselves, things tend to go from bad to worse. - ---------- James Ford - Consultant II, Seebeck Computer Center The University of Alabama (in Tuscaloosa, Alabama) jford@ua1vm.ua.edu, jford@seebeck.ua.edu Work (205)348-3968 fax (205)348-3993 ------------------------------ Date: Sat, 05 Sep 92 04:18:17 -0000 From: Nemrod_Kedem@f0.n972.z9.virnet.bad.se (Nemrod Kedem) Subject: Re: New Files On Risc (pc) > The following files have been placed on risc.ua.edu (130.160.4.7) in the > directory /pub/ibm-antivirus for anonymous FTP: > fp-205.zip - FProt v2.05 > vsumx208.zip - Virus Summary Listing. > It is time for the once-in-a-blue-moon checking of files on > risc.ua.edu. Please send email to jford@risc.ua.edu if any of these > files are out of date or just should not be there. Thanks. > vshell10.zip If it's what I think it is (VSHELL from Chief D.R.) ... It out of date for over 18 months. Lates version (VSHL202U.ZIP) is avaliable on McAfee's HomeBase BBS or Freqable from it's support home (2:403/138@Fidonet or 9:972/0@VirNet) under the magic name of VSHELL. Regards, Rudy. ------------------------------ Date: Fri, 04 Sep 92 16:46:42 -0400 From: Jack Holleran Subject: 15th NCS Conference Program Program: 15th National Computer Security Conference Registration Information: Tammie Grice (301) 975-2775 Tuesday October 13 10:00a.m. Hall E Opening Plenary Welcome: Mayor Kurt L. Schmoke, Baltimore City (invited) James H. Burrows and Patrick R. Gallagher, Jr. Keynote Speaker: Roland Huber, Commission of the European Communities Systems Security Award Ceremony Best Paper Awards Wednesday October 14 Conference Banquet (7:00p.m.) Speaker: Dr. Peter G. Neumann SRI International Thursday October 15 Conference Awards Reception (6:00p.m.) Friday October 16 11:00a.m. Room 307 - 308 - 309 CLOSING PLENARY E. Troy, Chair, NIST Panel Discussion International Standards: A Path to International Harmonization Panelists: D. Herson,United Kingdom ; S. Knapskog, ISO/SC27/WG3; U. Van Essen, Germany; R. Verrett, Canada Technical Program 2:00p.m. Hall E Panel - Criteria I: Perspectives and Progress on International Criteria E. Troy, Chair, NIST "The IT Security Evaluation Manual" Y. Klein, Service Central de la Securite des Systemes d'Information, Paris, France Panelists: LTC R. Ross, NSA; D. Ferraiolo, NIST; E. Bacic, Canada; J. Wood, European Communities Room 309 Covert Channels, Part I: Analysis Dr. B. Burnham, Chair, NSA "Architectural Implications of Covert Channels" N. Proctor, SRI International "A Foundation for Covert Channel Analysis" T. Fine,Secure Computing Corporation "A Tool for Covert Storage Channel Analysis of the UNIX Kernel" D. Willcox, Motorola Microcomputer Group Room 307-308 Panel: The TPEP and Product Innovation R. Henning, Chair, Harris Corporation; Panelists: J.Adams, SecureWare; L. Baron, Sun Microsystems; W. Boebert, Secure Computing Corporation; Dr. M. Branstad, Trusted Information Systems, Inc.; Dr. R. Schell, Gemini Computers Room 301-303 Threats and Security Overview LtCdr. A. Liddle, Royal Navy, National Defense University Room 319-321 Panel: Virus I: Virus Attacks & Counterattacks - Real-World Experiences J. Litchko, Chair, Trusted Information Systems, Inc. Panelists: L. Mandeville, Miller, Belis & O'Neil, P.C.; J. Keyes, NASA; G. Wellham, Maryland National Financial, Inc. Room 305 New Security Paradigms (Part I) 2:00-5:30p.m. H. Hosmer, Chair, Data Security, Inc. "A New Paradigm for Trusted Systems" Dr. D. Denning, Georgetown University Discussion Leader: Dr. L. LaPadula, The Mitre Corporation "New Paradigms for High Assurance Software" Dr. J. McLean, Naval Research Laboratory Discussion Leader: E. Leighninger, Dynamics Research Corporation "Managing Complexity in Secure Networks" Dr. D. Bailey, Galaxy Systems Discussion Leader: Dr. M. Abrams, The Mitre Corporation "Best Paper of the New Security Paradigms Workshop" Discussion Leader: E. Leighninger, Dynamics Research Corporation Panel Discussion Dr. J. Dobson, Newcastle upon Tyne; Dr. D. Bailey, Galaxy Systems; Dr. D. Denning, Georgetown University; H. Hosmer, Data Security, Inc.; Dr. L. LaPadula, The Mitre Corporation; Dr. J. McLean, Naval Research Laboratory 4:00p.m. Hall E International Harmonization E. Flahavin, Chair, NIST "Re-Use of Evaluation Results" J. Smith, CESG Panel: TMach as a Symbol of International Harmonization Panelists: B. Boesch, DARPA; Dr. M. Branstad, Trusted Information Systems, Inc.; C. Ketley, U.K. Government; K. Keus, German Government Room 309 Panel - Covert Channels, Part II: Overt Truths Behind Covert Channels P. Neumann, Chair, SRI International Panelists: R. Morris, NSA; J. Millen, The Mitre Corporation; V. Gligor, University of Maryland Room 307-308 Evolving Security Requirements F. Mayer, Chair, Aerospace Corp. "Extending Our Hardware Base: A Worked Example" N. McAuliffe, Trusted Information Systems, Inc. "Evolving Criteria for Evaluation: The Challenge for the International Integrator of the 90's" J. Fowler, Grumman Data Systems "The Need for a Multilevel Secure (MLS) Trusted User Interface" G. Factor, Digital Equipment Corp. Room 317 Information Technology Security Requirements Panel D. Gilbert, Chair, NIST Panelists: N. Lynch, NIST;S. Pitcher, Department of Commerce; M. Swanson, NIST; Dr. W. Maconochy, NSA Room 301-303 Physical, Personnel, and Administrative Security H. Looney, National Defense University Room 319-321 Viruses II: VIRUS Proposed Approaches J. Anderson, Chair, J. P. Anderson Company "Software Forensics: Can We Track Code to its Authors?" Dr. E. Spafford, Purdue University "Precise Identification of Computer Viruses" T. Polk, NIST "Data Security for Personal Computers" P. Bicknell, The MITRE Corporation October 14 9:00a.m. ROOM 309 DBMS I: Security in Database Management Systems C. Meadows, Chair, Naval Research Lab "Enforcing Entity and Referential Integrity in Multilevel Secure Databases" V. Doshi, The MITRE Corporation "A Multilevel Secure Database Management System Benchmark" L. Schlipper, The MITRE Corporation "Protected Groups: An Approach to Integrity and Secrecy in an Object-Oriented Database" J. Slack, Kansas State University "Implications of Monoinstantiation in a Normally Polyinstantiated Multilevel Secure Database" F. Kramer, Digital Equipment Corporation Room 307-308 Perspectives on MLS System Solution Acquisition - A Debate by the Critical Players Involved J. Sachs, Chair, ARCA Systems Inc. "An Approach for Multilevel Security (MLS) Acquisition" W. Neugent, The Mitre Corporation Panelists: T. Clarke, Defense Information Systems Agency; A. Cuomo, NSA; G. Evans, Loral Western Development Labs; Col. J. Hackman, USAF, Joint Chiefs of Staff; B. Loiter, Digital Equipment Corporation; H.O. Lubbes, Naval Research Lab; Dr. W. Wilson, Arca Systems Inc. Room 317 Network Security W. H. Murray, Chair, Consultant "Toward a Model of Security for a Network of Computers P. Farrell, George Mason University "Risk Management of Complex Networks R. Cox, CTA "A Local Area Network Security Architecture L. Carnahan, NIST "Priorities for LAN Security: A Case Study of a Federal Agency's LAN Security S. Chang, NIST Room 301-303 Trusted Systems Concepts Dr. C. Abzug, National Defense University Room 319-321 Panel - Information Systems Security Organization: Retooling for the Future Dr. W. Maconachy, Chair, NSA Panelists: S. Barnett, NSA; R. Quane, National Cryptologic School; A. Whieldon, NSA Room 305 New Security Paradigms (Part II) 9:00-12:00a.m. Dr. J. Dobson, Chair, Newcastle upon Tyne "The Multipolicy Paradigm" H. Hosmer, Data Security, Inc. Discussion Leader: Dr. T. Haigh, Secure Computing Corporation "Metapolicies II" H. Hosmer, Data Security, Inc. Discussion Leader: Dr. L. LaPadula, The Mitre Corporation "Separation Machines" Dr. J. Graff, Amdahl Discussion Leader: M. Smith, AT&T "Mediation and Separation in Contemporary Information Technology Systems" J. Heaney, The Mitre Corporation Discussion Leader: E. Leighninger, Dynamics Research Corporation 11:00a.m. Room 309 Panel - DBMS II: New Initiatives in Data Base Management Systems C. McBride, Chair, NSA Panelists: L. Vetter, Oracle; R. Varadarajan, Informix; M. Tinto, NSA; Dr. D Downs, The Aerospace Corporation Room 307-308 Issues in Trust & Specification M. Woodcock, Chair, U.S. Naval Academy "Issues in the Specification of Secure Composite Systems" J. Hemenway, Grumman Data Systems "A Note on Compartmented Mode: To B2 or Not B2?" Dr. T.M.P. Lee, Trusted Information Systems, Inc. Room 317 Panel - Addressing U.S. Government Security Requirements for OSI N. Nazario, Chair, NIST Panelists: T. Humphreys, XISEC Consultants, U.K.; T. Bartee, IDA D. Walters, NIST Room 301-303 Trusted Networks R. Kenneth Bauer, Arca Systems, Inc. Room 319-321 Panel - ISSA Initiatives D. Gary, Chair, Carnegie Mellon University 2:00p.m. Room 309 Panel: The Electronic Certification: The Time has Come, Part I M. Smid, Chair, NIST Panelists: C. Martin, Government Accounting Office; B. Johnson, Army Corp of Engineers; K. Rose, NSA; Room 307-308 "The New TPEP Process" S. Nardone, Chair, NSA "Concept Paper - An Overview of the Proposed Trust Technology Assessment Program" P. Toth, NIST Room 317 Panel: Forming A Computer Security Incident Response Capability (CSIRC) D. Steinauer, Chair, NIST Panelists: R. Pethia, Carnegie Mellon University; Dr. E. Schultz, Eugene Schultz and Associates; J. Wack, NIST Room 301-303 Trusted Database Systems Dr. G. Smith, Arca Systems, Inc. Room 319-321 Panel: Publications, Services, and Bulletin Boards R. Lau, Chair, NSA Panelists: C. Hash, NSA; S. Radack, NIST; M. Schanken, NSA; M. Swanson, NIST Room 305 2:00p.m. - 5:30 p.m. Group Decision Support for Developing a Curriculum DACUM Dr. Corey Schou, Idaho State University 4:00p.m. Room 309 Panel: The Electronic Certification: The Time has Come, Part II D. Dodson, Chair, NIST Panelists: G. Ostrem, Datakey; W. Bialick, NSA; L. Shomo, NASA; L. McNulty, NIST Room 307-308 Panel and Paper Current Information Security Initiatives within the U.S. Armed Forces LTC R. Ross, Chair, USA "Standard Certification - Progression" Captain C. Pierce, USAF, AFCSC Panel Discussion: Challenges Facing Certification and Accreditation Efforts of the Military Services Panelists: B. Zomback, U.S. Army; L. Merritt, U.S. Air Force; J. Mildner, U.S. Navy Room 317 Panel: Health Care G. Lang, Chair, The Harrison Avenue Corp. "Application Layer Security Requirements of a Medical Information System" D. Hamilton, Hewlett Packard Panelists: B. Bahramian, Beta Management Systems, Inc.; P. Fallon, Toshiba America Information Systems; S. Price-Francis, Canon Canada, Inc.; M. Schwartz, Summit Medical Systems, Inc. Room 301-303 Trusted Integration & System Certification J. Sachs, Arca Systems, Inc. Room 319-321 Student Papers Dr. H. Highland, Chair, Compulit "PM: A Unified Automated Deduction Tool for Verification" G. Fink, UC Davis "Finding Security Flaws in Concurrent and Sequential Designs Using Planning Techniques" D. Frincke, UC Davis "Electronic Measurement of Software Sharing for Computer Virus Epidemiology" L. de La Beaujardiere, UC Santa Barbara October 15 9:00a.m. Room 309 Panel - Intrusion Detection: Can we Build Models of Intrusions T. Lunt, Chair, SRI International Panelists: T. Garvey, SRI International; S. Snapp, Haystack Laboratories, Inc.; D. Icove, FBI; Dr. K. Levitt, UC Davis Room 307-308 Certification & Accreditation Experiences in Civil Agencies A. Friedman, Chair, The MITRE Corporation "Accreditation: Is It a Security Requirement or a Good Management Practice?" T. Anderson, USATREX International Inc. Panelists: S. Smith, FAA; P. Camero, DEA; F. Brant, DoS; W. Donovan, FEMA Room 317 Operational Policies R. Shilinski, Chair, NCSC "Some More Thoughts on the Buzzword "Security Policy"" D. Chizmadia, NSA "Operational Support of Downgrading in a Multi-Level Secure System" D. Nelson, Digital Equipment Corporation "Security Within the DODIIS Reference Model" B. McKenney, The MITRE Corporation Room 301-303 Trusted Systems Concepts Dr. C. Abzug, National Defense University Room 319-321 Panel: The National Research Educational Network (NREN): A Proposed Security Policy & Status Report S. Wolff,, Chair, National Science Foundation Panelists: Dr. D. Branstad, NIST; Dr. S. Kent, BBN; Dr. S. Crocker, Trusted Information Systems, Inc.; V. Cerf, CNRI Cryptography Dr. H. Highland, Chair, Compulit "New Dimensions In Data Security" K. Mundt, CE Infosys "The Kinetic Protection Device" M. Bianco, Hughes Aircraft Company "Provably Weak Cryptographic Systems" Dr. J. Higgins, Brigham Young University 9:00-11:00a.m. Forming an Incident Response Capability Dr. Gene Schultz, Eugene Schultz and Assciates 11:00a.m. Room 309 Panel: Security Protocols for Open Systems P. Lambert, Chair Motorola Panelists: R. Housley, XEROX; D. Maughan, NSA; D. Solo, BBN; D. Walters, NIST; M. White, Booz-Allen & Hamilton Room 307-308 INFOSEC Design and Certification Initiatives D. Arnold, Chair, NSA "General Issues to be Resolved in Achieving Multilevel Security " W. Neugent, The Mitre Corporation Panelists: CDR. D. Campbell, USN, NSA; R. Flowers, NSA; S. Westendorf, NSA Room 317 Panel - What Senior Federal Managers Think About Security C. Bythewood, Chair, NCSC E. Springer, Office of Management and Budget I. Gilbert Perry, NIST Room 301-303 Trusted Networks J. Sachs, Arca Systems Inc. Room 319-321 Panel: Federal Information Systems Security Educators' Association (FISSEA) Dr. W. Maconachy, Chair, NSA Dr. C. Schou, Idaho State University; J. Pohly, U.S.A.F.; D. de Zafra, Public Health Service; V. Marshall, Booz-Allen & Hamilton;, B. Guffie, Social Security Administration Room 323 Intrusion Detection T. Lunt, Chair, SRI International "Intrusion and Anomaly Detection: ISOA Update" J. Winkler, PRC, Inc. "Internetwork Security Monitor: An Intrusion Detection System for Large Scale Networks" T. Heberlein, University of California - Davis 2:00p.m. Room 309 ACCESS CONTROL D. Dodson, Chair, NIST "Role Based Access Control" R. Kuhn, NIST "Knowledge-Based Inference Control in a Multilevel Secure Database Management System" Dr. B. Thuraisingham, The MITRE Corporation "A TCB Subset For Integrity and Role-Based Access Control" D. Sterne, Trusted Information Systems, Inc. Room 307-308 Multilevel Security (MLS) Prototyping and Integration: Lessons Learned and DoD Directions C. West, Chair, Defense Information Systems Agency Panelists: R. Hale, NRL; Major R. LeSieur, USAF, ESC; E. Schwartz, NSA; C. Cross-Davison, DIA Room 317 PANEL - Privacy I - Domestic Privacy: Roll of Honor and Hall of Shame W. Madsen, Chair "E-Mail Privacy and the Law" C. Axsmith, Esq., ManTech Strategic Associates, Ltd. Panelists: L. Schaefer, The MITRE Corporation; J. Abernathy, The Houston Chronicle Room 301-303 Trusted Database Systems Dr. G. Smith, ARCA Systems, Inc. Room 319-321 Considerations for Assurance T. Malarkey, Chair, NSA "A Model of Risk Management in the Development Life Cycle" Capt C. Pierce, USAF, AFCSC "Concept for a Smart Card Kerberos" M. Krajewski, Jr., The MITRE Corporation "Operating System Support for Trusted Applications" R. Graubert The MITRE Corporation "Potential Benefits from Implementing the Clark-Wilson Integrity Model Using an Object-Oriented Approach" C. Schiller, Science Applications International Corporation Room 323 Defense Against Computer Aids H. Peele, Air Force Intelligence Command Room 305 2:00-5:30 p.m. Making it Work: Applying INFOSEC to the Real World C. Barker, T. Parenty-Winkler, Trusted Information Systems, Inc. 4:00p.m. Room 309 Data Assurances Profesor S. Jajodia, Chair, George Mason University "Integrity and Assurance of Service Protection in a Large, Multipurpose, Critical System" H. Johnson, Information Intelligence Sciences, Inc. "An Example Complex Application for High Assurance Systems" S. Padilla, SPARTA "Mandatory Policy Issues of High Assurance Composite Systems" J. Fellows, Grumman Data Systems Room 307-308 Trusted Network Products P. Woodie, Chair, NSA "Towards a Policy-Free Protocol Supporting a Secure X Window System" M. Smith, AT&T Bell Laboratories "An SDNS Platform for Trusted Products" E. Borgoyne, Motorola "SDNS Security Management" W. Jansen, NIST Room 317 Panel: Privacy II - International Data Privacy: Roll of Honor and Hall of Shame W. Madsen, Chair, CSC Panelists: G. Montigny, Privacy Commision of Canada; E. Hendricks, Privacy Times Room 301-303 Trusted Integration & System Integration Dr. W. Wilson, Arca Systems Inc. Room 319-321 Trust Documentation W. Geer, Chair, AFCSC "Current Endorsed Tools List (ETL) Examples: Lessons Learned" C. Garvey, TRW Systems Integration Group "Companion Document Series to the Trusted Database Management System Interpretation" L. Notargiacomo, The MITRE Corporation "Assessing Modularity in Trusted Computing Bases" Dr. D. Baker, The Aerospace Corporation Room 323 Panel: Electronic Crime: An Investigative Perspective Jack Holleran, Chair, National Computer Security Center Speakers: Special Agent Jack Lewis, Electronic Crimes Branch, Secret Service Special Agent Mark Pollett, Federal Bureau of Investigation October 16 9:00a.m. Room 309 Panel: R&D Future Needs B. Snow, Chair, NSA Panelists: Dr. S. Kent, BBN; W. Boebert, Secure Computing Corporation Room 307-308 Information Security Engineering ENS S. Mitchell, USN, Chair, NSA "Information System Security Engineering: Cornerstone to the Future" Dr. D. Howe, NSA "Network Security via DNSIX, Integration of DNSIX and CMW Technology" H. Heller, Harris Corporation "Issues to Consider When Using Evaluated Products to Implement Secure Mission Systems" Lt Col W. Price, USAF, Air Force Space Command Room 317 Panel: Privacy III - Government Surveillance Policy and Capabilities as the Telephone Network Goes Digital --- The FBI's Digital Telephony Initiative Dr. L. Hoffman, Chair, George Washington University Panelists: A. Bayse, FBI; J. Edwards, NORTEL Federal Systems, Inc.; J. Podesta, Podesta Associates Room 301-303 Access Policies Mechanisms M. Schaefer, Chair, CTA, Inc. "Implementation Considerations for the Typed Access Matrix Model in a Distributed Environment" G. Suri, George Mason University "A Lattice Interpretation of the Chinese Wall Policy" Professor R. Sandhu, George Mason University "Experience with a Penetration Analysis Method and Tool" Dr. S. Gupta, University of Maryland Room 319-321 Data Distribution K. Rowe, Chair, NSA "A Tamper-Resistant Seal for Trusted Distribution and Life-Cycle Integrity Assurance" M. Bianco, Hughes Aircraft Company "Use of a Case Tool to Define the Specifications of a Trusted Guard" R. Lazar, The MITRE Corporation "A Security Reference Model for a Distributed Object System and its Application" V. Varadharajan, Hewlett-Packard Labs., U.K. Room 305 9:00a.m. - 5:30p.m. Intrusion Detection Workshop Teresa Lunt, SRI International ------------------------------ End of VIRUS-L Digest [Volume 5 Issue 148] ******************************************