infosec folk art and beyond

1
Computers & Security, 16 (1997) 515-527 COMPSEC ‘97 Paper Abstracts Compsec International ‘97, the Fourteenth World Conference on Computer Security, Audit and Control, is being held on the 5-7th November at the Queen Elizabeth Conference Centre, Westminster, London, UK. The conference is run by Elsevier Trends Division, publishers of Computers G Security, and will be chaired by the journal’s Editor. Below are listed the available abstracts for the papers presented at this year’s conference. Some of these papers will appear in full (or in revised format) in forthcom- ing issues of Computers 6 Security. DAY 1: Wednesday 5th November KEYNOTE Title: Infosec Folk Art and Beyond Author: Donn B. Parker, SRI International Information security is an inarticulate, incomplete folk art attempting to incorrectly preserve confiden- tiality, integrity and availability of information from computer risks. We must have a holistic perspective for stopping irrational cybercriminals, not just mak- ing vulnerable computers secure. We must achieve prudent due care, not just reduction of unmeasur- able risk, to create an accepted art of business secu- rity STREAM 1: Internet/lntranet Title: Internet E-mail Security Author: Peter Wood. First Base Who is your E-mail really from? Can you trust return addresses? Who has read your E-mail first? The reali- ties of using E-mail on the Internet mean that securi- ty is a very real consideration. Unfortunately, viruses in electronic mail are becoming more of a problem, being passed around, for example, hidden in macros for Microsoft Word or Excel. Unauthorized access to confidential messages is also a major concern. This paper will explore methods, risks and counter- measures in depth. Title: Some Observations on Vulnerabilities Author: Eugene Spafford, Purdue University It seems that every day new vulnerabilities are found with operating systems, application programs and WWW browsers. In recent months, vulnerabilities have even been found in security software! Why are there so many problems in software? In this paper, we will first explore the question of“What is a vulnera- bility?” One way of looking at the problem is to observe that without specific policies, and without formal design documents, there are no vulnerabili- ties, per se - only surprisesThe implications of this view are important for security specialists to under- stand: for design, for purchase and for operations. Next, we will examine the question of the nature of vulnerabilities in software. Are these really new vul- nerabilities in software? Where do these vulnerabili- ties come from, and how can we keep them out of our software before we encounter them in a critical situation? 0167-4048/97$17.00 0 1997 Elsevier Science Ltd 515

Upload: donn-b-parker

Post on 02-Jul-2016

217 views

Category:

Documents


3 download

TRANSCRIPT

Computers & Security, 16 (1997) 515-527

COMPSEC ‘97 Paper Abstracts

Compsec International ‘97, the Fourteenth World Conference on

Computer Security, Audit and Control, is being held on the 5-7th

November at the Queen Elizabeth Conference Centre,

Westminster, London, UK. The conference is run by Elsevier

Trends Division, publishers of Computers G Security, and will be

chaired by the journal’s Editor. Below are listed the available

abstracts for the papers presented at this year’s conference. Some of

these papers will appear in full (or in revised format) in forthcom-

ing issues of Computers 6 Security.

DAY 1: Wednesday 5th November

KEYNOTE

Title: Infosec Folk Art and Beyond Author: Donn B. Parker, SRI International

Information security is an inarticulate, incomplete folk art attempting to incorrectly preserve confiden- tiality, integrity and availability of information from computer risks. We must have a holistic perspective for stopping irrational cybercriminals, not just mak- ing vulnerable computers secure. We must achieve prudent due care, not just reduction of unmeasur- able risk, to create an accepted art of business secu- rity

STREAM 1: Internet/lntranet

Title: Internet E-mail Security Author: Peter Wood. First Base

Who is your E-mail really from? Can you trust return addresses? Who has read your E-mail first? The reali- ties of using E-mail on the Internet mean that securi- ty is a very real consideration. Unfortunately, viruses in electronic mail are becoming more of a problem, being passed around, for example, hidden in macros for Microsoft Word or Excel. Unauthorized access to confidential messages is also a major concern. This paper will explore methods, risks and counter- measures in depth.

Title: Some Observations on Vulnerabilities Author: Eugene Spafford, Purdue University

It seems that every day new vulnerabilities are found with operating systems, application programs and WWW browsers. In recent months, vulnerabilities have even been found in security software! Why are there so many problems in software? In this paper, we will first explore the question of“What is a vulnera- bility?” One way of looking at the problem is to observe that without specific policies, and without formal design documents, there are no vulnerabili- ties, per se - only surprisesThe implications of this view are important for security specialists to under- stand: for design, for purchase and for operations. Next, we will examine the question of the nature of vulnerabilities in software. Are these really new vul- nerabilities in software? Where do these vulnerabili- ties come from, and how can we keep them out of our software before we encounter them in a critical situation?

0167-4048/97$17.00 0 1997 Elsevier Science Ltd 515