infosec folk art and beyond
TRANSCRIPT
Computers & Security, 16 (1997) 515-527
COMPSEC ‘97 Paper Abstracts
Compsec International ‘97, the Fourteenth World Conference on
Computer Security, Audit and Control, is being held on the 5-7th
November at the Queen Elizabeth Conference Centre,
Westminster, London, UK. The conference is run by Elsevier
Trends Division, publishers of Computers G Security, and will be
chaired by the journal’s Editor. Below are listed the available
abstracts for the papers presented at this year’s conference. Some of
these papers will appear in full (or in revised format) in forthcom-
ing issues of Computers 6 Security.
DAY 1: Wednesday 5th November
KEYNOTE
Title: Infosec Folk Art and Beyond Author: Donn B. Parker, SRI International
Information security is an inarticulate, incomplete folk art attempting to incorrectly preserve confiden- tiality, integrity and availability of information from computer risks. We must have a holistic perspective for stopping irrational cybercriminals, not just mak- ing vulnerable computers secure. We must achieve prudent due care, not just reduction of unmeasur- able risk, to create an accepted art of business secu- rity
STREAM 1: Internet/lntranet
Title: Internet E-mail Security Author: Peter Wood. First Base
Who is your E-mail really from? Can you trust return addresses? Who has read your E-mail first? The reali- ties of using E-mail on the Internet mean that securi- ty is a very real consideration. Unfortunately, viruses in electronic mail are becoming more of a problem, being passed around, for example, hidden in macros for Microsoft Word or Excel. Unauthorized access to confidential messages is also a major concern. This paper will explore methods, risks and counter- measures in depth.
Title: Some Observations on Vulnerabilities Author: Eugene Spafford, Purdue University
It seems that every day new vulnerabilities are found with operating systems, application programs and WWW browsers. In recent months, vulnerabilities have even been found in security software! Why are there so many problems in software? In this paper, we will first explore the question of“What is a vulnera- bility?” One way of looking at the problem is to observe that without specific policies, and without formal design documents, there are no vulnerabili- ties, per se - only surprisesThe implications of this view are important for security specialists to under- stand: for design, for purchase and for operations. Next, we will examine the question of the nature of vulnerabilities in software. Are these really new vul- nerabilities in software? Where do these vulnerabili- ties come from, and how can we keep them out of our software before we encounter them in a critical situation?
0167-4048/97$17.00 0 1997 Elsevier Science Ltd 515