17. ACSAC 2001: New Orleans, Louisiana, USA

17th Annual Computer Security Applications Conference (ACSAC 2001), 11-14 December 2001, New Orleans, Louisiana, USA. IEEE Computer Society 2001, ISBN 0-7695-1405-7
Contents

Intrusion Detection I

Tao Wan, Xue Dong Yang:
IntruDetector: A Software Platform for Testing Network Intrusion Detection Algorithms. 3-11
Klaus Julisch:
Mining Alarm Clusters to Improve Alarm Handling Efficiency. 12-21
Frédéric Cuppens:
Managing Alerts in a Multi-Intrusion Detection Environmen. 22-31
Tim Buchheim, Michael Erlinger, Ben Feinstein, Greg Matthews, Roy Pollock, Joseph Betser, Andy Walther:
Implementing the Intrusion Detection Exchange Protocol. 32-44

Security Architecture

Peter Herrmann:
Information Flow Analysis of Component-Structured Applications. 45-54
Stephen D. Wolthusen:
Security Policy Enforcement at the File System Level in the Windows NT Operating System Family. 55-63
David M. Wheeler, Adam Conyers, Jane Luo, Alex Xiong:
Java Security Extensions for a Java Server in a Hostile Environment. 64-73
Eric Monteith:
Genoa TIE, Advanced Boundary Controller Experiment. 74-84

Cryptography

Yih Huang, David Rine, Xunhua Wang:
A JCA-Based Implementation Framework for Threshold Cryptography. 85-91
Duncan S. Wong, Hector Ho Fuentes, Agnes Hui Chan:
The Performance Measurement of Cryptographic Primitives on Palm Devices. 92-101
Wenliang Du, Mikhail J. Atallah:
Privacy-Preserving Cooperative Statistical Analysis. 102-112

Forum

Ben Feinstein, Greg Matthews, Stuart Staniford, Andy Walther:
Experiences Implementing a Common Format for IDS Alerts. 113-116

Access Control I

Andreas Schaad:
Detecting Conflicts in a Role-Based Delegation Model. 117-126
Pete Epstein, Ravi S. Sandhu:
Engineering of Role/Permission Assignments. 127-136
Ramaswamy Chandramouli:
A Framework for Multiple Authorization Types in a Healthcare Application System. 137-148
Wayne A. Jansen:
Determining Privileges of Mobile Agents. 149-160

Classic Papers

Dan Thomsen:
Introduction to Classic Papers. 161
John E. Dobson, Brian Randell:
Building Reliable Secure Computing Systems out of Unreliable Insecure Components. 162-173
Carl E. Landwehr, Constance L. Heitmeyer, John D. McLean:
A Security Model for Military Message Systems: Retrospective. 174-190
John McHugh:
An Information Flow Tool for Gypsy. 191-204

Invited Essayist Plenary

Roger R. Schell:
Information Security: Science, Pseudoscience, and Flying Pigs. 205-218

Intrusion Detection II

Peng Liu:
DAIS: A Real-Time Data Attack Isolation System for Commercial Database Applications. 219-229
John C. Munson, Scott Wimer:
Watcher: The Missing Piece of the Security Puzzle. 230-239
Ulf Lindqvist, Phillip A. Porras:
eXpert-BSM: A Host-Based Intrusion Detection Solution for Sun Solaris. 240-251
Anita Jones, Song Li:
Temporal Signatures for Intrusion Detection. 252-264

Secure Electronic Commerce

Shan Jiang, Sean W. Smith, Kazuhiro Minami:
Securing Web Servers against Insider Attack . 265-276
Germano Caronni, Christoph L. Schuba:
Enabling Hierarchical and Bulk-Distribution for Watermarked Content. 277-285
Albert Levi, Çetin Kaya Koç:
CONSEPP: CONvenient and Secure Electronic Payment Protocol Based on X9.59. 286-295
Paul Ashley, Heather M. Hinton, Mark Vandenwauver:
Wired versus Wireless Security: The Internet, WAP and iMode for E-Commerce. 296-308

Access Control II

Piero A. Bonatti, Ernesto Damiani, Sabrina De Capitani di Vimercati, Pierangela Samarati:
A Component-Based Architecture for Secure Data Publication. 309-318
Günter Karjoth:
The Authorization Service of Tivoli Policy Director. 319-328
Charles Payne, Tom Markham:
Architecture and Applications for a Distributed Embedded Firewall. 329-338

Panel

Matt Bishop, Anup K. Ghosh, James A. Whittaker:
How Useful is Software Fault Injection for Evaluating the Security of COTS Products? 339-342

Forum

Ron Gula, Gene Kim, Chris Klaus, Paul Proctor:
Security Vendor CTOs: Perspectives, Opinions, and Lessons Learned. 343-346

Reality vs. Security

Valentin Razmov, Daniel R. Simon:
Practical Automated Filter Generation to Explicitly Enforce Implicit Input Assumptions. 347-357
Ross J. Anderson:
Why Information Security is Hard-An Economic Perspective. 358-365
John P. McDermott:
Abuse-Case-Based Assurance Arguments. 366-376

PKI

Victoria Ungureanu:
A Regulated Approach to Certificate Management. 377-385
James M. Hayes:
Restricting Access with Certificate Attributes in Multiple Root Environments-A Recipe for Certificate Masquerading. 386-390
Ronald Mraz:
Secure Blue: An Architecture for a Scalable, Reliable, High Volume SSL Internet Server. 391-400

Internet Security

Nathalie Weiler:
Secure Anonymous Group Infrastructure for Common and Future Internet Applications. 401-410
David Mankins, Rajesh Krishnan, Ceilyn Boyd, John Zao, Michael Frentz:
Mitigating Distributed Denial of Service Attacks with Dynamic Resource Pricing. 411-421
D. W. Gresty, Qi Shi, Madjid Merabti:
Requirements for a General Framework for Response to Distributed Denial-of-Service. 422-432

Applications Security

Bernd Blobel:
Trustworthiness in Distributed Electronic Healthcare Records-Basis for Shared Care. 433-441
Anita K. Jones, Yu Lin:
Application Intrusion Detection using Language Library Calls. 442-449
Ulrich Lang, Dieter Gollmann, Rudolf Schreiner:
Verifiable Identifiers in Middleware Security. 450-462

Panel

Anna Entrichel, James Bergman, Jason Willis, Herb Little:
Computing Without Wires (Or Even a Net): The Pitfalls, Potentials, and Practicality of Wireless Networking. 463-464