WEDNESDAY, AUGUST 6, 2003   [Thursday, August 7]    [Friday, August 8]
9:00 am - 10:30 am
Opening Remarks, Awards, and Keynote Keynote Address: Reflections on a Decade of Pseudonymity Black Unicorn (a.k.a. A.S.L. von Bernhardi) What is identity? What is reputation? What is trust? Are these concepts as self-explanatory as they generally appear? This talk will examine the shortcomings of several identity and reputation systems and explore their importance from the perspective of the practitioner designing critical systems and security architectures. We will also direct an eye to evolving social, legal, and technical expectations and how they impact our perceptions of these concepts. Black Unicorn has served as a "Big 5" consultant, an entrepreneur, an intelligence professional, a banker, a lobbyist, and a sometime cypherpunk. A survey of his recent work includes modeling narcotics smuggling and money laundering dynamics, a study of concepts of money throughout history, and research into the behavioral economics of black markets. He is currently at work developing political risk-hedging methodologies for foreign exchange markets. 2003 marks the 10-year anniversary of the pseudonym "Black Unicorn."
10:30 am - 11:00 am   Break
11:00 am - 12:30 pm
REFEREED PAPERS ATTACKS Session Chair: John McHugh, CERT Remote Timing Attacks Are Practical David Brumley and Dan Boneh, Stanford University 802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions John Bellardo and Stefan Savage, University of California, San Diego Denial of Service via Algorithmic Complexity Attacks Scott A. Crosby and Dan S. Wallach, Rice University	INVITED TALKS DISTRIBUTING SECURITY: DEFENDING WEB SITES WITH 13,000 SERVERS Speaker: Andy Ellis, Akamai Early models of Web site defense focused on the challenges of appropriately hardening a small cluster of machines and a simple network infrastructure against attack. With 13,000 distributed servers, a different set of challenges need to be overcome, from robust system management and monitoring to providing protection to backend servers.
12:30 pm - 2:00 pm   Lunch (on your own)
2:00 pm - 3:30 pm
REFEREED PAPERS COPING WITH THE REAL WORLD Session Chair: Crispin Cowan, Immunix Inc. Plug-and-Play PKI: A PKI Your Mother Can Use Peter Gutmann, Auckland University Analyzing Integrity Protection in the SELinux Example Policy Trent Jaeger, Reiner Sailer, and Xiaolan Zhang, IBM T.J. Watson Research Center Security Holes . . . Who Cares? Eric Rescorla, RTFM, Inc.	INVITED TALKS PROTECTING THE INTERNET INFRASTRUCTURE Speaker: John Ioannidis, AT&T Labs--Research All Internet services depend on two infrastructure components: the Domain Name System and the routing system. Neither has evolved with much security in mind. Both have depended instead on the friendly cooperation of the people who "run the network." These two essential components are increasingly the target of attacks. Even worse, they are frequently subject to misconfigurations (routing more so than DNS), and also heavily affected by distributed denial of service attacks. This talk gives an overview of the DNS and Internet routing, discusses their security vulnerabilities, and explores where we are and where we should be going to improve the situation.
3:30 pm - 4:00 pm   Break
4:00 pm - 5:30 pm
REFEREED PAPERS PANEL: ELECTRONIC VOTING Moderator: Dan Wallach, Rice University The U.S. national elections in 2000 demonstrated numerous problems with punch-card voting systems. Many states are replacing such systems with new, computerized ones. Most of these record and tally the votes completely in software, which raises concerns if the software is either simply buggy or has been subjected to malicious tampering. Hundreds of computer scientists signed a petition demanding that these machines have a "voter-verifiable audit trail." Academic experts, government election specialists, and voting system manufacturers will discuss security requirements and mechanisms for managing our elections.	INVITED TALKS AN OPTIMIST GROPES FOR HOPE Speaker: Bill Cheswick, Lumeta By all accounts the Internet has grown more dangerous since its inception. Most of the expected attacks have appeared and become commonplace. Increasingly sophisticated malware has learned to hide in the deep bushes of verdant, wild software. Users can't keep up with these dangers, and it is hard enough for the professionals. Yet there are indications that things can get better. Many important Web sites get security right enough to support large business models. Those who run our most secure networks report that they repeatedly pass the pop quizzes of the attack du jour. We can use crypto when we want to, and many do. We can do better, and many of us are starting to.
THURSDAY, AUGUST 7, 2003   [Wednesday, August 6]    [Friday, August 8]
9:00 am - 10:30 am
REFEREED PAPERS HARDENING I Session Chair: David Wagner, University of California, Berkeley PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities Crispin Cowan, Steve Beattie, John Johansen, and Perry Wagle, Immunix, Inc. Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar, Stony Brook University High Coverage Detection of Input-Related Security Faults Eric Larson and Todd Austin, University of Michigan	INVITED TALKS WHEN POLICIES COLLIDE: WILL THE COPYRIGHT WARS ROLL BACK THE COMPUTER REVOLUTION? Speaker: Mike Godwin, Public Knowledge The last two years have seen an unprecedented effort by content companies--notably the movie studios--to press for legislative or regulatory requirements that could have closed down the open-platform, general- purpose computer as such. Where are these efforts going? What do they signify? What should we do about it?
10:30 am - 11:00 am   Break
11:00 am - 12:30 pm
REFEREED PAPERS DETECTION Session Chair: Dawn Song, Carnegie Mellon University Storage-based Intrusion Detection: Watching Storage Activity for Suspicious Behavior Adam G. Pennington, John D. Strunk, John Linwood Griffin, Craig A.N. Soules, Garth R. Goodson, and Gregory R. Ganger, Carnegie Mellon University Detecting Malicious Java Code Using Virtual Machine Auditing Sunil Soman, Chandra Krintz, and Giovanni Vigna, University of California, Santa Barbara Static Analysis of Executables to Detect Malicious Patterns Mihai Christodorescu and Somesh Jha, University of Wisconsin, Madison	INVITED TALKS PHYSICAL SECURITY: THE GOOD, THE BAD, AND THE UGLY Speaker: Mark Seiden, MSB Associates Physical security is an oft-overlooked but critical prerequisite for good information security. A bad guy with a console root login can obviously adversely affect behavior in basic or profound ways, but you may not know how trust can be completely breached by brief and seemingly limited physical exposure using spiffy/inexpensive tools available on Ebay. Another dirty little secret: When critically examined, physical security policies/mechanisms perhaps have *always* oozed snake oil, including back doors relying on "security through obscurity" and ignoring environmental context--the need to function in a system. Outsourcing/colocation often presents only the perception (seldom the actuality) of security. A badging system implementation turns out to be >200K LOC, rather than simply "wave badge at the reader and maybe let 'em in," and is as buggy as any large program.
12:30 pm - 2:00 pm   Lunch (on your own)
2:00 pm - 3:30 pm
REFEREED PAPERS APPLIED CRYPTO Session Chair: Patrick McDaniel, AT&T Labs--Research SSL Splitting: Securely Serving Data from Untrusted Caches Chris Lesniewski-Laas and M. Frans Kaashoek, Massachusetts Institute of Technology A New Two-Server Approach for Authentication with Short Secrets John Brainard, Ari Juels, Burt Kaliski, and Michael Szydlo, RSA Laboratories Domain-Based Administration of Identity-Based Cryptosystems for Secure Email and IPSEC D. K. Smetters and Glenn Durfee, Palo Alto Research Center	INVITED TALKS THE INTERNET AS THE ULTIMATE SURVEILLANCE NETWORK Speaker: Richard M. Smith This session will look at the economic, technological, and political forces which are changing the Internet into a worldwide surveillance network. As more intelligent devices are connected to the Internet, the Internet will become less of an information publisher and more of an information collector. Technologies which are pushing along this transformation include ubiquitous wireless IP networking, RFID tags, low-cost digital sensors, and XML. This session will look at trends in technology to help understand how this surveillance network will be used, who will control it, how it will be secured, and its potential impact on personal privacy.
3:30 pm - 4:00 pm   Break
4:00 pm - 6:00 pm
PANEL: REVISITING TRUSTED COMPUTING Moderator: David Farber, University of Pennsylvania Panelists: Lucky Green; Leendert van Doorn, IBM; Bill Arbaugh, University of Maryland; Peter Biddle, Microsoft Suddenly, cybersecurity is on the lips of senior government officials, high-level corporate executives, and even casual computer users who hadn't a clue what it was six months ago. Secure systems proposals, most notably the Trusted Computer Platform Alliance (TCPA), can generate considerable controversy. The hazy debate forming about this area ends up sounding like a choice between no secure computer systems and potential damage to our established copyright mechanisms and freedom of speech. Professor Farber will moderate an examination of this complex set of issues and the question of how to find an acceptable path forward.
FRIDAY, AUGUST 8, 2003   [Wednesday, August 6]    [Thursday, August 7]
9:00 am - 10:30 am
REFEREED PAPERS HARDENING II Session Chair: Steve Bellovin, AT&T Labs--Research Preventing Privilege Escalation Niels Provos, CITI, University of Michigan; Markus Friedl, GeNUA mbH; Peter Honeyman, CITI, University of Michigan Dynamic Detection and Prevention of Race Conditions in File Accesses Eugene Tsyrklevich and Bennet Yee, University of California, San Diego Improving Host Security with System Call Policies Niels Provos, CITI, University of Michigan	INVITED TALKS THE INTERNET IS TOO SECURE ALREADY Speaker: Eric Rescorla, RTFM, Inc. The cryptographers and COMSEC engineers have given us an incredible number of fundamental security primitives. We now have good versions of essentially all the tools we know how to build at all. These tools are so good that attacks which are either impractical or entirely theoretical are nevertheless considered major successes. At the same time, the vast majority of traffic on the Internet is completely unprotected. These two phenomena are not unrelated. The flip side of the praise given for finding relatively small vulnerabilities is the massive amount of effort that developers feel they have to expend on fixing (and preventing) even quite small vulnerabilities. The inevitable result is that designers spend much more time enhancing security protocols than figuring out how to deploy them in real applications.
10:30 am - 11:00 am   Break
11:00 am - 12:30 pm
REFEREED PAPERS THE ROAD LESS TRAVELED Session Chair: Dan Boneh, Stanford University Scrash: A System for Generating Secure Crash Information Pete Broadwell, Matt Harren, and Naveen Sastry, University of California, Berkeley Implementing and Testing a Virus Throttle Jamie Twycross and Matthew M. Williamson, Hewlett-Packard Labs, Bristol Establishing the Genuinity of Remote Computer Systems Rick Kennell and Leah H. Jamieson, Purdue University	INVITED TALKS THE CASE FOR ASSURANCE IN SECURITY PRODUCTS Speaker: Brian Snow, National Security Agency Security products need to work as intended, especially in the presence of malice. This requires considerable effort during all phases of the life cycle, from design, through evaluation and field use, to the eventual retirement of the product. The mechanisms that assure the customer of robust performance differ from one part of the life cycle to the next. They include technical enhancements, human processes, and legal constraints, among others. The talk offers views from three perspectives: research, security service and product provisioning, and education and training.
12:30 pm - 2:00 pm   Lunch (on your own)
2:00 pm - 3:30 pm
WORK-IN-PROGRESS REPORTS Chair: Kevin Fu, MIT Short, pithy, and fun, Work-in-Progress Reports introduce interesting new or ongoing work, and the USENIX audience provides valuable discussion and feedback. If you have work you would like to share or a cool idea that's not quite ready for publication, send a one- or two-paragraph summary to [email protected]. We are particularly interested in presenting students' work. A schedule of presentations will be posted at the conference, and the speakers will be notified in advance. Work-in-Progress reports are five-minute presentations; the time limit will be strictly enforced.