18. ACSAC 2002: Las Vegas, NV, USA

18th Annual Computer Security Applications Conference (ACSAC 2002), 9-13 December 2002, Las Vegas, NV, USA. IEEE Computer Society 2002, ISBN 0-7695-1828-1

@proceedings{DBLP:conf/acsac/2002,
  title     = {18th Annual Computer Security Applications Conference (ACSAC
               2002), 9-13 December 2002, Las Vegas, NV, USA},
  booktitle = {ACSAC},
  publisher = {IEEE Computer Society},
  year      = {2002},
  isbn      = {0-7695-1828-1},
  bibsource = {DBLP, http://dblp.uni-trier.de}
}

Network Security I

Marcel Waldvogel:
GOSSIB vs. IP Traceback Rumors. 5-13
Giovanni Vigna, Fredrik Valeur, Jingyu Zhou, Richard A. Kemmerer:
Composable Tools For Network Discovery and Security Analysis. 14-24
Ronald W. Ritchey, Brian O'Berry, Steven Noel:
Representing TCP/IP Connectivity For Topological Analysis of Network Security. 25-34

Electronic Commerce

Victoria Ungureanu:
Regulating E-Commerce through Certified Contracts. 35-43
Hanno Langweg:
With Gaming Technology towards Secure User Interfaces. 44-50
Donghua Xu, Chenghuai Lu, André L. M. dos Santos:
Protecting Web Usage of Credit Cards Using One-Time Pad Cookie Encryption. 51-60

Mobile Security

Matthew M. Williamson:
Throttling Viruses: Restricting propagation to defeat malicious mobile code. 61-68
Weijiang Yu, Aloysius K. Mok:
Enforcing Resource Bound Safety for Mobile SNMP Agents. 69-77
Tuomas Aura, Michael Roe, Jari Arkko:
Security of Internet Location Management. 78-90

Forum

Dale M. Johnson:
Wireless Security: Vulnerabilities and Countermeasures. 91-95

Classic Papers

O. Sami Saydjari:
LOCK : An Historical Perspective. 96-108
Richard A. Kemmerer:
A Practical Approach to Identifying Storage and Timing Channels: Twenty Years Later. 109-118
Paul A. Karger, Roger R. Schell:
Thirty Years Later: Lessons from the Multics Security Evaluation. 119-148

Security Architecture

Blaise Gassend, Dwaine E. Clarke, Marten van Dijk, Srinivas Devadas:
Controlled Physical Random Functions. 149-160
Bogdan C. Popescu, Maarten van Steen, Andrew S. Tanenbaum:
A Security Architecture for Object-Based Distributed Systems. 161-171
John R. Douceur, Atul Adya, Josh Benaloh, William J. Bolosky, Gideon Yuval:
A Secure Directory Service based on Exclusive Encryption. 172-184

Invited Essayist Plenary

Daniel Geer, John Harthorne:
Penetration Testing: A Duet. 185-198

Protection against Malicious Software

Matthew Schmid, Frank Hill, Anup K. Ghosh:
Protecting Data from Malicious Software. 199-208
Kevin Scott, Jack W. Davidson:
Safe Virtual Execution Using Software Dynamic Translation. 209-218
Florian P. Buchholz, Thomas E. Daniels, James P. Early, Rajeev Gopalakrishna, R. Patrick Gorman, Benjamin A. Kuperman, Sofie Nystrom, Addam Schroll, Andrew Smith:
Digging For Worms, Fishing For Answers. 219-228

Access Control

Andreas Schaad, Jonathan D. Moffett:
A Framework for Organisational Control Principles. 229-238
Stefan Probst, Wolfgang Eßmayr, Edgar Weippl:
Reusable Components for Developing Security-Aware Application. 239-248
Michael J. Covington, Prahlad Fogla, Zhiyuan Zhan, Mustaque Ahamad:
A Context-Aware Security Architecture for Emerging Applications. 249-260

Network Security II

Roberto Barbieri, Danilo Bruschi, Emilia Rosti:
Voice over IPsec: Analysis and Solutions. 261-270
Michael Clifford:
Networking in The Solar Trust Model: Determining Optimal Trust Paths in a Decentralized Trust Network. 271-281
Malcolm Corney, Olivier Y. de Vel, Alison Anderson, George M. Mohay:
Gender-Preferential Text Mining of E-mail Discourse. 282-292

Forum

Duane Hybertson, A. Reedy, S. Chapin, M. Kirwan Jr.:
Enterprise Engineering And Security: Enterprise Frameworks and Architectures, and IA Patterns. 293-296
Cristina Serban, O. Sami Saydjari:
Themes and Highlights of the New Security Paradigms Workshop 2002. 297-300

Intrusion Detection

Thomas Toth, Christopher Krügel:
Evaluating the Impact of Automated Intrusion Response Mechanisms. 301-310
Peng Liu:
Architectures for Intrusion Tolerant Database Systems. 311-320
Dustin Lee, Jeff Rowe, Calvin Ko, Karl N. Levitt:
Detecting and Defending against Web-Server Fingerprinting. 321-332

Role-Based Access Contro

Axel Kern:
Advanced Features for Enterprise-Wide Role-Based Access Control. 333-342
Geetanjali Sampemane, Prasad Naldurg, Roy H. Campbell:
Access Control for Active Spaces. 343-352
Mohammad A. Al-Kahtani, Ravi S. Sandhu:
A Model for Attribute-Based User-Role Assignment. 353-364

Forum

Karl N. Levitt:
Intrusion Detection: Current Capabilities and Future Directions. 365-370

Experience Reports

Mary Ellen Zurko, Charlie Kaufman, Katherine Spanbauer, Chuck Bassett:
Did You Ever Have To Make Up Your Mind? What Notes Users Do When Faced With A Security Decision. 371-381
Andrew D. Marshall:
A Financial Institution's Legacy Mainframe Access Control System in Light of the Proposed NIST RBAC Standard. 382-390
Herbert Leitold, Arno Hollosi, Reinhard Posch:
Security Architecture of the Austrian Citizen Card Concept. 391-402

Detection

Frank Adelstein, Matthew Stillerman, Dexter Kozen:
Malicious Code Detection for Open Firmware. 403-412
John Haggerty, Qi Shi, Madjid Merabti:
Beyond the Perimeter: the Need for Early Detection of Denial of Service Attacks. 413-422
Michael Weber, Matthew Schmid, Michael Schatz, David Geyer:
A Toolkit for Detecting and Analyzing Malicious Software. 423