November 1-4, 1999
Kent Ridge Digital Labs
- Tutorial 1 -- "Role Based Access Control" by Prof. Ravi Sandhu
Half day ( 9:30am - 12:30pm, 1 November, 1999)
Role based access control has become widely accepted as much better suited to the needs
of the commercial and non-classified government sectors as opposed to the classical discretionary and mandatory access controls. A critical mass of consensus has been reached on what constitutes role based access control (although debate continues on details). This tutorial will provide a comprehensive, self-contained and up-to-date review and analysis of the principles and practice of role-based access control. Topics include the RBAC96 model, the NIST RBAC model, administrative RBAC models and, RBAC implementation and RBAC for workflow systems.
Dr. Ravi Sandhu is Professor of Information and Software Engineering at George Mason University, Fairfax, Virginia and Director of the Laboratory for Information Security Technology at GMU. He earlier served on the Computer and Information Science faculty at Ohio State University, Columbus, Ohio. Dr. Sandhu received PhD and MS degrees from Rutgers University, and BTech and MTech degrees from IIT Bombay and Delhi respectively. His principal research and teaching interests are in Information and Systems Security. He teaches several popular graduate-level security courses at GMU and has lectured all over the world on this topic.
He has published over 130 technical papers on computer security in refereed journals, conference proceedings and books. He is the founding editor-in-chief of the new ACM Transactions on Information and Systems Security (TISSEC), and is security editor for IEEE Internet Computing. He has served on numerous Program and Conference Committees for Security related conferences, and also as Program Chair and General Chair on several occasions. He co-founded the ACM Conference on Computer and Communications Security and the ACM Workshop on Role-Based Access Control.
Dr. Sandhu has served as a security consultant to several organizations including Bell Atlantic, Network Associates, Internal Revenue Service, the Institute for Defense Analysis, AT&T, Lucent Technologies, SETA Corporation and NIST. He is currently Chairman of ACM's Special Interest Group on Security Audit and Control (SIGSAC). Dr. Sandhu's web page is at http://www.list.gmu.edu.
- Tutorial 2 -- "Internet Cryptography" by Bruce Schneier
Half day (2pm - 5pm, 4 November, 1999)
From encryption to digital signatures to electronic commerce to secure voting --
cryptography has become the enabling technology that allows us to take existing business
and social constructs and move them to computer networks.
This tutorial is about cryptography as it is used in the real world: the algorithms, the protocols, and the implementations. I'll stress the whats and the hows rather than the whys. Cryptography is important, but it's not the panacea it's often made out to be.
I'll talk about how cryptography works on the Internet. By allowing for confidentiality, authentication, integrity, fairness, and many other things, cryptography can transform the Internet into a serious business tool. The Internet community has developed all sorts of
security systems; we're going to talk about them.
Course topics include:
- Cryptography basics - symmetric and public-key, digital signatures, hash functions and MACs, random number generators
- Cryptographic protocols - key exchange secret sharing, authentication, certificates
- Up and coming technologies
- The regulatory environment
Bruce Schneier is founder and CTO of Counterpane Internet Security, Inc., a company offering managed security services on the Internet. He's the author of five books on cryptography and computer security, including Applied Cryptography, the definitive work in the field. He's the inventor of the Blowfish and Twofish encryption algorithms, and the Yarrow random number generator. He has written dozens of academic papers on cryptography and computer security, lectured widely on the topics, and has consulted for hundreds of Internet companies on cryptography and computer security. And he's entertaining.