From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Wed, 27 Mar 1996 14:48:02 +0800
To: cypherpunks@toad.com
Subject: Call for Papers: Internet Privacy and Security
Message-ID: <01I2SPYPHUVS8ZDZ7I@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


Sorry if this has been on here before.
	-Allen

From: Phil Agre <pagre@weber.ucsd.edu>

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command.  For information on RRE, including instructions
for (un)subscribing, send an empty message to  rre-help@weber.ucsd.edu
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Date: Tue, 19 Mar 96 12:09:20 PST
From: RISKS List Owner <risko@csl.sri.com>
Subject: RISKS DIGEST 17.91

RISKS-LIST: Risks-Forum Digest  Tuesday 19 March 1996  Volume 17 : Issue 91

----------------------------------------------------------------------

Date: Fri, 15 Mar 1996 12:17:23 -0500
From: "Joseph M. Reagle Jr." <reagle@mit.edu>
Subject: Internet Privacy and Security, Call for Papers

                      CALL FOR PAPERS
           INTERNET PRIVACY AND SECURITY WORKSHOP
                   Haystack Observatory, MA
                      May 20-21, 1996
              Privacy and Security Working Group
                   Federal Networking Council
            Research Program on Communications Policy
    Center for Technology, Policy, and Industrial Development
              Massachusetts Institute of Technology

INVITATION

The Privacy and Security Working Group (PSWG) of the Federal Networking
Council (FNC) and the Research Program on Communications Policy of the
Center for Technology, Policy, and Industrial Development at the
Massachusetts Institute of Technology will hold an invitational workshop at
the Haystack Observatory outside of Boston, MA, on May 20-21, 1996. This
workshop is intended to bring Federal, academic and private sector
participants together in collaboration to develop strategies and potential
solutions related to Internet privacy and security.

Though a principal focus of the workshop will be on the Federal portion of
the Internet, the FNC recognizes that the Federal Internet is tightly
coupled with the Global Internet, whose security policies, practices, and
goals are complementary to those of the Federal Government. To define those
practices, procedures and goals, the PSWG has undertaken two major
initiatives:

- The Federal Internet Security Plan (FISP), which was developed as a
  scalable, continual improvement process, based on common principles 
  and mechanisms compatible with Internet community values and needs; and

- The Collaborations in Internet Security (CIS) project, an effort aimed
  at testing the strength of agency approaches to security and moving these
  technologies beyond individual agency networking environments and into
  both inter-agency and agency-commercial sector communications. The CIS
  will result in the development of a new and sustainable process for
  developing, integrating, and deploying security technologies that are
  interoperable at all levels of the Federal government and within the  
  commercial and academic sectors.

These initiatives are intended to highlight the critical interface between
Federal and commercial users and developers of Internet services and
technologies.

OBJECTIVES

This workshop will bring together principal players in the Federal  
and overall Internet community to discuss the problems and  
challenges of privacy and security on the Internet, and will:

- Identify critical issues, requirements, and recommendations related 
  to future Internet privacy and security research and development efforts;

- Describe "best practice" approaches to Internet privacy and security;

- Develop specific strategies for implementing Internet Security programs
  involving all sectors of the Internet community;

- Extend the Federal Internet Security Plan (FISP) by defining specific 
  implementations; and finally,

- Develop specific strategies for the migration of technologies from the
  individual RFC unit test stage to the integration of a complete functional
  managed system in the CIS test/demonstration/pilot projects.

SUBMISSIONS

Abstracts or complete paper drafts related to the topics listed  
above are welcome.  Accepted papers will be a part of the published  
record of the workshop.  All points of view on Federal policies  
affecting Internet privacy and security are welcome. Please make  
all electronic submissions in ASCII format.

For further information or to submit an abstract or paper contact:

     Internet Security and Privacy Workshop c/o Joseph Reagle
     Research Program on Communications Policy
     Massachusetts Institute of Technology
     One Amherst St. (E40-218)
     Cambridge, MA 02139
     Voice: (617) 253-4138.
     Fax:   (617) 253-7326
     papers@rpcp.mit.edu

SCHEDULE and DEADLINES

Call for papers - March 14, 1996
Abstracts Due   - April 14, 1996
Invitations to Participants - April 20, 1996
Revised/Completed papers due - May 19, 1996
Workshop - May 20-21, 1996

PARTICIPANTS

Participation in the workshop is by invitation, based primarily on  
submitted papers and abstracts.  Additional individuals may be  
invited to ensure that participation reflects a broad cross-section  
of the Internet community.

PROGRAM COMMITTEE

Dennis Branstad - Trusted Information Systems (TIS)
Rich Pethia - Computer Emergency Response Team (CERT)
Jeffrey Schiller - Massachusetts Institute of Technology (MIT)
Richard Solomon - Massachusetts Institute of Technology (MIT)
Rick Stevens - Department of Energy /Argonne National Labs (DOE)

STEERING COMMITTEE

Stephen Squires, DARPA (FNC/PSWG Co-Chair)
Dennis Steinauer, NIST (FNC/PSWG Co-Chair)
Tice DeYoung, NASA
Phillip Dykstra, Army Research Laboratory (ARL)
Mike Green, NSA
George Seweryniak, Department of Energy (DOE)
Walter Wiebe, Federal Networking Council (FNC)
                                                         
BACKGROUND

Federal Internet Security Plan: In September 1995, the PSWG published the
draft Federal Internet Security Plan (FISP).  The FISP is oriented toward a
scalable, continual improvement process, based on common principles and
mechanisms compatible with Internet community values and needs.  See
<http://www.fnc.gov/SWG.html>.  The plan addresses Internet security
requirements, including interoperability, from the perspective of the goals
and objectives outlined in the National Performance Review (NPR),
http://www.npr.gov/.  The Federal Networking Council developed this
framework in conjunction with its Advisory Committee which represents
industry, academia, and non-profit sectors.

Action Items, from the FISP, to be addressed during the Workshop:

Internet Security Policy and Policy Support Activities

* Establish overall Internet security policies
* Address security in all Federally supported NII pilots
* Coordinate Internet community involvement
* Establish an ongoing Internet threat database and assessment capability
* Identify legal and law enforcement issues

Internet Security and Technology Development

* Develop an Internet security maturity model
* Develop Internet security architecture
* Enhance Internet security services and protocols
* Develop a "Secure-Out-of-the-Box" endorsement
* Enhance application security

Internet Security Infrastructure

* Establish a set of Internet security interoperability testbeds
* Support privacy, authentication, certificate, and security services pilots
* Establish Internet security testing and evaluation capabilities
* Improve security incident handling capabilities
* Develop security self-assessment capabilities
* Establish effective secure software and document distribution mechanisms

Education and Awareness

* Compile Internet user and site profiles
* Encourage use of available security technologies
* Establish an Internet security information server
* Establish an Internet security symposium/workshop series
* Establish an Internet security fellowship program

Collaborations in Internet Security: With the Federal government's
ever-increasing dependency on computers and distributed systems, there is
great urgency for it to develop and employ enhanced information system
security technologies and practices. At the same time, these Federal
technologies must interoperate with those of the broader Internet community
(encompassing the private and academic sectors, along with the Federal
sector).

In recognition of these needs, the Federal Networking Council's Privacy &
Security Working Group (FNC/PSWG) has been awarded a National Performance
Review (NPR) Innovation Fund grant to compare and validate agency approaches
to security. This Collaborations in Internet Security (CIS) project aims to
test the strength of these technologies beyond individual agency networking
environments, emphasizing the inter-agency and agency-commercial sector
communications. The CIS will result in the development of a new and
sustainable process for developing, integrating, and deploying security
technology that is interoperable at all levels of the Federal Government and
within the commercial and academic sectors.

The governing principles behind the Security Testbeds include: employment of
an open process (with the activities and results open to participation and
comment by both public and private sector participants); a focus on
multivendor technologies; an emphasis on testing and experimentally
deploying security technologies emerging from research and private sectors
as well as security technologies currently in use in the commercial
environment; and an underlying objective to ensure interoperability among
the broad Internet community (federal, private, and academic). Initial tests
will include demonstrations of Kerberos v.5, testing of single-use
passwords, and digital signatures.  For more information, please see
(http://www.fnc.gov/cis_page.html)