CINXE.COM

<!DOCTYPE html> <html lang="en" class="no-js no-jr"> <head><script type="text/javascript" src="/_static/js/bundle-playback.js?v=HxkREWBo" charset="utf-8"></script> <script type="text/javascript" src="/_static/js/wombat.js?v=txqj7nKC" charset="utf-8"></script> <script>window.RufflePlayer=window.RufflePlayer||{};window.RufflePlayer.config={"autoplay":"on","unmuteOverlay":"hidden"};</script> <script type="text/javascript" src="/_static/js/ruffle/ruffle.js"></script> <script type="text/javascript"> __wm.init("https://web.archive.org/web"); __wm.wombat("https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4887245/?report=reader","20220802230343","https://web.archive.org/","web","/_static/", "1659481423"); </script> <link rel="stylesheet" type="text/css" href="/_static/css/banner-styles.css?v=S1zqJCYt" /> <link rel="stylesheet" type="text/css" href="/_static/css/iconochive.css?v=3PDvdIFv" />  <meta charset="UTF-8"> <title>17th NATIONAL COMPUTER SECURITY CONFERENCE Baltimore, MD October 11–14, 1994</title>  <meta name="ncbi_app" content="pmc-frontend"/> <meta name="ncbi_db" content="pmc"/> <meta name="ncbi_phid" content="939B83402AA63EE50000482A8E785734.1.m_2"/>  <meta name="ncbi_pdid" content="article"/> <meta name="ncbi_op" content="retrieved"/> <meta name="ncbi_app_version" content="1.0.0.post1+5886d65"/> <meta name="ncbi_domain" content="jresnist"/> <meta name="ncbi_type" content="fulltext"/> <meta name="ncbi_report" content="reader"/> <meta name="ncbi_pcid" content="/articles/PMC4887245/?report=reader"/> <meta name="apple-mobile-web-app-capable" content="no"/><meta name="viewport" content="initial-scale=1,minimum-scale=1,user-scalable=yes,width=device-width"/><meta name="format-detection" content="telephone=no"/><link rel="canonical" href="https://web.archive.org/web/20220802230343/https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4887245/"/><link rel="schema.DC" href="http://purl.org/DC/elements/1.0/"/><meta name="citation_journal_title" content="Journal of Research of the National Institute of Standards and Technology"/><meta name="citation_title" content="17th NATIONAL COMPUTER SECURITY CONFERENCE Baltimore, MD October 11–14, 1994"/><meta name="citation_author" content="Dennis Gilbert"/><meta name="citation_publication_date" content="May-Jun 1995"/><meta name="citation_issue" content="3"/><meta name="citation_volume" content="100"/><meta name="citation_firstpage" content="301"/><meta name="citation_doi" content="10.6028/jres.100.023"/><meta name="citation_fulltext_html_url" content="/pmc/articles/PMC4887245/"/><meta name="citation_pmid" content="29151744"/><meta name="DC.Title" content="17th NATIONAL COMPUTER SECURITY CONFERENCE Baltimore, MD October 11–14, 1994"/><meta name="DC.Type" content="Text"/><meta name="DC.Publisher" content="National Institute of Standards and Technology"/><meta name="DC.Contributor" content="Dennis Gilbert"/><meta name="DC.Date" content="May-Jun 1995"/><meta name="DC.Identifier" content="10.6028/jres.100.023"/><meta name="DC.Language" content="en"/><meta property="og:title" content="17th NATIONAL COMPUTER SECURITY CONFERENCE Baltimore, MD October 11–14, 1994"/><meta property="og:type" content="article"/><meta property="og:url" content="https://web.archive.org/web/20220802230343/https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4887245/"/><meta property="og:site_name" content="PubMed Central (PMC)"/><meta property="og:image" content="https://web.archive.org/web/20220802230343im_/https://www.ncbi.nlm.nih.gov/corehtml/pmc/pmcgifs/pmc-logo-share.png?_=0"/><meta name="twitter:card" content="summary"/><meta name="twitter:site" content="@ncbi"/><meta name="citationexporter" content="backend:'https://api.ncbi.nlm.nih.gov/lit/ctxp/v1/pmc/'"/><meta name="pmcaccid" content="PMC4887245"/> <style>.hidden {display: none!important}</style><link href="//web.archive.org/web/20220802230343cs_/https://fonts.googleapis.com/css?family=Archivo+Narrow:400,700,400italic,700italic&subset=latin" rel="stylesheet" type="text/css"/><link rel="stylesheet" href="/web/20220802230343cs_/https://www.ncbi.nlm.nih.gov/corehtml/pmc/jatsreader/ptpmc_3.17.5/css/libs.min.css"/><link rel="stylesheet" href="/web/20220802230343cs_/https://www.ncbi.nlm.nih.gov/corehtml/pmc/jatsreader/ptpmc_3.17.5/css/jr.min.css"/><script type="text/javascript" src="/web/20220802230343js_/https://www.ncbi.nlm.nih.gov/corehtml/pmc/jatsreader/ptpmc_3.17.5/js/jr.boots.min.js"> </script> </head> <body> <div id="jr" data-jr-path="/corehtml/pmc/jatsreader/ptpmc_3.17.5/"><div class="jr-unsupported"><div id="modal"><p><span class="attn inline-block"></span></p><p>You possibly have javascript turned off.</p><p>The functionality is limited to basic scrolling.</p><p>You may switch to <a href="/web/20220802230343/https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4887245/?report=classic" class="">Article in classic view</a>.</p></div></div><div id="jr-ui" class="hidden"><nav id="jr-head"><div class="flexh tb"><div id="jr-tb1"><a id="jr-links-sw" class="btn wsprkl hidden" title="Links"><img src="/web/20220802230343im_/https://www.ncbi.nlm.nih.gov/corehtml/pmc/jatsreader/ptpmc_3.17.5/img/pmc.logo.svg" alt="pmc logo" class="svg"/></a><a id="jr-alt-sw" class="btn wsprkl hidden" title="Alternative formats of the Article">Alt</a><a id="jr-pdf-sw" href="/web/20220802230343/https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4887245/pdf/j13ce-gil.pdf" class="btn wsprkl">PDF</a></div><div class="jr-rhead f1"><div class="t">17th NATIONAL COMPUTER SECURITY CONFERENCE Baltimore, MD October 11–14, 1994</div><div class="j"><a href="#" class="ctxp">J Res Natl Inst Stand Technol. 1995 May-Jun; 100(3): 301–309. </a></div></div><div id="jr-tb2"><a id="jr-help-sw" class="btn wsprkl hidden" title="Settings, typography and Help with NLM PubReader"><img src="/web/20220802230343im_/https://www.ncbi.nlm.nih.gov/corehtml/pmc/jatsreader/ptpmc_3.17.5/img/pmc.gear.svg" alt="settings & help" class="svg"/></a><a id="jr-fip-sw" class="btn wsprkl hidden" title="Find"><img src="/web/20220802230343im_/https://www.ncbi.nlm.nih.gov/corehtml/pmc/jatsreader/ptpmc_3.17.5/img/pmc.mg.svg" alt="Search on this page" class="svg"/></a><a id="jr-cmap-sw" class="btn wsprkl hidden" title="Article Navigation"><img src="/web/20220802230343im_/https://www.ncbi.nlm.nih.gov/corehtml/pmc/jatsreader/ptpmc_3.17.5/img/pmc.cmap.svg" alt="Table of Content" class="svg"/></a></div></div></nav><nav id="jr-dash" class="noselect"><div id="jr-pi" class="hidden"><a id="jr-pi-prev" class="hidden" title="Previous page"><svg xmlns="http://www.w3.org/2000/svg" width="24pt" height="24pt" viewbox="0 0 100 100" preserveaspectratio="none"><path d="M75,30 c-80,60 -80,0 0,60 c-30,-60 -30,0 0,-60"></path><text x="20" y="28" textlength="60" style="font-size:25px">Prev</text></svg></a><div class="pginfo">Page <i class="jr-pg-pn">0</i> of <i class="jr-pg-lp">0</i></div><a id="jr-pi-next" class="hidden" title="Next page"><svg xmlns="http://www.w3.org/2000/svg" width="24pt" height="24pt" viewbox="0 0 100 100" preserveaspectratio="none"><path d="M25,30c80,60 80,0 0,60 c30,-60 30,0 0,-60"></path><text x="20" y="28" textlength="60" style="font-size:25px">Next</text></svg></a></div><div id="jr-is-tb"><a id="jr-is-sw" class="btn wsprkl hidden" title="Switch between Figures/Tables strip and Progress bar"><svg xmlns="http://www.w3.org/2000/svg" width="24pt" height="24pt" viewbox="0 0 100 100" preserveaspectratio="none"><rect x="10" y="40" width="20" height="20"></rect><rect x="40" y="40" width="20" height="20"></rect><rect x="70" y="40" width="20" height="20"></rect></svg></a></div><nav id="jr-istrip" class="istrip hidden"><a id="jr-is-prev" href="#" class="hidden" title="Previous"><svg xmlns="http://www.w3.org/2000/svg" width="24pt" height="24pt" viewbox="0 0 100 100" preserveaspectratio="none"><path d="M80,40 60,65 80,90 70,90 50,65 70,40z M50,40 30,65 50,90 40,90 20,65 40,40z"></path><text x="35" y="25" textlength="60" style="font-size:25px">Prev</text></svg></a><a id="jr-is-next" href="#" class="hidden" title="Next"><svg xmlns="http://www.w3.org/2000/svg" width="24pt" height="24pt" viewbox="0 0 100 100" preserveaspectratio="none"><path d="M20,40 40,65 20,90 30,90 50,65 30,40z M50,40 70,65 50,90 60,90 80,65 60,40z"></path><text x="15" y="25" textlength="60" style="font-size:25px">Next</text></svg></a></nav><nav id="jr-progress"></nav></nav><aside id="jr-links-p" class="hidden flexv"><div class="tb sk-htbar flexh"><div><a class="jr-p-close btn wsprkl">Done</a></div><div class="title-text f1">Links</div></div><div class="cnt lol f1"><a class="navlink" href="/web/20220802230343/https://www.ncbi.nlm.nih.gov/pmc/">PMC Home</a><a href="/web/20220802230343/https://www.ncbi.nlm.nih.gov/pmc/journals/" class="navlink">Journal List</a><a class="navlink" href="/web/20220802230343/https://www.ncbi.nlm.nih.gov/pmc/journals/2767/">J Res Natl Inst Stand Technol</a><a class="navlink" href="/web/20220802230343/https://www.ncbi.nlm.nih.gov/pmc/issues/270273/">v.100(3); May-Jun 1995</a><a class="btn share" target="_blank" rel="noopener noreferrer" href="https://web.archive.org/web/20220802230343/https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.ncbi.nlm.nih.gov%2Fpmc%2Farticles%2FPMC4887245%2F"><img src="/web/20220802230343im_/https://www.ncbi.nlm.nih.gov/corehtml/pmc/jatsreader/ptpmc_3.17.5/img/pmc.fb.svg" alt="Facebook's f logo" class="svg" style="float:right;padding:3px"/>Share on Facebook</a><a class="btn share" target="_blank" rel="noopener noreferrer" href="https://web.archive.org/web/20220802230343/https://twitter.com/intent/tweet?url=https%3A%2F%2Fwww.ncbi.nlm.nih.gov%2Fpmc%2Farticles%2FPMC4887245%2F&text=17th%20NATIONAL%20COMPUTER%20SECURITY%20CONFERENCE%20Baltimore%2C%20MD%20October%2011%0201314%2C%201994"><img src="/web/20220802230343im_/https://www.ncbi.nlm.nih.gov/corehtml/pmc/jatsreader/ptpmc_3.17.5/img/pmc.twitter.svg" alt="Twitter t logo" class="svg" style="float:right;padding:3px"/>Share on Twitter</a><a class="btn feedback" target="_blank" rel="noopener noreferrer nofollow" href="https://web.archive.org/web/20220802230343/https://support.nlm.nih.gov/support/create-case/?from=https://www.ncbi.nlm.nih.gov/" ref="linksrc=feedback_btn">Feedback</a></div></aside><aside id="jr-alt-p" class="hidden flexv"><div class="tb sk-htbar flexh"><div><a class="jr-p-close btn wsprkl">Done</a></div><div class="title-text f1">Alternative formats</div></div><div class="cnt lol f1"><a href="/web/20220802230343/https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4887245/?report=classic" class="">Article in classic view</a><a href="/web/20220802230343/https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4887245/pdf/j13ce-gil.pdf" class="int-view">PDF (712K)</a><a class="citationexporter ctxp" href="#" data-citationid="PMC4887245" role="button">Cite</a></div></aside><aside id="jr-cmap-p" class="hidden flexv"><div class="tb sk-htbar flexh"><div><a class="jr-p-close btn wsprkl">Done</a></div><div class="title-text f1">Article navigation</div></div><div class="cnt lol f1"></div></aside><aside id="jr-help-p" class="hidden flexv"><div class="tb sk-htbar flexh"><div><a class="jr-p-close btn wsprkl">Done</a></div><div class="title-text f1">Settings & Help</div></div><div class="cnt f1"><div id="jr-typo-p" class="typo"><div><a class="sf btn wsprkl">A-</a><a class="lf btn wsprkl">A+</a></div><div><a class="bcol-auto btn wsprkl"><svg xmlns="http://www.w3.org/2000/svg" width="24pt" height="24pt" viewbox="0 0 200 100" preserveaspectratio="none"><text x="10" y="70" style="font-size:60px;font-family: Trebuchet MS, ArialMT, Arial, sans-serif" textlength="180">AUTO</text></svg></a><a class="bcol-1 btn wsprkl"><svg xmlns="http://www.w3.org/2000/svg" width="24pt" height="24pt" viewbox="0 0 100 100" preserveaspectratio="none"><path d="M15,25 85,25zM15,40 85,40zM15,55 85,55zM15,70 85,70z"></path></svg></a><a class="bcol-2 btn wsprkl"><svg xmlns="http://www.w3.org/2000/svg" width="24pt" height="24pt" viewbox="0 0 100 100" preserveaspectratio="none"><path d="M5,25 45,25z M55,25 95,25zM5,40 45,40z M55,40 95,40zM5,55 45,55z M55,55 95,55zM5,70 45,70z M55,70 95,70z"></path></svg></a></div></div><div class="lol"><a id="jr-helpobj-sw" data-path="/corehtml/pmc/jatsreader/ptpmc_3.17.5/" data-href="/corehtml/pmc/jatsreader/ptpmc_3.17.5/img/help.xml" href="">Help with PubReader</a><a href="/web/20220802230343/https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4887245/?report=classic" class="">Switch to classic view</a><a id="jr-about-sw" data-path="/corehtml/pmc/jatsreader/ptpmc_3.17.5/" data-href="/corehtml/pmc/jatsreader/ptpmc_3.17.5/img/about.xml" href="">About PubReader</a></div></div></aside><aside id="jr-objectbox" class="thidden hidden"><div class="jr-objectbox-close wsprkl">✘</div><div class="jr-objectbox-inner cnt"><div class="jr-objectbox-drawer"></div></div></aside><nav id="jr-pm-left" class="hidden"><svg xmlns="http://www.w3.org/2000/svg" width="24pt" height="24pt" viewbox="0 0 100 1000" preserveaspectratio="none"><text x="850" y="-20" transform="rotate(90)" textlength="150" font-size="23">Previous Page</text></svg></nav><nav id="jr-pm-right" class="hidden"><svg xmlns="http://www.w3.org/2000/svg" width="24pt" height="24pt" viewbox="0 0 100 1000" preserveaspectratio="none"><text x="850" y="-70" transform="rotate(90)" textlength="150" font-size="23">Next Page</text></svg></nav><nav id="jr-fip" class="hidden"><nav id="jr-fip-term-p"><input type="search" placeholder="search this page" id="jr-fip-term" autocorrect="off" autocomplete="off"/><a id="jr-fip-mg" class="wsprkl btn" title="Find"><img src="/web/20220802230343im_/https://www.ncbi.nlm.nih.gov/corehtml/pmc/jatsreader/ptpmc_3.17.5/img/pmc.mg.svg" alt="Find" class="svg"/></a><a id="jr-fip-done" class="wsprkl btn" title="Dismiss find">✘</a></nav><nav id="jr-fip-info-p"><a id="jr-fip-prev" class="wsprkl btn" title="Jump to previuos match">◀</a><button id="jr-fip-matches">no matches yet</button><a id="jr-fip-next" class="wsprkl btn" title="Jump to next match">▶</a></nav></nav></div><div id="jr-epub-interstitial" class="hidden"><h2 role="dialog">Making articles easier to read in PMC</h2><div class="contentpane"><p> We are experimenting with display styles that make it easier to read articles in PMC. The ePub format uses eBook readers, which have several "ease of reading" features already built in. </p><p> The ePub format is best viewed in the iBooks reader. You may notice problems with the display of certain parts of an article in other eReaders. </p><p> Generating an ePub file may take a long time, please be patient. </p></div><div class="buttonpane lol"><a id="cancelEpub" style="float: right">Cancel</a><a id="downloadEpub" style="float: left">Download article</a></div></div><a id="jr-welcome-trigger" class="hidden">t</a><div id="jr-welcome" class="hidden"><h2 role="dialog">Welcome to PubReader!</h2><div class="contentpane"><p> Click on <a class="btn"><img src="/web/20220802230343im_/https://www.ncbi.nlm.nih.gov/corehtml/pmc/jatsreader/ptpmc_3.17.5/img/pmc.gear.svg" alt="settings & help" class="svg"/></a> above to: </p><ul><li>Get help with PubReader, or </li><li>Switch to the classic article view.</li></ul></div><div class="buttonpane lol"><a id="okayWelcome" class="btn centerbutton">Okay</a></div></div><div id="jr-content"><article data-type="main" class="slang-all"><div class="jr-jresnist jrb"><div class="t"><a href="//web.archive.org/web/20220802230343/https://doi.org/10.6028/jres.100.023">Journal of Research of the National Institute of Standards and Technology</a></div><div class="p">National Institute of Standards and Technology</div></div><header class="fm-sec"><h1 class="content-title">17th NATIONAL COMPUTER SECURITY CONFERENCE Baltimore, MD October 11–14, 1994</h1><p class="contribs">Dennis Gilbert</p><p class="fm-aai"><a href="#__ffn_sectitle">Additional article information</a></p></header><div id="__sec1" class="tsec sec"><h2 class="head no_bottom_margin" id="__sec1title">1. Introduction</h2><p id="__p1" class="p p-first">Annually, the National Institute of Standards and Technology (NIST), Department of Commerce (DOC), and the National Computer Security Center (NCSC), National Security Agency (NSA), co-sponsor the National Computer Security Conference. The conference, most recently in its 17th edition (NCSC17), is a major event on the computer security conference calendar, bringing attendees together with leaders in the field, who report on their research and share experiences. Reflecting the need to more fully appreciate and practically deal with the major technical and social waves of change that we are experiencing, the theme of this year’s conference was <em>Communicating our Discipline: Strategies for the Emerging Information Infrastructures.</em></p><p id="__p2" class="p p-last">A large, diverse national and international audience attended the conference, with approximately 2,000 representing government, industry, and academe. NCSC17 provided a forum for technology interchange among system developers, and an opportunity for computer users to exchange ideas and learn about the latest methodologies to apply current computer and information security technology. Many reported that among the most valuable aspects of the conference was the opportunity for contemporaries to network, share information and experiences, and gain new perspectives through the conference’s many and varied activities.</p></div><div id="__sec2" class="tsec sec"><h2 class="head no_bottom_margin" id="__sec2title">2. Conference Program Highlights</h2><p id="__p3" class="p p-first">This year, main conference tracks focused on research and development, architecture and standards, applications and integration, management and administration, and tutorials for those new to the computer security field. Each track provided eleven 1½ hour sessions of peer-reviewed (i.e., refereed) papers, panel discussions, and/or presentations on basic subject matter. Another offering, <em>The Learning Track</em>, explored a variety of issues concerning information technology (IT) security education, training, awareness and professional development. There were also two special sessions devoted to progress on international harmonization efforts and the Common Criteria project. (See Special Sessions on the Common Criteria, below.)</p><p id="__p4">At another special session, chaired by NIST’s Computer Systems Laboratory Associate Director for Computer Security, F. Lynn McNulty, NIST announced and explained a set of NIST and DOC positions on the availability and applicability of the Digital Signature Standard, highlighting that the standard can now be used without fear of copyright infringement concerns.</p><p id="__p5" class="p">The opening plenary session featured an address by Sally Katzen, Administrator of the Office of Management and Budget’s (OMB’s) Office of Information and Regulatory Affairs, the presentation of the Conference’s annual System Security Award, and an address by the awardee, Donn B. Parker of SRI International. Ms. Katzen offered insights about the role of the national information infrastructure (NII) in the changing way government does business and delivers its services. Mr. Parker spoke to the need for the security community to broaden its perspective beyond the traditional emphasis on confidentiality, integrity, and availability. (See Sec. 3.) The closing plenary session offered a lively discussion among a panel of distinguished experts on the subject of <em>Security, Privacy, and Protection Issues in the Emerging Information Infrastructure.</em></p><div id="__sec3" class="sec"><h3 id="__sec3title">2.1 Research and Development Track</h3><p id="__p6" class="p p-first">The <em>Research and Development Track</em> traditionally addresses technical R&D efforts, including security models and intrusion detection. (A security model is a set of rules and conditions for controlling a user’s access to information resources. Intrusion detection refers to the tools and techniques for detecting that a computer system has been intruded upon or used in an unauthorized way, so that appropriate remedial action can be taken.) As in past years, intrusion detection was a significant area of interest. In a session chaired by R. Bace, NSA, intrusion detection was examined from the perspectives of design methodologies, a model for pattern matching, and current and future applications of artificial intelligence. (See Sec. 4.)</p><p id="__p7">Two sessions explicitly addressed another traditional area of interest in this track, access control (i.e., the process of limiting access to resources to authorized users, programs, processes, or other networks). A panel session, chaired by H. Feinstein, SETA Corp., looked at the future of role-based access control (RBAC), in terms of structure, mechanisms, the environment in which they operate, and how RBAC differs from the traditional trusted system security model (i.e., Bell-Lapadula).</p><p id="__p8">In another session, chaired by D. Cooper, Unisys, one paper described a specific access control model for achieving separation of duties, and two other papers examined architectures for RBAC and a means of implementing RBAC in a trusted on-line, transaction processing environment.</p><p id="__p9">Another panel, chaired by R. Nelson, Information Systems Security, explored non-traditional strategies for using fuzzy security as a means for building flexibility and functionality into trusted systems from a risk management perspective.</p><p id="__p10">In related sessions, M. Schaefer, Arca Systems, Inc. (Arca), chaired a paper session which looked at models addressing the development of secure database systems, and B. Thuraisingham, MITRE Corp., chaired a panel which focused on the inference problem in these systems.</p><p id="__p11">Other sessions in this track included panel sessions on: <em>Key Escrowing: Today and Tomorrow</em>, chaired by M. Smid, NIST; and <em>The Security Association Management Protocol (SAMP)</em>, chaired by Maj T. Hewitt, USAF6, NSA, the latter addressing security services for communications. Another session presented papers on security in networks and distributed systems, chaired by D. Schnackenberg, Boeing Defense & Space Group; and still another, chaired by S. Jajodia, George Mason University, offered papers on formal methods and modeling regarding secure systems.</p><p id="__p12" class="p p-last">To share the learnings from other IT security forums, a panel chaired by E. Leighninger presented the <em>Highlights of the New Security Paradigms ‘94 Workshop.</em> Topics included were: fuzzy patterns in data; a health information architecture; applying formal semantics in multilevel logic databases; and the relationships among communication, information security, and value.</p></div><div id="__sec4" class="sec"><h3 id="__sec4title">2.2 Architecture and Standards Track</h3><p id="__p13" class="p p-first">The <em>Architecture and Standards Track</em>, new to this year’s conference, focused on a variety of architectures and standards that are evolving to deal with emerging technical environments in the federal (DoD and civilian) and private sectors.</p><p id="__p14">One panel, chaired by M. Swanson, NIST, addressed <em>The Development of Generally Accepted System Security Principles (GSSPs).</em> GSSPs were among a set of recommendations made in a National Research Council Study Report, <em>Computers at Risk</em>, published in 1991. (See Sec. 2.4.) Discussed were the GSSPs that NIST is developing under the auspices of Information Systems Security Association (ISSA) in coordination with OMB and with technical assistance from NSA.</p><p id="__p15">In a paper session chaired by W. Jansen, NIST, attendees learned about three differing approaches to security standards, including a taxonomy for viewing and developing them, the use of graphical displays and symantic networks, and vulnerabilities in the use of random pronounceable password generators.</p><p id="__p16">Two other sessions presented varying perspectives on issues related to national and international security criteria and assurance. A panel session chaired by P. Toth, NIST, included results of two workshops on assurance, and a paper session chaired by G. Wagner, NSA, looked at the development history for related procurement guidance.</p><p id="__p17">A panel session co-chaired by E. Flahavin, NIST, and J. Sachs, Arca, examined new challenges for certification and accreditation (C&A) from a variety of government perspectives, especially in environments where system and product interconnectivity and interoperability are at issue. An international panel, chaired by K. Keus, German Information Security Agency (GISA), Germany, looked at product and system certification from the perspectives of representatives of certification bodies of the European Community. (C&A refers to the evaluation of the technical and non-technical security controls to: determine whether a specified set of security requirements are met; and support an official authorization by an appropriate management approving authority, to place a system employing a prescribed set of safeguards into operational use.)</p><p id="__p18">Three sessions focused on security architectures. A panel session chaired by W. T. Polk, NIST, discussed the evolving Department of Defense (DoD) Goal Security Architecture, which reflects requirements for the support of multiple security policies, distributed information processing, conductivity by common carriers, users with different security attributes, and resources with varying degrees of security protection. A paper session chaired by H. Weiss, SPARTA, Inc., and a panel session co-chaired by R. Schell, Novell, GSA, and B. Dwyer, Hewlett-Packard, DCE, focused on related concerns in networked environments, including prominent industry-sponsored security architectures currently under development.</p><p id="__p19" class="p p-last">In a two-session minitrack, chaired by J. Sheldon, USA, DISA/CISS, panelists explored current applications and future directions of multilevel security (MLS) (i.e., security in systems which permit access to those possessing different levels of permission). Included was an overview of the NSA Multilevel Information System Security Initiative (MISSI). (See Sec. 6.)</p></div><div id="__sec5" class="sec"><h3 id="__sec5title">2.3 Applications and Integration Track</h3><p id="__p20" class="p p-first">The means by which security technology is being applied and how security products are being evaluated and integrated into secure systems was the focus of the <em>Applications and Integration Track.</em> Of special interest at this year’s conference were the Internet, the NII, and how to achieve security in these environments. One approach to Internet security is through the use of a “firewall,” (i.e., the use of a computer that is placed between the local area network (LAN) and the wide area network (WAN) or global area network (GAN)). An overflow panel session, chaired by J. Wack, NIST, discussed how firewalls work, security policies that can be implemented by means of firewalls, and comparisons of how different firewall configurations support restricted access. Similarly, <em>Provisions to Improve Security on the Internet</em>, chaired by J. David, examined what the Internet has done to promote network security, and what steps can be taken to quickly and easily reduce specific risks. <em>Can Your Net Work Securely?</em>, chaired by P. Neumann, SRI, examined issues related to the often occurring situation in which distributed systems need to rely on components whose trustworthiness cannot be assured.</p><p id="__p21"><em>Operational Security Enhancements</em>, chaired by D. Dodson, NIST, provided a set of papers which looked at ways to improve security in Unix and C2 DOS/Windows-based personal computers, as well as a hardware device for system/data integrity and malicious code protection. Providing multi-vendor interoperability among security-enhanced and traditional UNIX systems was covered in the <em>Trusted Systems Interoperability Group</em> panel, chaired by S. Wisseman, Arca, which looked at the TSIG’s related efforts since 1989.</p><p id="__p22">Complementing the intrusion detection presentations (see Sec. 2.1), <em>Proven Detection Tools For Intrusion Prevention</em>, chaired by M. Higgins, DISA/CISS, took the audience through detection scenarios and lessons learned from the operational implementation of tools.</p><p id="__p23">Various aspects of system integration were further addressed in <em>Putting Trusted Products Together</em>, chaired by B. Burnham, NSA, including ways to approach analysis partitioning and composition analysis. Acquiring MLS system solutions was further debated among the key players in a panel session chaired by J. Sachs, Arca. Paper session <em>Security Implementations</em>, chaired by J. Anderson, J. P. Anderson Co., described a variety of security implementations,including thoseinbattlefield, customer network, and academic computing environments. The latter describing a mechanism that was developed to connect dispersed computing resources to achieve distributed processing while not eliminating local control. Panel session, <em>NSA Concurrent Systems Security Engineering Support</em>, chaired by B. Hildreth, NSA, looked at NSA’s Test <em>&</em> Evaluation Community Network, which must evolve the capability for simultaneously processing unclassified and classified data while supporting both cleared and uncleared users.</p><p id="__p24" class="p p-last">Finally, <em>Views on Vulnerability</em>, chaired by R. Wood, NSA, addressed computer system vulnerabilities by looking at: evaluating information in computerized alarm systems; a tool for C&A support in DoD automated information systems (AISs); and using a financial management approach for selecting risk management-based safeguards.</p></div><div id="__sec6" class="sec"><h3 id="__sec6title">2.4 Management and Administration Track</h3><p id="__p25" class="p p-first">The <em>Management and Administration Track</em> concentrated on subjects in the management and administration of the security function and the information systems which they support.</p><p id="__p26">Security in organizations can be improved by learning from the experiences of and modeling programs after those that have robust security programs in place. To this end, an informative and lively session, <em>Model Information Security Programs</em>, chaired by R. Owen, Jr., Texas Office of the Attorney General, examined IT security programs from the state, federal, private, and academic sectors, highlighting their similarities and differences in areas such as requirements, security organization structure, security management process, and methods of security awareness.</p><p id="__p27">Continuing to explore the theme of his paper on social psychology and information security that won an Outstanding Paper Award at NCSC16, M. E. Kabay, National Computer Security Assn., chaired <em>Interdisciplinary Perspectives on INFOSEC.</em> In this panel, a diverse group of academics and practitioners, presented their thoughts as to how the insights of other disciplines can benefit the practice of IT security. Perspectives included anthropology, military science, ethics, psychology, theology, organizational development, and adult learning theory.</p><p id="__p28">Privacy continued to be a subject of strong interest in this track. A particularly lively discussion took place in <em>Medical Information Privacy: Current Legislative andStandards Activities</em>, chaired by M. Schwartz, Summit Medical Systems, Inc., which examined the technical and human issues generated by the currently available technology and practices in the medical arena.</p><p id="__p29">Another major theme in this track concerned computer ethics and computer crime. Among the sessions that directly addressed these areas were: <em>Ethical Issues in the National Information Infrastructure</em>, chaired by J. Williams, MITRE Corp., and <em>Detecting and Deterring Computer Crime</em>, chaired by J. Holleran, NSA. The former explored broad issues, such as equity vs risk, privacy vs accountability, privacy vs surveillance, and international ramifications. The latter paper session looked at intrusion threats, detection using application profiles, and computer crime deterrence. (See Sec. 4.) A third session, <em>Computer Crime on the Internet</em>, chaired by C. Axsmith, Esq., ManTech Strategies Associates, provided many views of these subjects as they apply to the Internet. A fourth session, <em>Risks and Threats</em>, chaired by D. Gambel, Northrup Grumman, was geared to better understanding the elements of security threats and improving the assessment of risks.</p><p id="__p30">The importance of process improvements was explored in <em>Current Issues & Trends in Trusted Product Evaluations</em>, a panel chaired by K. Bruso, NSA. Emphasis was on significant accomplishments in the area of trusted product evaluations during the past year, with special attention focused on two NSA assessment and evaluation programs.</p><p id="__p31">There is a growing appreciation of the role of the IT security professional in the operation of the AIS function and ensuring business continuity. The panel, <em>Do You Have the Skills to be a Future INFOSEC Professional?</em>, chaired by W. Maconachy, DISA/CISS, viewed, from the federal government, private sector, and academe perspectives, the types of skills and individual initiatives needed to keep pace with changing work environments and advancing technologies and management challenges.</p><p id="__p32">Another session, <em>Real Lessons</em>, chaired by J. Campbell, NSA, presented the audience with the lessons learned from real-world experiences in implementing security programs. Papers in this session addressed: security awareness in the persuasion of managers; the importance of workable network memorandums of agreement; and independent validation and verification of AISs.</p><p id="__p33" class="p p-last">In an exciting conclusion to this track, <em>Computers at Risk (CAR) Recommendations: Are They Still Valid?</em>, chaired by H. Tipton, CISSP, Member of the CAR Committee, Member of the GSSP Committee, provided a panel discussion that combined recent historical perspective and the lessons of practical experience. In this session, former members of the CAR committee revisited their recommendations in view of today’s information security environment.</p></div><div id="__sec7" class="sec"><h3 id="__sec7title">2.5 Tutorials and Presentations Track</h3><p id="__p34" class="p p-first">Each year’s conference features a tutorial track. This popular track provides newcomers to the field and others wishing to acquire or “refresh” basic security subject matter an opportunity to do so.</p><p id="__p35">As in the past, this year’s conference offered a set of tutorials on trusted systems, covering such subjects as: <em>Trust Concepts</em>, presented by C. Abzug, Information Resources Management College; <em>Trusted Networks</em>, presented by R. K. Bauer, Arca; <em>Trusted Databases</em>, presented by G. Smith, Arca; and <em>System Security Engineering, Certification, and Accreditation</em>, presented by J. Sachs, Arca, which focused on engineering and assessment issues in integrating MLS solutions using trusted products. C. Abzug additionally presented <em>Criteria Comparisons</em>, which focused on the differences and similarities of the national and international criteria of Canada, the United States, and Europe, in terms of value to security engineering, and as foundations for the Common Criteria.</p><p id="__p36">Two tutorials were presented by LtCdr A. Liddie, Royal Navy, Information Resources Management College<em>—Risk Management</em> and <em>Security in the Future.</em> The former focused on the overall risk management process, and the latter, co-presented with J. Sachs, Arca, looked at IT security and its role with respect to enterprises, applications, and information infrastructures.</p><p id="__p37" class="p p-last">Two other tutorials addressed security in specific software environments — <em>UNIX Security</em>, presented by E. Schultz, Arca, and <em>Windows NT Security</em>, presented by J. Williams, Arca. Another tutorial, <em>Information System Security Officer’s Challenges</em>, presented by C. Bressinger, DoD Security Institute, focused on the ongoing protection and accreditation of operational AISs. A concluding panel in this track, <em>IT Security Resources</em>, chaired by K. Everhart, NIST, offered attendees an overview of major electronic and nonelectronic sources of information on IT security and a discussion of emerging software standards to disseminate and access security-relevant information resources.</p></div><div id="__sec8" class="sec"><h3 id="__sec8title">2.6 Special Sessions on the Common Criteria</h3><p id="__p38" class="p p-first">The conference continued to reflect community interest evaluation criteria. In addition to the panel and paper sessions discussed in the <em>Standards and Architecture Track</em>, two special sessions were held this year related to international harmonization and the Common Criteria (CC). The CC project refers to the work performed by the U.S. and the European Communities (EC) to develop a common basis for evaluating the ability of products and systems to protect confidentiality of data and provide other security controls. Such evaluations are expected to reduce costs to users and vendors.</p><p id="__p39">In the first special session, <em>International Harmonization, the Common Criteria—Progress & Status</em>, chaired by E. Troy, NIST, representatives from the European Commission (UK, France, and Germany), Canada, and the United States discussed the CC project, schedules, documents used as input, and the public review process. An overview of the draft Common Criteria document was also presented.</p><p id="__p40" class="p p-last">In the second special session, <em>Security Requirements for Distributed Systems</em>, chaired by R. Dobry, NSA, panelists from NIST, NSA, the University of Maryland, and the Institute of Defense Analysis identified requirements for providing security for distributed systems and how they saw their efforts relating to the Common Criteria.</p></div><div id="__sec9" class="sec"><h3 id="__sec9title">2.7 The Learning Track</h3><p id="__p41" class="p p-first">Another feature of this year’s conference was <em>The Learning Track.</em> Meaningful security education, training, and awareness for all, and the availability of staff who can ensure that appropriate controls are in place, are part of an overall resource management strategy. The track was framed against the backdrop of an environment that is being shaped by both the emergence of the NII and increasing pressures on all to be more productive. There is also a renewed appreciation by public and private sector organizations about the need to cost-effectively protect information systems resources. The sessions focused on several efforts throughout the IT security community relating to learning initiatives and the professional development of security practitioners. The NIST-sponsored Federal Information Systems Security Educators’ Association (FISSEA) and the National Security Telecommunications and Information Systems Security Committee (NSTISSC)-sponsored Information Systems Security Education, Training, and Awareness (ETA) Working Group coordinated the track.</p><p id="__p42">To introduce the track, <em>Training Challenges of the 90s</em>, chaired by J. Pohly, CISS/FISSEA Chair, addressed the security demands that the NII will place on the workforce and the security professional, identified the challenges of complying with training mandates, and outlined proposed solutions.</p><p id="__p43">Training standards are seen as one element of the solution equation. In <em>Proposed New NIST Training Standards</em>, chaired by D. de Zafra, Public Health Service, a draft developed by FISSEA that is proposed to replace the NIST training guideline, NIST Special Publication 500-172, was discussed.</p><p id="__p44">A number of sessions in the track looked at the tools, resources, and methodologies for developing and delivering IT security training, and reported on related experiences. These sessions included: <em>Computer Security Resources that Work</em>, chaired by B. Cuffie, Social Security Administration; <em>Tools and Methodologies for Delivering Training</em>, chaired by J. Jelen, Public Health Service; and <em>Demonstrations on Computer Security Training Tools</em>, chaired by A. Stramella, National Cryptologic School. The latter focused on computer-based training packages, videos, and interactive learning tools.</p><p id="__p45">Two issues with which those responsible for IT security programs and security education, training, and awareness must continually deal are garnering management support, and relatedly, competing for budget dollars to implement programs. These issues were addressed in <em>Effective Marketing of the Computer Security Program to Management</em>, chaired by J. Hash, Social Security Administration, and <em>Training Events on a Shoestring Budget</em>, chaired by S. Pitcher, Department of Commerce, as panelists shared their real-world experiences.</p><p id="__p46">Professionalization and certification are increasingly recognized as integral to how the profession grows, nurtures, attracts, and retains IT security practitioners. <em>Information Systems Professionalism</em> — <em>Professional Development and Certification</em>, co-chaired by R. Koenig and H. Tipton, International Information Systems Security Certification Consortium (ISC)<sup>2</sup>, explored the current status and future directions of several initiatives underway to professionalize the community and certify the computer security professional.</p><p id="__p47" class="p p-last">A particularly interesting session in this track was <em>Adult Learning and Information Systems Security Training</em>, presented by E. Martin, Organization and Education Consultant. This session continued with the theme that IT security can benefit from the learnings of other disciplines. The session reviewed recent developmentsin methodology that offer more effective ways of teaching adults to use technical skills that also require individual judgement. It drew on the research and experiences of employer-sponsored training to examine lessons learned about methodologies in use, the basic concepts of adult learning, and the ways these principles can be applied to information systems security training. Concepts were demonstrated by means of experiential exercises.</p></div><div id="__sec10" class="sec sec-last"><h3 id="__sec10title">2.8 Closing Plenary</h3><p id="__p48" class="p p-first">The closing plenary featured a distinguished panel addressing <em>Security, Privacy, and Protection Issues in Emerging Information Infrastructures.</em> The panel was co-chaired by Professor Anthony Oettinger, Chairman, Program on Information Resources Policy, Harvard University, and Dr. Brian Kahin, Director, Information Infrastructure Project, Science, Technology and Public Policy Program, Harvard University. Other panelists were Robert Lucky, Vice President Applied Research, Bellcore, and Robert Wilson, MCI.</p><p id="__p49" class="p p-last">This interesting panel included lively exchanges among panel members and between the audience and the panel. Each panel member started with a brief statement of issues and perspectives. Overlapping topics included technology advances, pending and possible legislation, intellectual property concerns, major stakeholders, market restructuring, the convergence and integration of media and delivery systems, market share and other business concerns, protection of individual privacy and corporate/organizational proprietary information, other security and protection concerns, standards of due care, and global rather than national scope of the problems (i.e., global information infrastructure (GII vs NII)). One interesting comment came from audience member M. Kabay who said that not until insurance companies punished/rewarded those that avoided/embraced standards of appropriate care to protect their information systems, would significant progress be made. He challenged the community to exert the needed pressures to make that happen.</p></div></div><div id="__sec11" class="tsec sec"><h2 class="head no_bottom_margin" id="__sec11title">3. Outstanding Contributions to the Field</h2><p id="__p50" class="p p-first">A particularly satisfying event of each year’s conference is the recognition of an individual who has contributed significantly to the computer security community over an extended period of time. The recipient of this year’s Systems Security Award was Donn B. Parker, Senior Management Consultant, SRI, International. Mr. Parker has conducted extensive research on the human and technical factors involving cases, causes, and the prevention of computer crime, and has promoted a philosophy that security must be treated as a “people” problem, in addition to a technical problem. His research and five books have addressed computer crime, ethics, and information security management. He has contributed to many professional organizations in a variety of capacities. An international lecturer and management consultant, he has served leading businesses, the U.S. Congress, state legislatures, and government agencies. He also created SRI’s International Information Integrity Institute (14), which provides services to 60 of the world’s largest corporations.</p><p id="__p51" class="p p-last">Mr. Parker joins a distinguished list of previous Systems Security Award winners which includes Stephen Walker, Dr. Willis Ware, James P. Anderson, Dr. Roger Schell, Dr. Walter Tuchman, and Robert Courtney.</p></div><div id="__sec12" class="tsec sec"><h2 class="head no_bottom_margin" id="__sec12title">4. Outstanding Papers and Best Student Papers</h2><p id="__p52" class="p p-first">Two outstanding paper awards were presented at this year’s conference. One went to Sandford Sherizen, Ph.D., Data Security Systems, Inc., for his paper <em>Can Computer Crime Be Deterred?.</em> This is one of the few papers that has addressed the critical questions of whether computer crimes can be deterred and, if so, by what means. The author points out that we tend to emphasize the computer aspects much more than the criminal aspects in the prevention of computer crime. While deterrence is difficult to achieve, information security programs have essentially neglected attempts to make it work. The author reviews the research findings from criminological and legal studies of deterrence and applies these findings to computer crime prevention. Legislative, law enforcement, and organizational changes need to be made to effectively deter computer criminals. The author makes the case for changing the perceptions of employees and outsiders regarding the risks of getting caught in computer crime, as well as the perceived payoffs from such activities.</p><p id="__p53">The other outstanding paper award went to J. Frank, University of California, Davis for his paper <em>Artificial Intelligence and Intrusion Detection: Current and Future Directions.</em> Identification of attempted or ongoing attacks on computer systems and networks, or intrusion detection, is a growing concern for users and administrators of these systems, who rely on their secure operations. This concern increases with each new reported Internet attack. Previous approaches “by hand” to intrusion detection systems (IDSs) made it difficult to create robust, real-time systems. The author notes artificial intelligence (AI) techniques can be effectively applied to the problem, and surveys the methods by which this has been done. The difficulty and computational intensity involved with the activities of data reduction and behavior classification are described. Significantly, the author demonstrates how the use of the technique of feature selection can reduce computational overhead and improve classification of network connections.</p><p id="__p54" class="p p-last">Each year, the conference committee invites teachers in IT security-related disciplines to submit papers written by students in a degree program who have not been previously published. This year the conference program committee recognized two excellent student papers. The awards, both for papers in the area of intrusion detection, went to N. Puketza, University of California, Davis, (co-author K. Zhang, advisors B. Mukherjee and R. Olsson) for <em>Testing Intrusion Detection Systems: Design Methodologies and Results from an Early Prototype</em>, and S. Kumar, Purdue University, (co-author and advisor E. Spafford) for <em>A Pattern Matching Model for Misuse Intrusion Detection.</em></p></div><div id="__sec13" class="tsec sec"><h2 class="head no_bottom_margin" id="__sec13title">5. Awards Ceremony</h2><p id="__p55" class="p p-first-last">As in past years, the conference held a joint awards ceremony in which NIST and NCSC honored the vendors who had successfully developed products meeting the standards of their respective organizations. In the case of NIST, its Computer Security Division provides validation services for vendors to use in testing devices for conformance to security standards defined in three Federal Information Processing Standards (FIPS): Data Encryption Standard (DES), Computer Data Authentication, and Key Management Using ANSI X9.17. This year, many of the NIST awards were for the recently permitted software implementations of DES. In the case of NCSC, vendors are recognized who contribute to the availability of trusted products and who thereby expand the range of solutions customers can use to secure their data. The products are placed on the Evaluated Products List (EPL) following a successful evaluation against the Trusted Computer Systems Evaluation Criteria and its interpretations. (For further information, contact 301-975-2920 regarding the NIST awards and 410-859-4371 regarding the NCSC awards.)</p></div><div id="__sec14" class="tsec sec"><h2 class="head no_bottom_margin" id="__sec14title">6. Other Special Sessions and Demonstrations</h2><p id="__p56" class="p p-first">A number of other special sessions and demonstrations were available to attendees. These are listed in the following sections.</p><div id="__sec15" class="sec"><h3 id="__sec15title">6.1 Electronic Groupware Tools to Address IT Security Challenges</h3><p id="__p57" class="p p-first">Dr. Corey Schou, of Idaho State University (ISU), has developed an electronic group decision support system that has been effectively applied to a wide range of IT security questions, issues, and challenges. This has been demonstrated through a series of DACUM (Design-a-Curriculum) workshops at ISU, the results of which are contributing to the development of security awareness training materials; IT security curricula; a proposal to revise the NIST Training Guidelines (SP 500-172) with a more rigorous conceptual model for security training; a unified body of knowledge for security practitioners; and knowledge, skills and abilities (KSAs) and plans of instruction for various security-related job categories. The consensus among those who have taken part in the DACUMs, is that the technology can be effectively applied to a wider range of IT security questions, issues, and challenges beyond the DACUM arena.</p><p id="__p58" class="p p-last">This year, a portable, ten-station version of the system offered attendees the opportunity to participate in demonstrations and to “test drive” the system. They were able to view the results of the DACUM workshops and a large archive of security information developed at ISU to support the DACUMs. Two groups, one from the GSSP Committee and the other revising the NIST Training Guidelines, each reserved a session on the system to collaboratively “brainstorm” about elements of documents being developed. The former used the system to define the meaning of so-called “pervasive principles,” and the latter for learning objectives associated with AIS functional areas throughout the system life cycle.</p></div><div id="__sec16" class="sec"><h3 id="__sec16title">6.2 Demonstrations of Trusted System Interoperability Group (TSIG) MLS Technologies and Multilevel Information System Security Initiative (MISSI) Products</h3><p id="__p59" class="p p-first-last">The TSIG offers an open forum for developers of secure networking systems and those who have a shared vision of making open trusted systems a reality. The MISSI is evolving a series of products which, when combined, provide security services for a variety of MLS environments. These vendor demonstrations showed how many different MLS hardware devices and applications are used in stand-alone and integrated, real-world environments.</p></div><div id="__sec17" class="sec"><h3 id="__sec17title">6.3 European Community IT Security Evaluations</h3><p id="__p60" class="p p-first-last">The Information Technology Security Evaluation Facilities (ITSEF) in Europe and the European certification bodies reported on the system and security product evaluations being performed under its program, and demonstrated the product evaluation methodology.</p></div><div id="__sec18" class="sec"><h3 id="__sec18title">6.4 Defense Information Systems Agency (DISA)/Center for Information Systems Security (CISS)</h3><p id="__p61" class="p p-first-last">CISS, which is jointly-staffed by DISA and NSA, presented displays and demonstrations to showcase services and products that directly support DoD, including demonstrations by the Automated Systems Security Incident Support Team (ASSIST).</p></div><div id="__sec19" class="sec"><h3 id="__sec19title">6.5 Air Force C4 Systems Security Initiatives</h3><p id="__p62" class="p p-first-last">Presented were overviews of Air Force system security initiatives, including demonstrations on intrusion detection and risk management.</p></div><div id="__sec20" class="sec sec-last"><h3 id="__sec20title">6.6 Intrusion Detection Workshop</h3><p id="__p63" class="p p-first-last">This workshop consisted of several short presentations and discussion periods, including progress reports on development projects; experiences; auditing, legal, privacy, and network security issues; intrusion scenarios; new detection techniques; incident response; and intrusion detection systems requirements.</p></div></div><div id="__sec21" class="tsec sec"><h2 class="head no_bottom_margin" id="__sec21title">7. Other Activities of Interest</h2><p id="__p64" class="p p-first-last">Other activities of interest at the conference included NIST and NSA awareness and information booths where a variety of technical and other publications from each organization were available, including NIST Computer Systems Laboratory (CSL) Bulletins and NSA’s Rainbow Series; demonstrations of NSA’s Dockmaster and NIST’s Computer Security Resources Clearinghouse, each of which offers a wide variety of IT security information through dial-in and Internet access; demonstration of a computer-aided instruction course that was developed by NSA to provide basic-level security information; a combined book exhibit representing a selection of leading publishing firms and the latest selections in computer security, presented by Association Book Exhibit; a booth at which the professional organization Information Systems Security Association (ISSA) presented information and recent newsletters, resource guides, and technical publications; and birds-of-a-feather (BOF) rooms which were used by groups to address self-defined areas of interest.</p></div><div id="__sec22" class="tsec sec"><h2 class="head no_bottom_margin" id="__sec22title">8. Next Year’s Conference</h2><p id="__p65" class="p p-first-last">Next year’s conference, the 18th in the series, will be named the National Information System Security Conference. NISSC18 will be held October 10–13, 1995 at the Baltimore Convention Center. For further information, contact the NIST Conference Office, (301)975-2775.</p></div><div id="__sec23" class="tsec sec"><h2 class="head no_bottom_margin" id="__sec23title">9. To Obtain the Conference Proceedings</h2><p id="__p66" class="p p-first">Single copies of the 742-page NCSC17 conference proceedings are available upon request. Please contact NIST CSL Publications at (301)975-2821.</p><p id="__p67" class="p p-last">We are considering putting future conference proceedings, plus additional security-related information, on a CDROM, along with appropriate retrieval capability. Our objective is to keep the price at a minimum, but sufficient to cover expenses. For further information, please contact: (301)975-3359.</p></div><div id="__ffn_sec" class="tsec sec"><h2 class="head no_bottom_margin" id="__ffn_sectitle">Article information</h2><div class="fm-sec"><div class="fm-flexbox"><div class="fm-citation"><div class="citation-default"><div class="part1"><span id="pmcmata">J Res Natl Inst Stand Technol.</span> 1995 May-Jun; 100(3): 301–309. </div><div class="part2"> <span class="doi"><span>doi: </span><a href="//web.archive.org/web/20220802230343/https://doi.org/10.6028%2Fjres.100.023" target="_blank" rel="noopener noreferrer">10.6028/jres.100.023</a></span></div></div></div><div class="fm-ids"><div class="fm-citation-pmcid"><span class="fm-citation-ids-label">PMCID: </span><span>PMC4887245</span></div><div class="fm-citation-pmid">PMID: <a href="https://web.archive.org/web/20220802230343/https://pubmed.ncbi.nlm.nih.gov/29151744">29151744</a></div></div></div><div class="half_rhythm"><div class="contrib-group fm-author"><a href="https://web.archive.org/web/20220802230343/https://pubmed.ncbi.nlm.nih.gov/?term=Gilbert%20D%5BAuthor%5D">Dennis Gilbert</a></div><div style="display:none" class="contrib-group aff-tip"></div></div><div class="half_rhythm"><div class="fm-authors-info half_rhythm"><div class="fm-affl" id="af1-j13ce-gil">Computer Security Division, National Institute of Standards and Technology, Gaithersburg, MD 20899-0001</div></div><div class="fm-article-notes half_rhythm"></div><div class="permissions half_rhythm"><div class="fm-copyright half_rhythm"><a href="/web/20220802230343/https://www.ncbi.nlm.nih.gov/pmc/about/copyright/">Copyright notice</a> </div><div class="license half_rhythm">The Journal of Research of the National Institute of Standards and Technology is a publication of the U.S. Government. The papers are in the public domain and are not subject to copyright in the United States. Articles from J Res may contain photographs or illustrations copyrighted by other commercial organizations or individuals that may not be used without obtaining prior approval from the holder of the copyright.</div></div></div><div id="pmclinksbox" class="links-box whole_rhythm hidden" role="complementary" aria-label="Related or updated information about this article."></div><div class="courtesy-note whole_rhythm small"><div class="half_rhythm">Articles from <span class="acknowledgment-journal-title">Journal of Research of the National Institute of Standards and Technology</span> are provided here courtesy of <strong>National Institute of Standards and Technology</strong></div></div></div></div></article></div></div> <script src="/web/20220802230343js_/https://www.ncbi.nlm.nih.gov/corehtml/pmc/jatsreader/ptpmc_3.17.5/js/libs.min.js"> </script><script src="/web/20220802230343js_/https://www.ncbi.nlm.nih.gov/corehtml/pmc/jatsreader/ptpmc_3.17.5/js/jr.min.js"> </script><script type="text/javascript" src="/web/20220802230343js_/https://www.ncbi.nlm.nih.gov/core/mathjax/2.7.9/MathJax.js?config=/corehtml/pmc/js/mathjax-config-reader.3.4.js"> </script> <script type="text/javascript" src="https://web.archive.org/web/20220802230343js_/https://www.ncbi.nlm.nih.gov/core/pinger/pinger.js"> </script> </body> </html>