Themes and Highlights of the New Security Paradigms Workshop 2000

Session Abstract This panel will highlight a selection of some of the most interesting and provocative papers from the 2000 New Security Paradigms Workshop (NSPW), held 19-21 September in Ballycotton, County Cork, Ireland . For nine years, NSPW has provided a productive and highly interactive forum in which innovated new approaches (and radical older approaches) to information security have been offered, refined, and published. This is a perennial and popular panel at NISSC. In keeping with the NSPW philosophy, this panel will challenge many of the dominant paradigms in information security. It will be highly interactive; in the NSPW tradition we expect lively exchanges between the panelists and the audience. Come prepared with an open mind and a willingness to question and comment on what our panelists present and be sure to strap on your seat belt! The panel will consist of four authors selected with great pain and difficulty from the great papers presented at the last NSPW. We have chosen these four with NISSC specifically in mind, using the criteria that they be the most interesting and provocative for you, the NISSC attendee. Simon Foley's Conduit Cascades and Secure Synchronization promises to be a treat. If you happen to use, manage, or are just generally concerned with the security of Personal Digital Assistants (PDAs), then this is something you won't want to miss. Little concern has been given to the security policy implementations of these almost ubiquitous devices. Dr. Foley proposes a framework for analyzing the security vulnerabilities that can result from synchronizing PDAs with their host workstation. This also generalizes into the field of the problems associated with access control when systems are composed of secure and non-secure components. In short, we have a problem when PDAs are single-user systems with little or no access control, yet are expected to synchronize with multiuser host systems that have access control requirements; that synchronization can be used to bypass the access control on the host system. Cynthia Irvine's Quality of Security Service promises to be especially interesting to anyone concerned with the security of the broad range of applications running in today's heterogeneous distributed systems. Should security be incorporated into the new paradigm of Quality of Service? We've all noted the contradiction that while security polices are rigid, we need flexible security implementations. What is proposed is the idea that security policies have ranges specifying lower bounds for implementation …