VIRUS-L Digest Monday, 2 Sep 1996 Volume 9 : Issue 155 Today's Topics: 19th National Information Systems Security Conference VIRUS-L is a moderated, digested mail forum for discussing computer virus issues; comp.virus is a gatewayed and non-digested USENET counterpart. Discussions are not limited to any one hardware/software platform--diversity is welcomed. Contributions should be relevant, concise, polite, etc. (The complete set of posting guidelines is available by FTP on CS.UCR.EDU (IP number 138.23.169.133) or upon request.) Please sign submissions with your real name; anonymous postings will not be accepted. Information on accessing anti-virus, documentation, and back-issue archives is distributed periodically on the list. A FAQ (Frequently Asked Questions) document and all of the back-issues are available at ftp://cs.ucr.edu/pub/virus-l. The current FAQ document is in a file called vlfaq200.txt. Administrative mail (e.g., comments or suggestions) should be sent to me at: n.fitzgerald@csc.canterbury.ac.nz. (Beer recipes should still be sent to Ken van Wyk at: krvw@mnsinc.com.) All submissions should be sent to: VIRUS-L@Lehigh.edu. Nick FitzGerald ---------------------------------------------------------------------- Date: Sun, 01 Sep 1996 08:38 -0400 (EDT) From: Jack Holleran Subject: 19th National Information Systems Security Conference X-Digest: Volume 9 : Issue 155 ANNOUNCEMENT 19th National Information Systems Security Conference Baltimore Convention Center October 21-25, 1996 Cost: $295, with early registration before September 20, 1996; $335 after September 19, 1996 Registration Information: Tammie Grice, Conference Registrar Voice: (301) 975 - 3883 FAX: (301) 948 - 2067 EMAIL: nissconference@dockmaster.ncsc.mil WWW: http://csrc.nist.gov/nissc/ __________________________________________________ The remainder of this announcement has: 1. the final program (complete, long, & detailed) 2. Workshop and Demonstration information 3. Registration Form 4. Housing Form (Conference Hotel with pricing information) __________________________________________________ FINAL PROGRAM DRAFT 9:00 a.m. - 5:30 p.m. Monday October 21, 1996 Two workshops, at no additional cost to our attendees. Common Criteria Protection Profile Workshop This full-day symposium will provide information and instruction on using the COmmon Criteria to build Protection Profiles to express information technology security requirements. Community experience in building Protection Profiles will be used as the basis for this instruction. Alternative sets of requirements for related technologies will be compared and contrasted in the hopes of harmonizing like requirements into generic Protection Profiles for given technologies (i.e., firewalls). In addition, issues arising from attempting to create Protection Profiles representing non-classic requirement sets will be discussed. Incident Handling Workshop This full-day workshop provides basic concepts and techniques on how to create an incident handling capability. The workshop will address how to establish and operate a capability using existing services or contracting out, reporting structures, hiring the right people, and other topics. It is designed for security, systems, and network specialists responsible for managing and ensuring the availability and integrity of computer systems. 10:00 a.m. - 12:00 p.m. Tuesday, October 22, 1996 OPENING PLENARY Ballrooms I & III Opening: Tim Grance, National Institute of Standards and Technology Welcome to Baltimore: Mayor Kurt L. Schmoke (invited) Welcome to the Conference: John C. Davis, National Computer Security Center Keynote Address: August Bequai, Esq. Noted Author, Attorney, Lecturer, and Instructor Presentation of System Security Award: Stuart W. Katzke, National Institute of Standards and Technology Award Address: Dr. Whitfield Diffie, Dr. Martin Hellman, & Dr. Ronald Rivest Presentation of Best Paper Award: Ellen Flahavin, National Institute of Standards and Technology & Jack Holleran, National Computer Security Center Close: Stephen F. Barnett, National Computer Security Center 2:00 P.M. Tuesday October 22, 1996 3:30 P.M. Track A Criteria & Assurance Ballroom 2 PANEL Trust Technology Assessment Program (TTAP) Chair: T. Anderson, NSA Panelists: P. Toth, NIST TTAP Working Group Members This panel will focus on the progress of the Trust Technology Assessment Program initiative including the lessons learned from the prototype effort to validate the process, procedures, and documentation to support the program in a commercial environment. Track B Electronic Commerce Ballroom 3 PANEL Using Security to Meet Business Needs: An Integrated View From the United Kingdom Chair: A. McIntosh, PC Security, Ltd. Panelists: D. Brewer, Gamma Secure Systems, Ltd. N. Hickson, Department of Trade & Industry D. Anderton, Barclays Bank PLC J. Hodsdon, CESG M. Stubbings, Government Communications Headquarters, UK This panel discusses the use of risk management techniques in the identification, accreditation, and maintenance of appropriate security profiles for single organization systems dispersed across a wide range of sites. Track C In Depth Room 349-350 Best of the New Security Paradigms Workshop Chair: T. Haigh, Secure Computing Corporation Panelists: R. Blakely, International Business Machines S. Greenwald, Naval Research Laboratory S. Janson, Swedish Institute of Computer Science, Sweden W. Wulf, University of Virginia This year's workshop focuses on the need to identify new approaches for proving security in very heterogenous, highly internetworked environments. Track D Internet Ballroom 1 OVERVIEW Chair: C. Bythewood, NCSC Introduction to Infowarfare Terminology F. Bondoc, Klein & Stump This overview is aimed at the newcomer to Information Warfare (IW), and introduces the terminology, threats and countermeasures of IW. Track E Legal Perspectives Ballroom 4 Legal Issues for the User Chair: Special Agent John Lewis, United States Secret Service Intellectual Property Rights and Computer Software D. Bowman, University of Maryland Case Study of Industrial Espionage Through Social Engineering I. Winkler, National Computer Security Association Legal Aspects of Ice-Pick Testing Dr. B. Gabrielson, Department of the Navy Track F Management & Administration Room 341-342 PANEL Community Responsibilities Chair: J. Lisi, NSA Panelists: Ethical and Responsible Behavior for Children to Senior Citizens in the Information Age G. Warshawsky, International Community Interconnected Computing eXchange R. Koenig, ISC2 Track G Research & Development Room 345-346 PANEL Database Systems Today: Safe Information at My Fingertips? Chair: J. Campbell, NSA Panelists: T. Ehrsam, Oracle R. O'Brien, SCC T. Parenty, Sybase TBD, Informix LTC. Pointdexter, DISA S Sahni, 3 S Group Incorporated This panel will address distributed and web database system security issues and solutions. Track H Solutions Room 343-344 Future Activities Chair: J. Tippett, NSA Computer Virus Response Using Autonomous Agent Technology C. Trently, Mitretek Systems Security Across the Curriculum: Using Computer Security to Teach Computer Science Principles Maj G. White, USAF Academy U.S. Government Wide Incident Response Capability M. Swanson, NIST Track I Tutorials Room 327-328 Introduction to Information System Security L. Smith, National Cryptologic School D. Strickland, National Cryptologic School This tutorial will use an interactive computer-based training course to present the basics of information system security (INFOSEC). The course is composed of five instructional units: information systems overview, threats, INFOSEC solutions, INFOSEC techniques, and risks management. A CDROM with this and other courses will be provided to attendees. __________________________________________________ 4:00 P.M. Tuesday October 22, 1996 6:00 P.M. Track A Criteria & Assurance Ballroom 2 Gaining Assurance though Evaluations Chair: H. Holm, NSA E4 ITSEC Evaluation of PR/SM on ES/9000 Processors ( 1 ) R. Nasser, International Business Machines A High-Performance Hardware-Based High Assurance Trusted Windowing System ( 12 ) J. Epstein, Cordant, Inc. WWW Technology in the Formal Evaluation of Trusted Systems ( 22 ) E. McCauley, Silicon Graphics, Inc. Track B Electronic Commerce Ballroom 3 Electronic Commerce: International Security Chair: V. Gibson, Computer Science Corporation EDI Moves from the VAN to the Internet ( 98 ) B. Bradford, University of Maryland An International Standard for the Labeling of Digital Products V. Hampel, Hampel Consulting The Business-LED Accreditor - OR...How to Take Risks and Survive M. Stubbings, Government Communications Headquarters, UK Integration of Digital Signatures into the European Business Register H. Kurth, Industricanlagen Betriebsghesellschaft mbH (IABG), Germany Track C In Depth Room 349-350 PANEL Best of the New Security Paradigms Workshop (continued from 2:00) Chair: T. Haigh, Secure Computing Corporation Panelists: R. Blakely, International Business Machines (694) S. Greenwald, Naval Research Laboratory (698) S. Janson, Swedish Institute of Computer Science, Sweden W. Wulf, University of Virginia (704) This years' workshop focuses on the need to identify new approaches for proving security in a very heterogenous, highly internetworked environments. Track D Internet Ballroom 1 PANEL Information Warfare: Real Threats, Definition Changes, and Science Fiction (725) Chair: W. Madsen, Computer Sciences Corporation Panelists: M. Hill, Office of the Assistant Secretary of Defense C3/Information Warfare F. Tompkins, Science Applications International Corporation S. Shane, The Baltimore Sun J. Stanton, Journal of Technology Transfer This panel will discuss the Information Warfare scenario, which has received a great deal of attention from national security planners, legislators, the military, intelligence agencies, the media, and industry. Track E Legal Perspectives Ballroom 4 PANEL Electronic Data: Privacy, Security, Confidentiality Issues Chair: K. Blair, Esq., Duvall, Harrington, Hale and Hassan (740) Panelists: The Honorable L. Alden, Judge, Fairfax County Circuit Court S. Mandell, Esq., The Mandell Law Firm (749) R. Palenski, Esq., Gordon and Glickson, P.C. (749) S. Ray, Esq., Kruchko & Fries (800) Track F Management & Administration Room 341-342 New Workplace Paradigms for Security Chair: C. Hash, NSA Security Through Process Management ( 323 ) J. Bayuk, Price Waterhouse Malicious Data and System Security ( 334 ) O. Sibert, Oxford Systems, Inc. Security Issues for Telecommuting ( 342 ) L. Carnahan, NIST Track G Research & Development Room 345-346 PANEL Webware: Nightmare or Dream Come True? (844) Chair: P. Neumann, SRI International Panelists: S. Bellovin, AT&T Laboratories (845) E. Felten, Princeton University (846) P. Karger, International Business Machines (847) J. Roskind, Netscape (849) This panel will discuss the risks involved in the open-ended security problem introduced by world-wide web browsers and programming languages sauch as Java and JavaScript, as well as other languages with similar problems - such a ActiveX, Microsoft WORD macros, and PostScript . Specific attention will be spent on how to intelligently succeed. Track H Solutions Room 343-344 PANEL Security Management Infrastructure Deployment and Operations (871) Chair: A. Arsenault, NSA Panelists: D. Heckman, NSA S. Capps, NSA S. Hunt, NSA The panel will focus on lesson learned from the deployment of MISSI security management infrastructure at NSA and GSA. Track I Tutorials Room 327-328 Trusted Systems Concepts C. Abzug, Institute for Computer and Information Sciences This tutorial focuses on the fundamental concepts and terminology of trust technology. It includes descriptions of the Trusted Computer system Evaluation Criteria (TCSEC) classes, how the classes differ, and how to determine the appropriate class for your operation environment. __________________________________________________ 8:30 A.M. Wednesday October 23, 1996 10:00 A.M. Track A Criteria & Assurance Ballroom 2 PANEL Alternative Assurance: There's Gotta Be a Better Way! (644) Chair: D. Landoll, Arca Systems, Inc. Panelists: J. Adams, NSA TBD, WITAT System Analysis & Operational Assurance Subgroup Chair M. Abrams, The MITRE Organization, WITAT Impact Mitigation Subgroup Chair TBD, WITAT Determining Assurance Mix Subgroup Chair A Workshop report about the evolving development of practical solutions for business and industry in need of confidence in their information systems. Track B Electronic Commerce Ballroom 3 PANEL Information Security - Transforming the Global Marketplace D. Gary, Booz-Allen & Hamilton Panelists: J. M. Anderson, Morgan Stanley K. Panker, American Bankers Association P. Freund, CertCo Technology resources are means to achieve organizational goals --- not solutions in their own right. New dimensions will be discussed of commercial interchange in a highly networked marketplace. Track C In Depth Room 349-350 PANEL Public Key Infrastructure: From Theory to Implementation Public Key Infrastructure Technology (707) Chair: D. Dodson, NIST Panelists: R. Housley, Spyrus C. Martin, Government Accounting Office W. Polk, NIST S. Chokani, Cygnacom Solutions, Inc. V. Hampel, Hampel Consulting W. Ford, Independent Consultant Track D Internet Ballroom 1 PANEL Security in World Wide Web Browsers: More than Visa cards? (737) Chair: R. Dobry, NSA Panelists: C. Kolcun, Microsoft B. Atkins, NSA K. Rowe, NCSA TBD, Netscape This panel will discuss the security problems and solutions required to handle electronic commerce via the internet. Track E Legal Perspectives Ballroom 4 PANEL Computer Crime on the Internet - Sources and Methods (817) Chair: C. Axsmith, The Orkand Corporation Panelists: Special Agent M. Pollitt, Federal Bureau of Investigation P. Reitinger, Esq., Department of Justice B. Fraser, CERT, Carnegie Mellon University Track F Management & Administration Room 341-342 PANEL Current Challenges in Computer Security Program Management Chair: M. Wilson, NIST Panelists: L. McNulty, McNulty and Associates P. Connelly, White House Communications Agency A. Miller, Fleet and Industrial Supply Center B. Gutmann, NIST This panel will discuss managing a computer security program in light of budget constraints, reorganizing and downsizing, and the continuous decentralization of ever increasing complex computing and communications environments. Track G Research & Development Room 345-346 PANEL Availability Policies: The Forgotten INFOSEC Pillar Chair: Dr. V. Gligor, University of Maryland Panelists: H. Hosmer, Data Security, Inc. J. Millen, The MITRE Corporation R. Nelson, Information System Security M. Reiter, AT&T This panel will discuss various kinds of availability policies, highlighting impact assumptions and potential conflicts with other kinds of security policies. Track H Solutions Room 343-344 PANEL Information Systems Security Research Joint Technology Office Chair: R. Schaeffer, NSA Panelists: T. Lunt, Defense Advanced Research Projects Agency (DARPA) H. Frank, Defense Advanced Research Projects Agency (DARPA) R. Meushaw, NSA This panel will discuss its successes from the first year of this joint partnership to develop and integrate security technology. The partnership will maximize security solutions for building the DII & NII. Track I Tutorials Room 327-328 OS Security R. Newton, ARCA Systems This tutorial focuses on security issues for commercial operating systems. Topics include common vulnerabilities, security services, and potential safeguards. Specific capabilities of several commercially available operating systems will be discussed. __________________________________________________ 10:30 A.M. Wednesday October 23, 1996 12:00 Noon Track A Criteria & Assurance Ballroom 2 PANEL Current Perspective on Strategies for the Certification & Accreditation Processes (646) Chair: B. Stauffer, CORBETT Technologies, Inc. Panelists: P. Wisniewski, NSA C. Stark, Computer Science Corporation R. Snouffer. NIST J. Eller, DISA, CISS (ISBEC) Paper The Certification of the Interim Key Escrow System (26) R. Snouffer, NIST Track B Electronic Commerce Ballroom 3 PANEL Security APIs: CAPIs and Beyond (687) Chair: A. Reiss, NSA Panelists: J. Centafont, NSA TBD, Microsoft L. Dobranski, Canadian Communications Security Establishment, Canada D. Balenson, Trusted Information Systems, Inc. The panelists will discuss Cryptographic Application Program Interfaces, FORTEZZA, Public Key Infrastrures, the International Cryptography Experiment, and the Microsoft Internet Security Framework. Track C In Depth Room 349-350 PANEL Public Key Infrastructure: From Theory to Implementation (continued from 8:30) Public Key Infrastructure Implementations Chair: W. Polk, NIST Panelists: P. Edfors, Government Information Technology Services Working Group D. Heckman, NSA D. Dodson, NIST J. Galvin, CommerceNet W. Redden, Communications Security Establishment R. Kemp, General Services Administration SI-PMO Track D Internet Ballroom 1 OVERVIEW Secure Business on the Internet: Looking Ahead with Electronic Data Interchange D. Federman, Premenos The speaker will discuss the history of Electronic Data Interchange and how today's marketplace on the Internet needs cost effective and secure business solutions to function over the World Wide Web. Track E Legal Perspectives Ballroom 4 PANEL Legal Liability for Information System Security Compliance Failures: New Recipes for Electronic Sachertorte Algorithms (818) Chair: F. Smith, Esq., Private Practice, Santa Fe, New Mexico Panelists: J. Montjoy, BBN Corporation E. Tenner, Princeton University D. Loundy, Esq., Private Practice, Highland Park, Illinois This panel will discuss the liabilities associated with the increased expansion of increasingly complex computer networks and associated services. Track F Management & Administration Room 341-342 PANEL Achieving Vulnerability Data Sharing (830) Chair: L. Carnahan, NIST Panelists: M. Bishop, University of California, Davis J. Ellis, CERT, Carnegie Mellon University I. Krsul, COAST Laboratory, Purdue University This panel will discuss security issues to be addressed when building a data repository that will be shared by different communities of interest. Track G Research & Development Room 345-346 PANEL Secure Systems and Access Control (851) Chair: T. Lunt, Defense Advanced Research Projects Agency (DARPA) Panelists: D. Sterne, Trusted Information Systems, Inc. (852) R. Thomas, ORA (854) M. Zurko, OSF (855) J. Lepreau, University of Utah (857) J. Rushby, SRI International The panelists will discuss their respective security programs. Track H Solutions Room 343-344 Future of Trust in Commercial Operating Systems (872) Chair: T. Inskeep, NSA Panelists: K. Moss, Microsoft J. Alexander, Sun Microsystems J. Spencer, Data General M. Branstad, Trusted Information Systems, Inc. G. Liddle, Hewlett Packard This panel will discuss where assurance and functionality in commercial systems are going. Track I Tutorials Room 327-328 Network Security J. Wool, ARCA Systems This tutorial focuses on basic issues in network security and gives an overview of the implementing process. Topics include network security concerns and services, vendor qualification issues, system composition and interconnection, and cascading. __________________________________________________ 12:45 - 1:45 p.m. Mid-Day Seminar War Stories Speaker James P. Anderson, J. P. Anderson & Co. __________________________________________________ 2:00 P.M. Wednesday October 23, 1996 3:30 P.M. Track A Criteria & Assurance Ballroom 2 PANEL Firewall Testing and Rating (655) Chair: J. Wack, NIST Panelists M. Hale, NSA T. Mannarino, NSA This panel will discuss whether firewalls can be effectively rated, what the rating criteria is, characteristics of firewalls that don't lend themselves to rating, and how well rating and testing actually work. Track B Electronic Commerce Ballroom 3 PANEL Are Cryptosystems Really Unbreakable? (691) Chair: Prof. D. Denning, Georgetown University Panelists: S. Bellovin, AT&T Research P. Kocher, Independent Cryptography Consultant A. Lenstra, Citibank E. Thompsom, AccessData Corporation The panelists will explore the strengths of existing cryptosystems in terms of potential weaknesses in algorithms, protocols, implementation, and application environments. Track C In Depth Room 349-350 Chair: T. Zmudzinski, Defense Information Systems Agency Establishing an Enterprise Virus Response Program (709) C. Trently, Mitretek Systems Laboratory Assistants: E. Hawthorn, D. Black, Mitretek Systems The speakers will provide practical information that can be used to understand the virus threat; institute low cost preventative mechanisms; develop and implement enterprise response mechanisms, including when to contact the experts; and monitor the effectiveness of the tools and program within the enterprise. Thirty attendees will be able to get hands-on practice in the lab in Room 330 during part 2 of the lecture This In Depth tutorial will be repeated at 8:30 on Thursday. Track D Internet Ballroom 1 Security Issues in a Networked Environment Chair: D. Branstad, Trusted Information Systems, Inc. The Advanced Intelligent Network - - A Security Opportunity T. Casey, Jr., GTE Laboratories, Inc. Security Issues in Emerging High Speed Networks Prof. V. Varadharajan, University of Western Sydney, Australia A Case Study of Evaluating Security in an Open Systems Environment D. Tobat, TASC Track E Legal Perspectives Ballroom 4 PANEL The Next Generation of Cybercriminals Chair: M. Gembicki, WarRoom Research, LLC. Panelists: J. Christie, AFOSI W. Perez, Federal Bureau of Investigations D. Waller, Time Magazine The panelists will address cybercrime issues and how it affects legal competitive intelligence, the National Information Infrastructure, information warriors, and the commercial business environment. Examples of traditional organizaed crime elements to individual "cyberterrorists" as well as proposed changes in Government strategies will be presented. Track F Management & Administration Room 341-342 PANEL Incident Handling Policy, Procedures, and Tools (831) Chair: M. Swanson, NIST Panelists: K. Cooper, BBN Planet T. Longstaff, Computer Emergency Response Team P. Richards, Westinghouse Savannah River Company K. van Wyk, Science Applications International Corporation This panel will discuss the incident handling policy and procedures that have been implemented within their organizations. They will also discuss a new methodology that system administrators can use for characterizing network security tools. Track G Research & Development Room 345-346 Network Attacks, Protections, and Vulnerabilities Chair: W. Murray, Deloitte & Touche An Isolated Network for Research ( 349 ) M. Bishop, University of California, Davis GrIDS-A Graph-Based Intrusion Detection System for Large Networks S. Staniford-Chen, University of California, Davis Attack Class: Address Spoofing) T. Heberlein, University of California, Davis Track H Solutions Room 343-344 PANEL Vendors Experience with Security Evaluations (873) Chair: J. DeMello, Oracle Corporation Panelists: J. Caywood, Digital Equipment Corporation D. Harris, Oracle Corporation (874) K. Moss, Microsoft Corporation (876) I. Prickett, Sun Microsystems (877) This panel will discuss their experiences in achieving successful evaluations, identifying what has worked well for them, and not-so-well, in the process. Track I Tutorials Room 327-328 Database Security G. Smith, Arca Systems This tutorial focuses on database security issues from the standpoint of using database management systems to meet the organization's security requirements. Topics include data security requirements, vulnerabilities, database design considerations, and implementation issues. __________________________________________________ 4:00 P.M. Wednesday October 23, 1996 6:00 P.M. Track A Criteria & Assurance Ballroom 2 PANEL The Trusted Product Evaluation Program: Direction for the Future Chair: J. Pedersen, NSA Representatives from various initiatives within the Trusted Product Evaluation Program will discuss the overall strategy for the future of TPEP, including specific steps for moving the program to a new evaluation criteria, mechanisms for commercial advice to vendors, and new types of products which will be evaluated. Track B Electronic Commerce Ballroom 3 Information Security in the Business World Chair: N. Pantiuk, IIT Research Institute Industrial Espionage Today and Information Wars of Tomorrow P. Joyal, INTEGER Inc. B is for Business: Mandatory Security Criteria & the OECD Guidelines for Information Systems Security Prof. W. Caelli, Queensland University of Technology, Australia Marketing & Implementing Computer Security M. Wilson, NIST Secure Internet Commerce - Design and Implementation of the Security Architecture of Security First Network Bank, FSB N. Hammond, NJH Security Consulting, Inc. Track C In Depth Room 349-350 Concerns in the Cryptographic Arenas Chair: P. Woodie, NSA Automatic Formal Analyses of Cryptographic Protocols S. Brackin, Arca Systems, Inc. Surmounting the Effects of Lossy Compression on Steganography C. Irvine, Naval Postgraduate School Key Escrowing Systems and Limited One Way Functions W. T. Jennings, E-Systems The Keys to a Reliable Escrow Agreement R. Sheffield, Fort Knox Escrow Services, Inc. Track D Internet Ballroom 1 WWW: The Case for having a Security Policy and Measuring It Chair: R. Wood, National Cryptologic School Internet Firewalls Policy Development and Technology Choices L. D'Alotto, GTE Laboratories A Case for Avoiding Security-Enhanced HTTP Tools to Improve Security for Web Based Applications B. Wood, Sandia National Laboratories Applying the Eight Stage Risk Assessment Methodology to Firewalls D. Drake, Science Applications International Corporation Lessons Learned: An Examination of Cryptographic Security Services in a Federal Automated Information System J. Foti, NIST Track E Legal Perspectives Ballroom 4 PANEL Legal Aspects of the Internet - Rights and Obligations of Users and Vendors Chair: C. Castagnoli, Esq., Haystack Labs Panelists: C. Merrill, Esq., Carter & English M. Lemley, Esq., Professor of Law, University of Texas M. Godwin, Esq., Electronic Frontier Foundation The panelists will discuss digital signatures, on-line contracting and the liability issues for the operator and the user. Track F Management & Administration Room 341-342 PANEL Interdisciplinary Perspectives on INFOSEC: Mandatory Reporting Chair: M. Kabay, National Computer Security Association Panelists: B. Butterworth, Federal Aviation Administration B. Smith Jacobs, Securities and Exchange Commision R. Whitmore, Occupational Health and Safety Administration Dr. S. Wetterhall, Centers for Disease Control and Prevention This panel will discuss their experiences from other disciplines with mandatory reporting of security incidents and accidents, with an eye to avoiding known pitfalls and benefiting from their years of experience. Track G Research & Development Room 345-346 PANEL Facing the Challenge: Secure Network Technology for the 21st Century Chair: R. Schaeffer, NSA Panelists: R. Meushaw, NSA C. McBride, NSA D. Muzzy, NSA B. Burnham, NSA This panel discusses current initiatives and collaborations within the research communities in government, industry, and academia. Additionally, room 347-348 is set up to demonstrate examples of core technologies to include token technology, voice verification, real-time encrypted voice, firewalls, secure wireless communications, and others. Track H Solutions Room 343-344 Security with COTS Products Chair: S. Kougoures, NSA MLS DBMS Interoperability Study R. Burns, ESC/ENS MISSI Compliance for Commercial-Off-The-Shelf Firewalls M. Hale, NSA Designing & Operating a Multilevel Security Network Using Standard Commercial Products M. McGregor, Air Force C4 Technology Validation Office Track I Tutorials Room 327-328 Information Systems Security Officer's Challenges C. Bresinger, Department of Defense Security Institute This tutorial focuses on the continued protection and accreditation of operational information systems. Topics include: virus prevention and eradication; access control evaluation and configuration; media clearing and purging; intrusion detection and handling; and dealing with risk. __________________________________________________ 8:30 A.M. Thursday October 24, 1996 10:00 A.M. Track A Criteria & Assurance Ballroom 2 PANEL Common Criteria Project Implementation Status (657) Chair: L. Ambuel, NSA Panelists: M. Donaldson, Communications-Electronics Security Group, UK R. Harland, Communications Security Establishment, Canada K. Keus, BSI/GISA, Germany F. Mulder, Netherlands National Communications Security Agency J. Smith, Gamma Secure Systems, UK The panelists will discuss the Common Criteria trial version's structure and content, the status and results to date of the trial-use and implementation activities, the planned future of the project, and the expected impact of all this work on US and international IT security communities. Track B Electronic Commerce Ballroom 3 OVERVIEW Security Concerns in the Private Sector: Banking S. Ross, Deloitte & Touche Track C In Depth Room 349-350 OVERVIEW Chair: S. Lipner, Trusted Information Systems, Inc. Establishing an Enterprise Virus Response Program (709) C. Trently, Mitretek Systems Laboratory Assistants: E. Hawthorn, D. Black, Mitretek Systems The speakers will provide practical information that can be used to understand the virus threat; institute low cost preventative mechanisms; develop and implement enterprise response mechanisms, including when to contact the experts; and monitor the effectiveness of the tools and program within the enterprise. Thirty attendees will an opportunity to get hands-on practice in the lab in Room 330 during part 2 of the lecture. This In Depth tutorial is a live encore presentation from Wednesday at 2:00. Track D Internet Ballroom 1 PANEL Secure Use of the World Wide Web: Moving From Sandbox to Infrastructure Chair: R. Bagwill, NIST Panelists J. Pescatore, IDC Government A. Schiffman, Veriphone B. Razzouk, America Online This panel will explore the current state of practice in WWW security practices and standards, and provide predictions for the evolution of these security services in the commercial environment. Track E Legal Perspectives Ballroom 4 PANEL V-Chip: Policies and Technology (822) Chair: H. Hosmer, Data Security, Inc. Panelists: D. Moulton, Esq., Chief of Staff, Office of Congressman Markey, HR Dr. D. Brody, MD, American Academy of Child and Adolescent Psychiatry Ms. S. Goering, Esq., American Civil Liberties Union W. Diffie, Sun Microsystems This panel will address a variety of legal and technical issues concerning the V-chip, a hard-ware device inserted into new televisions which can identify labels attached to movies, etc. Track F Management & Administration Room 341-342 PANEL Industrial Espionage Today and Information Wars of Tomorrow Chair: P. Joyal, Interger, Inc. Panelists: Ret. Major General O. Kalugin, Russia S. Baker, Esq. M. Lajman, Author on French Intelligence E. O'Malley, retired FBI This panel will discuss the perspectives of Industrial Espionage as the focus of a multinational problem which affects everyone. Track G Research & Development Room 345-346 Implementations of the Security Policy Chair: D. Gambel, General Research Corporation Generic Model Interpretations: POSIX.1 and SQL D. Elliott Bell, Mitretek Systems The Privilege Control Table Toolkit: An Implementation of the System Build Approach T. Woodall, Hughes Aircraft Company Use of the Zachman Architecture for Security Engineering R. Henning, Harris Corporation Track H Solutions Room 343-344 New Test Methodologies Chair: R. Lau, NSA Real World Anti-Virus Product Reviews and Evaluation - The Current State of Affairs (526) S.Gordon, Command Systems, Inc. Security Proof of Concept Keystone (SPOCK) (539) J. McGehee, COACT, Inc. Use of a Taxonomy of Security Faults (551) I. Krsul, Purdue University Track I Tutorials Room 327-328 Information Systems Security Engineering P. Boudra, NSA D. Pearson, NSA __________________________________________________ 10:30 A.M. Thursday October 24, 1996 12:00 Noon Track A Criteria & Assurance Ballroom 2 Views of Assurances Chair: D. Kinch, NSA Configuration Management in Security related Software Engineering Processes ( 34 ) K. Keus, Bundesamt fur Sicherheit in der Informationstechnik, Germany The DoD Information Technology Security Certification and Accreditation Process (DITSCAP) B. Stauffer, CORBETT Technologies, Inc. Trusted Process Classes W. Steffan, Tracor Applied Science, Inc. Track B Electronic Commerce Ballroom 3 OVERVIEW Security Concerns in the Private Sector: Brokerage D. Gary, Booz-Allen & Hamilton Track C In Depth Room 349-350 PANEL Information Security Policy: There has to be a Better Way Chair: J. Pescatore, Trusted Information Systems, Inc. Panelists: K. Kasprzak, Maryland Bancorp S. Smaha, Haystack Labs R. Stratton, Wheelgroup Inc. The panelists will discuss new ideas for transforming organizational needs into security controls and policies. Track D Internet Ballroom 1 PANEL Attack/Defense (738) Chair: J. David, The Fortress Panelists: S. Bellovin, AT&T W. Cheswick, AT&T P. Peterson, Martin Marietta M. Ranum, V-One The panel will discuss how the role of the Internet security practitioner has changed: Keeping the bad guys out is no longer the prime goal of security, rather the prompt and accurate identification of intrusions (or, preferably, intrusion attempts) and minimizing the damages. This session examines these "popular" attacks and presents ways to effectively defend your site against them. Track E Legal Perspectives Ballroom 4 PANEL Protecting Medical Records and Health Information (824) Chair: J. Winston, Trusted Information Systems, Inc. Panelists: G. Belles, VA Medical Information Security Service B. Braithwaite, US Department of Health and Human Services P. Bruening, Information Policy Consultant P. Taylor, US General Accounting Office This panel will examine the technical, policy, and legal issues involved in establishing and implementing appropriate protections for patient medical records and other types of health information. Track F Management & Administration Room 341-342 PANEL International Perspectives on Cryptography Policy (835) Chair: Prof. D. Denning, Georgetown University Panelists: P. Ford, Attorney General's Office, Australia D. Herson, Commission of the European Communities, Belgium N. Hickson, Department of Trade and Industry, UK Panelists from outside the United States will discuss their views on cryptography policy and national and international proposals and initiatives. Track G Research & Development Room 345-346 Mechanisms in Understanding Security Chair: H. Weiss, SPARTA, Inc. Developing Secure Objects D. Frincke, University of Idaho Deriving Security Requirements for Applications on Trusted Systems R. Spencer, Secure Computing Corporation Security Implications of the Choice of Distributed Database Management Systems Model: Relational vs. Object-Oriented S. Coy, University of Maryland Track H Solutions Room 343-344 Defenses in Networks Chair: M. Woodcock, National Cryptologic School Protecting Collaboration (561) G. Wiederhold, Stanford University Design and Management of A Secure Networked Administration System: A Practical Solution Prof. V. Varadharajan, University of Western Sydney, Australia Information Warfare, INFOSEC and Dynamic Information Defense V. Winkler, PRC Inc. Track I Tutorials Room 327-328 Systems Security Engineering Capability Maturity Model K. Ferraiolo, ARCA Systems A capability maturity model (CMM) has been developed to help organizations improve their security engineering capability. This tutorial will describe the model, why it was developed, how it is being used, and plans for its use in the future. __________________________________________________ Thursday October 24, 1996 12:45 - 1:45 p.m. Mid-Day Seminar PANEL Security Protocols/Protocol Security Chair: D. Maughan, NSA Panelists: TBD This panel will discuss why standards and protocols are needed for the increased use of the Internet by personal as well as business ventures. __________________________________________________ 2:00 P.M. Thursday October 24, 1996 3:30 P.M. Track A Criteria & Assurance Ballroom 2 Evolution of Criteria Requirements and User Needs Chair: J. Arnold, NSA Design Analysis in Evaluations Against the TCSEC C2 Criteria D. Bodeau, The MITRE Corporation System Security Engineering Capability Maturity Model and Evaluations: Partners within the Assurance Framework C. Menk III, NSA Applying the TCSEC Guidelines in a Real-Time Embedded System Environment ( 89 ) D. Frincke, University of Idaho Track B Electronic Commerce Ballroom 3 OVERVIEW Security Concerns in the Private Sector: Communications J. Klein, Wizards Keys Track C In Depth Room 349-350 OVERVIEW & PANEL Data Warehousing I: An Introduction to Data Warehousing, Data Mining and Security (711) Chair: J. Campbell, NSA Panelists: B. Thuraisingham, The MITRE Corporation J. Worthington, Informix Software, Inc. These sessions will investigate Data Warehousing from what it is to what are the security issues associated with it. These sessions will provide a basis for a Friday Afternoon Workshop co-sponsored by the IEEE Mass Storage Committee. The goal of the Workshop is to provide direction in future R&D efforts ensuring optimal security for Data Warehousing and Data Mining environments. Track D Internet Ballroom 1 PANEL The Web - What is it, Why/How is it Vulnerable (739) Chair: J. David, The Fortress Panelist: J. Freivald, Charter Systems, Inc P. Peterson, Martin Marietta D. Dean, Department of Computer Science, Princeton University The speakers will formally describe what the web is/does, indicate how it differs from "normal" Internet use, show it is used in typical/popular operational modes, and point out the nature and magnitude of primary vulnerabilities. Track E Legal Perspectives Ballroom 4 PANEL Crimes in Cyberspace: Case Studies (827) Chair: W. Galkin, Esq., Law Office of William S. Galkin Panelists: A. Weiner, Esq., Weiner, Astrachan, Gunst, Hillman & Allen K. Bass, III, Venable, Baetjer, Howard & Civeletti The panel will present, discuss, and analyze the legal issues involving several actual criminal incidents that have occurred in Cyberspace. Track F Management & Administration Room 341-342 PANEL Surviving the Year 2000 Time Bomb (839) G. Hammonds, AGCS, Inc. Panelists: J. White, OAO Corporation A. Hodyke, ESC/AXS/USAF This panel will identify the complexity and magnitude of the Year 2000 Problem, why so many people will likely be affected, and some practical near and long-term solutions. Track G Research & Development Room 345-346 PANEL Toward a Common Framework for Role-Based Access Control (868) Chair: D. Ferraiolo, NIST Panelists: R. Sandhu, George Mason University V. Gligor, University of Maryland R. Kuhn, NIST This panel will discuss the issues related to the development of a common reference model for Role-Based Access Control. Track H Solutions Room 343-344 PANEL Workshop Report on the Role of Optical Systems and Devices for Security Chair: T. Mayfield, Institute for Defense Analyses Panelists: M. Medard, MIT Lincoln Laboratory J. Ingles, NSA M. Krawczewicz, NSA B. Javidi, University of Connecticut This panel will address security and vulnerabilities in all-optical networks, discuss the use of optics for information encoding, and introduce some applications that might take advantage of optical technology. Track I Tutorials Room 327-328 Common Criteria K. Britton, NSA L. Ambuel, NSA The Common Criteria has been developed as the next generation of IT Security Criteria replacing the TCSEC, ITSEC, and CTCPEC. This session will provide a working knowledge of the concepts and contents of the Common Criteria. __________________________________________________ 4:00 P.M. Thursday October 24, 1996 6:00 P.M. Track A Criteria & Assurance Ballroom 2 PANEL Developmental Assurance and the Common Criteria (660) Chair: M. Schanken, NSA Panelists: S. Katzke, NIST K. Keus, Germany Y. Klein, France The Common Criteria Sponsors are investigating alternative approaches for gaining assurance that products and systems meet their security requirements. The initial phase of the activity investigates mapping Developmental Assurance measures to Assurance Measures in Evaluation Assurance Level 3 of the Common Criteria. Track B Electronic Commerce Ballroom 3 OVERVIEW Security Concerns in the Private Sector: Manufacturing S. Meglathery, Estee Lauder Track C In Depth Room 349-350 OVERVIEW & PANEL Data Warehousing II: The Security Issues Chair: J. Davis, NCSC This session continues discussing current data warehousing security issues. Track D Internet Ballroom 1 PANEL Securing the Web (739) Chair: J. David, The Fortress Panelist: J. Freivald, Charter Systems, Inc P. Peterson, Martin Marietta D. Dean, Department of Computer Science, Princeton University The speakers will show how to treat the vulnerabilities uncovered in the first session in and of themselves, and as a part of both Internet security programs and total security programs. Track E Legal Perspectives Ballroom 4 (OPEN) Track F Management & Administration Room 341-342 PANEL Security Siblings Chair: C. Pfleeger, Trusted Information Systems, Inc. Panelists: W. Agresti, MITRETEK Systems This panel will discuss other venues of assurance developed in the reliability, safety critical, fault-tolerant as well as the security communities. By working together, we can reduce the expense of repeating each other errors and share our successes. Track G Research & Development Room 345-346 Security Policy & PKI Certification Chair: H. Highland, FICS Management Model for the Federal Public Key Infrastructure N. Nazario, NIST Security Policies for the Federal Public Key Infrastructure (445) N. Nazario, NIST A Proposed Federal PKI using X.509 V3 Certificates W. Burr, NIST A Security Flaw in the X.509 Standard (463) S. Chokani, Cygnacom Solutions, Inc. Track H Solutions Room 343-344 Panel Cryptography's Role in Securing the Information Society Chair: H. Lin, National Research Council Panelists: Co-authors of the 1996 National Research Council Report on Cryptography The panel will discuss the National Research Council report on Cryptography and its role. Track I Tutorials Room 327-328 Education Technology R. Quane, National Cryptologic School __________________________________________________ 8:30 A.M. Friday October 25, 1996 10:00 A.M. Track A Criteria & Assurance Ballroom 2 PANEL Secure Networking and Assurance Technologies (661) Chair: T. Lunt, Defense Advanced Research Projects Agency (DARPA) Panelists: K. Levitt, University of California, Davis J. McHugh, Portland State University (663) S. Kent, BBN J. Voas, Reliable Software Technologies (669) D. Weber, Key Software (666) L. Badger, Trusted Information Systems, Inc. (667) The speakers will discuss their goals for secure networking and assurance technologies in the following areas: intrusion detection, Secure Mobile Computing, and new inroads to Internet Security. Track F Management & Administration Ballroom 4 PANEL The Assessment Methodology in the Corporate Sector Chair: R. Lopez, NSA Panelists: J. Jackson, NSA V. Moseley, NSA G. Hale, NSA S. Dombkowski, NSA The panelists will provide a background of the methodology and tools used by reviewers of information assets in the corporate environment. Track H Solutions Room 343-344 Execution of Security Policies Chair: D. Arnold, NSA Security for Mobile Agents: Issues and Requirements V. Swarup, The MITRE Corporation Extended Capability: A Simple Way to Enforce Complex Security Policies in Distributed Systems Dr. I-Lung Kao, IBM Corporation IGOR: The Intelligence Guard for ONI Replication (607) R. Shore, The ISX Corporation __________________________________________________ 10:20 A.M. Friday October 25, 1996 12:30 P.M. Closing Plenary Ballrooms I & III Information Systems Security: Directions and Challenges Moderator Dr. Willis H. Ware Corporate Research Staff, Emeritus The Rand Corporation Distinguished Panelists C. Thomas Cook (889) Executive Vice President Banc One Services Corporation John Lainhart (890) Inspector General U.S. House of Representatives J. F. Mergan Principal Scientist BBN Stephen Smaha Chief Executive Officer/President Haystack Labs Charles Stuckey Chief Executive Officer Security Dynamics __________________________________________________ End of program Demonstrations and Activities Information Systems Security Exposition Wednesday - Thursday Hall G The Armed Forces Communications and Electronics Association will host, in parallel with the Conference, all exhibition of security products and services. This exposition provides a forum for industry to showcase information systems security technology and hands-on demonstrations of products and services that are potential solutions to many network and computer security products. Research and Development Demonstrations Wednesday - Friday Room 333 As a follow-up to the "INFOSEC Research and Technology, Facing the Challenge: Secure Network Technology for the 21st Century," the National Security Agency will demonstrate some of the techniques coming down the future trails. Conference attendees are invited to see the demonstration of future solutions to the 21st Century challenges. European Community Registration Area The Information Technology Security Evaluation Facilities the Challenge: Secure Network Technology (ITSEF) in Europe and the European Certification Bodies invite the attendees to learn about the European system and security product evaluations and will demonstrate the product evaluation methodology. NIST Clearinghouse Tuesday - Friday Room 333 A wide variety of information security information is available to federal agencies and to the public through the NIST Clearinghouse. Information posted to this system include an events calendar, computer-based training, software reviews, publication, bibliographies, lists of organization with points of contact, and other government bulletin board numbers and WWW pointers. NSA INFOSEC Awareness Booth Tuesday - Friday Registration Area Publications available include the INFOSEC Products and Services Catalog and the National Computer Security Center's computer security technical guidelines - the Rainbow Series. The booth also offers a variety of other INFOSEC publications most frequently requested by users, developers, operators, and administrators of products and services. The National Cryptologic Museum is also represented at this booth. DOCKMASTER I Tuesday - Friday Room 333 The National Computer Security Center's DOCKMASTER I is a focal point for nation-wide dissemination and exchange of information security data through electronic mail and bulletin boards. Over 2,000 users from federal government organizations, private companies, and academic institutions participate in its electronic forums and retrieve data on INFOSEC products, conferences, and training. Information Systems Security Association Booth Tuesday - Friday Registration Area The Information Systems Security Association (ISSA) is an international association of information security practitioners whose aim is to enhance professionalism through education, information exchange, and sharing among those who do INFOSEC day-to-day. The booth contains newsletters, resource guides, Guidelines for Information Valuation , and the Draft of "Generally Accepted System Security Principles." Book Exhibition Tuesday - Thursday Registration Area A book exhibit display representing selections from leading worldwide publishers dealing specifically with information security is presented by: Association Book Exhibit 693 S. Washington Street Alexandria, VA 22314 Establishing an Enterprise Virus Response Program Laboratory Room 330 Wednesday - Thursday Mitretek Systems is providing a hands on demonstration of tools discussed in the overview session for "Establishing an Enterprise Virus Response Program." The Enterprise Virus Response is designed to help the organization develop a proactive program for the prevention, detection, containment, management, and recovery of computer virus incidents. The workshop will demonstrate the processes needed to prepare for an incident or infection, to detect and contain a virus exposure or infection, to recover from an infection, and to manage the response program. These workshops are provided at no additional cost for our attendees IEEE Data Warehouse Security Workshop Friday Room 349-350 The Workshop follows from the two Thursday sessions on Data Warehousing. The output of the workshop should be research directions for future Data Warehousing security solutions. The workshop is co-sponsored by the IEEE Mass Storage Committee and will become a component of the next IEEE Mass Storage Symposium. Common Criteria Protection Profile Workshop Monday 9:00a.m. - 5:30p.m. This full-day symposium will provide information and instruction on using the COmmon Criteria to build Protection Profiles to express information technology security requirements. Community experience in building Protection Profiles will be used as the basis for this instruction. Alternative sets of requirements for related technologies will be compared and contrasted in the hopes of harmonizing like requirements into generic Protection Profiles for given technologies (i.e., firewalls). In addition, issues arising from attempting to create Protection Profiles representing non-classic requirement sets will be discussed. Incident Handling Workshop Monday 9:00a.m. - 5:30p.m. This full-day workshop provides basic concepts and techniques on how to create an incident handling capability. The workshop will address how to establish and operate a capability using existing services or contracting out, reporting structures, hiring the right people, and other topics. It is designed for security, systems, and network specialists responsible for managing and ensuring the availability and integrity of computer systems. __________________________________________________ end of Demostration Information Registration Form 19th National Information Systems Security Conference October 22-25, 1996 Baltimore Convention Center Baltimore, Maryland REgistration Information [conf-9705] Name: __________________________________________ Company/Agency: _______________________________________________ Address: ____________________________________________ City, State, Zip: ________________________________________ Country: __________________________________________________ Telephone: __________________________________________________ FAX: __________________________________________________ Email Address: ______________________________________________ Federal Government Employee? [ ] Yes [ ] No First-Time Attendee? [ ] Yes [ ] No - ------------------------------------------------------------------------- Registration Fees $295; $335 after September 20, 1996 Payment enclosed: $_________ I plan to attend (No additional fee) [ ] Incident Handling Workshop [ ] Common Criteria Protection Profile Workshop [ ] Data Warehousing Security Workshop - ------------------------------------------------------------------------- Return this Form and Payment to: 19th National Information Systems Security Conference c/o Office of Comptroller National Institute of Standards and Technology Room A807, Administration Building Gaithersburg, MD 20899-0001 Form of Payment: Check payable to: NIST/19th National Information Systems Security Conference. PLEASE NOTE All checks must be drawn on U.S. banks ONLY. [ ] Purchase Order No.: ____________________(attach copy of purchase request) [ ] Federal Government Training Form No.: ________________(Attach copy of form) [ ] Credit Card (Check one): [ ] MasterCard [ ] Visa PLEASE NOTE: No other credit cards will be accepted. Account No.: ___________________ Exp. Date:______________ Name on Credit Card: ---------------------------------------------------------- Authorized Signature. ---------------------------------------------------------- Credit Card registration may be faxed to Tammie Grice at (301) 948-2067. Do you want your name on the Conference Participants List which is distributed at the Conference? [ ] Yes [ ] No It is our desire to comply with the letter and spirit of the Americans With Disabilities Act of 1990. Attendees with special needs should call Tammie Grice at (301) 975-3883 or contact the Maryland Relay Service at 1-800-735-2258. Requests for cancellation and refund must be received, in writing, by September 20, 1996. __________________________________________________ end of registration form Housing Form 19th National Information Systems Security Conference October 22-25, 1996 Baltimore Convention Center Baltimore, Maryland - -------------------------------------------------------------------------- PLEASE PRINT OR TYPE Use a separate form for each room request Instructions: Please complete entire form (if not legible, form will not be processed). All reservations must be made through the Housing Bureau by mail or fax. No phone requests will be accepted. The bureau will acknowledge receipt of your reservation within 10 days by mail. No fax acknowledgments possible. Room confirmation will be mailed by the hotel. Confirmations will be sent to the individual shown. Reservations must be made by September 20, 1996. After this date, hotel space and convention rates may not be available. All unreserved rooms are released back to the hotels and rates will be substantially higher. Name: __________________________________________________ Company: __________________________________________________ Address: _________________________________________________ City/State/Zip: __________________________________________ Country: _________________________________________________ Area Code/Phone Number: _________________________________ ___________________________________________________________ Room Request (check one) [ ] 1 bed, 1 person [ ] 1 bed, 2 ppl [ ] 2 beds, 2 ppl [ ] 2 beds, 3 ppl [ ] 2 beds, 4 ppl [ ] Parlor+1 bedroom [ ] Parlor+ 2 bedrooms Government Rate Requested [ ] Yes [ ] No Special Request (i.e. Handicapped rooms, etc.): Requested Dates: Arrival Day am. p.m. Departure Day & Date: ____________________________________________________________ Hotel Preference Please list all four choices by code (Refer to information Rooms are at the bottom of this electronic form) assigned on Hotel 1 Hotel 2 Hotel 3 Hotel 4 afirst-come, first-served basis. If ------------------------------------------------------------ your choices List Full Names of Occupants are not Name 1 Name 2 available, you will be assigned to ------------------------------------------------------------ another hotel Name 3 Name 4 as arranged by the ------------------------------------------------------------ convention organizer. - -------------------------------------------------------------------------- Mail Form A room deposit of $100 must accompany this form. Forms and Deposit received without a check or credit card information will be to: returned tosender without processing. BACVA accepts no liability once deposits are transferred to the assigned hotel. BACVA No purchase orders accepted. Housing Payment Type: Check for room deposit enclosed (payable to BACVA Bureau Housing Bureau) $_____________ 100 Light Street, 12th Credit Card (check one) [ ] AMEX [ ] MC [ ] VISA Floor Baltimore, [ ] DISCV [ ] DINERS CLUB Md. 21202 Card Number Or fax to. 410/659-7313 ------------------------------------------------------------- Exp. Date Faxes must have credit ------------------------------------------------------------- card Signature information. ------------------------------------------------------------------- Changes/Cancellations: Written requests for changes and cancellations should be made with the Housing Bureau until September 20. To receive a refund of your deposit, changes should be made directly with your assigned hotel after September 20 but no later than 72 hours prior to arrival. Code: HYATT Hyatt Regency Baltimore 300 Light Street Baltimore MD 21202 Single Rate: $137 + 12% tax Double Rate: $145 + 12% tax __________________________________________________ Code: DAYSI Days Inn Inner Harbor 100 Hopkins Place Baltimore MD 21201 Single Rate: $137 + 12% tax Double Rate: $145 + 12% tax __________________________________________________ Code: HIDIN Holiday Inn Inner Harbor 301 W. Lombard Street Baltimore MD 21201 Government Single Rate: $93 inclusive Double Rate: $93 inclusive Non-Government Single Rate: $94 + 12% tax Double Rate: $94 + 12% tax __________________________________________________ Code: MARIH Baltimore Marriott Inner Harbor 110 South Eutaw Street Baltimore MD 21201 Government Single Rate: $93 inclusive Double Rate: $93 inclusive Non-Government Single Rate: $129 + 12% tax Double Rate: $144 + 12% tax __________________________________________________ Code: RADLB Radisson Plaza Lord Baltimore Hotel 20 West Baltimore Street Baltimore MD 21201 Government Single Rate: $83.03 + 12% tax Double Rate: $96.40 + 12% tax Non-Government Single Rate: $129 + 12% tax Double Rate: $129 + 12% tax __________________________________________________ End of Housing form ------------------------------ End of VIRUS-L Digest [Volume 9 Issue 155] ******************************************