The debut of the Security Track in this symposium was very successful. The number of submissions far exceeded our expectations.
The call-for-papers for the Security Track attracted 30 high quality submissions from 18 different countries. These submissions were included in the blind review process that involved more than 45 reviewers from over 30 institutions. The reviewers did an outstanding job and the whole process generated over 110 reviews - an average of almost 4 reviewers for each paper. Based on the reviewers' reports, the general ACM SAC guidelines for acceptance and rejection of submissions, and the unavoidable time and space constraints associated with any conference, it was possible to select only 14 of these submissions for publication, an acceptance rate of 46%. In the process, a number of good and interesting papers had to be rejected.
The 2002 Security Track was divided into 4 sessions chaired by Ronaldo Menezes, James Whittaker, André dos Santos and Giampaolo Bella. The papers were grouped based upon their subject.
In Session 1, Xu and Sandhu describe a secure solution for authentication of multicast streams that avoids the multicast denial-of-service attack. Krugel and Toth look at the problem of detecting anomalies in a network using application specific knowledge of services that need to be protected. Seleznyov and Mazhelis propose an anomaly detection system based on learning temporal patterns.
In Session 2, Lu and Dos Santos describe three key generation algorithms that can be used in the context of smart cards. Singh and Dos Santos look at the problem of generating disposable credit card numbers using a context-free grammar. Barbuti et al. look at the problem of certification of Java bytecode with respect to security. Ramakrishnan and Dunning tackle the problem of user confidence with regards to security of WWW purchases.
In Session 3, Whittaker and De Vivanco look at how malicious code (viruses) can be neutralized in Windows-based systems. Bella provides an interactive walk-through of security policies. Steffan and Schumacher present an informative comparison of methods to support avoidance and discovery of system vulnerabilities; they also propose a new method to serve this purpose. Thompson et al. describe a black box testing approach to identify system vulnerabilities.
In Session 4, Burnside et al. describe a system
based on two proxy-based protocols that enforce security and privacy in
mobile devices. Broemme et al. present a conceptual framework
testing the implementation of biometric algorithms within operating
login authentication. Finally, Boreale and Buscemi describe a
for the analysis of security protocols based on symbolic techniques.