SEC@SAC
The Security Track at the ACM Symposium on Applied Computing
Statistics and General Information about SAC 2003
Statistics and General Information about the Security Track @ SAC 2003.

The second year of the Security Track confirmed our expectations. Given the success of last year's track and the quality of the papers published, we were looking forward to repeating the success of the track. We then planned to publish extended versions of the papers in our track as a special issue on Computer Security of the Wiley Journal "Concurrency and Computation: Practice and Experience".

The number of submissions was maintained at the same level as last year. The call-for-papers for the Security Track attracted 28 high quality submissions from 19 different countries. These submissions were included in the blind review process that involved 57 reviewers from over 30 institutions. The reviewers did an outstanding job and the whole process generated more than 90 reviews - each paper was reviewed by at least 3 reviewers. Based on the reviewers' reports, the general ACM SAC guidelines for acceptance and rejection of submissions, and the unavoidable time and space constraints associated with any conference, it was possible to select only 12 of these submissions for publication, an acceptance rate of 42%. In the process, a number of good and interesting papers had to be rejected.

The 2003 Security Track was divided into 3 sessions chaired by Giampaolo Bella, Matt Mahoney, and Ronaldo Menezes. The papers were grouped based upon their subject.

In Session 1 (chaired by Bella), Atallah and Lonardi describe a variation for the LZ-77 algorithm that warranties authenticity of the data. Egidi and Melato present a scheme based on X.509 certificates that allows users to connect from any untrusted machine and dynamically define a group of trusted co-workers. Gassend et al. propose to use delays associated with integrated circuits as an alternative authentication mechanism to the use of digital information embedded in the circuits (keys). Zhang and Yang introduce their object oriented role-based model, called ORBAC, as well as a technique for solving the confinement problem in this model.

In Session 2 (chaired by Mahoney),  Zhang and Ping describe an efficient and effective steganalytic technique based on statistical distribution of discrete cosine trasforms for finding messages hidden in JPEG images. Bella introduces a principle called "goal availabilty" for prudent design of security protocols. De Francesco and Petrocchi present a secured extension of Bartoli's multicast protocol for mobile computing; their extension provides authenticity and integrity of packets sent over wireless links. Shin and Ahn propose the Role Administration (RA) system to help establish sets of roles and role hierarchies; the RA system can be used to build role-based authorization infrastructures.

In Session 3 (chaired by Menezes),  Traore describes a flexible security model that is more suited to the inherent characteristics of collaborative systems. Raman et al. tackle the problem of discovering services in pervasive networks by describing a scalable, access controlled architecture based on an intentional naming system. Mohoney describes the Network Traffic Anomaly Detector (NETAD) model, which is used to detect traffic anomalies in networks by analyzing packetsof bytes being transmitted. Abendroth and Jensen propose a general purpose security framework, called Active Software Capability (ASCap) that supports existing security models and can be easily integrated in existing distributed systems applications.

Among these contributions, the track chairs selected the 4 by Atallah and Lonardi, Gassend et al., Shin and Ahn, and Raman et al. for publication as extended versions in the special issue on Computer Security of the Wiley Journal "Concurrency and Computation: Practice and Experience". The issue is now in press.

Giampaolo Bella
Ronaldo Menezes