ACM
Workshop on
Scientific
Aspects of Cyber Terrorism (SACT)
Washington
DC, November 21, 2002
In
conjunction with the ACM Conference on Computer
and Communication Security
Accepted Papers
Goal
of the workshop The main goal of this workshop is
to address scientific contributions to understand cyber terrorism and to
fight cyber terrorism. Several interesting questions have not been properly
addressed from scientific viewpoints such as:
-
Methods to
identify the most critical infrastructure There are several
illustrations that indicate that the CIAO list has been constructed in
an ad hoc way. The suggestion that Y2K would shut down water distribution
turned out to be false because in the US several water distribution systems
predate computers. Also, several heavily computerized industries are not
on the CIAO list. What scientific methods can be used to identify the most
critical ones
-
Methods to
detect cyber terrorist attacks It seems (ad hoc) that the
worst terrorist attack would correspond to a well-targeted attack against
a critical infrastructure or a massive successful denial of service attack.
Such attacks make cyber terrorism and information warfare different from
the casual break-in attempt or unsophisticated hacker. Seeing the potential
damage, it is important to develop automatic tools to identify such attacks.
As was demonstrated on September 11, humans were able to distinguish the
attack from the usual hijacking. How can one identify that an attack is
a cyber terrorism attack? This may be easier than intrusion detection against
a single computer.
-
Methods to
protect against cyber terrorism Such methods include for
example:
-
Survivability:
several studies have focused on survivability in a military setting.
Techniques developed in this military setting may rely on the fact that
the system may have been set up by a single organization. However defenses
against cyber terrorism must take into account that computers are in business,
non-profit organizations, government, etc.
-
Quorum systems:
which can survive a limited penetration by the enemy. Are these well
adapted to cyber terrorism?
-
PKI:
makes
impersonation harder. However, if not properly deployed, the impact will
be limited.
Accepted Papers
- A Fault Model for Complex Designed Attacks
by: John McDermott (Naval Research Laboratory)
- Risk Analysis and Probabilistic Survivability Assessment (RAPSA):
An Assessment Approach for Power Substation Hardening
by: Carol Taylor, Axel Krings and Jim Alves-Foss (University of Idaho)
- A Functional Definition of Critical Infrastructure:
Making the Problem Manageable
by: Brian Hughes (The George Washington University)
- SS7 Messaging Attacks on Public Telephone Networks:
Attack Scenarios and Detection
by: T. Kosloff, T. Moore, J. Keller, G. Manes, S. Shenoi (University of
Tulsa)
- Modeling Complex Control Systems to Identify Remotely Accessible Devices Vulnerable to Cyber Attacks
by: Daniel Conte de Leon, Jim Alves-Foss, Axel Krings and Paul Oman (University of Idaho)
- Peer-to-Peer Systems as Attack Platform for Distributed Denial-of-Service
by: Arno Wagner and Bernhard Plattner (ETH Zurich)
Registration
Important Dates
- Preproceedings copy due: October 15
Program Committee
Giuseppe Ateniese (Johns Hopkins University)
David Balenson (Network Associates Laboratory)
Matt Blaze (AT&T Research Lab)
Dorothy Denning (Georgetown University)
Yvo Desmedt (Program Chair, Florida State University)
Dieter Gollmann (Microsoft)
Cathy Meadows (Naval Research Laboratory)
John McHugh (Carnegie Mellon University)
Peter Neumann (SRI)
Gene Spafford (Purdue University)
Rebecca Wright (Stevens Institute of Technology)
Further
Information about the Program For further information contact:
Yvo
Desmedt
Department
of computer Science
PO Box 4530
253 Love Building
Florida State
University
Tallahassee,
FL 32306-4530
USA
(For courier
service add: Palmetto Drive)
Tel. +1 (850)
644-9298
Fax: +1(850)
644-0058
E-mail: desmedt@cs.fsu.edu