WORKSHOP ANNOUNCEMENT WITAT '96 Workshop on Information Technology - Assurance and Trustworthiness September 3-5, 1996 Columbia Hilton, Columbia, MD Co-sponsored by Applied Computer Security Associates, National Institute of Standards and Technology University of Maryland Institute for Advanced Computer Studies The Workshop on Information Technology Assurance and Trustworthiness (WITAT) investigates and promotes promising methods of gaining assurance in information technology. - Are you sure your information is adequately protected? - How do you know that your privacy is being guarded? - Can your customers trust you? Recent technological advances have forced these issues on the IT field. WITAT brings together people from all different areas of IT to identify and pursue new approaches to these questions. This year's WITAT features panels on all the major types of assurance, including many innovative non-traditional approaches. This workshop recognizes the existence and emergence of numerous methods to obtain assurance. However, the relative value, promise, and applicability of each is unclear for specific systems. The objective for WITAT '96 is to determine merits of these alternative assurance approaches. This objective will be accomplished through the presentation of alternative assurance approaches to assurance stakeholders and producers, receiving immediate feedback from a diverse audience, reviewing reaction to presented approaches and creating a strategy for moving ahead. BACKGROUND Before entrusting valuable information assets to an IT system and putting the organization in a position of depending on the confidentiality, integrity, and availability of these assets, responsible management must be convinced that the IT system is sufficiently trustworthy to meet the needs of its operational environment. WITAT '96 is the third in a series of annual workshops addressing the assurance and trustworthiness. The first workshop identified and analyzed crucial issues on assurance in IT systems and provided input to the development of policy guidance for determining the type and level of assurance appropriate in a given environment. The participants came to the consensus that no one technique can provide comprehensively adequate assurance. The second workshop built upon the first by making recommendations based on the issues and problems identified. Specific direction recommended by participants at the second workshop included: - Create a catalog of assurance methods, - Create a catalog of threats needs to be created, and - Recognize that most environments have at least a moderate risk level. THE WORKSHOP WITAT '96 is a three day event consisting of an assurance and trustworthiness tutorial, a symposium of alternative assurance techniques, and a workshop to determine how to evolve the most promising new techniques. Tuesday, 3 September 1996: Assurance and Trustworthiness Tutorial [Attendance is Optional] Speaker: Joel Sachs, President, The Sachs Groups The 1996 WITAT tutorial focuses in three major areas and is designed to aid attendees in being full and active participants in the rest of workshop. Emphasis will be placed on understanding varying contexts and precisely differentiating concepts associated with assurance. Three key levels of abstraction will be stressed along with assurance notions, namely the enterprise (operational business), the system, and the product level. Assurances will be discussed relative to each. Additionally, assurance will be discussed from both the provision and consumption perspectives. The tutorials will be organized into the following three areas: * Engineering Security, Safety, Fault-Tolerance, Etc. * Assurance Methods * Risk The first one will cover developing solutions in which properties must be assured. The second will examine and compare specific assurance approaches including ones from other areas and disciplines. The last will discuss the assessment and perception of risk and the relationship between assurance and risk management. Examples primarily from information systems security and nuclear safety will be used as they represent two different rather different approaches to assurance. With these tutorials, the attendees will equipped to discuss assurance, its purposes, and its limitation. They will be able to compare alternative methods within the security discipline as well as with other disciplines. Wednesday, 4 September 1996: Assurance and Trustworthiness Symposium This day will consist of a presentation and discussion of the available approaches to gaining confidence in information systems. Traditional and emerging techniques will be reviewed and debated for their satisfaction of current assurance needs. The panels for this day are as follows: ASSURANCE PREDICTORS: Can assurance in an information system be gained from looking at the capability of the organization or individuals involved in developing, integrating, maintaining, and operating the system? There are many methods that provide information about organizational or individual capability. What assurance do these methods provide? A panel will discuss various methods that indicate an organization's or individual's capabilities in an attempt to answer the above questions. The methods to be discussed include: Capability Maturity Models (CMMs), the Generally Accepted System Security Practices (GSSP), International Information System Security Certification Consortium (ISC2), ISO 9000 series, Past Performance and Trusted Software Development Methodology (TSDM). SYSTEM ANALYSIS: The most direct way to achieve assurance in an information system is to analyze it directly. A panel will discuss traditional authoritative methods such as TPEP and ITSEM and the acceptance of less authoritative independent testing. OPERATIONAL ASSURANCE: Product and system assurance is only one ingredient involved in gaining confidence in an operation. Operational assurance depends not only on the information technology, but also on the people, environment, and processes involved. Even if information technology was 100% free of flaws, people would have to install, configure, and use it correctly to be secure. A panel will discuss the available methods for gaining operational assurance. The methods studied included: setting policy, risk assessment, background checks, configuration management, training, monitoring, and incident response. IMPACT MITIGATION: Other known assurance techniques focus on reducing the vulnerabilities of the information system. These new types of assurance are not related to avoiding vulnerabilities of the system at all, but instead seek to mitigate the impact of defects usually in the form of software fixes or monetary reimbursement. A panel will discuss several impact reduction assurance methods including warrantees, insurance, and legal liability. DETERMINING THE APPROPRIATE MIX: What is the right mix of assurance approaches for your organization? It depends on factors such as your environment, reliance on technology, value of reputation, impact of security breaches, and connectivity needs. A panel will guide a discussion of how to determine the most effective combinations of assurance approaches for commercial and government systems, Different ways of composing assurance approaches will be discussed including: assurance arguments, trade-offs, and criteria. Thursday, 5 September 1996: Workshop on Alternative Assurance Techniques Participants will break into discussion groups to address implementation issues for alternative assurance techniques. Each group will work on a set of technical issues brought out the previous day about a specific assurance alternative. WORKSHOP COMMITTEE Douglas J. Landoll Arca Systems, Inc. landoll@arca.com Marshall Abrams The MITRE Corporation abrams@mitre.org Diana G. Akers The MITRE Corporation akers@smiley.mitre.org Lynn Ambuel National Security Agency ambuel@dockmaster.ncsc.mil Karen Ferraiolo Arca Systems, Inc. ferraiolo@arca.md.com Jay Kahn The MITRE Corporation jkahn@mitre.org Carolyn Wichers BBN cwichers@bbn.com Jeff Williams Arca Systems, Inc. williams@arca.com Marvin Zelkowitz University of Maryland mvz@cs.umd.edu Internet Hotline: For more information on WITAT 1996, visit: http://aaron.cs.umd.edu/witat The new WITAT site http://www.cse.dnd.ca/~formis/WITAT/ The old site with 1994 & 1995 WITAT Proceedings - - - - -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Hotel Information: $79/night. Columbia Hilton, 5485 Twin Knolls Road, Columbia, MD. Phone: 410-997-1060. (Go west from I95 at MD 175 in Columbia. Twin Knolls Road is last light before US 29. MD 175 is about 10 miles south of Baltimore Beltway and 15 miles north of Washington Beltway. BWI airport is closest (about 15 miles) and National Airport in Washington is about 30 miles away.). When making your reservations, please be sure to state that you are attending WITAT '96 in order to receive the proper rates. Registration Information Send the registration form with a check in US Dollars made out to Aerospace Computer Security Associates for the proper amount. Credit cards cannot be accepted. On-site 3 & 4 Sept., 8am - 12 am. Registration Information Your Name Company Name Address City/State/Zip Phone/Fax email Send to: Marvin V. Zelkowitz, WITAT 96 Department of Computer Science University of Maryland College Park, MD 20742 mvz@cs.umd.edu 301-405-2690 FEES I would like to attend (check one box) [ ] Tutorial Day only (Sept. 3) $ 110.00 [ ] Symposium and Workshop Days only (Sept. 4-5) $ 120.00 [ ] All three days (Sept. 3-5) $ 225.00 - - - - - - - - - - -- - - - - - - - - - -- - - - - - - - - - -- - - - - - - - - -- Cheers, --------- Jay Jay Kahn G-025 jkahn@mitre.org Secure Network Technology telephone 703-883-6622 The MITRE Corporation, Mail Stop Z231 secretary 703-883-5397 1820 Dolley Madison Blvd., facsimile 703-883-1245 McLean, VA 22102-3481