Workshop on Information Technology - Assurance and Trustworthiness
Jay J. Kahn (jkahn@smiley.mitre.org)
Fri, 2 Aug 1996 16:15:51 -0500
WORKSHOP ANNOUNCEMENT
WITAT '96
Workshop on Information Technology - Assurance and Trustworthiness
September 3-5, 1996
Columbia Hilton, Columbia, MD
Co-sponsored by Applied Computer Security Associates,
National Institute of Standards and Technology
University of Maryland Institute for Advanced Computer Studies
The Workshop on Information Technology Assurance and Trustworthiness
(WITAT) investigates and promotes promising methods of gaining assurance in
information technology.
- Are you sure your information is adequately protected?
- How do you know that your privacy is being guarded?
- Can your customers trust you?
Recent technological advances have forced these issues on the IT field.
WITAT brings together people from all different areas of IT to identify and
pursue new approaches to these questions. This year's WITAT features
panels on all the major types of assurance, including many innovative
non-traditional approaches.
This workshop recognizes the existence and emergence of numerous methods to
obtain assurance. However, the relative value, promise, and applicability
of each is unclear for specific systems. The objective for WITAT '96 is to
determine merits of these alternative assurance approaches. This objective
will be accomplished through the presentation of alternative assurance
approaches to assurance stakeholders and producers, receiving immediate
feedback from a diverse audience, reviewing reaction to presented
approaches and creating a strategy for moving ahead.
BACKGROUND
Before entrusting valuable information assets to an IT system and putting
the organization in a position of depending on the confidentiality,
integrity, and availability of these assets, responsible management must be
convinced that the IT system is sufficiently trustworthy to meet the needs
of its operational environment.
WITAT '96 is the third in a series of annual workshops addressing the
assurance and trustworthiness. The first workshop identified and analyzed
crucial issues on assurance in IT systems and provided input to the
development of policy guidance for determining the type and level of
assurance appropriate in a given environment. The participants came to the
consensus that no one technique can provide comprehensively adequate
assurance. The second workshop built upon the first by making
recommendations based on the issues and problems identified. Specific
direction recommended by participants at the second workshop included:
- Create a catalog of assurance methods,
- Create a catalog of threats needs to be created, and
- Recognize that most environments have at least a moderate risk level.
THE WORKSHOP
WITAT '96 is a three day event consisting of an assurance and
trustworthiness tutorial, a symposium of alternative assurance techniques,
and a workshop to determine how to evolve the most promising new
techniques.
Tuesday, 3 September 1996: Assurance and Trustworthiness Tutorial
[Attendance is Optional]
Speaker: Joel Sachs, President, The Sachs Groups
The 1996 WITAT tutorial focuses in three major areas and is designed to aid
attendees in being full and active participants in the rest of workshop.
Emphasis will be placed on understanding varying contexts and precisely
differentiating concepts associated with assurance. Three key levels of
abstraction will be stressed along with assurance notions, namely the
enterprise (operational business), the system, and the product level.
Assurances will be discussed relative to each. Additionally, assurance will
be discussed from both the provision and consumption perspectives.
The tutorials will be organized into the following three areas:
* Engineering Security, Safety, Fault-Tolerance, Etc.
* Assurance Methods
* Risk
The first one will cover developing solutions in which properties must be
assured. The second will examine and compare specific assurance approaches
including ones from other areas and disciplines. The last will discuss the
assessment and perception of risk and the relationship between assurance
and risk management. Examples primarily from information systems security
and nuclear safety will be used as they represent two different rather
different approaches to assurance.
With these tutorials, the attendees will equipped to discuss assurance, its
purposes, and its limitation. They will be able to compare alternative
methods within the security discipline as well as with other disciplines.
Wednesday, 4 September 1996: Assurance and Trustworthiness Symposium
This day will consist of a presentation and discussion of the available
approaches to gaining confidence in information systems. Traditional and
emerging techniques will be reviewed and debated for their satisfaction of
current assurance needs. The panels for this day are as follows:
ASSURANCE PREDICTORS: Can assurance in an information system be gained
from looking at the capability of the organization or individuals involved
in developing, integrating, maintaining, and operating the system? There
are many methods that provide information about organizational or
individual capability. What assurance do these methods provide? A panel
will discuss various methods that indicate an organization's or
individual's capabilities in an attempt to answer the above questions. The
methods to be discussed include: Capability Maturity Models (CMMs), the
Generally Accepted System Security Practices (GSSP), International
Information System Security Certification Consortium (ISC2), ISO 9000
series, Past Performance and Trusted Software Development Methodology
(TSDM).
SYSTEM ANALYSIS: The most direct way to achieve assurance in an
information system is to analyze it directly. A panel will discuss
traditional authoritative methods such as TPEP and ITSEM and the acceptance
of less authoritative independent testing.
OPERATIONAL ASSURANCE: Product and system assurance is only one ingredient
involved in gaining confidence in an operation. Operational assurance
depends not only on the information technology, but also on the people,
environment, and processes involved. Even if information technology was
100% free of flaws, people would have to install, configure, and use it
correctly to be secure. A panel will discuss the available methods for
gaining operational assurance. The methods studied included: setting
policy, risk assessment, background checks, configuration management,
training, monitoring, and incident response.
IMPACT MITIGATION: Other known assurance techniques focus on reducing the
vulnerabilities of the information system. These new types of assurance are
not related to avoiding vulnerabilities of the system at all, but instead
seek to mitigate the impact of defects usually in the form of software
fixes or monetary reimbursement. A panel will discuss several impact
reduction assurance methods including warrantees, insurance, and legal
liability.
DETERMINING THE APPROPRIATE MIX: What is the right mix of assurance
approaches for your organization? It depends on factors such as your
environment, reliance on technology, value of reputation, impact of
security breaches, and connectivity needs. A panel will guide a discussion
of how to determine the most effective combinations of assurance approaches
for commercial and government systems, Different ways of composing
assurance approaches will be discussed including: assurance arguments,
trade-offs, and criteria.
Thursday, 5 September 1996: Workshop on Alternative Assurance Techniques
Participants will break into discussion groups to address implementation
issues for alternative assurance techniques. Each group will work on a set
of technical issues brought out the previous day about a specific assurance
alternative.
WORKSHOP COMMITTEE
Douglas J. Landoll Arca Systems, Inc. landoll@arca.com
Marshall Abrams The MITRE Corporation abrams@mitre.org
Diana G. Akers The MITRE Corporation akers@smiley.mitre.org
Lynn Ambuel National Security Agency ambuel@dockmaster.ncsc.mil
Karen Ferraiolo Arca Systems, Inc. ferraiolo@arca.md.com
Jay Kahn The MITRE Corporation jkahn@mitre.org
Carolyn Wichers BBN cwichers@bbn.com
Jeff Williams Arca Systems, Inc. williams@arca.com
Marvin Zelkowitz University of Maryland mvz@cs.umd.edu
Internet Hotline: For more information on WITAT 1996, visit:
http://aaron.cs.umd.edu/witat The new WITAT site
http://www.cse.dnd.ca/~formis/WITAT/ The old site with 1994 &
1995 WITAT Proceedings
- - - - -- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Hotel Information: $79/night. Columbia Hilton, 5485 Twin Knolls Road,
Columbia, MD.
Phone: 410-997-1060. (Go west from I95 at MD 175 in Columbia. Twin Knolls
Road is last light before US 29. MD 175 is about 10 miles south of
Baltimore Beltway and 15 miles north of Washington Beltway. BWI airport is
closest (about 15 miles) and National Airport in Washington is about 30
miles away.). When making your reservations, please be sure to state that
you are attending WITAT '96 in order to receive the proper rates.
Registration Information
Send the registration form with a check in US Dollars made out to Aerospace
Computer Security Associates for the proper amount. Credit cards cannot be
accepted. On-site 3 & 4 Sept., 8am - 12 am.
Registration Information
Your Name
Company Name
Address
City/State/Zip
Phone/Fax
email
Send to:
Marvin V. Zelkowitz, WITAT 96
Department of Computer Science
University of Maryland
College Park, MD 20742
mvz@cs.umd.edu
301-405-2690
FEES
I would like to attend (check one box)
[ ] Tutorial Day only (Sept. 3) $ 110.00
[ ] Symposium and Workshop Days only (Sept. 4-5) $ 120.00
[ ] All three days (Sept. 3-5) $ 225.00
- - - - - - - - - - -- - - - - - - - - - -- - - - - - - - - - -- - - - - - - - -
--
Cheers, --------- Jay
Jay Kahn G-025 jkahn@mitre.org
Secure Network Technology
telephone 703-883-6622 The MITRE Corporation, Mail Stop Z231
secretary 703-883-5397 1820 Dolley Madison Blvd.,
facsimile 703-883-1245 McLean, VA 22102-3481