|
ACM | 
|
ACM's SIGSAC COMES INTO ITS OWN
Reprinted from November 1996 issue of ACMemberNet
|
|
ACM |
|
Reprinted from November 1996 issue of ACMemberNet
Founded in the early 80s, ACM's special interest group SIGSAC has become increasingly active over the past 5 years. The 900-member SIG focuses its concern on all aspects of information and system security encompassing security technologies, systems, applications and policies. Areas of special interest include control of access to resources, verification of identity, risk analysis, privacy issues related to computer security, and architectural foundations for secure systems.
Ravi Sandhu is the present SIGSAC Chair and a professor at George Mason University, where he specializes in research on information security. Sandhu credits the SIG's recent success partly to timing and partly to the its creation of several new conferences and workshops. He notes that the Defense Department has always been concerned about security, but the commercial world has only become really interested in the past 5 to 10 years. The advent of networking has had an especially strong impact. Once computers began to be attacked on the Internet, it became hard for industry not to pay attention to security issues.
Sandhu notes that another factor contributing to the growth of SIGSAC activities is an increased interest in quality and standards. Companies realize that it is very hard to do business without standards. They have also come to realize that standards written by committee or government and enforced by fiat are very often not successful. More and more standards have begun to emerge from the commercial community, both from companies that actually create products and those that use the products of others.
SIGSAC, then, with its interest in security, audit, and control, is very well situated to address the interests of not only academia and government, but now the commercial sector as well. Thus far, it has served its constituency's needs primarily through conferences, workshops, and a newsletter, for which Catherine Meadows (Naval Research Lab) is the present editor. The SIG also is exploring possibilities for electronic dissemination. The new ACM Transactions on Information and Systems Security (TISSEC) has been officially approved by the ACM Publications Board with Sandhu as Editor-in-Chief. The inaugural issue is planned for January, 1998.
SIGSAC and SIGCOMM co-sponsor the very successful Computers, Freedom, and Privacy Conference, which began in 1992. The conference focuses on the the social, political, and legal aspects of computing.
The security technique of role based access control, in contrast to multilevel security, has recently received new attention in the commercial and nonclassified-government worlds. In response to this interest, SIGSAC started the Role Based Access Control workshop last year. In 1992 the New Security Paradigms Workshop was established to help search out and promote security ideas that are radically different.
Launched in 1993, the ACM Conference on Computers and Communications Security is the SIG's flagship conference. It is wide ranging both in its coverage of the entire field of security and in its international scope. The annual meetings have been held all over the world. Sandhu comments that the SIG is particularly encouraged by the participation from Asia, where many countries are trying to to modernize rapidly and build an information infrastructure.
Sandhu encourages other SIGs to also take a more global perspective in their activities. As the world becomes increasingly integrated, both economically and technologically, he urges that conferences be held abroad more often and/or more international speakers should be invited to participate in programs.