|
ACM | 
|
SIGSAC Establishes Strong Conference Presence
Reprinted from December 2001 issue of ACMemberNet
|
|
ACM |
|
Reprinted from December 2001 issue of ACMemberNet
Founded in the early 80s, ACM's Special Interest Group on Security, Audit, and Control (SIGSAC) has become increasingly active over the past 10 years. The 800-member SIG focuses its concern on all aspects of information and system security encompassing security technologies, systems, applications, and policies. Areas of special interest include control of access to resources, verification of identity, risk analysis, privacy issues related to computer security, and architectural foundations for secure systems.
Ravi Sandhu has been Chair of SIGSAC since 1995. He is also the founding Editor-in-Chief of ACM Transactions on Information and Systems Security, which began publishing in 1998. Sandhu is Professor of Information and Software Engineering at George Mason University and co-founder of SingleSignOn.Net, an Internet security company.
In an interview with ACM's MemberNet, Sandhu discussed SIGSAC's transition in 1997-98 from a full-service SIG to a conference-only SIG. "In 1993 and then again in 1995, SIGSAC inaugurated two major conferences that very quickly established reputations for their high quality. It became increasingly clear that our primary mission should be to encourage research and applications of research by sponsoring high-quality conferences and workshops. Formerly, we had a newsletter but it was very difficult to guarantee quality submissions. We had to make a choice of where to invest our effort. Instead of sending a newsletter to members, we now send hard copies of conference proceedings. We have received good feedback that members appreciate this benefit. Some members are unable to attend and value having hard copies available in addition to electronic copies. Those who do attend value having extra hard copies to share with colleagues and students."
At present the SIG sponsors two major conferences. The ACM Conference on Computer and Communications Security (CCS) was started in 1993 and is now held every year in November. The most recent conference was in early November in Philadelphia, and next year it will be held in Washington DC. In the past CCS has been held in India, Singapore and Europe in addition to sites in the United States. Sandhu commented that the SIG would like to see the conference held in different countries because there is strong world-wide interest and need for information security.
In 1995 a workshop on role-based access control was started. In 2001 it was renamed as an annual conference: the ACM Symposium on Access Control Models and Technologies. This conference is held each year in May, with the next one in Monterey, CA. Presenters from both CCS and the Symposium are often invited to develop their ideas into journal quality papers for the Transactions on Information and Systems Security.
Sandhu noted that many "hot" topics are addressed at SIGSAC conferences. For instance, at the recent CCS conference, issues involved in the Digital Millennium Copyright Act (DMCA) were discussed. In line with these concerns, there was a special workshop on digital rights management at the CCS conference. Important for the community at large are questions about whether or not people should be allowed to publish vulnerabilities and schemes used to protect their home companies' digital content. There is a case presently in court that is attempting to gain clarification on the meaning of the Act. Many of the researchers who are directly affected are members of SIGSAC.
Sandhu remarked, "This topic of the DMCA is very controversial. There are a lot of commercial concerns and legal issues involved. The technical community in general has relatively little understanding of the legal issues. In pursuit of the DMCA, some companies have aggressively tried to sue people who have tried to publish about vulnerabilities. This has created a great deal of uncertainty in the community about what is legal and what is not."
Sandhu also commented on the role SIGSAC can play in response to the recent September 11th events involving security and cyber-terrorism. "There has definitely been an increase in the awareness about security in general and that there have been some pretty spectacular events in cyberspace without much knowledge of who is behind them. Of course, the Federal government has become more involved. President Bush's appointment of Richard Clark as a kind of cyberspace "czar" is one indication of this. Clark has been a prominent government player in the cyberspace security community. This appointment elevates his status. There are also some bills in Congress for increased funding for security issues.
"In terms of increase in cyber-security and general security, SIGSAC can play a role in two ways. First, we need to protect the electronic infrastructure - the cyberspace infrastructure, the Internet infrastructure - itself.
"But we can also play a role in protecting more immediate concerns. For instance, if some kind of identification card can be issued, it will have a bearing on how airport security is transacted. One example is issuing cards to frequent fliers that strongly authenticate them. The frequent fliers might be able to move through the security checks a little faster.
"Or maybe the airlines can return to the direction in which they were originally headed of having travelers check in on their own. They may not be able to that with everybody but authentication mechanisms could be developed for those who have passed a certain level of background checks. Of course, there is hesitation about introducing national identification cards, but authentication could be based on the kinds of techniques that the SIGSAC community routinely researches."
In looking to the future of the SIG, Sandhu foresees the possibility of more annual workshops and/or conferences that might begin as attachments to the already existing conferences. "ACM now has a very high profile in the security community. Also, we are in a stable position with respect to conferences and the Transactions and we would like to build on our strengths."