ACM SIGSAC Year-end Report on Activities For The Period July 1, 1993 -- June 30, 1994 Prepared By: Daniel P. Faigin, Chair, ACM/SIGSAC 1. INTRODUCTION This report summarizes the activities of ACM/SIGSAC during the past year. It is written as part of ACM/SIGSAC's annual reporting requirements. It presents our technical highlights and sucesses, as well as our plans for the future. 2. NEWSLETTER The ACM/SIGSAC Newsletter, SIGSAC Review, was published on a regular schedule during this period under the able editorship of Catherine Meadows of the Naval Research Laboratory. Paper topics have included the following: o Auditing MRP Systems o High Assurance Composite Systems o Knowledge Based Security Control for On-Line Database Transaction Processing Systems o Mathematical Frameworks to Implement Statistical Databases We've also had numerous conference reviews and calls for papers published. 3. SPECIAL PROJECTS ACM/SIGSAC has been involved with two primary special projects: Computer Security Day, and the Security Criteria Development. 3.1. Computer Security Day Computer Security Day (CSD) is an initiative started in 1988 by the Washington DC SIGSAC Chapter to make the community aware of Computer Security. It has since been adopted as a ACM/SIGSAC activity. It is observed the first working day of December. By writing a letter to the CSD coordinator, participants receive a poster and suggestions for ways to observe the day. Official participants in the CSD included organizations from 11 different countries and a majority of the states. We also had a number of mayoral declarations for CSD. The coordinator of this activity is Lee Ohringer (Ohringer@dockmaster.ncsc.mil). 3.2. Criteria Development During this year, arrangement were made with the Canadian Department of National Defense to provide a copy of the Canadian Trusted Computer Product Evaluation Criteria to all SIGSAC members. It is anticipated that this will be shipped during the summer of 1994. 4. CONFERENCES AND WORKSHOPS One of the goals of ACM/SIGSAC was to improve its visibility in the conference and workshop area. We feel that we have done this with our new conferences. During this reporting period, ACM/SIGSAC was involved in a sponsorship capacity with four conferences/workshops, and an in-cooperation category with two other conferences: o Computers, Freedom and Privacy 4 (25% Sponsorship). Held in Chicago in March 1994. o First ACM Conference on Computers and Communication Security. (100% Sponsorhip) VERY Successful. Held in Washington DC in November 1993. o Second New Security Paradigms Workshop (100% Sponsorship). Held in Little Compton RI in August 1993. o Issues '93 Workshop at the Annual Computer Security Applications Conference. (100% Sponsorship). o Annual Computer Security Applications Conference (In cooperation with). Held in Orlando Florida in December 1993 o Usenix Security Symposium (In cooperation with). SIGSAC plans to continue to be involved in these conferences in the future. 5. AWARDS None. 6. EDUCATIONAL ACTIVITES ACM/SIGSAC had no special educational activities during the year. 7. ADMINISTRATION SIGSAC started the year with a negative fund balance due to some conference losses three years ago. Given the reported surpluses from our conferences this year, it appears we should be able to return to a positive fund balance within the next two fiscal years (given the normal delays on receiving conference funds). The SIG has appointed a nominating committee, and has begun an active search for officer candidates. So far, at least one candidate for chair and vice-chair has been found.