From: Janczewski, Lech [l.janczewski@auckland.ac.nz] Sent: 2 August 2004 8:37 a.m. To: undisclosed-recipients: Subject: 2nd call, NZISF meeting, 12 August New Zealand Information Security Forum (NZISF) cordially invites you and your friends to the breakfast meeting: Venue: The Auckland Club, 34 Shortland St, CBD, Auckland Date: Thursday, 12 August 2004 Time: 7:30 am Cost: NZISF, NZSA and NZCS members and students - $20, all others - $25, Cash or cheques, no credit cards Registration: E-mail your name, first name, business affiliation, and phone number to: lech@auckland.ac.nz , you will receive confirmation via email. Topic: NGSCB - A New Tool for Securing Applications When Microsoft's "Longhorn" operating system is released in 2005, it will ship with a new security toolkit called the Next Generation Secure Computing Base (NGSCB). NGSCB provides some fundamentally new security features, as well as some implementations of security features seen in other operating systems. In this talk, we describe an integration of NGSCB with the Electronic Legal Forms (ELF) software of the Auckland District Law Society. The goal of our integration is to solve a number of ELF's existing security vulnerabilities, as well as to provide some features not previously possible. In particular, we have discovered that NGSCB will allow an extension of the security boundary of a distributed application to include some parts of a remote client PC, with a high degree of assurance even when the remote PC is administered by a third party. We close our talk with a general discussion of how NGSCB technology might be exploited by New Zealand enterprises who are developing or selling secure applications. We are eager find commercial partners who will make use of our research findings, and who will give us more insight into the software-security requirements of New Zealand. Our research is supported in part by New Zealand's New Economy Research Fund. The presenters Clark Thomborson Clark Thomborson has been a Professor of Computer Science at the University of Auckland since 1996. He received the PhD degree in computer science in 1980, under his birth name Clark Thompson, from Carnegie-Mellon University, Pennsylvania. He has held fulltime positions at the University of California at Berkeley, University of Minnesota, Massachusetts Institute of Technology, and LaserMaster Corporation of Minnesota. He has published more than 80 refereed papers on topics in software security, computer systems performance analysis, VLSI algorithms, data compression, and connection networks. Matt Barrett Matt Barrett graduated in 2004 from the University of Auckland with a BSc (Hons, 1st Class), majoring in Computer Science. The research discussed in this talk is from a graduate project he conducted in 2003 under the supervision of Professor Clark Thomborson, and is awaiting publication in the proceedings of the World Computer Congress 2004, after presentation at the 2nd Int'l Workshop on Certification and Security in Inter-Organizational E-Services. He is currently working towards his MSc in Computer Science, researching the possibilities of an open implementation of a trusted computing platform.