Register Now!"; // Authors - you can have as many as you like $author[0] = "David Purdue"; //$author[1] = "Someone Else"; // Describe the page - or comment out. $description = "A short conference on issues of security run by AUUG Inc."; // Keywords - comment out if not used. $keywords = "auug, unix, open, systems, source, network, standards, computer, security, identification, authentication, authorisation"; // if needed, you can set this page to refresh every n seconds - comment // out if you don't need this. // $refresh = 30; // the AUUG web site is deemed to be owned by the AUUG Secretary. uncomment // and change this line if your page needs a different owner. // $owner = ""; // if an additional stylesheet is used, specify it here. // $stylesheet = "/info/benefits.css"; // Finally - only set this if you have checked that the page conforms // to HTML 4.01 Transitional using the validator at $conforms = 1; // // END OF VARIABLES // // Now include the template material. PHP4 seems to need this syntax. Sorry. $dr = "DOCUMENT_ROOT"; include "$_SERVER[$dr]" . "/../php/auug.php"; // Now output all the stuff that goes before the page content. auug_header(); ?>


The Novotel Canberra, 65 Northbourne Avenue, Canberra ACT 2601


Registration Opens:   8:30 am
Start:   9:00 am
End:   5:30 pm


Please download the Symposium Registration Form (in Acrobat format), fill it in and return it to AUUG quickly! We will accept registrations up until Tuesday 17 February. After that date the AUUG office will not be staffed. Last minute registrations are welcomed. If you couldn't make it on time come and see us at the venue, or phone 02 8824 9511 on the day. The number will redirect to a mobile.


Fortinet, Inc. The 2004 AUUG Security Symposium is sponsored by Fortinet, Inc.


The AUUG Security Symposium provides a forum for discussion of security technologies, techniques and management.

Our society today is highly dependant on our almost pervasively interconnected systems. Hence we are also dependant upon the security of these systems. As Governments and private industry become increasingly aware of the vulnerability of our systems there is a growing requirement for security education and for practioners to share their knowledge for the greater good.

This symposium aims to fill a gap in the Australian conference scene between the high cost commercial conferences where attendees hear mainly marketing pitches and the academic-based research conferences. It is unashamedly for the practioner in the field who wants to share (or know about) how to secure their systems (be it a PC operating systems, a huge network or a client server application).

The symposium will be a one day event with paper presentations. This will be the best opportunity in Australia this year to meet, discuss and debate your ideas and experiences on information security.

Symposium Programme

Walls of Adamant, Foundations of Quicksand

Brian Denehy

90East, Canberra

This talk will discuss the current state of security in applications and operating systems, and why the effort to remediate problems in these by vendors and others are at best misdirected and at worst counterproductive. It will also consider the fact that many of the remedies proposed to improve matters are built using services which have not (yet) been the targets of attack but certainly will be once enough people are locked into the remedies. In passing it will consider such points as why people are still probing for the Morris Worm vulnerabilities after fifteen years and the importance of data flow analysis in securing systems.

Security Risk Management Overview

Dr Lawrie Brown

School of IT&EE, Australian Defence Force Academy, Canberra, Australia

This talk will present a brief overview of security risk management, including the critical risk assessment process. This aims to identify threats to, impacts on and vulnerabilities of information and information processing facilities and the likelihood of their occurrence, in order that these threats may be controlled and minimised at an acceptable cost. Unfortunately, this process is often not managed well. Relevant international and national standards will be mentioned which provide guidance on this process. Then an overview of the process, as outlined in DSD ACSI 33, and mandated for commonwealth government use, will be presented as more detailed guidance for those who need to undertake such a process.

Linux Kernel Hacking for Network Security

Bob Edwards

Department of Computer Science, ANU

This is really two talks in one, both involving Linux kernel coding to enhance network security on key routers.

The first part is subtitled "Hardening a Wireless LAN VPN router" and will discuss some work done to help protect a VPN router on an open Wireless LAN to resist some forms of denial-of-service attack. The main work done here is to allow the kernel to be configured to drop any frames that arrive from unknown MAC addresses. Known MAC addresses are stored in the ARP table (statically) and are updated regularly using user-land code and a database.

The second part is further work done on the Network File System (NFS) filtering code that was discussed at the AUUG Security Symposium held in Brisbane in 2001. The further work brings the NFS filtering code more formally into the Linux netfilter framework and allows more scope in options controlled by the iptables command. It will also discuss our experiences in using this technique over the past 3 years at ANU.

Both parts of the talk will be somewhat technical in nature and will include a relatively in-depth discussion of the kernel ('C') code involved.

Single System Image security

Ian Latter

IT Services, Macquarie University

The pinnacle of success for any Single System Image (SSI) based cluster, should be the achievement of a global deployment on commodity x86 computing equipment; leveraging both the public communications infrastructure and existing capital equipment (personal computing) expenditure.

In this presentation we will explore the openMosix network architecture, network level risk mitigation techniques for the redeployment of organizational infrastructure in open clusters, a practical application of those techniques in the CHAOS and ClusterKnoppix Linux distributions, and proposals for extending both the security model and the flexibility of the openMosix architecture.

A New Approach for Defeating DDoS Attack

Wei Shi and Wanlei Zhou

School of Information Technology, Deakin University

This paper presents a new approach for DDoS attack detection and blocking. A hybrid detection mechanism, which uses a neural network algorithm to learn the normal network traffic and detect traffic anomaly. New attack signatures can be learned from the latest attacks. The detection interval can be adjusted automatically to save the detection cost. The response to the attacks will use both the flow analysis and connection analysis technologies. Under this approach, DDoS attacks can be defeated from both the source end and the victim end so the network traffic incurred by DDoS attacks will be greatly reduced.


Dan Shearer

Creating systems that run inside protected, restricted or concocted environments gives new opportunties to security researchers and practitioners. Opportunities such as:

This talk gives a practical introduction to the virtualisation scene, especially from the point of view of free software.

Online Authentication and Encryption Processes

John Brunker

National Archives of Australia, Canberra

I plan to speak about the forthcoming Archives guideline 'Recordkeeping Implications of Online Authentication and Encryption Processes'. Agencies use authentication and encryption processes to provide the necessary trust and confidence to carry out their business online. There is also a requirement for these agencies to create and maintain records to meet legal obligations, business requirements and community expectations. The need to provide evidence of authenticity and non-repudiation, as well as confidentiality during transmission, ongoing accessibility and assurance of privacy raises a number of recordkeeping challenges. The guideline sets out to provide in the one document information about how agencies can meet these challenges and is designed to assist agencies by linking the technology to the recordkeeping requirements for managing records that are authentic, reliable and accessible.

Applying PGP to combat spam and malware

Ben Elliston

Spam and malware increasingly impose a security threat to users and their computer systems, through trojan horses, email designed to trick users and the usual drain on resources that spam causes. Recent reports suggest that we now receive more spam than legitimate mail. After a year of aggressively tackling spam in my own mailbox, I have gained a better understanding of the situation. I will briefly talk about the evolution of spam in recent years and the taxonomy of tools to fight it. One conclusion I have drawn is that we need to look at the problem differently: don't detect who is a spammer, but detect who is not. PGP digital signatures and the "web of trust" is one such tool for the job.

Modern NetBSD Security Features

Luke Mewburn

The NetBSD Foundation

Security is only effective if people are aware of how to use it effectively. Many features exist in NetBSD to "raise the (security) bar", and I'll cover some of the more interesting and/or recent features, including:

Running Services In an Emulator Sandbox

Rusty Russell

IBM Linux Technology Center

Late last year I wanted to run a tetrinetx server on a public box. Not trusting the code to be all that secure, I chose to run the whole thing under qemu, Fabrice Bellard's fast i386 emulator. This talk is about the enhancements to the emulator and developments in the environment.

"I am Not a Target to Hackers"

Ron Brandis

Electronic Warfare Associates

Many organisations believe they are not a target for hackers, since they have nothing of value to steal or destroy, is false. For the attacker the real motivation may not be to steal or destroy an organisation's assets it is often to control them so as they can conduct further attacks on other organisations. This presentation through live demonstration shows how an Attacker, using current exploit methods, searches for soft targets in order to direct attacks at a more secure second target. The first target in most cases maybe a normal home user whilst the second is the valued target for the attacker. This presentation walks through the various stages of the attacks: Network port scanning in order to identify soft targets; Attack and comprise the soft target through a current Buffer overflow; Download the required attacking tools to the soft target; Launch SQL injections attacks, from the soft target, at another target; and Comprise and control the second target, all through the soft target.

Additional Information


Parking is at a charge of $5.50 per car for all guests staying at the Novotel Canberra. Parking is not available for day guests. There are a number of public parking stations within a two-block radius of the hotel for use by attendees.


An accommodation rate of $149.00 per room for single, double or twin share accommodation has been negotiated with the Novotel Canberra. Bookings are to be made directly with the Novotel Canberra, ph: (02) 6245 5000. Please quote that you are attending the "AUUG Security Symposium" and require this rate.

All delegates are responsible for settling their own accounts on departure, directly with the Novotel Canberra.

Please note: Any amendments or cancellations to hotel bookings must be made directly with the Novotel Canberra.

Call for Papers/Presentations

The Call for Papers has now closed.

For archival purposes, the call for papers can be read here.

Security Symposium Contact Information

The Security Symposium committee is:

Information Disclaimer

The speakers, topics and times are correct at the time of publishing. In the event of unforeseen circumstances, AUUG reserves the right to alter or delete items from the Symposium Programme.

Each Delegate named herein, or their later substitute, accepts that AUUG, their agents, speakers, chairmen, secretariat or any other persons ("the parties") involved in the preparation of this pamphlet or in the planning or presentation of the Symposium, do not accept any contractual, tortious or other form of liability for loss or damage suffered by the delegate or their later substitute relying on any statement representation advice or opinion (whether true or otherwise, written or oral) and whether due to the negligence of any of the said parties by this disclaimer of liability to exclude liability, if any, for such statement representation advice or opinion, and that the said party may rely on this disclaimer of liability in the event of any demand claim suit or action brought against any or all of them arising out of any statement representation advice or opinion. The authors have prepared this material for Professional Development purposes. Although they trust that it will be useful for this purpose, neither the authors nor AUUG can warrant that the use of this material would be adequate to discharge the legal or professional liability of members in the conduct of their practices. AUUG reserves the right to cancel the event.