CS 190 Readings on Computer Security

Fall, 2005

Papers available from on campus only!

 

Group 0:  Introduction

Ellison and Schneier, "Ten Risks of PKI:  What you're not being told about public key

infrastructure," Computer Security Journal, Volume 16 (1), 2000.

 

McGraw & Morrisett , Attacking Malicious Code:  A report to the Infosec Research Council, IEEE Software, Volume 17(5), September/October 2000.

 

Butler Lampson, Computer Security in the Real World, Marshall D. Abrams Invited Essay, presented at the Annual Computer Security Applications Conference, 2000.

 

Group 1:  Traditional models:

John McLean, Security Models,  from Encyclopedia of Software Engineering (ed. John Marciniak), Wiley Press,1994.

                     z   3       3  

!#"%$'&h)( *,+,- . / * /0- 132 4 56/ 7 ! 8:9);! <;<#4'=?>)> @A$

 

Butler Lampson, Authentication in Distributed Systems:  Theory and Practice, ACM Trans. Computer Systems 10, 4 (Nov. 1992), pp 265-310.

 

Butler Lampson, Protection, in Proc. 5th Princeton Conf. on Information Sciences and Systems, Princeton, 1971, p. 437, reprinted in ACM Operating Systems Rev. 8, 1 (Jan. 1974), p 18.

 

Group 2:  Vandalism and security:

 

AlephOne, Breaking and entering: Smashing the Stack for Fun and Profit (in Phrack 49 at www.phrack.org/show.php?p=49&a=14), 1996

 

Pincus and Baker, Beyond Stack Smashing:  Recent Advances in Exploiting Buffer Overruns, IEEE Security & Privacy, vol. 02, no. 4, pp. 20-27,  July-August,  2004.

 

Group 3:  Languages-based mechanisms:

 

James Morris, Protection in Programming Languages, Communications of ACM, Vol 16, No. 1, January, 1973, pp. 15-21.

 

Joshi & Leino, Semantic approach to secure information flow, Science of Computer Programming 37 (2000) 113138.

 

Sabelfeld and Myers, Language-based information-flow security by, IEEE Journal on Selected Areas in Communications, Vol. 21, No. 1, January, 2003.

 

 

Group 4:  Java Virtual machine security:

 

Dean, Felton, Wallach, and Balfanz, Java Security: Web browsers and beyond, in Internet Besieged: Countering the Cyberspace Scofflaw, Dorothy and Peter Denning, editors, ACM Press, 1997.

 

Wallach, Appel, and Felten, SAFKASI:  A security mechanism for Language-Based Systems, ACM Transactions on Software Engineering and Methodology, Vol. 9, No. 4, October 2000, Pages 341378.

 

Extra papers:

 

Rivest, Cryptology, Chapter 13 of Handbook of Theoretical Computer Science, (ed. J. Van Leeuwen) vol. 1 (Elsevier, 1990), 717--755.

 

Saltzer, J.H. and Schroeder, M.D. , The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278-1308, Sept., 1975

 

Glossary

 

Available on-line at http://www.sans.org/resources/glossary.php