Computer Security

• Boaz Barak, Oded Goldreich, Russell Impagliazzo, Steven Rudich, Amit Sahai, Salil P. Vadhan, and Ke Yang. On the (im)possibility of obfuscating programs. In CRYPTO '01: Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology, pages 1–18, London, UK, 2001. Springer-Verlag.
• Fuat Baran, Howard Kaye, and Margaritta Suarez. Security breaches: Five recent incidents at Columbia university. In UNIX Security Workshop II, pages 151–171, Berkeley, CA, August 1990. Usenix Association.
• Arash Baratloo, Timothy Tsai, and Navjot Singh. Transparent run-time defense against stack smashing attacks. In Christopher Small, editor, USENIX 2000 Technical Conference Proceedings, Berkeley, CA, June 2000. Usenix Association.
• Leland L. Beck. A security machanism for statistical database. ACM Transactions on Database Systems, 5(3):316–3338, 1980. (doi:10.1145/320613.320617)
• David Bell. Looking back at the Bell-La Padula model. In ACSAC '05: Proceedings of the 21st Annual Computer Security Applications Conference, pages 337–351, Washington, DC, USA, 2005. IEEE Computer Society. (doi:10.1109/CSAC.2005.37)
• Anish Bhinami. Securing the commercial internet. Communications of the ACM, 39(6):29–35, June 1996.
• S. Buchegger and J.-Y. Le Boudec. Nodes bearing grudges: towards routing security, fairness, and robustness in mobile ad hoc networks. In 10th Euromicro Workshop on Parallel, Distributed and Network-based Processing, pages 403–410, 2002. (doi:10.1109/EMPDP.2002.994321)
• G. Buehrer, B.W. Weide, and P.A. Sivilotti. Using parse tree validation to prevent SQL injection attacks. In Proceedings of the 5th international Workshop on Software Engineering and Middleware, pages 106––113. ACM Press, September 2005. (doi:10.1145/1108473.1108496)
• David M. Chess and Steve R. White. An undetectable computer virus. In Virus Bulletin Conference, September 2000. Online http://www.research.ibm.com/antivirus/SciPapers/VB2000DC.pdf. Current June 2002.
• F.Y. Chin and G. Ozsoyoglu. Auditing and inference control in statistical databases. IEEE Transactions on Software Engineering, SE-8(6):574–582, November 1982.
• Stanley Chow, Phil Eisen, Harold Johnson, and Paul van Oorschot. A white-box DES implementation for DRM applications. pages 1–15, November 2003. Lecture Notes in Computer Science 2696. (doi:10.1007/b11725)
• Stanley Chow, Philip A. Eisen, Harold Johnson, and Paul C. van Oorschot. White-box cryptography and an aes implementation. In SAC '02: Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography, pages 250–270, London, UK, 2003. Springer-Verlag.
• Fred Cohen. Computer viruses: Theory and experiments. Computers & Security, 6(1):22–35, February 1987.
• Fred Cohen. Computational aspects of computer viruses. Computers & Security, 8(4):325–344, June 1989.
• Commission of the European Communities. Glossary of information systems security. DGXIII, INFOSEC Programme/S2001, 1993.
• Commission of the European Communities. Risk analysis methods database. DGXIII, INFOSEC Programme/S2014, 1993.
• W.R. Cook and S. Rai. Safe query objects: statically typed objects as remotely executable queries. In ICSE 2005: 27th International Conference on Software Engineering, pages 97–106, 2005. (doi:10.1109/ICSE.2005.1553552)
• George Coulouris, Jean Dollimore, and Tim Kindberg. Distributed Systems: Concepts and Design. Addison Wesley, 1995.
• Crispan Cowan, Perry Wagle, Calton Pu, Steve Beattie, and Jonathan Walpole. Buffer overflows: Attacks and defenses for the vulnerability of the decade. In Proceedings of the DARPA Information Survivability Conference and Exposition, pages 1119–1129, Washington, DC, January 2000. DARPA, IEEE Computer Society. (doi:10.1109/DISCEX.2000.821514)
• United Kingdom Central Computer and Telecommunication Agency, United Kingdom. CCTA Risk Analysis and Management Method: User Manual., version 3.0 edition, 1996. HMSO.
• David A. Curry. Improving the security of your Unix system. Final Report ITSTD-721-FR-90-21, SRI International, 33 Ravenswood Avenue, Menlo Park, CA 94025-3493, USA, April 1990.
• Fabrica Nacional de Moneda y Timbre. PITA: The time stamping service in a PKI. Online ftp://ftp.cordis.lu/pub/infosec/docs/pita.doc, 1998. INFOSEC Project ETS-II Lot 5.1.
• Dorothy Denning and Peter MacDoran. Location-based authentication. Computer Security Alert 154, Computer Security Institute, 1996.
• Dorothy Elizabeth Robling Denning. An intrusion detection model. IEEE Transactions on Software Engineering, 13(2):222–232, February 1987.
• Peter J. Denning. Computer viruses. American Scientist, pages 236–238, May-June 1988.
• Tim Dierks and Christopher Allen. The TLS protocol version 1.0. Internet Draft draft-ietf-tls-protocol-03.txt, Internet Engineering Task Force, May 1997.
• Eric Dubois and Suchun Wu. A framework for dealing with and specifying security requirements in information systems. In Sokratis K. Katsikas and Dimitris Gritzalis, editors, Information Systems Security: Facing the information society of the 21st century, pages 88–99. Chapman & Hall, 1996.
• Tom Duff. Experience with viruses on UNIX systems. Computing Systems, 2(2):155–171, Spring 1989.
• Mark W. Eichlin and Jon A. Rochlis. With microscope and tweezers: An analysis of the internet virus of November 1988. In IEEE Symposium on Research in Security and Privacy, pages 326–345, May 1989.
• C. Ellison and B. Schneier. Ten risks of PKI: What you're not being told about public key infrastructure. Computer Security Journal, 16(1):1–7, 2000.
• J. H. P. Eloff, L. Labuschagne, and K. P. Badenhorst. A comparative framework for risk analysis methods. Computers & Security, 12(6):597–603, October 1993.
• Alan O. Freier, Philip Karlton, and Paul C. Kocher. The SSL protocol version 3.0. Internet Draft draft-ietf-tls-ssl-version3-00.txt, Internet Engineering Task Force, November 1996.
• Claus Fritzner, Leif Nilsen, and Asmund Skomedal. Protecting security information in distributed systems. In 1991 IEEE Symposium on Security and Privacy, pages 245–254. IEEE Computer Society Press, 1991.
• S. M. Furnell, P. S. Downland, and P. W. Sanders. Dissecting the ``hacker manifesto''. Information Management and Computer Security, 7(2):69–75, 1999.
• Simson Garfinkel and Gene Spafford. Web Security and Commerce. O'Reilly and Associates, Sebastopol, CA, 1997.
• Gartner Research. The price of information security, June 2001.
• Carl Gould, Zhendong Su, and Premkumar Devanbu. Static checking of dynamically generated queries in database applications. In ICSE '04: Proceedings of the 26th International Conference on Software Engineering, pages 645–654, Washington, DC, USA, 2004. IEEE Computer Society.
• F. T. Grampp and R. H. Morris. UNIX operating system security. Bell System Technical Journal, 63(8), October 1984.
• Peter Gutmann. Software generation of practically strong random numbers. In 7th USENIX Security Symposium, Berkeley, CA, January 1998. Usenix Association.
• Naji Habra, B. Le Charlier, A. Mounji, and I. Mathieu. ASAX: Software architecture and rule-based language for universal audit trail analysis. In ESORICS 92, November 1992.
• Vivek Haldar, Deepak Chandra, and Michael Franz. Dynamic taint propagation for Java. In ACSAC '05: Proceedings of the 21st Annual Computer Security Applications Conference, pages 303–311, Washington, DC, USA, 2005. IEEE Computer Society. (doi:10.1109/CSAC.2005.21)
• W. G. Halfond and A. Orso. Preventing SQL injection attacks using AMNESIA. In ICSE 2006: Proceedings of the 28th International Conference on Software Engineering, pages 795––798. ACM Press, May 2006.
• William G.J. Halfond, Jeremy Viegas, and Alessandro Orso. A classification of SQL-injection attacks and countermeasures. In Proceedings of the International Symposium on Secure Software Engineering, March 2006.
• Andrew Hutchison, Matthias Kaiserswerth, and Peter Trommler. Secure world wide web access to server groups. In CMS '96 IFIP TC6/TC11 2nd joint working Conference on Communications and Multimedia Security, pages 234–243. Chapman & Hall, 1996.
• M. E. Kabay. The NCSA Guide ot Enterprise Security: Protecting Information Assets. McGraw-Hill, 1996.
• C. Kahn, P. Porras, S. Staniford-Chen, and B. Tung. A common intrusion detection framework. Available online http://www.gidos.org, July 1998.
• C. Ko, M. Ruschitzka, and K. Levitt. Execution monitoring of security-critical programs in distributed systems: A specification-based approach. In 1997 IEEE Symposium on Security and Privacy, pages 175–187. IEEE, 1997.
• Carl E. Landwehr, Alan R. Bull, John P. McDermott, and William S. Choi. A taxonomy of computer program security flaws. ACM Computing Surveys, 26(3):211–254, September 1994.
• Sin Yeung Lee, Wai Lup Low, and Pei Yuen Wong. Learning fingerprints for a database intrusion detection system. In Dieter Gollmann, Günter Karjoth, and Michael Waidner, editors, ESORICS '02: Proceedings of the 7th European Symposium on Research in Computer Security, pages 264–280, London, UK, 2002. Springer-Verlag. Lecture Notes In Computer Science 2502.
• U. Lindqvist and P. A. Porras. Detecting computer and network misuse with the production-based expert system toolset (P-BEST). In IEEE Symposium on Security and Privacy. IEEE, May 1999.
• Michael Martin, Benjamin Livshits, and Monica S. Lam. Finding application errors and security flaws using PQL: a program query language. In OOPSLA '05: Proceedings of the 20th annual ACM SIGPLAN conference on Object oriented programming, systems, languages, and applications, pages 365–383, New York, NY, USA, 2005. ACM Press. (doi:10.1145/1094811.1094840)
• Douglas Maughan, Mark Schertler, Mark Schneider, and Jeff Turner. Internet security association and key management protocol (ISAKMP). Internet Draft draft-ietf-ipsec-isakmp-07.txt, Internet Engineering Task Force, February 1997.
• Russell A. McClure and Ingolf H. Krüger. SQL DOM: Compile time checking of dynamic SQL statements. In ICSE '05: Proceedings of the 27th international conference on Software engineering, pages 88–96, 2005. (doi:10.1145/1062455.1062487)
• Gary McGraw and Edward Felten. Java Security Hostile Applets, Holes, and Antidotes. J. Wiley & Sons, 1996.
• M. Douglas McIlroy. Virology 101. Computing Systems, 2(2):173–184, Spring 1989.
• Kraig Meyer, Stuart Schaeffer, and Dixie Baker. Addressing threats in World Wide Web technology. In 11th Annual Computer Security Applications Conference, pages 123–132. IEEE Computer Society Press, 1995.
• Peter G. Neumann. Computer-communications security risks: Melissa is just the tip of a titanic iceberg. Available online http://www.csl.sri.com/users/neumann/house99.html (July 2001). Written testimony, for the U.S. House Science Committee Subcommittee on Technology, hearing on 15 April 1999.
• Peter G. Neumann. The challenges of insider misuse. In Workshop on Preventing, Detecting, and Responding to Malicious Insider Misuse, August 1999. Available online http://www.csl.sri.com/users/neumann/pgn-misuse.html (July 2001).
• V. Paxson. A system for detecting network intruders in real-time. In 7th USENIX Security Symposium, Berkeley, CA, January 1998. Usenix Association.
• Frédéric Perriot, Peter Ferrie, and Péter Ször. W32/Simile. Online http://www.virusbtn.com/resources/viruses/indepth/simile.xml. Current June 2002, 2002.
• Charles Pfleeger. Security in Computing. Prentice-Hall, 1996.
• J. Pieprzyk and B. Sadeghiyan. Design of Hashing Algorithms. Springer Verlag, 1993. Lecture Notes in Computer Science 756.
• M. J. Ranum, K. Landfield, M. Stolarchuck, M. Sienkiewicz, A. Lambeth, and E. Wall. Implementing a generalized tool for network monitoring. In 11th Systems Administration Conference (LISA '97), Berkeley, CA, October 1997. Usenix Association.
• Pauline Ratnasingham. EDI security — re-evaluation of controls and its implications on the organizations. Computers & Security, 16(8):650–656, 1997.
• E. Rescorla and A. Schiffman. The secure hypertext transfer protocol. Internet Draft draft-ietf-wts-shttp-04.txt, Internet Engineering Task Force, March 1997.
• Ravi Sandhu, Edward Coyne, Hal Feinstein, and Charles Youman. Role-based access control: A multi-dimensional view. In 10th Annual Computer Security Applications Conference, pages 54–62. IEEE Computer Society Press, 1994.
• Amitabh Saxena and Brecht Wyseur. On white-box cryptography and obfuscation. Available online http://arxiv.org/abs/0805.4648v2, 2008.
• Brian Schimpf. Securing web access with dce. In ISOC 1997 Symposium on Network and Distributed System Security, pages 102–108. IEEE Computer Society Press, 1997.
• R. Sekar and P. Uppuluri. Synthesizing fast intrusion detection/prevention systems from high-level specifications. In 8th USENIX Security Symposium, Berkeley, CA, 1999. Usenix Association.
• Prabhat K. Singh and Arun Lakhotia. Analysis and detection of computer viruses and worms: An annotated bibliography. ACM SIGPLAN Notices, 37(2):29–35, February 2002.
• Ben Smeets and Thomas Johansson. Secure Storage and Retrieval in Medical Information Systems. Lund University, 1997.
• Eugene H. Spafford, Kathleen A. Heaphy, and David J. Ferbrache. A computer virus primer. In Peter J. Denning, editor, Computers Under Attack: Intruders, Worms, and Viruses, chapter 20, pages 316–355. Addison-Wesley, 1990.
• Eugene H. Spafford. The Internet worm: Crisis and aftermath. Communications of the ACM, 32(6):678–687, June 1989.
• Zhendong Su and Gary Wassermann. The essence of command injection attacks in web applications. In Conference Record of the 33rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages POPL '06, pages 372––382. ACM Press, January 2006. (doi:10.1145/1111037.1111070)
• Fredrik Valeur, Darren Mutz, and Giovanni Vigna. A learning-based approach to the detection of SQL attacks. In Klaus Julisch and Christopher Kruegel, editors, Intrusion and Malware Detection and Vulnerability Assessment:Second International Conference, DIMVA 2005, pages 123–140, July 2005. Lecture Notes in Computer Science 3548. (doi:10.1007/11506881_8)
• Gary Wassermann and Zhendong Su. An analysis framework for security in web applications. In SAVCBS 2004: Proceedings of the FSE Workshop on Specification and Verification of Component-Based Systems, pages 70–78, 2004.
• Judson D. Weeks, Adam Cain, and Briand Sanderson. CCI-based Web security. In Fourth International World Wide Web Conference, pages 381–395. O'Reilly & Associates, December 1995.
• Richard G. Wilsher and Helmut Kurth. Security assurance in information systems. In Sokratis K. Katsikas and Dimitris Gritzalis, editors, Information Systems Security: Facing the information society of the 21st century, pages 74–87. Chapman & Hall, 1996.
• Ira Winkler. Corporate Espionage. Prima Publishing, Rocklin, CA, 1997.
• Wei Xu, Sandeep Bhatkar, and R. Sekar. Taint-enhanced policy enforcement: A practical approach to defeat a wide range of attacks. In Security '06: Proceedings of the 15th USENIX Security Symposium, pages 121–136, Berkeley, CA, August 2006. USENIX Association.
• P. Zimmerman. The Official PGP User's Guide. MIT Press, 1995.

 Last change: Saturday, September 12, 2009 0:13 am
 Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-Share Alike 3.0 Greece License.