CS 190 Readings on Computer Security

Fall, 2005

Papers available from on campus only!


Group 0:  Introduction

Ellison and Schneier, "Ten Risks of PKI:  What you're not being told about public key

infrastructure," Computer Security Journal, Volume 16 (1), 2000.


McGraw & Morrisett , Attacking Malicious Code:  A report to the Infosec Research Council, IEEE Software, Volume 17(5), September/October 2000.


Butler Lampson, Computer Security in the Real World, Marshall D. Abrams Invited Essay, presented at the Annual Computer Security Applications Conference, 2000.


Group 1:  Traditional models:

John McLean, Security Models,  from Encyclopedia of Software Engineering (ed. John Marciniak), Wiley Press,1994.

                     z   3       3  

!#"%$'&h)( *,+,- . / * /0- 132 4 56/ 7 ! 8:9);! <;<#4'=?>)> @A$


Butler Lampson, Authentication in Distributed Systems:  Theory and Practice, ACM Trans. Computer Systems 10, 4 (Nov. 1992), pp 265-310.


Butler Lampson, Protection, in Proc. 5th Princeton Conf. on Information Sciences and Systems, Princeton, 1971, p. 437, reprinted in ACM Operating Systems Rev. 8, 1 (Jan. 1974), p 18.


Group 2:  Vandalism and security:


AlephOne, Breaking and entering: Smashing the Stack for Fun and Profit (in Phrack 49 at www.phrack.org/show.php?p=49&a=14), 1996


Pincus and Baker, Beyond Stack Smashing:  Recent Advances in Exploiting Buffer Overruns, IEEE Security & Privacy, vol. 02, no. 4, pp. 20-27,  July-August,  2004.


Group 3:  Languages-based mechanisms:


James Morris, Protection in Programming Languages, Communications of ACM, Vol 16, No. 1, January, 1973, pp. 15-21.


Joshi & Leino, Semantic approach to secure information flow, Science of Computer Programming 37 (2000) 113138.


Sabelfeld and Myers, Language-based information-flow security by, IEEE Journal on Selected Areas in Communications, Vol. 21, No. 1, January, 2003.



Group 4:  Java Virtual machine security:


Dean, Felton, Wallach, and Balfanz, Java Security: Web browsers and beyond, in Internet Besieged: Countering the Cyberspace Scofflaw, Dorothy and Peter Denning, editors, ACM Press, 1997.


Wallach, Appel, and Felten, SAFKASI:  A security mechanism for Language-Based Systems, ACM Transactions on Software Engineering and Methodology, Vol. 9, No. 4, October 2000, Pages 341378.


Extra papers:


Rivest, Cryptology, Chapter 13 of Handbook of Theoretical Computer Science, (ed. J. Van Leeuwen) vol. 1 (Elsevier, 1990), 717--755.


Saltzer, J.H. and Schroeder, M.D. , The protection of information in computer systems. Proceedings of the IEEE, 63(9):1278-1308, Sept., 1975




Available on-line at http://www.sans.org/resources/glossary.php