CS 6262 Reading List: Spring 2009

• Mon 01/05 -- Lecture 1: Course Overview and Introduction
  
  • Ken Thompson
    Reflections on trusting trust
    In Communications of the ACM, Aug 1984, pages 761--763
    
• Mon 02/02 -- Lecture 7: Key Distribution, Management, Self-Certification
  
  • David Mazi\`eres and Michael Kaminsky and M. Frans Kaashoek and Emmett Witchel
    Separating key management from file system security
    In Proc. 17th ACM Symposium on Operating Systems Principles (SOSP), Dec 1999
    
• Mon 02/09 -- Lecture 9: Secure Fault Localization (Sharon Goldberg)
  
  • Sharon Goldberg and others
    Path-Quality Monitoring in the Presence of Adversaries
    In SIGMETRICS, Jun 2008
    
  • Boaz Barak and others
    Protocols and Lower Bounds for Failure Localization in the Internet
    In EUROCRYPT, Apr 2008
    
• Wed 02/11 -- Lecture 10: Taint Analysis
  
  • Dorothy E. Denning
    A lattice model of secure information flow
    In CACM, May 1976, pages 236--243
    
  • Heng Yin and Dawn Song and Manuel Egele and Christopher Kruegel and Engin Kirda
    Panorama: capturing system-wide information flow for malware detection and analysis
    In Proceedings of the ACM Conference on Computer and Communications Security (CCS), Oct 2007
    
• Mon 02/16 -- Lecture 11: Access Control and Secure System Design
  
  • Saltzer, J.H. and Schroeder, M.D.
    The protection of information in computer systems
    In IEEE, Proceedings, 1975, pages 1278--1308
    
• Wed 02/18 -- Lecture 12: Cryptography and System Security
  
  • Anderson, R.
    Why cryptosystems fail
    In Proceedings of the 1st ACM conference on Computer and communications security, 1993, pages 215--227
    
• Mon 02/23 -- Lecture 13: Malware and Worms
  
  • 
    
    
• Wed 02/25 -- Lecture 14: Buffer Overflows and Common Vulnerabilities
  
  • Cowan, C. and Pu, C. and Maier, D. and Hintony, H. and Walpole, J. and Bakke, P. and Beattie, S. and Grier, A. and Wagle, P. and Zhang, Q.
    StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
    In Proceedings of the 7th USENIX Security Symposium, 1998
    
• Wed 03/11 -- Lecture 16: IP-Layer Security
  
  • David G. Andersen and Hari Balakrishnan and Nick Feamster and Teemu Koponen and Daekyeong Moon and Scott Shenker
    Accountable Internet Protocol (AIP)
    In SIGCOMM, address=Seattle, WA, Aug, year = 2008
    
• Mon 03/30 -- Lecture 19: Monitoring and Intrusion Detection
  
  • Paxson, V.
    Bro: a system for detecting network intruders in real-time
    In Proceedings of the 7th conference on USENIX Security Symposium, 1998
    
• Wed 04/08 -- Lecture 22: Anonymity and Privacy
  
  • Dingledine, R. and Mathewson, N. and Syverson, P.
    Tor: the second-generation onion router
    In Proceedings of the 13th conference on USENIX Security Symposium, 2004
    
• Mon 04/13 -- Lecture 23: Web Security
  
  • Provos, N. and McNamee, D. and Mavrommatis, P. and Wang, K. and Modadugu, N.
    The Ghost In The Browser Analysis of Web-based Malware
    

Last Updated Tue Apr 21 16:50:22 -0400 2009