Below is a collection of interesting readings relevent to this
course. These are not required readings unless I assign them.
- Aleph One. "Smashing the Stack for Fun and Profit." Phrack Issue 49, November 1996.
- Exploiting Format String Vulnerabilities, scut / team teso, March 2001
- Department of Defense Trusted Computer System Evaluation Criteria, DoD 5200.28-STD. December 1985.
- Jerome H. Saltzer and Michael D. Schroeder, The Protection of Information in Computer Systems, Massachusetts Institute of Technology Cambridge, Mass. USA 1975
- Schell. R. Schell. Information Security: Science, Pseudoscience, and Flying Pigs. ACSA/ACM Annual Computer Security Applications Conference. December 2001.
- Bell and LaPadula. Secure Computer Systems: Unified Exposition and Multics Interpretation. ESD-TR-75-306, MTR 2997 Rev. 1, The MITRE Corporation, March 1976.
- Mclean. A Comment on the Basic Security Theorem of Bell and LaPadula. Information Processing Letters. 20. 1985.
- Apu Kapadia, A Case (Study) For Usability in Secure Email Communication,
IEEE Security and Privacy, 5(2):80-84,
- S. Garfinkel and R. Miller. Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express. Symposium on Usable Privacy and Security. 2005.
- Patrick P. Tsang, When Cryptographers Turn Lead into Gold, In IEEE Security and Privacy, vol. 5, no. 2, pp. 76-79, Mar/Apr, 2007.
- Neal Koblitz, The uneasy relationship between mathematics and cryptography, Notices of the Amer. Math. Society, Vol. 54, 2007, 972-979
- Kocher. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. CRYPTO 96 Springer-Verlag LNCS 1109.
- SP 800-57 Part 1, Recommendation for Key Management - Part 1: General (Revised) contains general guidance and has been updated (March 2007), NIST
- M. Abadi and R. Needham. Prudent Engineering Practice for Cryptographic Protocols,
IEEE Transactions on Software Engineering. January 1996 (Vol. 22, No. 1)
- K. Thompson. Reflections on Trusting Trust. Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763.
- E. Spafford. "The Internet Worm: Crisis and Aftermath," Communications of the ACM 32: 678-687, 1989.
- Inferring Internet Denial-of-Service Activity
David Moore, CAIDA; Geoffrey M. Voelker and Stefan Savage, University of California, San Diego. USENIX Security 2001.
- Nikita Borisov, Ian Goldberg, David Wagner, Intercepting Mobile Communications: The Insecurity of 802.11, MOBICOM, July 2001.
- "I've Got Nothing to Hide, and Other Misunderstandings of Privacy," DANIEL J. SOLOVE, George Washington University Law School, San Diego Law Review, Vol. 44, 2007. (local copy)
- "A Taxonomy of Privacy," DANIEL J. SOLOVE, GWU Law School Public Law Research Paper No. 129
University of Pennsylvania Law Review, Vol. 154, No. 3, p. 477, January 2006. (local copy)
Unlinkability, Undetectability, Unobservability, Pseudonymity, and
Identity Management — A Consolidated Proposal for Terminology,
Pfitzmann, Hansen, TU Dresden
- Crowds: Anonymity for web transactions,
M. K. Reiter and A. D. Rubin
ACM Transactions on Information and System Security 1(1):66–92,
- Low-Cost Traffic Analysis of Tor
S.J. Murdoch, G.Danezis, IEEE Security and Privacy (Oakland) 2005
- "From Chaum to Tor and Beyond: A Survey of Anonymous Routing Systems," Peter C. Johnson, Apu Kapadia (draft)
- "Tor: The Second-Generation Onion Router," Roger Dingledine and Nick Mathewson, Paul Syverson, USENIX Sec 2004.
- Milgram, Stanley (1963). "Behavioral
Study of Obedience". Journal of Abnormal and Social Psychology 67:
- Diagnosis of Munchausen’s
Syndrome by an Electronic Health Record Search, Thomas G. Van
Dinter , Jr, MD, Brian J. Welch, MD,
The American Journal of Medicine - Volume 122, Issue 10 (October 2009)
Electronic Health Records in the Age of Social Networks and Global
Telecommunications , Aviv Shachak and Alejandro R. Jadad,
The Practice of Informatics:
White Paper: Personal Health Records: Definitions, Benefits, and Strategies for Overcoming Barriers to Adoption ,
Paul C Tang, Joan S Ash, David W Bates, J Marc Overhage, Daniel Z
Sands, JAMIA 2006;13:121-126
Facebook, James Grimmelmann. Iowa Law Review 94 (2009): 1137-1206.
in the Clouds: Risks to Privacy and Confidentiality from Cloud
Computing, Robert Gellman, World Privacy Forum (2009).