Relevant Papers for the Course: Information and System Seucrity



SECURITY FUNDAMENTALS

  • Protection, B. Lampson, Proc. 5th Princeton Conf. on Information Sciences and Systems, Princeton, 1971

  • Access control by Boolean expression evaluation, Miller and Baldwin, Proc. 5th Annual Computer Security Applications Conference, 1990

  • On Protection in Operating Systems, Harrison, Ruzzo, Ullman, CACM, 1976

  • A Linear Time Algorithm for Deciding Subject Security, Lipton and Snyder, JACM, 1977

  • On the Synthesis and Analysis of Protection Systems, L. Snyder, ACM Symposium on Operating System Principles, 1977

    SECURITY POLICIES

  • Secure Computer System: Unified Exposition and Multics Interpretation, Bell and La-Padula, 1976

  • A Comparison of Commercial and Military Security Policies, Clark and Wilson, 1987

  • The Chinese Wall Security Policy, Brewer and Nash, 1989

  • Non-Discretionary Controls for Commercial Applications, Lipner, 1982

    RBAC

  • Role Based Access Control Models, Sandhu et al., IEEE Computer, 1996

  • TRBAC: A Temporal Role-Based Access Control Model, Bertino et al., ACM TISSEC, 2001

  • The Role Mining Problem: Finding a Minimal Descriptive Set of Roles, Vaidya et al., ACM SACMAT, 2007

    AUTHENTICATION

  • Improving System Security Through Proactive Password Checking, Bishop and Klein, Computers and Security, 1995

  • Pass-algorithms - A user validation Scheme based on Knowledge of Secret Algorithms, Haskett, 1984

  • The SKEY One-Time Password System, Haller, 1994

  • Password Authentication with Insecure Communication, Lamport, CACM, 1981

  • Using Encryption for Authentication in Large Networks of Computers, Needham and Schroeder, CACM, 1978

  • Kerberos: An Authentication Service for Open Network Systems, Steiner, Neuman, Schiller, 1988

  • Designing an Authentication System: a Dialogue in Four Scenes, Bill Bryant, 1988

    CRYPTOGRAPHY

  • Sample Simplified DES Encryption and Sample Simplified DES Decryption

  • New Directions in Cryptography, Diffie and Hellman, 1976

  • A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Rivest, Shamir, Adleman

    SECURE SYSTEMS DESIGN AND EVALUATION

  • The Protection of Information in Computer Systems, Proc. IEEE, 1975

  • TCSEC

  • ITSEC

  • Common Criteria Version 2.1 - Part1

  • Common Criteria Version 2.1 - Part2

  • Common Criteria Version 2.1 - Part3

  • A process standard for system security engineering development experiences and pilot results, R. Hefner, 1997

  • The SSE-CMM Appraisal Method (SSAM)


    SYSTEM COMPROMISE

  • Computer Viruses Theory and Experiments, Cohen, 1984

  • A penetration analysis of a Burroughs Large System, Univ. of Caterbury

  • The non-technical threats to computing systems, Winkler

  • A taxonomy of computer program security flaws, Landwehr et al