Software Security

415.725 SC 00
Clark Thomborson
Handout 3: Bibliography

Technical Articles

• D.J. Albert and S.P. Morse. Combating software piracy by encryption and key management. IEEE Computer, April 1982.
• Ross J. Anderson and Fabien A.P. Peticolas. On the limits of steganography. IEEE J-SAC, 16(4), May 1998.
• D. Aucsmith, "Tamper Resistant Software: An Implementation", in Information Hiding Workshop, RJ Anderson (ed), LNCS 1174, pp. 317-333, 1996.
• Brenda S Baker and Udi Manber, "Deducing Similarities in Java Sources from Bytecodes", 1998 USENIX Technical Conference, http://glimpse.cs.arizona.edu/javadup.html, June 1998.
• F. Baker, B Lindell, M. Talwar, "RSVP Cryptographic Authentication", Internet RFC/STD/FYI/BCP Archives RFC2747, http://www.faqs.org/rfcs/rfc2747.html, January 2000.
• Magdalena Balazinska et al, "Partial Redesign of Java Software Systems Based on Clone Analysis," in 6^th Working Conference on Reverse Engineering, October 1999, 280-291. http://www.computer.org/proceedings/wcre/0303/0303toc.htm
• Mihir Bellare, Juan Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Michael Steiner, Gene Tsudik, Els Van Herreweghen, and Michael Waidner. Design, implementation and deployment of a secure account-based electronic payment system. Research Report RZ 3137, IBM Research Division, June 1999. http://www.zurich.ibm.com/Technology/Security/publications/1999/BGHHKSTHW99.ps.gz
• S M Bellovin, “Security Problems in the TCP/IP Protocol Suite”, Computer Communication Review 19(2), 32-48, April 1989.  http://citeseer.nj.nec.com/bellovin89security.html
• M Caloyannides, two-part article “Encryption Wars: Early Battles” and “Encryption Wars: Shifting Tactics”, IEEE Spectrum, April and May 2000.
• David M. Chess, Security Issues in Mobile Code Systems, In Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 1-14, 1998. Other publications by Chess are available at http://www.research.ibm.com/people/c/chess/pubs.html.
• Cristina Cifuentes and John Gough. Decompilation of Binary Programs. Software - Practice and Experience. Vol 25(7), July 1995. 811-829.
• Cristina Cifuentes, Mike Van Emmerik and Norman Ramsey. The Design of a Resourceable and Retargetable Binary Translator, in 6^th Working Conference on Reverse Engineering, October 1999, 280-291. http://www.computer.org/proceedings/wcre/0303/0303toc.htm
• Dr. Frederick B. Cohen, Operating System Protection Through Program Evolution. 1992.
• C Collberg, C Thomborson and D Low, "Breaking Abstractions and Unstructuring Data Structures", Proc 1998 Int'l Conf on Computer Languages (ICCL98), 28-38, May 1998. http://www.cs.arizona.edu/~collberg/Research/Publications/CollbergThomborsonLow97d/index.html
• C Collberg and C Thomborson, "Software Watermarking: Models and Dynamic Embeddings", POPL 99, http://www.cs.arizona.edu/~collberg/Research/Publications/CollbergThomborson99a/index.html, 1999.
• I Cox, J Linnartz, "Some general methods for tampering with watermarks", to appear in IEEE J Selected Areas of Communications.
• Drew Dean, Edward W Felten, Dan S Wallach, "Java Security: From HotJava to Netscape and Beyond", In 1996 IEEE Symposium on Security and Privacy, May 1998. http://www.cs.princeton.edu/sip/
• P Devanbu and S Stubblebine, “Software Engineering for Security: a Roadmap,” to appear in ICSE 2000 special volume on the Future of Software Engineering. http://www.cs.columbia.edu/~stu/00icse.pdf
• B Dippert, “Cunning Circuits Confound Crooks”, EDN Magazine, 12 October 2000, http://www.ednmag.com/ednmag/reg/2000/10122000/pdfs/21df2.pdf.
• P W Dowd and J T McHenry, “Network Security: It’s Time to Take It Seriously”, IEEE Computer, September 1998, pp. 24-28.
• Hector Garcia-Molina and Narayanan Shivakumar, "Safeguarding and Charging for Information on the Internet", Proc ICDE'98, February 1998. This paper, and other papers co-authored by Shiva are available at http://www-db.stanford.edu/~shiva/.
• John A. Gibby. Software patent developments: a programmer's perspective. Rutgers Computer & Technology Law Journal Summer 1997 v23 n2 p293-355
• P Girard and J-L Lanet, “New Security Issues Raised by Open Cards,” in Elsevier Technical Report on Security, pp19-27, Vol 4, N°2; available as Technical Report SM-99-03, Gemplus Research Lab, June 1999.  http://www.gemplus.fr/smart/r_d/publications/art17.htm
• Li Gong, Roland Schemers, Signing, Sealing, and Guarding Java Objects. In Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 206-216, 1998.
• James R. Gosler. Software Protection: Myth or reality? Advances in Cryptology, CRYPTO '85, Springer Verlag, LNCS 218, pp. 140--157, August 1985.
• Ralf C. Hauser. Using the Internet to decrease Software Piracy - on Anonymous Receipts, Anonymous ID Cards, and Anonymous Vouchers. In INET'95 The 5th Annual Conference of the Internet Society The Internet: Towards Global Information Infrastructure, volume 1, pages 199--204, Honolulu, Hawaii, USA, June 1995. http://www.zurich.ibm.com/Technology/Security/publications/1995/Hauser95.ps.gz
• Amir Herzberg and G. Karmi. On software protection. In 4th Jerusalem Conference on Information Technology (JCIT), Jerusalem, Israel, April 1984. Next Decade in Information Technology (Cat. No. 84CH2022-2). IEEE Comput. Soc. Press. 1984, pp.388-93. Silver Spring, MD, USA.
• Amir Herzberg and Shlomit S. Pinter. Public protection of software. ACM Transactions on Computer Systems, 5(4):371-393, November 1987. http://www.acm.org/pubs/articles/journals/tocs/1987-5-4/p371-herzberg/p371-herzberg.pdf
• Kenneth Ho, "A Study into the Problem of Software Piracy in Hong Kong and China," Master's dissertation, Management and Information Systems, London School of Economics and Political Science, 1995. http://www.info.gov.hk/ipd/piracy.html
• Fritz Hohl, Time Limited Blackbox Security: Protecting Mobile Agents from Malicious Hosts, In Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 92-113, 1998.
• Susan Horwitz. Precise flow-insensitive May-Alias analysis is NP-hard. TOPLAS, 19(1):1--6, January 1997. http://www.acm.org/pubs/articles/journals/toplas/1997-19-1/p1-horwitz/p1-horwitz.pdf
• Neil F. Johnson and Sushil Jajodia. Computing practices: Exploring steganography: Seeing the unseen. Computer, 31(2):26--34, February 1998.
• A B Kahng, D Kirovski, S Mantik, M Potkonjak, and J Wong, “Copy Detection for Intellectual Property Protection of VLSI Designs”, Proc. IEEE/ACM Intl. Conference on Computer-Aided Design, November 1999, pp. 600-604.  http://nexus6.cs.ucla.edu/papers/conference/c102.pdf
• Stephen Keung, Cryptoswift performance under SSL with file transfer, undated white paper, Rainbow Technologies, http://isglabs.rainbow.com/isglabs/SSLperformance/SSL+file%20performance.html (August 2000).
• D. Kirovski, Yean-Yow Hwang, M. Potkonjak, and Jason Cong. D. Kirovski, Yean-Yow Hwang, M. Potkonjak, and Jason Cong. "Intellectual Property Protection by Watermarking Combinational Logic Synthesis Solutions". ACM-IEEE International Conference on Computer-Aided Design, pp.194-8, 1998.
• Markus G Kuhn and Ross J Anderson, "Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations", in David Aucsmith (ed.) Information Hiding 1998, LNCS 1525, Springer-Verlag, 124-142, 1998. http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf
• Mark LaDue, "The Maginot License: Failed Approaches to Licensing Java Software Over the Internet," 1997. http://metro.to/mladue/hostile-applets/maginot.html
• D Lie, C Thekkath, M Mitchell, P Lincoln, D Boneh, J Mitchell, and M Horowitz, “Architectural Support for Copy and Tamper Resistant Software, “ in ASPLOS-IX 2000, Cambridge Mass (USA).  http://mos.stanford.edu/papers/dl_asplos_2000_xom.pdf
• Jim Lipman, Chip-Core Protection : Everybody’s Business, EDN Magazine, 14 October 1999, 99-106.  Available: http://www.ednmag.com/ednmag/reg/1999/101499/pdfs/21cs.pdf, October 2000.
• David Liu, Jennifer Wong, Darko Kirovski, and Miodrag Potkonjak. Forensic Engineering Techniques for VLSI CAD Tools, ACM-IEEE Design Automation Conference, to appear, 2000. http://www.cs.ucla.edu/~darko/papers/forensic.ps
• Steven Lucco, Oliver Sharp, Robert Wahbe, Omniware: A Universal Substrate for Web Programming, WWW4, 1995.
• April Mara Major. Copyright law tackles yet another challenge: the electronic frontier of the World Wide Web. Rutgers Computer & Technology Law Journal Spring 1998 v24 n1 p75-105
• Charles C Mann, "Who Will Own Your Next Good Idea?", The Atlantic Monthly, 57-82, September 1998. http://www.theatlantic.com/issues/98sep/copy.htm
• L Law, S Sabett, J Solinas, “How to Make a Mint: The Cryptography of Anonymous Electronic Cash”, National Security Agency (USA) Cryptology Division, technical report provided on October 31, 1996 by the 21^st Century Banking Alert service (http://www.ffhsj.com/bancmail/bancpage.htm) of Fried, Frank, Harris, Shriver & Jacobson, 18 June 1996.  http://jya.com/nsamint.htm. 
• April Mara Major.  “Copyright law tackles yet another challenge: the electronic frontier of the World Wide Web.”  Rutgers Computer & Technology Law Journal, Spring 1998 v24 n1 p75-105.
• David Margrave, "GSM Security and Encryption", MS project report, ECE Department, George Mason University, May 1995. (This is a non-archival but heavily referenced net-document, found July 2000 at http://www3.l0pht.com/~oblivion/blkcrwl/cell/gsm/gsm-secur/gsm-secur.html. The author may be contacted at david@margrave.com.)
• Lesley R Matheson, Stephen G Mitchell, Talal G Shamoon, Robert E Tarjan, and Francis Zane, "Robustness and Security of Digital Watermarks," Proceedings of Financial Cryptography '98, Anguilla, BWI, 23-25 February 1998. http://cm.bell-labs.com/cm/ms/who/francis/papers/fc98.ps, http://www.star-lab.com/robustness.pdf
• Tim Maude and Derwent Maude. Hardware protection against software piracy. Communications of the ACM, 27(9):950--959, September 1984.
• Donald F. McGahn II. Copyright infringement of protected computer software: an analytical method to determine substantial similarity. Rutgers Computer & Technology Law Journal, Spring 1995 21 n1 p88-142
• G McGraw and E Felten, “Twelve Rules for Developming More Secure Java Code, JavaWorld, December 1998.  http://www.javaworld.com/javaworld/jw-12-1998/jw-12-securityrules.html. 
• Ralph C Merkle, "Protected Shareware: A Solution to the Software Distribution Problem." Online document in PDF dated "October 19, 1998" and marked "Copyright 1993 by Xerox Corporation. All Rights Reserved. This draft is being distributed for the purpose of feedback and commentary. As a courtesy to the author, please limit its distribution." http://www.merkle.com/protectedShareware.pdf
• Calvin N Mooers, "Computer Software and Copyright," ACM Computing Surveys 7:1, 45-72, March 1975.
• Ryoichi Mori and Masaji Kawahara. Superdistribution: the concept and the architecture. Technical Report 7, Inst. of Inf. Sci. \& Electron (Japan), Tsukuba Univ., Japan, July 1990. http://www.virtualschool.edu/mon/ElectronicProperty/MoriSuperdist.html
• David Naccache, Adi Shamir, Julien P Stern, "How to Copyright a Function?" in Public Key Cryptography 1999: 188-196, http://www.gemplus.com/smart/r_d/publications/crypto17.htm.
• George C. Necula, Peter Lee, Safe, "Untrusted Agents Using Proof-Carrying Code," in Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 61-91, 1998.
• B Clifford Neuman and Theodore Ts'o, "Kerberos: An Authentication Service for Computer Networks", reprinted from IEEE Communications Magazine 32:9, pp. 33-38, as USC/ISI Technical Report Number ISI/RS-94-399, http://nii.isi.edu/publications/kerberos-neuman-tso.html, September 1994.
• John K. Ousterhout, Jacob Y. Levy, Brent B. Welch, "The Safe-Tcl Security Model," In Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 217-234, 1998. Draft version of 3/97 is available at http://www.scriptics.com/people/john.ousterhout/safeTcl.html
• Jens Palsberg, Sowmya Krishnaswamy, Minseok Kwon, Di Ma, Qiuyun Shao, and Yi Zhang, Experience with software watermarking, to appear in Proceedings of ACSAC'00, 16th Annual Computer Security Applications Conference, New Orleans, Louisiana, December 2000. http://www.cs.purdue.edu/homes/palsberg/paper/acsac00.ps.gz. Project software available on http://www.cs.purdue.edu/s3/
• V Paxson, “Bro: A System for Detecting Network Intruders in Real-Time”, Computer Networks 31(23-24), 2435-2463, 14 Dec 1999.  ftp://ftp.ee.lbl.gov/papers/bro-CN99.ps.gz
• Robert A Percival, “Standing on the Shoulders of Giants: The Reverse Engineering of Computer Software and the Law of Copyright In Canada,” research paper series, Smith Lyons Barristers and Solicitors, http://www.smithlyons.ca/Publications/Articles/IT_99_10_2.htm, October 1999.
• Todd A. Proebsting and Scott A. Watterson. Krakatoa: Decompilation in Java (Does bytecode reveal source?), In Third USENIX Conference on Object-Oriented Technologies and Systems (COOTS), June 1997.
• M Riezenman, “Cellular Security: Better, but Foes Still Lurk,” IEEE Spectrum, 39-42, June 2000.
• Aviel D Rubin and Daniel E Geer Jr, "A Survey of Web Security", IEEE Computer, 34-41, September 1998.
• Carolina Saez. Enforcing copyrights in the age of multimedia. Rutgers Computer & Technology Law Journal Winter 1995 21 n2 p351-393
• J H Saltzer and M D Schroeder, “The Protection of Information in Computer Systems,” Proceedings of the IEEE 63:9 (September 1975), pages 1278-1308.  An HTML version was prepared in1997, see http://web.mit.edu/Saltzer/www/publications/protection/index.html
• T Sander and Chr. Tschudin, Towards Mobile Cryptography In the Proceedings of the 1998 IEEE Symposium on Security and Privacy.
• T Sander and Chr Tschudin. Protecting Mobile Agents Against Malicious Hosts. In the special volume ``Mobile Agents and Security'' in the series Springer Lecture Notes in Computer Science 1419.)
• T Sander and Chr. Tschudin. On Software Protection via Function Hiding In Proceedings of the Second Workshop on Information Hiding, Springer Lecture Notes in Computer Science
• Michael Joel Schallop. Software patent applications directed to business and mathematical processing applications highlight the tension between State Street and Benson. Rutgers Computer & Technology Law Journal Fall 1999 v26 i1 p89
• Narayanan Shivakumar and Hector Garcia-Molina, "SCAM: A Copy Detection Mechanism for Digital Documents", Proc. 2^nd Int'l Conf on Theory and Practice of Digital Libraries, 1995. This and other papers by Shiva are available at http://www-db.stanford.edu/~shiva/.
• Melinda Shore, "H.323 and Firewalls: Problem Statement and Solution Framework", Internet Draft draft-shore-h323-firewalls-00.txt, February 3, 2000 expires July 3, 2000. See http://www.ietf.org/ietf/1id-abstracts.txt and http://www.ietf.org/shadow.html
• Sergiu S. Simmel and Ivan Godard. Metering and Licensing of Resources - Kala's General Purpose Approach. In Technological Strategies for Protecting Intellectual Property in the Networked Multimedia Environment, The Journal of the Interactive Multimedia Association Intellectual Property Project, Coalition for Networked Information, pages 81--110, MIT, Program on Digital Open High-Resolution Systems, January 1994. Interactive Multimedia Association, John F. Kennedy School of Government. http://www.cni.org/docs/ima.ip-workshop/Simmel.Godard.html
• Allan M. Soobert. Analyzing infringement by equivalents: a proposal to focus the scope of international patent protection. Rutgers Computer & Technology Law Journal Spring 1996 22 n1 p189-232
• Julien P. Stern, Gaël Hachez, François Koeune, Jean-Jacques Quisquater, "Robust Object Watermarking: Application to Code." In LNCS 1768, Springer Verlag, 368-378, 2000. http://www.julienstern.org/serious.php3
• Paul A. Suhler, Nader Bagherzadeh, Miroslaw Malek, Neil Iscoe. Software Authorization Systems. IEEE Software, September 1986.
• Ken Thompson, "Reflections on Trusting Trust", Comm ACM 27:8, pp. 761-763, August 1984. http://www.acm.org/classics/sep95
• Andres Torrubia and Francisco J Mora, "Information Security in Multiprocessor Systems, to appear in IASTED 99, Innsbruck Austria 1999.
• C Tschudin, “Apoptosis – the Programmed Death of Distributed Services”, in Secure Internet Programming (LNCS 1603), ed. J Vitek and C Jensen, pp. 253-260, Spring 1999.  http://www.docs.uu.se/~tschudin/pub/cft-1999-sip.ps.gz
• Enriquillo Valdez, Moti Yung, "Software DisEngineering: Program Hiding Architecture and Experiments." In LNCS 1768, Springer Verlag, 379-394, 2000. A technical report on a related subject is available at http://cis.poly.edu/tr/tr-cis-2000-01.htm (but page 5 won't print as at 1 Aug 00).
• D Vaver, Intellectual Property Law: Copyright, Patents, Trademarks, 345 pp. Irwin Law, 1997.
• J Vitek and G Castagna, “Mobile Computations and Hostile Hosts”, in Proc 10^th Journées Francophones des Langages Applicatifs (JFLA99), Avoriaz, France, February 1999.  http://www.cs.purdue.edu/homes/jv/pub/jfla99.ps.gz
• Dennis Volpano, Geoffrey Smith, Language Issues in Mobile Program Security, In Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 25-43, 1998.
• Robert Wahbe, Steven Lucco, Thomas Anderson, Susan Graham, Efficient Software-Base Fault Isolation, SOSP'93, p. 203--216.
• Dan S Wallach, Dirk Balfanz, Drew Dean and Edward W Felten, "Extensible Security Architectures for Java", 16^th ACM Symp on Operating Systems Principles, October 1997.
• Peter Wayner, Strong Theoretical Steganography. CRYPTOLOGIA, Volume XIX, July 1995.
• Peter Wayner, Mimic Functions. CRYPTOLOGIA, Volume XVI, Number 3, July 1992.
• Uwe G. Wilhelm. Cryptographically protected objects. In RenPar'9, May 1997.

Patents and Published International Patent Applications

• David Aucsmith and Gary Graunke. Tamper resistant methods and apparatus. US patent 5,892,899, April 6, 1999.  Assignee: Intel Corporation.
• Wayne W. Chou, Joseph M. Kulinets, Laszlo Elteto, Frederik Engel. Method of Software Distribution Protection. US Patent 5,337,357, August 9, 1994. Assignee: Software Security, Inc. Stamford Conn.
• Christian Collberg, Clark Thomborson. Software Watermarking Techniques, published international patent application WO 99/64973 (PCT/NZ99/00081, December 16, 1999.  Assignee: Auckland UniServices Limited (New Zealand).
• Christian Collberg, Clark Thomborson, Douglas Low. Obfuscation Techniques for Enhancing Software Security, published international patent application WO 99/01815 (PCT/US98/12017), January 14, 1999.  Assignee: InterTrust Inc, Sunnyvale CA (USA).
• Robert L. Davidson and Nathan Myhrvold. Method and system for generating and auditing a signature for a computer program. US Patent 5,559,884, September 24, 1996. Assignee: Microsoft Corporation.
• Robert L. Davidson, Nathan Myhrvold, Keith Randel Vogel, Gideon Andreas Yuval, Richard Shupak, and Norman Eugene Apperson. Method and system for improving the locality of memory references during execution of a computer program. US Patent 5,664,191, September 2, 1997. Assignee: Microsoft Corporation.
• Charles E. Hill. Software Piracy Detection System. US Patent 5,754,864, May 19, 1998. Assignee: Charles E. Hill and associates.
• Keith Holmes. Computer software protection. US Patent 5,287,407, February 15, 1994. Assignee: International Business Machines.
• Harold Joseph Johnson, Yuan Xiang Gu, Becky Laiping Chan, Stanley Taihai Chow. Encoding technique for software and hardware. US Patent 5,748,741, May 5, 1998. Assignee: Northern Telecom Limited, Montreal, Canada.
• Geza Medveczky, Kelvin Lunsford. System and Apparatus for Protecting Computer Software. US Patent 5,182,770, January 26, 1993.
• Scott A. Moskowitz and Marc Cooperman. Method for stega-cipher protection of computer code. US Patent 5,745,569, April 28, 1998. Assignee: The Dice Company.
• Rafail Ostrovsky, Oded Goldreich. Comprehensive software protection system. US Patent 5,123,045, June 16, 1992. Assignee: Massachusetts Institute of Technology.
• Frederic B. Richardson, III. System for Software Registration. US Patent 5,490,216, February 6, 1996. Assignee: Uniloc Private Limited, Singapore.
• Peter R. Samson. Apparatus and method for serializing and validating copies of computer software. US Patent 5,287,408, February 15, 1994. Assignee: Autodesk, Inc.
• Robert Wahbe, Steven Lucco, Methods for safe and efficient implementation of virtual machines, US Patent 5761477, June 2, 1998.  Assignee: Microsoft Corporation.

Books

• Dieter Gollman, Computer Security, John Wiley & Son Ltd, 1999. ISBN 0471978442.
• Derrick Grover (ed.), The Protection of Computer Software --- Its Technology and Applications, 2^nd edition, Cambridge University Press, 1992.
• Charles P. Pfleeger, Security in Computing, 2^nd edition, Prentice Hall, 1997.
• Stefan Katzenbeisser, Fabien A P Peticolas, editors, Information Hiding Techniques for Steganography and Digital Watermarking, Artech House, 2000.
• Andreas Pfitzmann (Ed.): Information Hiding, Third International Workshop, IH'99, Dresden, Germany, September 29 - October 1, 1999, Proceedings. Lecture Notes in Computer Science, Vol. 1768, Springer, ISBN 3-540-67182-X, 2000.
• Bruce Schneier, Applied cryptography : protocols, algorithms, and source code in C, 2^nd edition,Wiley, 1996.
• Bruce Schneier, Secrets and lies : digital security in a networked world, Wiley, 2000.
• William Stallings, Cryptography and Network Security: Principles and Practice, 2^nd edition, Prentice Hall; ISBN 0138690170, 1998.
• Douglas R Stinson (http://www.cacr.math.uwaterloo.ca/~dstinson/), Cryptography: Theory and Practice. CRC Press (http://www.crcpress.com/catalog/8521.htm), ISBN 0-8493-8521-0, 1995.
• Trusted Computer Platform Alliance, TCPA Trusted Subsystem Specification V0.90, http://www.trustedpc.org/home/Specification.htm, August 20, 2000.

Web sites of interest

• Bountyquest (search for prior art that might invalidate patents), http://www.bountyquest.com/, October 2000.
• Cristina Cifuentes. Decompilation Page, http://www.csee.uq.edu.au/csm/decompilation/.
• Christian Collberg. The Obfuscation and Software Watermarking Home Page, http://www.cs.arizona.edu/~collberg/Research/Obfuscation/index.html
• Computer Forensics Laboratory, US Department of Defense, http://www.dcfl.gov.
• Forensic Computing Journal, http://www.forensic-computing.com.
• The Forensic News Wire, http://www.guidancesoftware.com/news/news_wire.html, October 2000.
• Peter Gutmann.  Homepage, http://www.cs.auckland.ac.nz/~pgut001/
• Fritz Hohl.  Security in Mobile Agent Systems (online bibliography), http://mole.informatik.uni-stuttgart.de/security.html, September 2000.
• IBM's Antivirus Online: Scientific Papers, http://www.av.ibm.com/InsideTheLab/Bookshelf/ScientificPapers/.
• IBM Network Security Group.  Publications page, http://www.zurich.ibm.com/pub/sti/g-kk/shadow/publications/bibliography/, 2000.
• Information Security Magazine, http://www.infosecuritymag.com/, 2000.
• Mark LaDue.  Hostile Applets Homepage, http://metro.to/mladue/hostile-applets/, 2000.
• Eric Milbrandt. Steganography Info and Archive, http://members.tripod.com/steganography/stego.html
• David Nagy-Farkas. The Easter Egg Archive, http://www.eeggs.com/lr.html.
• Netscape.  Introduction to SSL, http://developer.netscape.com/docs/manuals/security/sslin/contents.htm.
• Fabien Peticolas. The Information Hiding Homepage - Digital Watermarking and Steganography, http://www.cl.cam.ac.uk/~fapp2/steganography/.
• David Touretzky, Gallery of CSS Descramblers, http://www.cs.cmu.edu/~dst/DeCSS/Gallery, October 2000.  Also see his Stenography Wing at http://www.cs.cmu.edu/~dst/DeCSS/Gallery/Stego/index.html.
• Trusted Computer Platform Alliance, http://www.trustedpc.org/home/home.htm, 2000.
• USACM Encryption and Computer Security Library homepage, http://www.acm.org/usacm/crypto/, 2000.
• Vogon International Forensic Bulletin On-Line, http://www.vogon.co.uk/bulletin-00.htm.

Miscellaneous

• Marx Software Security
• Protecting Java Applets.
• Twelve rules for developing more secure Java code.
• Some advice on giving a talk
• How To Write Unmaintainable Code
• Encryption and Security Links

Similar Courses

• U Arizona, CSc 620: Language-based Approaches to System and Software Security, 1999.
• Rice, Comp 527: Computer Systems Security , 1999.
• Berkeley, CS 261: Computer Security , 1999.
• Princeton, COS 496: Information Security , 1999.
• Monash University, CPE3001: Information and Network Security, http://www.fcit.monash.edu.au/fec/subjects/CPE3001.html, 2000.
• Tel Aviv University, Programming Language Seminar, http://www.math.tau.ac.il/~sagiv/courses/pl-seminar.html, 1999.
• Goteborg University, ProSec - Reading Course in Security. http://www.cs.chalmers.se/Cs/Research/Security/2000/, 2000.