Reading List for 415.725SC “Software Security”

Clark Thomborson

19^th October 2000

I. Legal, Ethical, and Technical Frameworks for Security

A. Technical & Conceptual

B. Legal (Copyright, Patent, Contract)

C. Ethical

II. Cryptographic Techniques and e-Commerce

A. Cryptography

B. E-Commerce

C. Cryptographic Authentication and Dongles

III. Non-Cryptographic Techniques

A. Copy Prevention and Reverse Engineering

B. Copy Detection and Steganography

C. Host Security

I. Legal, Ethical, and Technical Frameworks for Security

A. Technical & Conceptual

1. 19 July 2000: C Pfleeger (1997), Security in Computing, Chapter 1 “Is There a Security Problem in Computing?”

2. 10 August 2000: A Rubin (1998), “A Survey of Web Security”.

3. 2 August 2000: C Collberg (2000), “Watermarking, Tamper-Proofing, and Obfuscation – Tools for Software Protection”.

B. Legal (Copyright, Patent, Contract)

1. 19 July 2000: University of Auckland, Computer Science Undergraduate Handbook (2000), Section 4.2 “Department of Computer Science Computer System Regulations”, Section 4.3 “University Computer System Regulations”.

2. 20 July 2000: K Nichols (1999), “The Age of Software Patents”, and letters to the editor of IEEE Computer (May 1999) in response to Nichols’ article.

3. 20 July 2000: P Samuelson (1998), “Encoding the Law into Digital Libraries”.

4. 31 July 2000: C Mann (2000), “Who Will Own Your Next Good Idea?”.

C. Ethical

1. 27 July 2000: C Pfleeger (1997), Security in Computing, Section 11.5 “Ethical Issues in Computer Security”.

2. 31 July 2000: H Rosner (2000), “Steal This Software”.

3. 31 July 2000: P Radatti (1995), “CyberSoft, Incorporated Moral Guidelines”, incorporating C Tomlinson (1853) “Rudimentary Treatment on the Construction of Locks”.

II. Cryptographic Techniques and e-Commerce

A. Cryptography

1. 14 August 2000: D Stinson (1995), Cryptography: Theory and Practice, excerpts at pp. 1-7, 70-73, 114-116, 162-164, 127-128.

2. 14 August 2000: P Smith (1994), “Cryptography without Exponentiation”.

B. E-Commerce

1. 7 August 2000: H Garcia-Molina (1998), “Safeguarding and Charging for Information on the Internet”.

2. 7 August 2000: M Bellare (2000), “Design, Implementation and Deployment of the iKP Secure Electronic Payment System”.

3. 11 September 2000: R Mori (1990), “Superdistribution: The Concept and the Architecture”.

4. 21 September 2000: R Hauser (1995), “Using the Internet to decrease Software Piracy - on Anonymous Receipts, Anonymous ID Cards, and Anonymous Vouchers”.

5. 28 September 2000: S Simmel (1994), “Metering and Licensing of Resources - Kala's General Purpose Approach”.

C. Cryptographic Authentication and Dongles

1. 3 August 2000: D Margrave (1995), “GSM Security and Encryption”.

2. 13 September 2000: F Baker (2000), “RSVP Cryptographic Authentication”.

3. 16 August 2000: M Shore (2000), “H.323 and Firewalls: Problem Statement and Solution Framework”.

4. 23 August 2000: B Neuman (1994), “Kerberos: An Authentication Service for Computer Networks”.

5. 20 September 2000: L Gong (1998), “Signing, Sealing, and Guarding Java Objects”.

6. 28 September 2000: T Maude (1984), “Hardware Protection Against Software Piracy”.

III. Non-Cryptographic Techniques

A. Copy Prevention and Reverse Engineering

1. 9 August 2000: T Proebsting (1997), “Krakatoa: Decompilation in Java (Does Bytecode Reveal Source?)”.

2. 4 October 2000: C Cifuentes (1999), “The Design of a Resourceable and Retargetable Binary Translator”.

3. 9 August 2000: M LaDue (1997), “The Maginot License: Failed Approaches to Licensing Java Software Over the Internet”.

4. 16 August 2000: C Collberg (1998), “Breaking Abstractions and Unstructuring Data Structures”.

5. 14 September 2000: D Aucsmith (1996), “Tamper Resistant Software: An Implementation”.

B. Copy Detection and Steganography

1. 10 August 2000: N Shivakumar (1995), “SCAM: A Copy Detection Mechanism for Digital Documents”.

2. 23 August 2000: N Johnson (1998), “Exploring Steganography: Seeing the Unseen”.

3. 24 August 2000: L Matheson (1998), “Robustness and Security of Digital Watermarks”.

4. 21 September 2000: C Collberg (1999), “Software Watermarking: Models and Dynamic Embeddings”.

5. 11 September 2000: J Palsberg (2000), “Experience with Software Watermarking”.

6. 13 September 2000: B Baker (1998), “Deducing Similarities in Java Sources from Bytecodes”.

C. Host Security

1. 3 August 2000: F Cohen (1992), “Operating System Protection Through Program Evolution”.

2. 17 August 2000: D Chess (1998), “Security Issues in Mobile Code Systems”.

3. 14 September 2000: D Dean (1996), “Java Security: From HotJava to Netscape and Beyond”.

4. 20 September 2000: D Wallach (1997), “Extensible Security Architectures for Java”.

5. 27 September 2000: J Ousterhout (1998), “The Safe-Tcl Security Model”.

6. 27 September 2000: K Thompson (1984), “Reflections on Trusting Trust”.