CompSci 725 FC01 Handout 6: Bibliography

Software Security

CompSci 725 FC 02
Clark Thomborson
Handout 6: Bibliography

Technical Articles (those marked with [00] or [01] were reviewed in 2000 or 2001 resp.)

C Adams, R Zuccherato, �A Global PMI for Electronic Content Distribution.�� In D.R.Stinson and S.Tavares (Eds.): SAC 2000, LNCS 2012, pp.158 �168, Springer-Verlag, Berlin Heidelberg, 2001.� Available: http://link.springer.de/link/service/series/0558/tocs/t2012.htm, April 2001.
D.J. Albert and S.P. Morse. Combating software piracy by encryption and key management. IEEE Computer, April 1982.
[01] A. Alireza, U. Lang, M. Padelis, R. Schreiner, M. Schumacher, �The Challenges of CORBA Security�, to appear in Proceedings of the Workshop "Sicherheit in Mediendaten", Gesellschaft f�r Informatik (GI), Springer-Verlag.� Available: http://citeseer.nj.nec.com/393276.html, May 2001; see also http://www.springer.de/comp-de/inf_akt/index.html.
Ross J. Anderson and Fabien A.P. Peticolas. On the limits of steganography. IEEE J-SAC, 16(4), 474-481, May 1998.� Available: http://ieeexplore.ieee.org/iel4/49/14639/00668971.pdf, March 2001.
Ross Anderson, Markus Kuhn, �Tamper Resistance - a Cautionary Note�, Proceedings of the Second Usenix Workshop on Electronic Commerce, pp. 1-11, November 1996.�� Available: http://citeseer.nj.nec.com/rd/25992824,400120,1,0.25,Download/http%3A%2F%2Fciteseer.nj.nec.com/cache/papers2/cs/19415/http%3AzSzzSzwww.cs.rice.eduzSz%7EdwallachzSzcourseszSzcomp527_s2000zSztamper96.pdf/anderson96tamper.pdf, May 2001.
R Anderson and M Kuhn, �Low Cost Attacks on Tamper Resistant Devices�.� In M Lomas et al. (ed.), Proc. of 5^th International Workshop on Security Protocols, Paris, LNCS 1361, Springer-Verlag, 125-136, April 1997.
[01] D. Aucsmith, "Tamper Resistant Software: An Implementation", in Information Hiding Workshop, RJ Anderson (ed), LNCS 1174, pp. 317-333, 1996.
J Backhouse and G Dhillon, �Managing Computer Crime: A Research Outlook�, Computers & Security 14, 1995, 645-651.
[00] Brenda S Baker and Udi Manber, "Deducing Similarities in Java Sources from Bytecodes", 1998 USENIX Technical Conference, http://glimpse.cs.arizona.edu/javadup.html, June 1998.
[00] F. Baker, B Lindell, M. Talwar, "RSVP Cryptographic Authentication", Internet RFC/STD/FYI/BCP Archives RFC2747, http://www.faqs.org/rfcs/rfc2747.html, January 2000.
M Balazinska et al, "Partial Redesign of Java Software Systems Based on Clone Analysis," in 6^th Working Conference on Reverse Engineering, October 1999, 280-291. http://www.computer.org/proceedings/wcre/0303/0303toc.htm
F Balmas, �QBO: A query tool specially designed to explore programs,� Proc. 6^th Working Conf on Reverse Engineering, October 1999, 270-279.� Available: http://ieeexplore.ieee.org/iel5/6543/17465/00806966.pdf, March 2001.
B Barak, O Goldreich, R Impagliazzo, S Rudich, A Sahai, S Vadhan, and K Yang, �On the (Im)possibility of Obfuscating Programs (Extended Abstract)�.� In J Kilian (ed.), Advances in Cryptology � Crypto 2001, LNCS 2139, Springer-Verlag, 2001.
[01] J Bates, �Fundamentals of computer forensics,� International Journal of Forensic Computing, Jan/Feb 1997.� Available: http://www.forensic-computing.com/archives/fundamentals.html, March 2001.
S Bechtold, �From Copyright to Information Law � Implications of Digital Rights Management�.� In Workshop on Security and Privacy in Digital Rights Management 2001.� Available: http://www.star-lab.com/sander/spdrm/papers.html, February 2002. [00] [01] Mihir Bellare, Juan Garay, Ralf Hauser, Amir Herzberg, Hugo Krawczyk, Michael Steiner, Gene Tsudik, Els Van Herreweghen, and Michael Waidner. Design, implementation and deployment of a secure account-based electronic payment system. Research Report RZ 3137, IBM Research Division, June 1999. http://www.zurich.ibm.com/Technology/Security/publications/1999/BGHHKSTHW99.ps.gz
S M Bellovin, �Security Problems in the TCP/IP Protocol Suite�, Computer Communication Review 19(2), 32-48, April 1989.� http://citeseer.nj.nec.com/bellovin89security.html.
O Berthold, M Kohntopp, �Identity Management Based on P3P,� in H. Frederrath (Ed.), Designing Privacy Enhancing Technologies (Proceedings of the International Workshop on Design Issues in Anonymity and Unobservability), LNCS 2009, pp. 141-160, Springer-Verlag, 2001.� Available:� http://link.springer.de/link/service/series/0558/papers/2009/20090141.pdf, March 2001.
J Boeuf, J Stern, �An analysis of one of the SDMI candidates�, technical report, De SDMI, undated.� Available: http://www.julienstern.org/sdmi/report.php3, 30 May 2001.
M Bond and R Anderson, �API-Level Attacks on Embedded Systems�, IEEE Computer, 67-75, October 2001.
[01] N Brownlee, E Guttman.� �Expectations for Computer Security Incident Response,� RFC 2350 of Internet RFC/STD/FYI/BCP Archives, June 1998.� Available: http://www.faqs.org/rfcs/rfc2350.html, March 2001.
T Budd, �Protecting and Managing Electronic Content with a Digital Battery�, IEEE Computer, 2-8, August 2001.
R Butler et al., �A National-Scale Authentication Infrastructure,� IEEE Computer, December 2000, pp. 60-65.
M Caloyannides, two-part article �Encryption Wars: Early Battles� and �Encryption Wars: Shifting Tactics�, IEEE Spectrum, April and May 2000.
R Canetti, O Goldreich, S Goldwasser, S Micali, �Resettable Zero-Knowledge,� Electronic Colloquium on Computational Complexity, Report No. 42 (1999).� Available: ftp://ftp.eccc.uni-trier.de/pub/eccc/reports/1999/TR99-042/index.html.
S Chair, P Kermani, S Smith, L Tassiulas, �Security Issues in M-Commerce: A Usage-Based Taxonomy.�� In J. Liu and Y. Ye (Eds.): E-Commerce Agents, LNAI 2033, pp. 264-282, Springer-Verlag, Berlin Heidelberg 2001.� Available: http://link.springer.de/link/service/series/0558/tocs/t2033.htm, April 2001.
H Chang and M Atallah, �Protecting Software Code by Guards�.� In Workshop on Security and Privacy in Digital Rights Management 2001.� Available: http://www.star-lab.com/sander/spdrm/papers.html, February 2002.
[00] [01] David M. Chess, Security Issues in Mobile Code Systems, In Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 1-14, 1998. Available: http://link.springer.de/link/service/series/0558/papers/1419/14190001.pdf, June 2001.� Other publications by Chess are available at http://www.research.ibm.com/people/c/chess/pubs.html.
S Christey and C Wysopal, �Responsible Vulnerability Disclosure Process.�� Internet Engineering Task Force, Internet Draft (valid for six months), February 2002.� Available: http://www.ietf.org/internet-drafts/draft-christey-wysopal-vuln-disclosure-00.txt, February 2002.
C Chung et al., Efficient Anonymous Fingerprinting of Electronic Information with Improved Automatic Identification of Redistributors, in D. Won (Ed.): Proc. of� Third International Conference Information Security and Cryptology - ICISC 2000, Seoul, Korea, December 8-9, 2000, LNCS 2015, p. 221 ff.� Available: http://link.springer.de/link/service/series/0558/papers/2015/20150192.pdf, March 2001.
Cristina Cifuentes and John Gough. Decompilation of Binary Programs. Software - Practice and Experience. Vol 25(7), July 1995. 811-829.
[00] Cristina Cifuentes, Mike Van Emmerik and Norman Ramsey. The Design of a Resourceable and Retargetable Binary Translator, in 6^th Working Conference on Reverse Engineering, October 1999, 280-291. http://www.computer.org/proceedings/wcre/0303/0303toc.htm.
F Cohen, �Computer Viruses � Theory and Experiments.�� In Proc. DOD/NBS 7^th Conf on Computer Security, 1984.� Available: http://www.all.net/resume/papers, 5 September 2001.
[00] [01] F Cohen, Operating System Protection Through Program Evolution.� �Generated Sat Feb 28 13:36:44 PST 1998 by fc@all.�� Copyright 1992.�� Available: http://all.net/books/IP/evolve.html, April 2001.
[00] C Collberg, C Thomborson and D Low, "Breaking Abstractions and Unstructuring Data Structures", Proc 1998 Int'l Conf on Computer Languages (ICCL98), 28-38, May 1998. http://www.cs.arizona.edu/~collberg/Research/Publications/CollbergThomborsonLow97d/index.html.
[00] C Collberg and C Thomborson, "Software Watermarking: Models and Dynamic Embeddings", POPL 99, http://www.cs.arizona.edu/~collberg/Research/Publications/CollbergThomborson99a/index.html, 1999.
C Collberg and C Thomborson, �Watermarking, Tamper-Proofing, and Obfuscation � Tools for Software Protection�, to appear IEEE TSE, 34 pp. final draft manuscript submitted 13 December 2001.
Computer Security Institute, �2002 CSI/FBI Computer Crime and Security Survey�, Computer Security Issues and Trends, Vol. VIII, No. 1, Spring 2002.� Available http://www.gocsi.com/forms/fbi/pdf.html, April 2002.
T Cotter, �Pragmatism, Economics, and the Droit Moral�, North Carolina Law Review (76 N.C.L. Rev. 1), November 1997.� Available: http://cyber.law.harvard.edu/metaschool/Fisher/integrity/Links/Articles/cotter.html, March 2001.
[01] I.J. Cox and J.P.M.G. Linnartz, "Some general methods for tampering with watermarks", IEEE Journ. of Sel. Areas in Comm: 16 (4), May 1998, pp. 587-593.� Available: http://buffy.eecs.berkeley.edu/~linnartz/articles/jsacfinal.pdf, March 2001.
R Cramer, �Introduction to Secure Computation,� in I Damgard (ed.) Lectures in Data Security: Modern Cryptology in Theory and Practice (LNCS 1561), Springer-Verlag, 1999.� Available: http://link.springer.de/link/service/series/0558/tocs/t1561.htm, April 2001.
S Craver, N Memon, B-L Yeo, and M Yeung, �Resolving Rightful Ownerships with Invisible Watermarking Techniques: Limitations, Attacks, and Implications,� IEEE Journal on Selected Areas in Communications 16(4), 573-586, May 1998.
J Daemen, V Rijmen, �AES Proposal: Rijndael�, Document Version 2, 03/09/99, 45 pp.� Available: http://www.esat.kuleuven.ac.be/~rijmen/rijndael/rijndaeldocV2.zip, 20 April 2001.
D Davis, �Compliance Defects in Public-Key Cryptography�.� In Proc 6^th USENIX Security Symposium, 1996.� Available: http://www.sage.usenix.org/publications/library/proceedings/sec96/davis.html, March 2002.
[00] [01] Drew Dean, Edward W Felten, Dan S Wallach, "Java Security: From HotJava to Netscape and Beyond", In 1996 IEEE Symposium on Security and Privacy, May 1998. http://www.cs.princeton.edu/sip/.
[01] P Devanbu and S Stubblebine, �Software Engineering for Security: a Roadmap,� to appear in ICSE 2000 special volume on the Future of Software Engineering. http://www.cs.columbia.edu/~stu/00icse.pdf.
B Dipert, �Cunning Circuits Confound Crooks�, EDN Magazine, 12 October 2000, http://www.ednmag.com/ednmag/reg/2000/10122000/pdfs/21df2.pdf.
B Dipert, �Media Security Thwarts Temptation, Permits Prosecution,� EDN Magazine, 22 June 2000.� Available: http://www.ednmag.com/ednmag/reg/2000/06222000/pdfs/13tt.pdf, March 2001.
[01] P W Dowd and J T McHenry, �Network Security: It�s Time to Take It Seriously�, IEEE Computer, September 1998, pp. 24-28.
J Ellis, �The history of Non-Secret Encryption,� web document, 1987.� Available: http://www.cesg.gov.uk/downlds/nsecret/ellis.pdf, March 2001.
J Feigenbaum, M Freedman, T Sander, A Shostack, �Privacy Engineering for Digital Rights Management Systems�.� In Workshop on Security and Privacy in Digital Rights Management 2001.� Available: http://www.star-lab.com/sander/spdrm/papers.html, February 2002.
[01] N Ferguson, J Kelsey, et al., �Improved Cryptanalysis of Rijndael,� Seventh Fast Software Encryption Workshop, Springer-Verlag, 2000 (to appear), available: http://www.counterpane.com/rijndael.html, February 2001.
G Forman, J Zahorjan, �The Challenges of Mobile Computing,� IEEE Computer 27:4, April 1994, pp. 38-47.� Available: http://ieeexplore.ieee.org/iel1/2/6813/00274999.pdf, March 2001.
Y Frankel, A Chan, Y Tsiounis. Easy come-easy go divisible cash, (updated version, GTE Tech report with corrections on RBC). Eurocrypt '98, Lecture Notes in Computer Science, Elsinki, Finland, May 31-June 4 '98. pp. 561-575.� Available: http://www.ccs.neu.edu/home/yiannis/papers/EC98.ps, March 2001.
L Garber, �Computer Forensics: High-Tech Law Enforcement,� IEEE Computer, January 2001, pp. 22-27.
�[00] [01] Hector Garcia-Molina and Narayanan Shivakumar, "Safeguarding and Charging for Information on the Internet", Proc ICDE'98, February 1998. This paper, and other papers co-authored by Shiva are available at http://www-db.stanford.edu/~shiva/.
John A. Gibby. Software patent developments: a programmer's perspective. Rutgers Computer & Technology Law Journal Summer 1997 v23 n2 p293-355.
[01] C Gilmore, �Secure Remote Access to an Internal Web Server,� IEEE Network, Nov-Dec 1999, pp. 31-37.
P Girard, �Which Security Policy for Multiapplication Smart Cards?�, in Proc. USENIX Workshop on Smartcard Technology, 1999.� Available: http://www.usenix.org/publications/library/proceedings/smartcard99/montgomery.html, June 2001.
[01] P Girard and J-L Lanet, �New Security Issues Raised by Open Cards,� in Elsevier Technical Report on Security, pp19-27, Vol 4, N�2; available as Technical Report SM-99-03, Gemplus Research Lab, June 1999.� http://www.gemplus.fr/smart/r_d/publications/art17.htm.
[00] [01] Li Gong, Roland Schemers, Signing, Sealing, and Guarding Java Objects. In Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 206-216, 1998.� Available: http://link.springer.de/link/service/series/0558/tocs/t1419.htm, April 2001.
R Gopal and G Sanders, �Global software piracy: you can�t get blood out of a turnip,� Comm. ACM 43: 9, September 2000, pp. 83 � 89.
James R. Gosler. Software Protection: Myth or reality? Advances in Cryptology, CRYPTO '85, Springer Verlag, LNCS 218, pp. 140--157, August 1985.
R Gray, D Kotz, G Cybenko, D Rus, �D�Agents: Security in a multiple-language, mobile-language system,� in Mobile Agents and Security, Lecture Notes in Computer Science 1419, ed. Giovanni Vigna, 154�187, Springer-Verlag, 1998.� Available: http://link.springer.de/link/service/series/0558/tocs/t1419.htm, April 2001.
S Greenberg, �Easter Egg Insertion, Detection and Deletion in Commercial Software�, 600.505 Independent Research Project, Department of Computer Science, Johns Hopkins University (USA), 29 June 2000.� Available http://www.cs.jhu.edu/~kalb/Kalb_Egg_page.htm, March 2002.
G Greenleaf, �An endnote on regulating cyberspace: Architecture vs Law?�, University NSW Law Journal 21(2), 1998.� Available: http://www.austlii.edu.au/au/journals/UNSWLJ/1998/52.html, April 2002.
P Gutmann, �Secure deletion of data from magnetic and solid-state memory,� Proc 6^th USENIX Security Symposium, July 1996.� Available: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html, March 2001.
Ga�l Hachez, Laurent Den Hollander, Mehrdad Jalali, Jean-Jacques Quisquater and Christophe Vasserot. Towards a Practical Secure Framework for Mobile Code Commerce. In Proceedings of the Third International Information Security Workshop (ISW 2000), Wollongong, Australia, LNCS 1975, pp.164-178.� December 2000.� Available: http://citeseer.nj.nec.com/392323.html, April 2001.
Satoshi Hada, �Zero-Knowledge and Code Obfuscation�, in Okamoto (Ed.): Advances in Cryptology - ASIACRYPT 2000, Proceedings of 6th International Conference on the Theory and Application of Cryptology and Information Security, Kyoto, Japan, LNCS 1976, Springer-Verlag, December 2000, p. 443 ff.� Available: http://link.springer.de/link/service/series/0558/tocs/t1976.htm, June 2001.
[00] Ralf C. Hauser. Using the Internet to decrease Software Piracy - on Anonymous Receipts, Anonymous ID Cards, and Anonymous Vouchers. In INET'95 The 5th Annual Conference of the Internet Society The Internet: Towards Global Information Infrastructure, volume 1, pages 199--204, Honolulu, Hawaii, USA, June 1995. http://www.zurich.ibm.com/Technology/Security/publications/1995/Hauser95.ps.gz
[01] Hans Hedbom, Stefan Lindskog, Stefan Axelsson, Erland Jonsson.� A Comparison of the Security of Windows NT and Unix, web document, October 1998.� Available: http://www.ce.chalmers.se/staff/jonsson/nt-vs-unix.pdf, May 2001.� See http://citeseer.nj.nec.com/205186.html.
Hans Hedbom, Stefan Lindskog, Stefan Axelsson, Erland Jonsson.� Analysis of the Security of Windows NT, web document, March 1999.� Available: http://www.ce.chalmers.se/staff/jonsson/nt-part2.pdf, November 2000.
Amir Herzberg and G. Karmi. On software protection. In 4th Jerusalem Conference on Information Technology (JCIT), Jerusalem, Israel, April 1984. Next Decade in Information Technology (Cat. No. 84CH2022-2). IEEE Comput. Soc. Press. 1984, pp.388-93. Silver Spring, MD, USA.
Amir Herzberg and Shlomit S. Pinter. Public protection of software. ACM Transactions on Computer Systems, 5(4): 371-393, November 1987. http://www.acm.org/pubs/articles/journals/tocs/1987-5-4/p371-herzberg/p371-herzberg.pdf.

� [01] Kenneth Ho, "A Study into the Problem of Software Piracy in Hong Kong and China," Master's dissertation, Management and Information Systems, London School of Economics and Political Science, 1995. http://www.info.gov.hk/ipd/piracy.html

� [01] Fritz Hohl, Time Limited Blackbox Security: Protecting Mobile Agents from Malicious Hosts, In Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 92-113, 1998.� Available: http://link.springer.de/link/service/series/0558/tocs/t1419.htm, April 2001.

� B Horne, L Matheson, C Sheehan, and R Tarjan, �Dynamic Self-Checking Techniques for Improved Tamper Resistance�.� In Workshop on Security and Privacy in Digital Rights Management 2001.� Available: http://www.star-lab.com/sander/spdrm/papers.html, February 2002.

Susan Horwitz. Precise flow-insensitive May-Alias analysis is NP-hard. TOPLAS, 19(1):1--6, January 1997. http://www.acm.org/pubs/articles/journals/toplas/1997-19-1/p1-horwitz/p1-horwitz.pdf
[01] R Hunt, �Internet/Intranet firewall security � policy, architecture and transaction services,� Computer Communications 21 (1998), 1107-1123.
M Jakobsson, M Reiter, �Discouraging Software Piracy Using Software Aging�.� In Workshop on Security and Privacy in Digital Rights Management 2001.� Available: http://www.star-lab.com/sander/spdrm/papers.html, February 2002.
M Jakobsson and S Wetzel, �Security Weaknesses in Bluetooth.�� In D Naccache (ed.), Progress in Cryptology � CT-RSA 2001 (LNCS 2020), 176-, 2001.� Available: http://link.springer.de/link/services/series/0558/tocs/t2020.htm, April 2001.
Mehrdad Jalali, Ga�l Hachez and Christophe Vasserot. FILIGRANE (FlexIbLe IPR for Software AGent ReliANcE): A security framework for trading of mobile code in Internet. In Autonomous Agents 2000 Workshop: Agents in Industry. June 2000.� Available http://www.dice.ucl.ac.be/crypto/publications.html, April 2001.
[00] Neil F. Johnson and Sushil Jajodia. Computing practices: Exploring steganography: Seeing the unseen. Computer, 31(2):26--34, February 1998.
E Jonsson, L Stromberg, S Lindskog, �On the Functional Relation between Security and Dependability Impairments,� in Proc. of the 1999 workshop on New security paradigm (NSPW 99), September 22 - 24, 1999.� Available: http://www.acm.org/pubs/articles/proceedings/sac/335169/p104-jonsson/p104-jonsson.pdf, March 2001.
S Jourmalainen, J Laine, �Security in the WTLS,� manuscript dated 10.1.2000, available: http://www.hut.fi/~jtlaine2/wtls/, March 2001.
A B Kahng, D Kirovski, S Mantik, M Potkonjak, and J Wong, �Copy Detection for Intellectual Property Protection of VLSI Designs�, Proc. IEEE/ACM Intl. Conference on Computer-Aided Design, November 1999, pp. 600-604.� http://nexus6.cs.ucla.edu/papers/conference/c102.pdf
K Khan, J Han, Y Zheng, �Characterising User Data Protection of Software Components,� Proc. 2000 Australian Software Engineering Conference, Page(s): 3 -11.� Available: http://ieeexplore.ieee.org/iel5/6798/18243/00844552.pdf, March 2001.
Stephen Keung, Cryptoswift performance under SSL with file transfer, undated white paper, Rainbow Technologies, http://isglabs.rainbow.com/isglabs/SSLperformance/SSL+file%20performance.html (August 2000).
[01] T Killalea.� �Recommended Internet Service Provider Security Services and Procedures,� RFC 3013 of Internet RFC/STD/FYI/BCP Archives, June 1998.� Available: http://www.faqs.org/rfcs/rfc3013.html, May 2001.
D. Kirovski, Yean-Yow Hwang, M. Potkonjak, and Jason Cong. D. Kirovski, Yean-Yow Hwang, M. Potkonjak, and Jason Cong. "Intellectual Property Protection by Watermarking Combinational Logic Synthesis Solutions". ACM-IEEE International Conference on Computer-Aided Design, pp.194-8, 1998.
W F de Koning, �A Methodology for the Design of Security Plans�, Computers & Security 14, 1995, 633-643.
J Koolwaaij et al., �On Model Quality and Evaluation in Speaker Verification,� in Proc. 2000 IEEE International Conference on Acoustics, Speech, and Signal Processing, 2000 (ICASSP '00), Volume: 6, Page(s): 3759-3762.� Available: http://ieeexplore.ieee.org/iel5/6939/18660/00860220.pdf, March 2001.
J Korn, Y-F Chen, E Koutsofios, �Chava: Reverse Engineering and Tracking of Java Applets,� in Proc. 6^th Working Conference on Reverse Engineering, October 1999, 314-325.� Available: http://ieeexplore.ieee.org/iel5/6543/17465/00806970.pdf, March 2001.
[01] I Krsul and E Spafford.� Authorship Analysis: Identifying the Author of a Program, Technical Report CSD-TR 96-052 (Coast TR 96-06), Department of Computer Sciences, Purdue University (USA), 27 pp, 1996.� Available: ftp://ftp.cerias.purdue.edu/pub/papers/ivan-krsul/krsul-spaf-authorship-analysis.ps, November 2000.
Kudo, M. and Hada, S., "XML Document Security based on Provisional Authorization," Proc. 7th ACM Conference on Computer and Communication Security (CCS2000), 1-4 November 2000, Athens, Greece, pp. 87-96.� Available: http://www.acm.org/pubs/articles/proceedings/commsec/352600/p87-kudo/p87-kudo.pdf, June 2001.
Markus G Kuhn and Ross J Anderson, "Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations", in David Aucsmith (ed.) Information Hiding 1998, LNCS 1525, Springer-Verlag, 124-142, 1998. http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf
C Kurak and J McHugh, �A Cautionary Note on Image Downgrading�, in Proc. 8^th Annual IEEE Computer Security Applications Conference, 153 � 159, 1992.
[01] [00] Mark LaDue, "The Maginot License: Failed Approaches to Licensing Java Software Over the Internet," 1997. http://metro.to/mladue/hostile-applets/maginot.html
C Landwehr, A Bull, J McDermott, W Choi, �A Taxonomy of Computer Program Security Flaws�, ACM Computing Surveys 26(3), 211-254, September 1994.
[01] L Law, S Sabett, J Solinas, �How to Make a Mint: The Cryptography of Anonymous Electronic Cash�, National Security Agency (USA) Cryptology Division, technical report provided on October 31, 1996 by the 21^st Century Banking Alert service (http://www.ffhsj.com/bancmail/bancpage.htm) of Fried, Frank, Harris, Shriver & Jacobson, 18 June 1996.� http://jya.com/nsamint.htm.
D Lie, C Thekkath, M Mitchell, P Lincoln, D Boneh, J Mitchell, and M Horowitz, �Architectural Support for Copy and Tamper Resistant Software, � in ASPLOS-IX 2000, Cambridge Mass (USA).� http://mos.stanford.edu/papers/dl_asplos_2000_xom.pdf.
[01] Ulf Lindqvist, Erland Jonsson.� �A map of security risks associated with using COTS,� in IEEE Computer 31:6, 60-66, June 1998.� Available: http://www.ce.chalmers.se/research/Computer_Security/Publikations/pubs/cots98.pdf, March 2001.
Ulf Lindqvist, Erland Jonsson.� How to Systematically Classify Computer Security Intrusions, in Proc 1997 IEEE Symp. on Security and Privacy, pp. 154-163,� IEEE Computer Press,1997.� Available: http://www.ce.chalmers.se/staff/ulfl/pubs/sp97ul.pdf, November 2000.
J-P Linnartz, G Depovere, T Kalker, �On the design of a watermarking system: considerations and rationales,� Proc 3^rd Workshop on Information Hiding, Dresden, Germany, Sept. 29-Oct. 1, 1999.� Available: http://buffy.eecs.berkeley.edu/~linnartz/articles/dresden.pdf, March 2001.� To appear in Lecture Notes in Computer Science.� Other papers by Linnartz may be found on his website http://buffy.eecs.berkeley.edu/~linnartz/papers.html (available March 2001).
Jim Lipman, Chip-Core Protection : Everybody�s Business, EDN Magazine, 14 October 1999, 99-106.� Available: http://www.ednmag.com/ednmag/reg/1999/101499/pdfs/21cs.pdf, October 2000.
David Liu, Jennifer Wong, Darko Kirovski, and Miodrag Potkonjak. Forensic Engineering Techniques for VLSI CAD Tools, ACM-IEEE Design Automation Conference, to appear, 2000. http://www.cs.ucla.edu/~darko/papers/forensic.ps.
Steven Lucco, Oliver Sharp, Robert Wahbe, Omniware: A Universal Substrate for Web Programming, WWW4, 1995.
S Maes, J Navratil, and U Chaudhari, �Conversational Speech Biometrics.�� In J. Liu and Y. Ye (Eds.): E-Commerce Agents, LNAI 2033, pp. 166-179, Springer-Verlag, Berlin Heidelberg 2001.� Available: http://link.springer.de/link/service/series/0558/tocs/t2033.htm, April 2001.
April Mara Major.� �Copyright law tackles yet another challenge: the electronic frontier of the World Wide Web.�� Rutgers Computer & Technology Law Journal, Spring 1998 v24 n1 p75-105.
M Mambo, T Murayama, E Okamoto, �A tentative approach to constructing tamper-resistant software,� Proceedings of the New Security Paradigms Workshop, (September 23 - 26, 1997, Langdale, Cumbria United Kingdom), ACM.� Available: http://www.acm.org/pubs/articles/proceedings/commsec/283699/p23-mambo/p23-mambo.pdf, June 2001.
[00] Charles C Mann, "Who Will Own Your Next Good Idea?", The Atlantic Monthly, 57-82, September 1998. http://www.theatlantic.com/issues/98sep/copy.htm.
[00] [01] David Margrave, "GSM Security and Encryption", MS project report, ECE Department, George Mason University, May 1995. (This is a non-archival but heavily referenced net-document, found July 2000 at http://www3.l0pht.com/~oblivion/blkcrwl/cell/gsm/gsm-secur/gsm-secur.html. The author may be contacted at david@margrave.com.).� See also David Wagner, �GSM Cloning�, web document, undated.� Available: http://www.isaac.cs.berkeley.du/isaac/gsm.html, March 2001.
[00] Lesley R Matheson, Stephen G Mitchell, Talal G Shamoon, Robert E Tarjan, and Francis Zane, "Robustness and Security of Digital Watermarks," Proceedings of Financial Cryptography '98, Anguilla, BWI, 23-25 February 1998. http://cm.bell-labs.com/cm/ms/who/francis/papers/fc98.ps, http://www.star-lab.com/robustness.pdf.
[00] Tim Maude and Derwent Maude. Hardware protection against software piracy. Communications of the ACM, 27(9):950--959, September 1984.
Donald F. McGahn II. Copyright infringement of protected computer software: an analytical method to determine substantial similarity. Rutgers Computer & Technology Law Journal, Spring 1995 21 n1 p88-142.
G McGraw and E Felten, �Twelve Rules for Developming More Secure Java Code, JavaWorld, December 1998.� http://www.javaworld.com/javaworld/jw-12-1998/
Ralph C Merkle, "Protected Shareware: A Solution to the Software Distribution Problem." Online document in PDF dated "October 19, 1998" and marked "Copyright 1993 by Xerox Corporation. All Rights Reserved. This draft is being distributed for the purpose of feedback and commentary. As a courtesy to the author, please limit its distribution." http://www.merkle.com/protectedShareware.pdf.
B Miller, M Christodorescu, R Iverson, T Kosar, A Mirgorodskii, F Popovici, �Playing Inside the Black Box: Using Dynamic Instrumentation to Create Security Holes�, Parallel Processing Letters (to appear, 2001).� Also appears in the Second Los Alamos Computer Science Institute Symposium, Sante Fe, NM (October 2001).� Available: http://www.cs.wisc.edu/paradyn/papers/index.html#dyninst-security, March 2002.
Matt L Miller et al., �A Review of Watermarking Principles and Practices,� in Digital Signal Processing in Multimedia Systems, ed. KK Parhi and T Nishitani, Marcell Dekker Inc., 461-485, 1999.� Available: http://buffy.eecs.berkeley.edu/~linnartz/articles/chap17.pdf, March 2001.
Calvin N Mooers, "Computer Software and Copyright," ACM Computing Surveys 7:1, 45-72, March 1975.
Michael Montgomery and Ksheerabdhi Krishna, �Secure Object Sharing in Java Card�, in Proc. USENIX Workshop on Smartcard Technology, 1999.� Available: http://www.usenix.org/publications/library/proceedings/smartcard99/montgomery.html, June 2001.
[00] Ryoichi Mori and Masaji Kawahara. Superdistribution: the concept and the architecture.� The Transactions of the IECE, Vol E 73:7, July 1990.� Also Technical Report 7, Inst. of Inf. Sci. \& Electron (Japan), Tsukuba Univ., Japan, July 1990.� Available: http://www.virtualschool.edu/mon/ElectronicProperty/MoriSuperdist.html, October 2000.
David Naccache, Adi Shamir, Julien P Stern, "How to Copyright a Function?" in Public Key Cryptography 1999: 188-196, http://www.gemplus.com/smart/r_d/publications/crypto17.htm.
George C. Necula, Peter Lee, Safe, "Untrusted Agents Using Proof-Carrying Code," in Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 61-91, 1998.� Available: http://link.springer.de/link/service/series/0558/tocs/t1419.htm, April 2001.
[00] B Clifford Neuman and Theodore Ts'o, "Kerberos: An Authentication Service for Computer Networks", reprinted from IEEE Communications Magazine 32:9, pp. 33-38, as USC/ISI Technical Report Number ISI/RS-94-399, http://nii.isi.edu/publications/kerberos-neuman-tso.html, September 1994.
N Nikolaidis, I Pitas, �Digital image watermarking: an overview,� ICMCS 99, vol I, pp. 1-6, 1999.� Available: http://poseidon.csd.auth.gr/papers/PUBLISHED/CONFERENCE/Nikolaidis99a/Nikolaidis99a.ps.Z, March 2001.
[00] [01] John K. Ousterhout, Jacob Y. Levy, Brent B. Welch, "The Safe-Tcl Security Model," In Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 217-234, 1998. Available: http://link.springer.de/link/service/series/0558/tocs/t1419.htm, April 2001.
[00] J Palsberg, S Krishnaswamy, M Kwon, D Ma, Q Shao, and Y Zhang, Experience with software watermarking, In Proceedings of the 16th Annual Computer Security Applications Conference, ACSAC '00, IEEE, 308-316, 2000. Available: http://www.cs.purdue.edu/homes/madi/wm/, March 2002.
T Parks, D Kassay, C Weinstein, �Vulnerabilities of Reliable Multicast Protocols.�� In Proc. 1998 IEEE Military Communications Conference (MILCOM�98), Vol. 3, 934-938, October 1998.
[01] V Paxson, �Bro: A System for Detecting Network Intruders in Real-Time�, Computer Networks 31(23-24), 2435-2463, 14 Dec 1999.� ftp://ftp.ee.lbl.gov/papers/bro-CN99.ps.gz.

� D Peng, S Jun, S Ye, L Ju, �MA/LMA Architecture for Dealing with Malicious Agents in Agent-Mediated Electronic Markets.�� In J. Liu and Y. Ye (Eds.): E-Commerce Agents, LNAI 2033, pp. 264-282, Springer-Verlag, Berlin Heidelberg 2001.� Available: http://link.springer.de/link/service/series/0558/tocs/t2033.htm, April 2001.

� Robert A Percival, �Standing on the Shoulders of Giants: The Reverse Engineering of Computer Software and the Law of Copyright In Canada,� research paper series, Smith Lyons Barristers and Solicitors, http://www.smithlyons.ca/Publications/Articles/IT_99_10_2.htm, October 1999.

F Peticolas, R Anderson, M Kuhn, �Attacks on copyright marking systems,� Proc. 2^nd Workshop on Information Hiding, LNCS 1525, ed. David Aucsmith, Springer-Verlag, 124-142, 1998.� Available: http://www.cl.cam.ac.uk/~fapp2/papers/ih98-attacks.pdf, March 2001.
A Pfitzmann and M Kohntopp, �Anonymity, Unobservability, and Pseudonymity � A Proposal for Terminology,� in H. Frederrath (Ed.), Designing Privacy Enhancing Technologies (Proceedings of the International Workshop on Design Issues in Anonymity and Unobservability), LNCS 2009, pp. 1-9, Springer-Verlag, 2001.� Available:� http://link.springer.de/link/service/series/0558/papers/2009/20090001.pdf, March 2001.
J Piepzyk, �Fingerprints for Copyright Software Protection,� in M Mambo and Y Zheng (eds.): ISW�99, LNCS 1729, Springer-Verlag, pp. 178-190, 1999.
Police Commissioners' Conference Electronic Crime Working Party, �The Virtual Horizon: Meeting the law enforcement challenges: Developing an Australasian law enforcement strategy for dealing with electronic crime. Scoping Paper�, Research Report 134.1, 2000.� Available http://www.acpr.gov.au/pdf/ElecCrime.pdf, April 2001.
R Poore, �Generally Accepted Systems Security Principles,� International Information Security Foundation, 1998.� Available http://www.auerbach-publications.com/white-papers/gassp.pdf, April 2001.
E Praun, H Hoppe, A Finkelstein, �Robust Mesh Watermarking�, Proc SIGGRAPH 1999, 69-76, 1999.
[00] Todd A. Proebsting and Scott A.� Krakatoa: Decompilation in Java (Does bytecode reveal source?), In Third USENIX Conference on Object-Oriented Technologies and Systems (COOTS), June 1997.
M Riezenman, �Cellular Security: Better, but Foes Still Lurk,� IEEE Spectrum, 39-42, June 2000.
Aviel D Rubin and Daniel E Geer Jr, "A Survey of Web Security", IEEE Computer, 34-41, September 1998.
Carolina Saez. Enforcing copyrights in the age of multimedia. Rutgers Computer & Technology Law Journal Winter 1995 21 n2 p351-393.
J H Saltzer and M D Schroeder, �The Protection of Information in Computer Systems,� Proceedings of the IEEE 63:9 (September 1975), pages 1278-1308.� An HTML version was prepared in1997, see http://web.mit.edu/Saltzer/www/publications/protection/index.html.
T Sander and Chr. Tschudin, Towards Mobile Cryptography.� In Proceedings of the 1998 IEEE Symposium on Security and Privacy, 215�224, May 1998.
T Sander and Chr Tschudin. Protecting Mobile Agents Against Malicious Hosts, in Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 25-43, 1998.� Available: http://link.springer.de/link/service/series/0558/tocs/t1419.htm, April 2001.
T Sander and Chr. Tschudin. On Software Protection via Function Hiding In Proceedings of the Second Workshop on Information Hiding, Springer Lecture Notes in Computer Science.
Michael Joel Schallop. Software patent applications directed to business and mathematical processing applications highlight the tension between State Street and Benson. Rutgers Computer & Technology Law Journal Fall 1999 v26 i1 p89.
B Schneier, J Kelsey, �Secure Audit Logs to Support Computer Forensics,� ACM Trans on Information and System Security 2(2), May 1999, 159-176.
[01] F Seb� et al., �Spatial-Domain Image Watermarking Robust against Compression, Filtering, Cropping, and Scaling.� In LNCS 1975, eds. Pieprzyk et al., pp. 44-53, Springer-Verlag, 2000.
[00] Narayanan Shivakumar and Hector Garcia-Molina, "SCAM: A Copy Detection Mechanism for Digital Documents", Proc. 2^nd Int'l Conf on Theory and Practice of Digital Libraries, 1995. This and other papers by Shiva are available at http://www-db.stanford.edu/~shiva/. See also �A Real-Life Instance of Plagiarism Detection by SCAM� at http://www.dlib.org/dlib/november95/scam/plag.html, accessed November 2000.
J Shoch, J Hupp, �The �Worm� Programs � Early Experience with a Distributed Computation,� Comm. ACM 25:3, March 1982, 172-180.� Available: http://www.acm.org/pubs/articles/journals/cacm/1982-25-3/p172-shoch/p172-shoch.pdf, April 2001.
[00] Melinda Shore, "H.323 and Firewalls: Problem Statement and Solution Framework", Internet Draft draft-shore-h323-firewalls-00.txt, February 3, 2000 expires July 3, 2000. See http://www.ietf.org/ietf/1id-abstracts.txt and http://www.ietf.org/shadow.html
[00] Sergiu S. Simmel and Ivan Godard. Metering and Licensing of Resources - Kala's General Purpose Approach. In Technological Strategies for Protecting Intellectual Property in the Networked Multimedia Environment, The Journal of the Interactive Multimedia Association Intellectual Property Project, Coalition for Networked Information, pages 81--110, MIT, Program on Digital Open High-Resolution Systems, January 1994. Interactive Multimedia Association, John F. Kennedy School of Government. http://www.cni.org/docs/ima.ip-workshop/Simmel.Godard.html
M Sirbu, J Chuang, �Distributed authentication in Kerberos using public key cryptography,� Proc Network and Dist Sys Security 1997, IEEE, 134-141.
Allan M. Soobert. Analyzing infringement by equivalents: a proposal to focus the scope of international patent protection. Rutgers Computer & Technology Law Journal Spring 1996 22 n1 p189-232
R Standler, �Moral Rights of Authors in the USA�, 29 May 1998.� Internet document available: http://www.rbs2.com/moral.htm, March 2001.
Julien P. Stern, Ga�l Hachez, Fran�ois Koeune, Jean-Jacques Quisquater, "Robust Object Watermarking: Application to Code." In LNCS 1768, Springer Verlag, 368-378, 2000. http://www.julienstern.org/serious.php3
Paul A. Suhler, Nader Bagherzadeh, Miroslaw Malek, Neil Iscoe. Software Authorization Systems. IEEE Software, September 1986.

� M Swanson and B Guttman, �Generally Accepted Principles and Practices for Securing Information Technology Systems,� National Institute of Standards and Technology, Department of Commerce, US Government, September 1996.� Available: http://www.auerbach-publications.com/white-papers/nist-security-guidelines.pdf, April 2001.

� [00] Ken Thompson, "Reflections on Trusting Trust", Comm ACM 27:8, pp. 761-763, August 1984. http://www.acm.org/classics/sep95

Andres Torrubia and Francisco J Mora, "Information Security in Multiprocessor Systems, to appear in IASTED 99, Innsbruck Austria 1999.
Trymedia Systems, �ActiveMARK Whitepaper�, 2002.� Available: http://www.trymedia.com/products/ActiveMARK_Whitepaper.pdf, April 2002.
C Tschudin, �Apoptosis � the Programmed Death of Distributed Services�, in Secure Internet Programming (LNCS 1603), ed. J Vitek and C Jensen, pp. 253-260, Spring 1999.� http://www.docs.uu.se/~tschudin/pub/cft-1999-sip.ps.gz.
Y Tsiounis, Efficient electronic cash: new notions and techniques, PhD dissertation, Northeastern University, Boston Mass (USA), June 1997.� Available: http://www.ccs.neu.edu/home/yiannis/papers/thesis.ps (1.15 MB postscript), March 2001.
Jeffrey D. Ullman, �Ordinary Skill in the Art (Based on the 2000 Knuth-Prize Lecture),� December 22, 2000.� Available: http://www-db.stanford.edu/~ullman/pub/focs00.html, December 2000.
Enriquillo Valdez, Moti Yung, "Software DisEngineering: Program Hiding Architecture and Experiments." In LNCS 1768, Springer Verlag, 379-394, 2000. A technical report on a related subject is available at http://cis.poly.edu/tr/tr-cis-2000-01.htm (but page 5 won't print as at 1 Aug 00).
E Valdez, M Yung, �DISSECT: DIStribution for SECurity Tool,� Technical Report TR-CIS-2000-01, Department of Computer Science, Polytechnic University, Brooklyn NY (USA), 15 March 2001.
R Vaughan, �Defining Terms in the Intellectual Property Protection Debate: Are the North and South Arguing Past Each Other When We Say �Property�?� A Lockean, Confucian, and Islamic Comparison�, ILSA Journal of International and Comparative Law 2(2), Winter 1996.� Available: http://www.nsulaw.nova.edu/student/organizations/ILSAJournal/2-2/2-2%20toc.htm, March 2002.
D Vaver, Intellectual Property Law: Copyright, Patents, Trademarks, 345 pp. Irwin Law, 1997.
R Venkatesan, V Vazirani, S Sinha, �A Graph Theoretic Approach to Software Watermarking�.� In .S. Moskowitz (ed.), Proc. 4th International Workshop on Information Hiding (IHW 2001), LNCS 2137, Springer-Verlag, 157-168, 2001.
J Viega, T Kohno, B Potter, �Trust (and Mistrust) in Secure Applications,� Comm. ACM 44:2, pp. 31-36, Feb 2001.
J Vitek and G Castagna, �Mobile Computations and Hostile Hosts�, in Proc 10^th Journ�es Francophones des Langages Applicatifs (JFLA99), Avoriaz, France, February 1999.� http://www.cs.purdue.edu/homes/jv/pub/jfla99.ps.gz.
G. Voyatzis, N. Nikolaidis and I. Pitas, �Digital Watermarking: An Overview�, IX European Signal Processing Conference (EUSIPCO'98), Rhodes, Greece, vol. I, pp. 9-12, 8-11 September 1998.� Available: http://pella.eng.auth.gr/papers/confers.l_ind.html, June 2001.
Dennis Volpano, Geoffrey Smith, Language Issues in Mobile Program Security, In Mobile Agents and Security, Springer Verlag, LNCS 1419, pp. 25-43, 1998.� Available: http://link.springer.de/link/service/series/0558/tocs/t1419.htm, April 2001.
Robert Wahbe, Steven Lucco, Thomas Anderson, Susan Graham, Efficient Software-Based Fault Isolation, SOSP'93, p. 203--216.
[00] [01] Dan S Wallach, Dirk Balfanz, Drew Dean and Edward W Felten, "Extensible Security Architectures for Java", 16^th ACM Symp on Operating Systems Principles, October 1997.� Available: http://www.acm.org/pubs/citations/proceedings/ops/268998/p116-wallach/, and http://www.cs.princeton.edu/sip/pub/sosp97.html, May 2001.� See http://citeseer.nj.nec.com/wallach97extensible.html.
Dan S. Wallach, Edward W. Felten, and Andrew W. Appel, �SAFKASI: A Security Mechanism for Language-based Systems�, ACM Transactions on Software Engineering and Methodology 9(4), October 2000, pp. 341-378.
C Wang, J Hill, J Knight, J Davidson, �Software Tamper Resistance: Obstructing Static Analysis of Programs�, Technical eport CS-2000-12, Department of Computer Science, U Virginia (USA).� Available: ftp://ftp.cs.virginia.edu/pub/techreports, May 2001.
Peter Wayner, Strong Theoretical Steganography. CRYPTOLOGIA, Volume XIX, July 1995.
Peter Wayner, Mimic Functions. CRYPTOLOGIA, Volume XVI, Number 3, July 1992.
I Welch, R Stroud, �Supporting real world security models in Java,� Proc 7th IEEE Workshop on Future Trends of Distributed Computing Systems, Page(s): 155 � 159, 1999.� Available: http://ieeexplore.ieee.org/iel5/6627/17681/00818799.pdf, March 2001.
U Wilhelm.� Cryptographically Protected Objects. Technical report, Ecole Polytechnique Federale de Lausanne, Switzerland, May 1997.� A French version appears in RenPar'9, May 1997.� Available: http://lsewww.epfl.ch/~wilhelm/CryPO.html, March 2001.
U Wilhelm, �A pessimistic approach to trust in mobile agent platforms,� IEEE Internet Computing, Sept-Oct 2000, pp. 40-48.� Available: http://ieeexplore.ieee.org/iel5/4236/18994/00877485.pdf, March 2001.

Tutorials

American Bar Association, Section of Science and Technology, Information Security Committee, �Digital Signature Guidelines Tutorial�, 1995.� Available: http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html, June 2001.� (This document is a 4-page executive summary, with hyperlinks, of Digital Signature Guidelines, 1996.� ISBN: 1-57073-250-7.� Available: http://www.abanet.org/scitech/ec/isc/dsgfree.html, June 2001.)

Patents and Published International Patent Applications

David Aucsmith and Gary Graunke. Tamper resistant methods and apparatus. US patent 5,892,899, April 6, 1999.� Assignee: Intel Corporation.
Wayne W. Chou, Joseph M. Kulinets, Laszlo Elteto, Frederik Engel. Method of Software Distribution Protection. US Patent 5,337,357, August 9, 1994. Assignee: Software Security, Inc. Stamford Conn.
Stanley T Chow et al.� Internet Authentication Technology, published international patent application WO 00/10286, 24 February 2000.� Assignee: Cloakware Corporation, Ontario CA.� Available: http://www.delphion.com/details?&pn=WO00010286B1, March 2001.
Christian Collberg, Clark Thomborson. Software Watermarking Techniques, published international patent application WO 99/64973 (PCT/NZ99/00081, December 16, 1999.� Assignee: Auckland UniServices Limited (New Zealand).
Christian Collberg, Clark Thomborson, Douglas Low. Obfuscation Techniques for Enhancing Software Security, published international patent application WO 99/01815 (PCT/US98/12017), January 14, 1999.� Assignee: InterTrust Inc, Sunnyvale CA (USA).
Robert L. Davidson and Nathan Myhrvold. Method and system for generating and auditing a signature for a computer program. US Patent 5,559,884, September 24, 1996. Assignee: Microsoft Corporation.
Robert L. Davidson, Nathan Myhrvold, Keith Randel Vogel, Gideon Andreas Yuval, Richard Shupak, and Norman Eugene Apperson. Method and system for improving the locality of memory references during execution of a computer program. US Patent 5,664,191, September 2, 1997. Assignee: Microsoft Corporation.

� Charles E. Hill. Software Piracy Detection System. US Patent 5,754,864, May 19, 1998. Assignee: Charles E. Hill and associates.

� Keith Holmes. Computer software protection. US Patent 5,287,407, February 15, 1994. Assignee: International Business Machines.

Harold Joseph Johnson, Yuan Xiang Gu, Becky Laiping Chan, Stanley Taihai Chow. Encoding technique for software and hardware. US Patent 5,748,741, May 5, 1998. Assignee: Northern Telecom Limited, Montreal, Canada.
Geza Medveczky, Kelvin Lunsford. System and Apparatus for Protecting Computer Software. US Patent 5,182,770, January 26, 1993.
Scott A. Moskowitz and Marc Cooperman. Method for stega-cipher protection of computer code. US Patent 5,745,569, April 28, 1998. Assignee: The Dice Company.
Rafail Ostrovsky, Oded Goldreich. Comprehensive software protection system. US Patent 5,123,045, June 16, 1992. Assignee: Massachusetts Institute of Technology.
Alberto Pactong.� Method and apparatus for remote program execution to use in computer software protection without the use of encryption.� US Patent 6018712, January 25, 2000.� Available: http://www.delphion.com/details?&pn=US06018712__, March 2001.
Frederic B. Richardson, III. System for Software Registration. US Patent 5,490,216, February 6, 1996. Assignee: Uniloc Private Limited, Singapore.
Peter R. Samson. Apparatus and method for serializing and validating copies of computer software. US Patent 5,287,408, February 15, 1994. Assignee: Autodesk, Inc.
Robert Wahbe, Steven Lucco, Methods for safe and efficient implementation of virtual machines, US Patent 5761477, June 2, 1998.� Assignee: Microsoft Corporation.

Books

Carlisle Adams, Steve Lloyd. Understanding Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations, 296 pp., Macmillan Technical Publishing, Date Published: 11/1999, ISBN 157870166X. �Chapter 4, �Core PKI Services: Authentication, Integrity, and Confidentiality,� is available online at http://www.microsoft.com/technet/security/corepki.asp, April 2001.
E Amoroso, Fundamentals of Computer Security Technology, Prentice-Hall, 1994.
W Caelli, D Longley, M Shain, Information Security Handbook, Macmillan, 1994.
F Cohen, A Short Course on Computer Viruses, 2^nd edition, Wiley, 1994.
Committee on Intellectual Property Rights in the Emerging Information Infrastructure, The Digital Dilemma: Intellectual Property in the Information Age. Washington, D.C.: National Academy Press, 2000.� Available: �http://books.nap.edu/html/digital_dilemma/, December 2000.
Dieter Gollman, Computer Security, John Wiley & Son Ltd, 1999. ISBN 0471978442.
Derrick Grover (ed.), The Protection of Computer Software --- Its Technology and Applications, 2^nd edition, Cambridge University Press, 1992.
Neil F. Johnson, Zoran Duric, Sushil Jajodia, Information Hiding: Steganography and Watermarking - Attacks and Countermeasures, Kluwer Academic Publishers, 2000.� Homepage: http://ise.gmu.edu/~njohnson/Steganography/, December 2000.
Stefan Katzenbeisser, Fabien A P Peticolas, editors, Information Hiding Techniques for Steganography and Digital Watermarking, Artech House, 2000.
Andreas Pfitzmann (Ed.): Information Hiding, Third International Workshop, IH'99, Dresden, Germany, September 29 - October 1, 1999, Proceedings. Lecture Notes in Computer Science, Vol. 1768, Springer, ISBN 3-540-67182-X, 2000.
Charles P. Pfleeger, Security in Computing, 2^nd edition, Prentice Hall, 1997.
Bruce Schneier, Applied cryptography : protocols, algorithms, and source code in C, 2^nd edition,Wiley, 1996.
Bruce Schneier, Secrets and lies : digital security in a networked world, Wiley, 2000.
William Stallings, Cryptography and Network Security: Principles and Practice, 2^nd edition, Prentice Hall; ISBN 0138690170, 1998.
[01: pp. 98-111] Peter Stephenson, Investigating Computer-Related Crime, CRC Press, ISBN: 0-8493-2218-9, 2000.
Douglas R Stinson (http://www.cacr.math.uwaterloo.ca/~dstinson/), Cryptography: Theory and Practice. CRC Press (http://www.crcpress.com/catalog/8521.htm), ISBN 0-8493-8521-0, 1995.
US Department of Defense, The Orange Book: Trusted Computer System Evaluation Criteria, available: http://www.dynamoo.com/orange/, May 2001.
Trusted Computer Platform Alliance, TCPA Trusted Subsystem Specification V1.1a, 1 December 2001.� Available: http://www.trustedpc.org/home/Specification.htm, March 2002.
John Viega and Gary McGraw, Building Secure Software, Addison-Wesley, 2001.

Web sites of interest

Advanced Encryption Standard (AES) Development Effort, National Institute of Standards and Technology, available: http://csrc.nist.gov/encryption/aes/, February 2001.
Anti Cracking FAQ, available: http://inner-smile.com/nocrack.phtml, March 2002.
Australasian Centre for Policing Research, http://www.acpr.gov.au/, April 2001.
Australian Institute of Computer Ethics, http://www.aice.swin.edu.au/, December 2000.
Bountyquest (search for prior art that might invalidate patents), http://www.bountyquest.com/, October 2000.
Cristina Cifuentes. Decompilation Page, http://www.csee.uq.edu.au/csm/decompilation/index.html.
Christian Collberg. The Obfuscation and Software Watermarking Home Page, http://www.cs.arizona.edu/~collberg/Research/Obfuscation/index.html.
Computer Operations, Audit, and Security Technology project home page, http://www.cerias.purdue.edu/coast/, available November 2000.
Computer Forensics Laboratory, US Department of Defense, http://www.dcfl.gov/.
Forensic Computing Journal, http://www.forensic-computing.com/.
The Forensic News Wire, http://www.guidancesoftware.com/news/news_wire.html, October 2000.
Peter Gutmann.� Homepage, http://www.cs.auckland.ac.nz/~pgut001/
Fritz Hohl.� Security in Mobile Agent Systems (online bibliography), http://mole.informatik.uni-stuttgart.de/security.html, September 2000.
The International Association of Comuter Investigative Specialists, �Forensic Procedures�, available: http://www.cops.org/forensic_examination_procedures.htm, February 2001.
IBM's Antivirus Online: Scientific Papers, http://www.av.ibm.com/InsideTheLab/Bookshelf/ScientificPapers/index.htm.
IBM Network Security Group.� Publications page, http://www.zurich.ibm.com/pub/sti/g-kk/shadow/publications/bibliography/, 2000.
Information Security Magazine, http://www.infosecuritymag.com/, 2000.
Macrovision Corporation.� SafeDisc page available: http://www.macrovision.com/scp.html, February 2001.� Digital Video Watermarking page available: http://www.macrovision.com/dvw.html, February 2001.
Mark LaDue.� Hostile Applets Homepage, http://metro.to/mladue/hostile-applets/, 2000.
Eric Milbrandt. Steganography Info and Archive, http://members.tripod.com/steganography/stego.html
David Nagy-Farkas. The Easter Egg Archive, http://www.eeggs.com/lr.html.
National Association of Investigative Specialists (USA), sample newsletter articles, http://www.pimall.com/nais/n.index.html, April 2001.
Netscape.� Introduction to SSL, http://developer.netscape.com/docs/manuals/security/sslin/contents.htm.
New Zealand Information Security Forum, http://www.nzisf.org.nz/, April 2001.
Fabien Peticolas. The Information Hiding Homepage - Digital Watermarking and Steganography, http://www.cl.cam.ac.uk/~fapp2/steganography/ind.htm.
TAMPER (Tamper And Monitoring Protection Engineering Research) Lab, University of Cambridge,� http://www.cl.cam.ac.uk/Research/Security/tamper/, April 2002.
David Touretzky, Gallery of CSS Descramblers, http://www.cs.cmu.edu/~dst/DeCSS/Gallery, October 2000.� Also see his Stenography Wing at http://www.cs.cmu.edu/~dst/DeCSS/Gallery/Stego/index.html.
Trusted Computer Platform Alliance, http://www.trustedpc.org/home/home.htm, 2000.
UCL/DICE Crypto Group � Publications, http://www.dice.ucl.ac.be/crypto/publications.html, available April 2001.
USACM Encryption and Computer Security Library homepage, http://www.acm.org/usacm/crypto/, 2000.
Vogon International Forensic Bulletin On-Line, http://www.vogon.co.uk/bulletin-00.htm.

Miscellaneous

Similar Courses

U Arizona, CSc 620: Language-based Approaches to System and Software Security, 1999.
Rice, Comp 527: Computer Systems Security , 1999.
Berkeley, CS 261, Fall 2000.� Available: http://www.cs.berkeley.edu/~daw/teaching/cs261-f00/, February 2001.
Princeton, COS 496: Information Security , 1999.
Monash University, CPE3001: Information and Network Security, http://www.fcit.monash.edu.au/fec/subjects/CPE3001.html, 2000.
University of Nevada at Las Vegas, CSCI 489/689: Internet Security, http://hlb.cs.unlv.edu/syllabi/4-689_s02_update.html, 2002.
Tel Aviv University, Programming Language Seminar, http://www.math.tau.ac.il/~sagiv/courses/pl-seminar.html, 1999.
Goteborg University, ProSec - Reading Course in Security. http://www.cs.chalmers.se/Cs/Research/Security/2000/in.htm, 2000.