1) Techniques for Protecting Software
(and Media Objects)
a) Watermarking
·
André Adelsbach and
Ahmad-Reza Sadeghi, “Zero-Knowledge Watermark Detection and Proof
of Ownership,” in
I.S. Moskowitz (Ed.): Information Hiding, Proc. of 4th International Workshop (IHW 2001),
·
Mikhail
J. Atallah, Victor Raskin,
Christian F. Hempelmann, Mercan
Karahan, Radu Sion, Umut Topkara,
and Katrina E. Triezenberg, “Natural Language
Watermarking and Tamperproofing,” in F.A.P. Petitcolas (Ed.): Information
Hiding, Proc. of 5th International Workshop (IH 2002), Noordwijkerhout,
The Netherlands, October 7-9, 2002. LNCS
2578, p. 196 ff.
·
Oliver
Benedens, “Robust Watermarking and Affine
Registration of 3D Meshes,” in F.A.P. Petitcolas
(Ed.): Information Hiding, Proc. of
5th International Workshop (IH 2002), Noordwijkerhout,
The
·
Marshall
Bern, Jeff Breidenbach, and David Goldberg
, “Trustworthy Paper Documents,” in I.S. Moskowitz
(Ed.): Information Hiding, Proc. of
4th International Workshop (IHW 2001),
·
C
Jensen, “Fingerprinting Text in Logical Markup Languages.” In G. Davida and Y.
Frankel (Eds.): ISC 2001, LNCS 2200,
pp. 433-445, 2001.
·
R
Venkatesan, V Vazirani,
·
Hiroshi Yoshiura, Ryoichi
Sasaki, and Kazuo Takaragi, “Secure Fingerprinting
Using Public-Key Cryptography (Position Paper),” in Christianson, B. Crispo, W.S. Harbison, M. Roe
(Eds.): Proceedings of 6th International
Workshop on Security Protocols, Cambridge, UK, April 1998. LNCS 1550, p. 83 ff.
b) Obfuscation
·
B
Barak, O Goldreich, R Impagliazzo, S Rudich, A Sahai, S Vadhan, and K Yang, “On
the (Im)possibility of Obfuscating Programs (Extended
Abstract)”. In J Kilian
(ed.), Advances in Cryptology – Crypto 2001, LNCS 2139, Springer-Verlag, 2001.
·
S
Chow et al., “An approach to the obfuscation of control-flow of sequential computer
programs.” In G. Davida
and Y. Frankel (Eds.): ISC 2001, LNCS
2200, pp. 144-155, 2001.
·
M.
Jacob, D. Boneh, and E. Felten,
“Attacking an obfuscated cipher by injecting faults,” 2002 ACM Workshop on Digital Rights Management (DRM 2002). Available http://crypto.stanford.edu/DRM2002/drm1.pdf,
March 2003.
c)
Tamperproofing
·
D.
Aucsmith, "Tamper Resistant Software: An
Implementation", in Information Hiding Workshop, RJ Anderson (ed), LNCS 1174, pp. 317-333, 1996.
·
Yuqun Chen, Ramarathnam Venkatesan, Matthew Cary, Ruoming
Pang, Saurabh Sinha, and Mariusz H. Jakubowski, “Oblivious
Hashing: A Stealthy Software Integrity Verification Primitive,” in F.A.P. Petitcolas (Ed.): Information
Hiding, Proc. of 5th International Workshop (IH 2002), Noordwijkerhout,
The
·
David Lie et al., “Architectural support for copy
and tamper resistant software.” In Architectural Support for Programming
Languages and Operating Systems, Proceedings of the ninth international
conference on Architectural support for programming languages and operating
systems, ACM, 2000, pp. 168-177.
·
T
Ogiso et al., “Software Tamper Resistance Based on
the Difficulty of Interprocedural Analysis.” In
The Third International Workshop on Information Security Applications (WISA
2002), pp. 437-452, August 2002.
Available: http://grampus.jaist.ac.jp:8080/miyaji-lab/member/PaperPS/wisa2002.pdf,
March 2003.
·
C
Wang, J Hill, J Knight, J Davidson, “Software Tamper Resistance: Obstructing
Static Analysis of Programs”, Technical eport
CS-2000-12, Department of Computer Science, U Virginia (USA). Available: ftp://ftp.cs.virginia.edu/pub/techreports,
May 2001.
d) Copy Detection
·
Jennifer L. Wong, Darko Kirovski, and Miodrag Potkonjak, “Computational Forensic Techniques for
Intellectual Property Protection,” in
I.S. Moskowitz (Ed.): Information Hiding, Proc. of
4th International Workshop (IHW 2001), Pittsburgh, PA, USA, April 25-27, 2001.
LNCS 2137, p. 66 ff.
e) Language-Based Security
f)
Legal and Ethical Controls
·
Stefan Bechtold, “From Copyright to Information Law
– Implications of Digital Rights Management”.
In T. Sander (Ed.): Security and
Privacy in Digital Rights Management, ACM CCS-8 Workshop DRM 2001,
2) Secure Systems Design and Analysis
a) Digital Rights Management Systems
·
T Budd, “Protecting and Managing Electronic Content
with a Digital
·
J. A. Halderman,
“Evaluating New Copy-Prevention Techniques for Audio CDs,” 2002 ACM Workshop on
Digital Rights Management (DRM 2002).
Available http://crypto.stanford.edu/DRM2002/halderman_drm2002_pp.ps,
March 2003.
·
Antonio Mana, Ernesto Pimentel, “An Efficient Software
Protection Scheme,” in Michel Dupuy, Pierre Paradinas (Eds.): Trusted Information: The New Decade
Challenge, IFIP TC11 Sixteenth Annual Working Conference on Information
Security (IFIP/Sec'01),
·
Tim Maude and Derwent Maude, “Hardware protection
against software piracy,” Communications of the ACM, 27(9):950-959,
September 1984.
·
P Schneck, “Persistent
Access Control to Prevent Piracy of Digital Information,” Proceedings of the
IEEE, 87(7), pp. 1239-1250, July 1999.
·
Zhao J., “A WWW service to embed and prove digital
copyright watermarks.” In P. Delogne et al.,
eds.: Proceedings of the European Conference on
Multimedia Applications, Services and Techniques (ECMAST’96), vol.2,
Univ.
b) Security Services: Privacy, Authentication,
Reliable Service, Trust, Reputation
·
J Armington et al.,
“Biometric Authentication in Infrastructure Security”. In G. Davida et al.
(eds.): InfraSec 2002, LNCS 2437, pp. 1-18, 2002.
·
Tonda Beneš, “The Strong Eternity Service,” in
I.S. Moskowitz (Ed.): Information Hiding, Proc. of
4th International Workshop (IHW 2001),
·
A. Boldyreva and M. Jakobsson, “Theft protected proprietary certificates,” 2002
ACM Workshop on Digital Rights Management (DRM 2002). Available http://crypto.stanford.edu/DRM2002/tppcertif.pdf,
March 2003.
·
B Canvel, “Password
Interception in a SSL/TLS Channel,” LASEC Memo, EPFL,
·
J De Clercq, “Single
Sign-On Architectures.” In G. Davida et al. (eds.): InfraSec 2002, LNCS 2437, pp. 40-58, 2002.
·
Carl Ellison, “The Trust Shell Game (Position
Paper),” in Christianson, B. Crispo, W.S. Harbison, M. Roe (Eds.): Proceedings of 6th International
Workshop on Security Protocols,
·
T Mallard, “E-Government: Authentication of Identity,”
State Services Commission,
·
R Yahalom, “Optimistic
Trust with Realistic eNvestigators.” In B. Christianson et al. (eds.): Security
Protocols, LNCS 1550, pp. 193-202, 1998.
c) Protocol Design and Analysis
·
D.
Gollmann, “Insider Fraud.” In B.
Christianson et al. (eds.): Security
Protocols, LNCS 1550, pp. 213-219, 1998.
d) Network Security
·
J
McHugh, “Intrusion and Intrusion Detection,” International Journal of Information Security 1, 2001, pp. 14-35.
·
Pekka Nikander, “Denial-of-Service, Address Ownership, and Early
Authentication in the IPv6 World,” in B. Christianson,
B. Crispo, J.A. Malcolm, M. Roe (Eds.): Security Protocols, Proc. of 9th
International Workshop,
·
Kymie Tan, John McHugh, and Kevin Killourhy, “Hiding Intrusions: From the Abnormal to the
e) Application, Database and Operating
Systems Security
·
M
Bond and P Zielinski, “Decimalisation Table Attacks
for PIN Cracking,”
·
J.S.
Clulow, “The Financial Cryptographic API”, Chapter 3
of The Design and Analysis
of Cryptographic APIs for Security Devices, M.Sc.
Dissertation,
·
C
Landwehr, “Computer Security,” International Journal of Information Security 1, 2001, pp. 3-13.
·
Sin Yeung Lee, Wai Lup Low, and Pei Yuen Wong, “Learning Fingerprints for a Database Intrusion
Detection System”, in D. Gollmann, G. Karjoth, M. Waidner (Eds.): Computer Security – ESORICS 2002, Proc.
7th European Symposium on Research in Computer Security Zurich, Switzerland,
October 14-16, 2002. LNCS 2502, p. 264 ff.
·
D
Reifer et al., “Estimating the Cost of Security for
COTS Software.” In H. Erdogmus and T. Weng (eds.): ICCBSS 2003, LNCS 2580, pp. 178-186,
2003.
·
A.
Somayaji and S. Forrest, “Automated Response Using
System-Call Delays." In
·
W.
van Eck, “Electromagnetic Radiation from Video Display Units: An Eavesdropping
Risk,” Computers & Security 4,
1985, 269-286.
·
Hiroshi Yoshiura, Kunihiko Miyazaki, Shinji Itoh,
Kazuo Takaragi, and Ryoichi Sasaki, “A Multi-OS Approach to
Trusted Computer Systems,” in B. Christianson, B. Crispo, J.A. Malcolm, M. Roe (Eds.): Security Protocols, Proc. of 9th
International Workshop, Cambridge, UK, April 25-27, 2001. LNCS 2467, p. 107 ff.
3) Project Ideas
a) Experiment with, or add
functionality to, the Javascript obfuscation system
developed as a class project by Erik Walle of the
b) Experiment with the X.509
authentication certificates for email, perhaps along the lines of my Assignment
2 for CompSci 725 in 2001. See http://www.cs.auckland.ac.nz/compsci725s1c/archive/compsci725fc/archive/2001/lectures/asst2.htm,
available March 2003. A simple
introduction to X.509 certificates may be found in P Tremblatt,
“X.509 Certificates”, Dr Dobbs Journal, July
1999. Available: http://www.ddj.com/articles/1999/9907/,
March 2003.
c) Use forensic examination software,
such as ComputerCop Professional P3 (I have a CD in
my office) to make inferences about what an anonymous person was doing on their
PC on some specific dates, (say) one month ago and six months ago.
d) Experiment with, and/or
reverse-engineer to discover the underlying “codebook” of the steganographic software Hydan (http://www.crazyboy.com/hydan/,
available March 2003) that writes messages into x86 binaries without changing
their size.
e) Analyse several home PCs for “spyware”. Your
report should describe your scanning procedures and what you found. If your scan reveals something, you should
describe what you found, your reasons for (not) calling it spyware,
your best guess as to when and how it was loaded, what you did to remove it,
and whether you were successful in removing it.
See e.g. “Invasive Software: Who’s Inside Your Computer” (Computer, IEEE, July 2002, pp 15- 18), “Spyware epidemic rallies call for action” (ZDNet 24 Feb 03,
http://zdnet.com.com/2102-1104-985644.html),
“Weatherbug” (Risks
Digest 21:42, http://catless.ncl.ac.uk/Risks/21.42.html#subj13),
“Totally Hip with Spyware” (Risks Digest 21:56, http://catless.ncl.ac.uk/Risks/21.56.html#subj5),
and “Adobe clarification on spyware article” (Risks
Digest 21: 59, http://catless.ncl.ac.uk/Risks/21.59.html#subj8).