12 September 2005
S1. (P1, P20) [Co Co05] C. Collberg, and
S2. (P2, P6) [SS As04] D. Asonov, R. Agrawal, "Keyboard Acoustic Emanations", in Proc. of IEEE Symposium on Security and Privacy, pp. 3-11, May 2004.
S3. (P3, P27) [SA Ca04] D. Cappelli,
M. Keeney, E. Kowalski, A. Moore, M. Randazzo,
"Insider Threat Study: Illicit Cyber Activity in the Banking and Finance
Sector", CERT Coordination Center, Software Engineering Institute,
S4. (P4, P25) [SRE Al03] I. Alexander, "Misuse cases: use cases with hostile intent", IEEE Software 20(1), 58-66, Jan/Feb 2003.
S5. (P5, P7) [DRM By03] S. Byers, L. Cranor, D. Korman, P. McDaniel, and E. Cronin, "Analysis of security vulnerabilities in the movie production and distribution process", in Proc. 2003 ACM Workshop on Digital Rights Management, ACM Press, 1-12, 2003.
S6. (P8, P28) [SA Bl04] J. Black, M. Cochran, and R. Gardner, "How to Cheat at Chess: A Security Analysis of the Internet Chess Club", Cryptology ePrint Archive, Report 2004/203, 14 pp., 2004.
S7. (P9, P17) [SA Ch03] M. Christodorescu and S. Jha, "Static Analysis of Executables to Detect Malicious Patterns", in 12th USENIX Security Symposium, pp. 169-186, August 2003.
S8. (P10) [Ap Cr04] J. Crampton and G. Loizou, "Administrative scope: A foundation for role-based administrative models", ACM Trans. Inf. Syst. Secur. 6:2, 201-231, 2003.
S9. (P11) [Ap Ca04] J. Camenisch, "Better Privacy for Trusted Computing Platforms," to appear in ESORICS 2004. Preprint provided in email by J. Camenisch, July 2004.
S10. (P12,
P31) [SRE Fi04] D. Firesmith, "Specifying Reusable Security
Requirements", in Journal of Object Technology 3(1), pp. 61-75, Jan-Feb 2004. Available: http://www.jot.fm/issues/issue_2004_01/column6,
July 2005.
S11. (P13, P21)
[HW Le05] R. Lee, P. Kwan, J. McGregor, J. Dwoskin,
and Z. Wang, “Architecture for Protecting Critical Secrets in Microprocessors”,
in International Symposium on Computer
Architecture 2005, IEEE, pp. 2-13, 2005.
S12. (P14) [Ap He05] A. Herzog, N Shahmehri, "Problems Running Untrusted
Services as Java Threads", in Certification
and Security in Inter-Organizational E-Services, IFIP 18th World Computer
Congress, ed. Nardelli et al., Aug 2004, pp. 19-32.
S13. (P15) [HW Bo01] M. Bond, "Attacks on Cryptoprocessor Transaction Sets", in Proc. of the CHES 2001 Workshop, LNCS 2162, Springer-Verlag, pp 220-234, 2001.
S14. (P16) [Ta Ch02] Y. Chen, R. Venkatesan, M. Cary, R. Pang, S. Sinha, and M. Jakubowski, “Oblivious Hashing: A Stealthy Software Integrity Verification Primitive,” in F.A.P. Petitcolas (Ed.): Information Hiding, Proc. of 5th International Workshop (IH 2002), LNCS 2578, p. 400 ff., 2002.
S15. (P18) [SS St04] W. Stufflebeam, A. Antón, Q. He, and N. Jain, "Specifying privacy policies with P3P and EPAL: lessons learned", WPES '04: Proceedings of the 2004 ACM workshop on Privacy in the electronic society, pp. 35-36, 2004. Extended version available as NCSU CSC Technical Report #TR-2004-19, 15 pp., 17 June 2004. Available: http://www.theprivacyplace.org/papers/TR-2004-19.pdf, July 2005.
S16. (P19) [Ap Ob91] R. O'Brien and
C. Rogers, "Developing Applications on LOCK", in Proc. 14th Nat'l
Security Conf., Washington DC USA, 147-156, 1991. Hardcopy obtained from
British Library, April 2004; seeking permission of copyright holder (Secure
Computing) to publish to web, July 2004.
S17. (P22,
P24) [Pr Ch00] B. Chor, A. Fiat, M. Naor and B. Pinkas, "Tracing
Traitors", IEEE Transactions on Information Theory 46:3,
893-910, May 2000.
S18. (P23) [SS
Bo02] A. Boldyreva and M. Jakobsson,
“Theft protected proprietary certificates,” in Proc. 2002 ACM Workshop on
Digital Rights Management (DRM 2002). Available http://crypto.stanford.edu/DRM2002/tppcertif.pdf,
March 2003.
S19. (P26,
P29) [DRM Mo97] R. Mori and M. Kawahara, "Superdistribution:
An Electronic Infrastructure for the Economy of the Future", Transactions
of Information Processing Society of
S20. (P30) [SA
So03] S. Soman, C. Krintz,
and G. Vigna, "Detecting Malicious Java Code
Using Virtual Machine Auditing", in 12th
USENIX Security Symposium, pp. 153-168, August 2003.