Software Security

CompSci 725 S2C 07
Clark Thomborson
Handout 3: Suggestions for Oral Reports

Version 1.13, 18 October 2007

1.      Access Control, Audit (ACA)

[ACA Ba03] D. Baldwin, S. Shiu, “Enabling Shared Audit Data”, in Information Security Conference (ISC 2003), Lecture Notes in Computer Science 2851, Springer, pp. 14-28, 2003.  Abstract.

[ACA Be05] D. Bell, “Looking Back at the Bell-La Padula Model”, in Computer Security Applications Conference (ACSAC ’05), pp. 337-351, 2005.  Abstract.

[ACA Cl87] D. Clark, D. Wilson, “A Comparison of Commercial and Military Computer Security Policies,” in IEEE Symposium on Security and Privacy, pp. 184-194, 1987.  (Copy available from instructor, upon request.)  Abstract.

[ACA My06] G. Myles, S. Nusser, “Content Protection for Games”, IBM Systems Journal 41:1, pp. 119-143, 2006.  Abstract.

[ACA Ro06] L. Rostad, O. Edsberg, “A Study of Access Control Requirements for Healthcare Systems Based on Audit Trails from Access Logs”, in Computer Security Applications Conference (ACSAC ’06), pp. 175-186, 2006.  Abstract.

2.     Authentication, Identification, Privacy (AIP)

[AIP Ba06] A Bhargav-Spantzely, J. Camenisch, T. Gross, D. Sommer, “User Centricity: A Taxonomy and Open Issues”, in ACM Workshop on Digital Identity Management (DIM ’06), pp. 1-10, 2006Abstract.

[AIP Ch02] L. Chen, S. Pearson, A. Vamvakas, “A Trusted Biometric System”, Technical Report HPL-2002-185, HP Laboratories Bristol, 12 pp., 2002.  Abstract.

[AIP Ga05] S. Garfinkel, A. Juels, R. Pappu, “RFID Privacy: An Overview of Problems and Proposed Solutions””, IEEE Security & Privacy 3:3, 34-43, 2005.  Abstract.

[AIP Jo07] A. Jøsang, M. AlZomai, S. Suriadi, “Usability and Privacy in Identity Management Architectures”, in Australasian Information Security Workshop (AISW’07), CRPIT vol. 68, pp. 143-152, 2007.  Abstract.

[AIP Ja04] M. Jakobsson, J. Ratkiewicz, “Designing Ethical Phishing Experiments: A Study of (ROT13) rOnl Query Features”, in 15th International Conference on World Wide Web (WWW ’06), ACM, pp. 513-522, 2006.  Abstract.

[AIP Li06] A. Lioy, M. Marian, N. Moltchanova, M. Pala, “PKI Past, Present and Future”, International Journal of Information Security 5:1, pp. 18-29, January 2006.  Abstract.

[AIP Ma02] T. Matsumoto, H. Matsumoto, K. Yamada, S. Hoshino, “Impact of Artificial ‘Gummy’ Fingers on Fingerprint Systems”, in Optical Security and Counterfeit Deterrence Techniques IV, ed. van Renesse, SPIE vol. 4677, pp. 275-289, 2002.  Available: http://www.lfca.net/Fingerprint-System-Security-Issues.pdf, July 2007.  Abstract.

[AIP No04] J. Novak, P. Raghavan, A. Tomkins, “Anti-Aliasing on the Web”, in 13th International Conference on World Wide Web (WWW ’04), ACM, pp. 30-39, 2004.  Abstract.

[AIP Re07] I. Reay, P. Beatty, D. Scott, J. Miller, “A Survey and Analysis of the P3P Protocol’s Agents, Adoption, Maintenance, and Future”, IEEE Transactions on Dependable and Secure Computing 5:2, pp. 151-164, 2007.  Abstract.

[AIP Sc07] S. Schechter, R. Dhamija, A. Ozment, I. Fischer, “The Emperor’s New Security Indicators”, in IEEE Symposium on Security and Privacy (S&P 2007), pp. 51-65, 2007.  Abstract.

3.      Malware, Spam, Intrusion Detection (MSI)

[MSI Br07] A. Bratko, F. Bogdan, G Cormack, T. Lynam, B. Zupan, “Spam Filtering Using Statistical Data Compression Models”, Journal of Machine Learning Research 7:12, pp. 2673-2698, December 2006.  Abstract

[MSI Ca07] M. Cai, K. Hwang, J. Pan, C. Papadopoulos, “WormShield: Fast Worm Signature Generation with Distributed Fingerprint Aggregation”, IEEE Transactions on Dependable and Secure Computing 5:2, pp. 88-104, April-June 2007.  Abstract.

[MSI Hw07] K. Hwang, M. Cai, Y. Chen, M. Qin, “Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes”, IEEE Transactions on Dependable and Secure Computing 4:1, pp. 137-150, January-March 2007.  Abstract.

[MSI Ka07] A. Karasaridis, B. Rexroad, D. Hoeflin, “Wide-Scale Botnet Detection and Characterization”, First Workshop on Hot Topics in Understanding Botnets (HotBots ’07), Usenix, 8 pp., 2007.  Abstract.

[MSI Ma06] F. Massicotte, F. Gagnon, Y. Labich, L. Briand, “Automatic Evaluation of Intrusion Detection Systems”, in Computer Security Applications Conference (ACSAC ’06), pp. 361-370, 2006.  Abstract.

[MSI Pe07] S. Peisert, M. Bishop, S. Karin, K. Marzullo, “Analysis of Computer Intrusions Using Sequences of Function Calls”, IEEE Transactions on Dependable and Secure Computing 5:2, pp. 137-150, April-June 2007.  Abstract.

[MSI Pr07a] N. Provos, J. McClain, K. Wang, “Search Worms”, ACM workshop on Recurring Malcode (WORM ’06), pp. 1-8, 2006.  Abstract.

[MSI Pr07b] N. Provos, D. McNamee, P. Mavrommatis, K. Wang, N. Modadugu, “The Ghost in the Browser: Analysis of Web-based Malware”, First Workshop on Hot Topics in Understanding Botnets (HotBots ’07), Usenix, 9 pp., 2007.  Abstract.

[MSI Ya06] G. Yan, S. Eidenbenz, “Bluetooth Worms: Models, Dynamics, and Defense Implications”, in Computer Security Applications Conference (ACSAC ’06), pp. 245-256, 2006.  Abstract.

4.      Obfuscation (OBF)

[OBF Es06] F. Esponda, E. Ackley, P. Helman, H. Jia, S. Forrest, “Protecting Data Privacy through Hard-to-Reverse Negative Databases”, in Information Security Conference (ISC ’06), pp. 72-84, 2006.  Abstract.

[OBF Pr06] M. Dalla Preda, M. Madou, K. De Bosschere, R. Giacobazzi, “Opaque Predicates Detection by Abstract Interpretation”, in Algebraic Methodology and Software Technology, Lecture Notes in Computer Science 4019, Springer-Verlag, pp. 81-95, 2006.  Abstract.

[OBF Pu06] R. Pucella, F. Schneider, “Independence from Obfuscation: A Semantic Framework for Diversity”, in 19th Computer Security Foundations Workshop (CSFW ’06), IEEE, pp. 1-12, 2006.  Abstract.

[OBF Ro06] P. Royal, M. Halpin, D. Dagon, R. Edmonds, W. Lee, “PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware”, in 22nd Annual Computer Security Applications Conference (ACSAC ’06), pp. 289-300, December 2006.  Abstract.

[OBF Ya06] H. Yamauchi, Y. Kanzaki, A. Monden, M. Nakamura, K. Matsumoto, “Software Obfuscation from Crackers’ Viewpoint”, in IASTED International Conference on Advances in Computer Science and Technology (ACST’06), pp. 286-291, 2006.  Abstract.  Author’s preprint available at http://se.aist-nara.ac.jp/achieve/pdf/118.pdf, 18 October 07.

5.      Reputation, Trust, Contract Management (RTC)

[RTC Bl96] M. Blaze, J. Feigenbaum, J. Lacy, “Decentralized Trust Management”, in IEEE Symposium on Security and Privacy, pp. 164-173, 1996.  Abstract.

[RTC Ch06] D. Chau, S. Pandit, C. Faloutsos, “Detecting Fraudulent Personalities in Networks of Online Auctioneers”, in 10th European Conference on Principles and Practice of Knowledge Discovery in Databases (PKDD 2006), Lecture Notes in Computer Science 4213, Springer, pp. 103-114, 2006.  Abstract.

[RTC Fa05] A. Farrell, M. Sergot, M. Sallé, C. Bartolini, “Using the Event Calculus for Tracking the Normative State of Contracts”, International Journal of Cooperative Information Systems 14:2-3, pp. 99-129, 2005.  Abstract.

[RTC Gi06] P. Giorgini, F. Massacci, J. Mylopoulos, N. Zannone, “Requirements Engineering for Trust Management: Model, Methodology, and Reasoning”, International Journal of Information Security 5:4, pp. 257-274, October 2006.  Abstract.

[RTC Jo06] A. Jones, “On the Concept of Trust”, Decision Support Systems 33:3, pp. 225-232, July 2002.  Abstract.

[RTC Su06] G. Suryanarayan, M. Diallo, J. Erenkrantz, R. Taylor, “Architectural Support for Trust Models in Decentralized Applications”, in 28th International Conference on Software Engineering (ICSE 2006), ACM, pp. 52-61, 2006.  Abstract.

6.      Tamperproofing and Tamper Detection (TTD)

[TTD Ab05] M. Abadi, U. Erlingsson, M. Budiu, J. Ligatti, “A Theory of Secure Control Flow”, Microsoft Technical Report MSR-TR-2005-17, 12 pp., February 2005.  Abstract.

[TTD An06] B. Anckaert, M. Jakubowski, R. Venkatesan, “Proteus: Virtualization for Diversified Tamper-Resistance”, in 6th ACM Workshop on Digital Rights Management (DRM ’06), pp. 47-57, 2006.  Abstract.

[TTD Ce07] M. Ceccato, M. Dalla Preda, J. Nagra, C. Collberg, “Barrier Slicing for Remote Software Trusting”, to appear in 7th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2007), 10 pp., 2007.  Available: http://www.itc.it/publik/documentGateway.aspx?docId=43, July 2007.  Abstract.

[TTD Ji03] H. Jin, J. Lotspiech, “Forensic Analysis for Tamper Resistant Software”, in 14th International Symposium on Software Reliability Engineering (ISSRE 2003), IEEE, pp. 133-142, 2003Abstract.

[TTD Zh05] M. Zhao, S. Smith, D. Nicol, “The Performance Impact of BGP Security”, IEEE Network 19:6, pp. 42-48, November-December 2005.  Abstract.

  1. Trusted Computing (TC)

[TC Fe07] A. Feldman, J. Halderman, E. Felten, “Security Analysis of the Diebold AccuVote-TS Voting Machine”, white paper, Center for Information Technology Policy, Princeton University, 24 pp., 13 September 2006.  Abstract.

[TC Ku05] K. Kursawe, D. Schellekens, and B. Preneel, Analyzing Trusted Platform Communication,” in ECRYPT Workshop on CRyptographic Advances in Secure Hardware (CRASH 2005), 8 pp., 2005.  Available: https://www.cosic.esat.kuleuven.be/publications/article-591.pdf, July 2007.  Abstract.

[TC Pe06] X. Peng, C. Lin, “Architecture of Trustworthy Networks”, in 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC'06), pp. 269-276, 2006.  Abstract.

[TC Sa06] A. Sadeghi, M. Selhorst, C. Stüble, C. Wachsmann, M. Winandy, “TCG Inside?: A Note on TPM Specification Compliance”, in 1st ACM Workshop on Scalable Trusted Computing, pp. 47-56, 2006.  Abstract.

[TC Zh07] X. Zhang, M. Covington, S. Chen, R. Sandu, “SecureBus: Towards Application-Transparent Trusted Computing with Mandatory Access Control”, in ACM Symposium on Information, Computer and Communications Security (ASIACCS), pp. 117-126, 2007.  Abstract.