Software Security

CompSci 725 S2C 07
Clark Thomborson
Handout 3: Suggestions for Oral Reports

Version 1.13, 18 October 2007

1.      Access Control, Audit (ACA)

[ACA Ba03] D. Baldwin, S. Shiu, �Enabling Shared Audit Data�, in Information Security Conference (ISC 2003), Lecture Notes in Computer Science 2851, Springer, pp. 14-28, 2003.  Abstract.

[ACA Be05] D. Bell, �Looking Back at the Bell-La Padula Model�, in Computer Security Applications Conference (ACSAC �05), pp. 337-351, 2005.  Abstract.

[ACA Cl87] D. Clark, D. Wilson, �A Comparison of Commercial and Military Computer Security Policies,� in IEEE Symposium on Security and Privacy, pp. 184-194, 1987.  (Copy available from instructor, upon request.)  Abstract.

[ACA My06] G. Myles, S. Nusser, �Content Protection for Games�, IBM Systems Journal 41:1, pp. 119-143, 2006.  Abstract.

[ACA Ro06] L. Rostad, O. Edsberg, �A Study of Access Control Requirements for Healthcare Systems Based on Audit Trails from Access Logs�, in Computer Security Applications Conference (ACSAC �06), pp. 175-186, 2006.  Abstract.

2.     Authentication, Identification, Privacy (AIP)

[AIP Ba06] A Bhargav-Spantzely, J. Camenisch, T. Gross, D. Sommer, �User Centricity: A Taxonomy and Open Issues�, in ACM Workshop on Digital Identity Management (DIM �06), pp. 1-10, 2006Abstract.

[AIP Ch02] L. Chen, S. Pearson, A. Vamvakas, �A Trusted Biometric System�, Technical Report HPL-2002-185, HP Laboratories Bristol, 12 pp., 2002.  Abstract.

[AIP Ga05] S. Garfinkel, A. Juels, R. Pappu, �RFID Privacy: An Overview of Problems and Proposed Solutions��, IEEE Security & Privacy 3:3, 34-43, 2005.  Abstract.

[AIP Jo07] A. J�sang, M. AlZomai, S. Suriadi, �Usability and Privacy in Identity Management Architectures�, in Australasian Information Security Workshop (AISW�07), CRPIT vol. 68, pp. 143-152, 2007.  Abstract.

[AIP Ja04] M. Jakobsson, J. Ratkiewicz, �Designing Ethical Phishing Experiments: A Study of (ROT13) rOnl Query Features�, in 15th International Conference on World Wide Web (WWW �06), ACM, pp. 513-522, 2006.  Abstract.

[AIP Li06] A. Lioy, M. Marian, N. Moltchanova, M. Pala, �PKI Past, Present and Future�, International Journal of Information Security 5:1, pp. 18-29, January 2006.  Abstract.

[AIP Ma02] T. Matsumoto, H. Matsumoto, K. Yamada, S. Hoshino, �Impact of Artificial �Gummy� Fingers on Fingerprint Systems�, in Optical Security and Counterfeit Deterrence Techniques IV, ed. van Renesse, SPIE vol. 4677, pp. 275-289, 2002.  Available: http://www.lfca.net/Fingerprint-System-Security-Issues.pdf, July 2007.  Abstract.

[AIP No04] J. Novak, P. Raghavan, A. Tomkins, �Anti-Aliasing on the Web�, in 13th International Conference on World Wide Web (WWW �04), ACM, pp. 30-39, 2004.  Abstract.

[AIP Re07] I. Reay, P. Beatty, D. Scott, J. Miller, �A Survey and Analysis of the P3P Protocol�s Agents, Adoption, Maintenance, and Future�, IEEE Transactions on Dependable and Secure Computing 5:2, pp. 151-164, 2007.  Abstract.

[AIP Sc07] S. Schechter, R. Dhamija, A. Ozment, I. Fischer, �The Emperor�s New Security Indicators�, in IEEE Symposium on Security and Privacy (S&P 2007), pp. 51-65, 2007.  Abstract.

3.      Malware, Spam, Intrusion Detection (MSI)

[MSI Br07] A. Bratko, F. Bogdan, G Cormack, T. Lynam, B. Zupan, �Spam Filtering Using Statistical Data Compression Models�, Journal of Machine Learning Research 7:12, pp. 2673-2698, December 2006.  Abstract

[MSI Ca07] M. Cai, K. Hwang, J. Pan, C. Papadopoulos, �WormShield: Fast Worm Signature Generation with Distributed Fingerprint Aggregation�, IEEE Transactions on Dependable and Secure Computing 5:2, pp. 88-104, April-June 2007.  Abstract.

[MSI Hw07] K. Hwang, M. Cai, Y. Chen, M. Qin, �Hybrid Intrusion Detection with Weighted Signature Generation over Anomalous Internet Episodes�, IEEE Transactions on Dependable and Secure Computing 4:1, pp. 137-150, January-March 2007.  Abstract.

[MSI Ka07] A. Karasaridis, B. Rexroad, D. Hoeflin, �Wide-Scale Botnet Detection and Characterization�, First Workshop on Hot Topics in Understanding Botnets (HotBots �07), Usenix, 8 pp., 2007.  Abstract.

[MSI Ma06] F. Massicotte, F. Gagnon, Y. Labich, L. Briand, �Automatic Evaluation of Intrusion Detection Systems�, in Computer Security Applications Conference (ACSAC �06), pp. 361-370, 2006.  Abstract.

[MSI Pe07] S. Peisert, M. Bishop, S. Karin, K. Marzullo, �Analysis of Computer Intrusions Using Sequences of Function Calls�, IEEE Transactions on Dependable and Secure Computing 5:2, pp. 137-150, April-June 2007.  Abstract.

[MSI Pr07a] N. Provos, J. McClain, K. Wang, �Search Worms�, ACM workshop on Recurring Malcode (WORM �06), pp. 1-8, 2006.  Abstract.

[MSI Pr07b] N. Provos, D. McNamee, P. Mavrommatis, K. Wang, N. Modadugu, �The Ghost in the Browser: Analysis of Web-based Malware�, First Workshop on Hot Topics in Understanding Botnets (HotBots �07), Usenix, 9 pp., 2007.  Abstract.

[MSI Ya06] G. Yan, S. Eidenbenz, �Bluetooth Worms: Models, Dynamics, and Defense Implications�, in Computer Security Applications Conference (ACSAC �06), pp. 245-256, 2006.  Abstract.

4.      Obfuscation (OBF)

[OBF Es06] F. Esponda, E. Ackley, P. Helman, H. Jia, S. Forrest, �Protecting Data Privacy through Hard-to-Reverse Negative Databases�, in Information Security Conference (ISC �06), pp. 72-84, 2006.  Abstract.

[OBF Pr06] M. Dalla Preda, M. Madou, K. De Bosschere, R. Giacobazzi, �Opaque Predicates Detection by Abstract Interpretation�, in Algebraic Methodology and Software Technology, Lecture Notes in Computer Science 4019, Springer-Verlag, pp. 81-95, 2006.  Abstract.

[OBF Pu06] R. Pucella, F. Schneider, �Independence from Obfuscation: A Semantic Framework for Diversity�, in 19th Computer Security Foundations Workshop (CSFW �06), IEEE, pp. 1-12, 2006.  Abstract.

[OBF Ro06] P. Royal, M. Halpin, D. Dagon, R. Edmonds, W. Lee, �PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware�, in 22nd Annual Computer Security Applications Conference (ACSAC �06), pp. 289-300, December 2006.  Abstract.

[OBF Ya06] H. Yamauchi, Y. Kanzaki, A. Monden, M. Nakamura, K. Matsumoto, �Software Obfuscation from Crackers� Viewpoint�, in IASTED International Conference on Advances in Computer Science and Technology (ACST�06), pp. 286-291, 2006.  Abstract.Author�s preprint available at http://se.aist-nara.ac.jp/achieve/pdf/118.pdf, 18 October 07.

5.      Reputation, Trust, Contract Management (RTC)

[RTC Bl96] M. Blaze, J. Feigenbaum, J. Lacy, �Decentralized Trust Management�, in IEEE Symposium on Security and Privacy, pp. 164-173, 1996.  Abstract.

[RTC Ch06] D. Chau, S. Pandit, C. Faloutsos, �Detecting Fraudulent Personalities in Networks of Online Auctioneers�, in 10th European Conference on Principles and Practice of Knowledge Discovery in Databases (PKDD 2006), Lecture Notes in Computer Science 4213, Springer, pp. 103-114, 2006.  Abstract.

[RTC Fa05] A. Farrell, M. Sergot, M. Sall�, C. Bartolini, �Using the Event Calculus for Tracking the Normative State of Contracts�, International Journal of Cooperative Information Systems 14:2-3, pp. 99-129, 2005.  Abstract.

[RTC Gi06] P. Giorgini, F. Massacci, J. Mylopoulos, N. Zannone, �Requirements Engineering for Trust Management: Model, Methodology, and Reasoning�, International Journal of Information Security 5:4, pp. 257-274, October 2006.  Abstract.

[RTC Jo06] A. Jones, �On the Concept of Trust�, Decision Support Systems 33:3, pp. 225-232, July 2002.  Abstract.

[RTC Su06] G. Suryanarayan, M. Diallo, J. Erenkrantz, R. Taylor, �Architectural Support for Trust Models in Decentralized Applications�, in 28th International Conference on Software Engineering (ICSE 2006), ACM, pp. 52-61, 2006.  Abstract.

6.      Tamperproofing and Tamper Detection (TTD)

[TTD Ab05] M. Abadi, U. Erlingsson, M. Budiu, J. Ligatti, �A Theory of Secure Control Flow�, Microsoft Technical Report MSR-TR-2005-17, 12 pp., February 2005.  Abstract.

[TTD An06] B. Anckaert, M. Jakubowski, R. Venkatesan, �Proteus: Virtualization for Diversified Tamper-Resistance�, in 6th ACM Workshop on Digital Rights Management (DRM �06), pp. 47-57, 2006.  Abstract.

[TTD Ce07] M. Ceccato, M. Dalla Preda, J. Nagra, C. Collberg, �Barrier Slicing for Remote Software Trusting�, to appear in 7th IEEE International Working Conference on Source Code Analysis and Manipulation (SCAM 2007), 10 pp., 2007.  Available: http://www.itc.it/publik/documentGateway.aspx?docId=43, July 2007.  Abstract.

[TTD Ji03] H. Jin, J. Lotspiech, �Forensic Analysis for Tamper Resistant Software�, in 14th International Symposium on Software Reliability Engineering (ISSRE 2003), IEEE, pp. 133-142, 2003Abstract.

[TTD Zh05] M. Zhao, S. Smith, D. Nicol, �The Performance Impact of BGP Security�, IEEE Network 19:6, pp. 42-48, November-December 2005.  Abstract.

  1. Trusted Computing (TC)

[TC Fe07] A. Feldman, J. Halderman, E. Felten, �Security Analysis of the Diebold AccuVote-TS Voting Machine�, white paper, Center for Information Technology Policy, Princeton University, 24 pp., 13 September 2006.  Abstract.

[TC Ku05] K. Kursawe, D. Schellekens, and B. Preneel, Analyzing Trusted Platform Communication,� in ECRYPT Workshop on CRyptographic Advances in Secure Hardware (CRASH 2005), 8 pp., 2005.  Available: https://www.cosic.esat.kuleuven.be/publications/article-591.pdf, July 2007.  Abstract.

[TC Pe06] X. Peng, C. Lin, �Architecture of Trustworthy Networks�, in 2nd IEEE International Symposium on Dependable, Autonomic and Secure Computing (DASC'06), pp. 269-276, 2006.  Abstract.

[TC Sa06] A. Sadeghi, M. Selhorst, C. St�ble, C. Wachsmann, M. Winandy, �TCG Inside?: A Note on TPM Specification Compliance�, in 1st ACM Workshop on Scalable Trusted Computing, pp. 47-56, 2006.  Abstract.

[TC Zh07] X. Zhang, M. Covington, S. Chen, R. Sandu, �SecureBus: Towards Application-Transparent Trusted Computing with Mandatory Access Control�, in ACM Symposium on Information, Computer and Communications Security (ASIACCS), pp. 117-126, 2007.  Abstract.