1. Authentication, Audit, Authorisation (AU)
[AU Ba03] D. Baldwin, S. Shiu, “Enabling
Shared Audit Data”, in Information Security Conference (ISC 2003), LNCS
2851, Springer, pp. 14-28, 2003. DOI: 10.1007/10958513_2. Abstract.
[AU Bh06] A. Bhargav-Spantzely, A. Squicciarini, E. Bertino, “Establishing
and Protecting Digital Identity in Federation Systems”, in J. Computer Security 14(3), pp. 269-300, 2006. Abstract.
[AU Ga08] S. Gajek, J. Schwenk,
X. Chen, “On the Insecurity of Microsoft's Identity Metasystem
CardSpace”, Horst Görtz
Institute for IT Security Technical Report HGI TR-2008-003, Ruhr-Universität Bochum, 17 pp., 9 June 2008. Available: http://www.nds.ruhr-uni-bochum.de/gajek/papers/GaScXu08_CardSpaceTR.pdf,
23 July 2008. Abstract.
[AU Ga06] S. Gaw, E. Felten, “Password Management Strategies for Online
Accounts”, in Proc. 2nd Symp. on Usable Privacy and
Security (SOUPS ’06), ACM, pp. 44-55, 2006.
DOI: 10.1145/1143120.1143127. Abstract.
[AU Ro06] L. Rostad, O. Edsberg,
“A Study of Access Control Requirements for Healthcare Systems Based on Audit
Trails from Access Logs”, in 22nd
Annual Computer Security Applications Conference (ACSAC ’06), IEEE, pp.
175-186, December 2006. DOI: 10.1109/ACSAC.2006.8. Abstract.
[AU Sc07] S. Schechter, R. Dhamija, A. Ozment, I. Fischer, “The Emperor’s New Security Indicators”,
in IEEE Symp. on Security and Privacy (SP 2007), pp. 51-65, 2007. DOI: 10.1109/SP.2007.35. Abstract.
[AU St04] A. Stubblefield, D. Simon, “Inkblot Authentication”, Microsoft
Research Technical Report MSR-TR-2004-85, 16 pp., August 2004. Available: ftp://ftp.research.microsoft.com/pub/tr/TR-2004-85.pdf,
24 July 2008. Abstract.
[AU Ya04] J. Yan, A. Blackwell, R. Anderson, A. Grant, “Password Memorability and Security: Empirical Results”, in IEEE Security & Privacy 2(5), pp.
25-31, 2004. DOI: 10.1109/MSP.2004.81. Abstract.
2. Detection and Response (DR)
[DR Ca99] R. Canetti, R. Ostrovsky, “Secure
Computation with Honest-Looking Parties (Extended Abstract): What If Nobody Is
Truly Honest?”, in Proc
31st Annual ACM Symp. on
Theory of Computing (STOC ’99), pp.
255-264, 1999. DOI:
10.1145/301250.301313. Abstract.
[DR Co07] G. Cormack, T. Lynam, “Online
Supervised Spam Filter Evaluation”, ACM
Trans. Inf. Syst. 25(3):11, 31 pp., July 2007. DOI: 10.1145/1247715.1247717. Abstract.
[DR Fr08] G. Frantzeskou, S. MacDonell, E. Stamatatos, S. Gritzalis, “Examining the Significance of High-Level
Programming Features in Source Code”, Journal
of Systems and Software 81(3), pp. 447-460, March 2008. DOI: 10.1016/j.jss.2007.03.004. Abstract.
[DR Ne07] S. Neuhaus, T. Zimmermann, C.
Holler, A. Zeller, “Predicting Vulnerable Software Components”, in ACM Conf. on Computer and Communications
Security (CCS 2007), pp. 529-540, 2007.
DOI: 10.1145/1315245.1315311. Abstract.
[DR So07] Y. Song, M. Locasto, A. Stavrou, A. Keromytis, S. Stolfo, “On the Infeasibility of Modeling
Polymorphic Shellcode”, in ACM Conf. on Computer and Communications Security (CCS 2007), pp.
541-551, 2007. DOI: 10.1145/1315245.1315312. Abstract.
3. Trustworthy Systems (TS)
[TS Dh07] G. Dhillon, “Designing Information
Systems Security: Interpretations from British National Health Services
Hospital”, in 3rd Annual Symp. on Information Assurance,
School of Business, SUNY at Albany, pp. 20-28, 2008. Available: http://www.albany.edu/iasymposium/2007/8-dhillon.pdf,
23 July 2008. Abstract.
[TS Dw07] J. Dwoskin, R. Lee, “Hardware-rooted
Trust for Secure Key Management and Transient Trust”, in Conf. on Computer and Communications Security (CCS 2007), pp.
389-400, 2007. DOI:
10.1145/1315245.1315294. Abstract.
[TS Gr08] C. Grier, S. Tang, S. King, “Secure Web Browsing with the OP
Web Browser”, in IEEE Symp.
on Security and Privacy (SP 2008), pp. 402-416,
2008. DOI: 10.1109/SP.2008.19. Abstract.
[TS HI08] Health Information Strategy Action Committee, “Public Comment
Draft: Authentication and Security Framework – Essentials and Recommendations”,
draft number 10029.1/vPC, Ministry of Health, New
Zealand, 48 pp., 9 July 2008. Available:
http://www.hisac.govt.nz/moh.nsf/pagescm/7442/$File/10029.1PC20080709.pdf,
28 July 2008. Abstract.
[TS Ju05] A. Juels, “Strengthening EPC Tags Against
Cloning”, in Proc. of the 4th
ACM Workshop on Wireless Security (WiSe ’05), pp.
67-76, 2005. DOI: 10.1145/1080793.1080805. Abstract.
[TS Ke03] R. Kennell, L. Jamieson,
“Establishing the Genuity of Remote Computer
Systems”, in Proc. 12th Conf
on USENIX Security Symposium (SEC ’03), pp. 295-308, 2003. Available: http://www.usenix.org/events/sec03/tech/kennell/kennell.pdf,
23 July 2008. Abstract.
[TS Le05] R. Lee, P. Kwan, J. McGregor, J. Dwoskin,
Z. Wang, “Architecture for
Protecting Critical Secrets in Microprocessors”, in International Symposium on Computer Architecture 2005 (ISCA ’05),
IEEE, pp. 2-13, 2005. Abstract.
[TS Ro05] V. Roth, T. Straub, K. Richter, “Security and Usability
Engineering with Particular Attention to Electronic Mail”, Int. J. Hum.-Comput. Stud. 63(1-2), pp. 51-73, 2005. DOI: 10.1016/j.ijhcs.2005.04.015. Abstract.
[TS Wh01] D. Wheeler, A. Conyers, J. Luo, A. Xiong, “Java
Security Extensions for a Java Server in a Hostile Environment”, in 17th Annual Computer Security
Applications Conference (ACSAC 2001), pp. 64-73, 2001. DOI: 10.1109/ACSAC.2001.991522.
Abstract.
4. Vulnerabilities and Attacks (VA)
[VA Br08] D. Brumley, P. Poosankam, D. Song, J. Zheng, “Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications”, in IEEE Symp. on Security and Privacy (SP 2008), pp. 143-157, 2008. DOI: 10.1109/SP.2008.17. Abstract.
[VA Dr08] S. Drimer, S. Murdoch, R. Anderson, “Thinking Inside the Box: System-Level Failures of Tamper Proofing”, in IEEE Symp. on Security and Privacy (SP 2008), pp. 143-157, 2008. DOI: 10.1109/SP.2008.17. Abstract.
[VA Fr07] J. Franklin, V. Paxson, “An Inquiry into the Nature and Causes of the
Wealth of Internet Miscreants”, in ACM Conf. on Computer and
Communications Security (CCS 2007), pp. 375-388, 2007. DOI: 10.1145/1315245.1315292. Abstract.
[VA Gu07] P. Gühring, “Concepts against
Man-in-the-Browser Attacks”, 15 pp., web manuscript, published circa January
2007. Available: http://www2.futureware.at/svn/sourcerer/CAcert/SecureClient.pdf,
23 July 2008. A preliminary version of
this article was announced in Advances in
Financial Cryptography, Number 3 (FC++3), 25 June 2006. Abstract.
[VA Ja07] T. Jagatic, N. Johnson, M.
Jakobsson, F. Menczer, “Social Phishing”, Commun. ACM 50(10), pp. 94-100, October 2007. DOI: 10.1145/1290958.1290968. Abstract.
[VA Ka07] C. Karlof, U. Shankar, J. Tygar, D. Wagner, “Dynamic Pharming
Attacks and Locked Same-Origin Policies for Web Browsers”, in ACM Conf. on Computer and Communications
Security (CCS 2007), pp. 58-71, 2007.
DOI: 10.1145/1315245.1315254. Abstract.
[VA Ki06] S. King, P. Chen, Y.-M. Wang, C. Verbowski,
H. Wang, J. Lorch, “SubVirt:
Implementing Malware with Virtual Machines”, in IEEE Symp. on
Security and Privacy (SP 2006), pp. 314-327, 2006. DOI: 10.1109/SP.2006.38. Abstract.
[VA Ma08] W. Mazurczyk, K. Szczypiorski,
“Steganography of VoIP streams”, in Computing Research Repository (CoRR), arXiv:0805.2938v1, May 2008. Abstract.
[VA Pa06] S. Di Paola, G. Fedon,
“Subverting Ajax”, in 23rd
Chaos Communication Congress (CCC 2006), presentation ID 1602, December
2006. Available: http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf,
23 July 2008. Abstract.
[VA Sh07] H. Shacham, “The Geometry of Hidden
Flesh on the Bone: Return-into-libc without Function
Calls”, in ACM Conf. on Computer and Communications
Security (CCS 2007),
pp. 552-561, 2007. DOI: 10.1145/1315245.1315313. Abstract.
[VA Ul04] U. Uludag, A. Jain, “Attacks on
Biometric Systems: A Case Study in Fingerprints”, in Proc. Security, Steganography and
Watermarking of Multimedia Contents (SPIE-EI 2004), vol. 5306, SPIE, pp.
622-633, 2004. DOI: 10.1117/12.530907. Author’s copy available: http://biometrics.cse.msu.edu/Publications/SecureBiometrics/UludagJain_BiometricAttacks_SPIE04.pdf,
23 July 2008. Abstract.
[VA Yo06] J. Youll, “Fraud Vulnerabilities in SiteKey Security at Bank of America”, white paper,
Challenge Response LLC (Cambridge MA, USA), 15 pp., 18 July 2006. Available: http://cr-labs.com/publications/SiteKey-20060718.pdf,
23 July 2008. Abstract.