1) Conceptual Overview
2) Techniques for Protecting Software (and Media Objects)
a) Watermarking
·
C Collberg and C Thomborson, "Watermarking,
Tamper-Proofing, and Obfuscation - Tools for Software Protection", to
appear IEEE TSE, 34 pp., submitted
·
S Craver,
· J Stern et al., "Robust Object Watermarking: Application to Code". In LNCS 1768, Springer Verlag, 368-378, 2000.
· Palsberg et al., "Experience with Software Watermarking". In Proceedings of the 16th Annual Computer Security Applications Conference, ACSAC '00, IEEE, 308-316, 2000.
b) Obfuscation
· C Wang, J Hill, J Knight, J Davidson, "Software Tamper Resistance: Obstructing Static Analysis of Programs", Technical report CS-2000-12, Department of Computer Science, U Virginia (USA).
c) Tamperproofing
· H Chang and M Atallah, "Protecting Software Code by Guards". In Workshop on Security and Privacy in Digital Rights Management 2001
· Horne et al., "Dynamic Self-Checking Techniques for Improved Tamper Resistance". In Workshop on Security and Privacy in Digital Rights Management 2001..
d) Copy Detection
e) Language-Based Security; Secure Programming Techniques
·
G McGraw et al., Twelve Rules for Developing
More Secure Java Code, Java World,
· R Gray et al., "D'Agents: Security in a Multiple-Language, Mobile-Agent System", Mobile Agents and Security, Lecture Notes in Computer Science 1419, ed. Giovanni Vigna, 154-187, Springer-Verlag, 1998.
· D Wallach et al., "SAFKASI: A Security Mechanism for Language-based Systems," ACM Transactions on Software Engineering and Methodology 9(4), October 2000, pp. 341-378.
·
S Greenberg, "Easter Egg Insertion,
Detection and Deletion in Commercial Software", 600.505 Independent
Research Project, Department of Computer Science,
f) Legal and Ethical Controls
· K. Nichols, "The Age of Software Patents", IEEE Computer, April 1999, pp. 25-31.
·
Anon., "Patent Law Basics", Office of
Technology Transfer, University of
· P. Samuelson, "Encoding the Law into Digital Libraries", Comm. ACM, April 1998.
· Ethical statements from IEEE, CPSR, and RSNZ.
· Pfleeger, "Ethical issues in computer security," section 11.5 of Security in Computing, 2nd edition, Prentice Hall, 1997.
· C. Mann, "Who will own your next good idea?", The Atlantic Monthly, 57-82, September 1998.
·
H. Rosner, "Steal this software,"
The.Standard.com,
· P. Radatti, "Cybersoft, Incorporated Moral Guidelines," Cybersoft, Inc, 1996.
· L Garber, "Computer Forensics: High-Tech Law Enforcement," IEEE Computer, January 2001, pp. 22-27.
· G Greenleaf, "An Endnote on Regulating Cyberspace: Architecture vs Law?", undated manuscript.
g) Attacks on Hardware and Software
·
B Miller et al., "Playing Inside the Black
Box: Using Dynamic Instrumentation to Create Security Holes," accepted for
publication in Parallel Processing Letters. Manuscript dated
· Bond et al., "API-Level Attacks on Embedded Systems", IEEE Computer, 67-75, October 2001.
· F Cohen, "Computer Viruses -- Theory and Experiments". In Proc. DOD/NBS 7th Conf on Computer Security, 1984.
· R Anderson et al., "Low Cost Attacks on Tamper Resistant Devices", LNCS 1361, Springer, 1997.
· J Kephart et al., "Directed-Graph Epidemiological Models of Computer Viruses", Proceedings of the 1991 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 343-359.
h) Cryptography
· Bruce Schneier, "Foundations", Chapter 1 in Applied cryptography : protocols, algorithms, and source code in C, 2nd edition, Wiley, 1996.
· Douglas R Stinson, Description of DES, and Introduction to Public-key Cryptography, pp. 70-73 and pp. 114-116. In Cryptography: Theory and Practice. CRC Press, ISBN 0-8493-8521-0, 1995.
·
D
3) Secure Systems Design and Analysis
a) Digital Rights Management
· M Jakobsson and M Reiter, "Discouraging Software Piracy Using Software Aging." In Workshop on Security and Privacy in Digital Rights Management 2001.
· J Feigenbaum et al., "Privacy Engineering for Digital Rights Management Systems". In Workshop on Security and Privacy in Digital Rights Management 2001.
b) Mobile Agents
·
T Sander et al., "Towards
c) Privacy, Authentication, and Reliable Service in Messaging Systems
·
· M Jakobsson and S Wetzel, "Security Weaknesses in Bluetooth" In D Naccache (ed.), Progress in Cryptology -- CT-RSA 2001 (LNCS 2020), 176-191, 2001.
· M Sirbu and J Chuang, "Distributed authentication in Kerberos using public key cryptography", Proc Network and Dist Sys Security 1997, IEEE, 134-141, 1997.
· T Parks et al., "Vulnerabilities of Reliable Multicast Protocols". In IEEE Military Communications Conference, Oct 1998.
· P Gutmann, "PKI: It's Not Dead, Just Resting", unpublished manuscript.
· Berthold et al., Identity Management Based on P3P, H. Frederrath (Ed.), Designing Privacy Enhancing Technologies (Proceedings of the International Workshop on Design Issues in Anonymity and Unobservability), LNCS 2009, pp. 141-160, Springer-Verlag, 2001. (You should read Sections 1 through 3.1, on pp. 141-149; and the Conclusions and Outlook on pp. 158-159.)
· W Arbaugh et al., "Your 802.11 Wireless Network has No Clothes", Wireless LANS and Home Networks: Connecting Offices and Home Networks (Proc. of the IEEE Int'l Conf.), ed. B Bing, World Scientific, 2002.
d) Hardware-Based Security
e) System Vulnerabilities
· C Landwehr et al., "A Taxonomy of Program Security Flaws," ACM Computing Surveys 26(3), 211-254, September 1994.
4) Report Writing
· H Mountifield, "How the University Library can help you with your term paper", powerpoint presentation, April 2001. 19 slides. (Slide #20 was added and authored by your instructor.)
·
F. Woodford, excerpts from Scientific Writing
for Graduate Students, Rockefeller University Press,
· A Eisenberg, "Importance of Organizational Patterns", in Writing Well for the Technical Professions, Harper & Row, pp. 39-40 and 46-51, 1989.
·
· A Eisenberg, "Techniques for Writing Definitions", in Writing Well for the Technical Professions, Harper & Row, pp. 208-215, 1989.
·
Online Writing Lab, "Using American
Psychological Association (APA) Format (Updated to 5th Edition",
·
B Land, "Web Extension to American
Psychological Association Style (WEAPAS) (Rev 2.0)",
·
Writer's Web, "Effectively Using Direct
Quotations",
·
Computer Science Department,
"Honesty", in Undergraduate Handbook,
· M Spears, "What is Plagiarism", and "Quoting, Summarizing and Paraphrasing", Grosse Point North High School, Michigan (USA), 2 pp., undated. Available http://www.ehhs.cmich.edu/~mspears/whatis.html and http://www.ehhs.cmich.edu/~mspears/qsp.html, April 2002.