Reading List -

(The paper list is subject to change! Please check regularly for additions/deletions during the semester.)
  • [Garfinkel04a] Simson Garfinkel. Is Encryption Doomed? Technology Review (MIT's Magazine of Innovation), September 2004. ACM/IEEE Transactions on Networking, 9(3), June 2001.
Key Management
  • [Needham78a] R. M. Needham and M. D. Schroeder. Using Encryption for Authentication in Large Networks of Computers. Communications of the ACM, Vol. 21, No. 12, pages 993-999 , December 1978.

  • [Lamport81a] L. Lamport. Password Authentication with Insecure Communication. Communications of the ACM, Vol. 24, No. 11, pages 770-772 , November 1981.

  • [Rafaeli03a] S. Rafaeli and D. Hutchison. A Survey of Key Management for Secure Group Communication. ACM Computing Surveys, Vol. 35, No. 3, pages 309-329, September 2003.
  • [Neuman94a] B. C. Neuman and T. Ts'o. Kerberos: An Authentication Service for Computer Networks. IEEE Communications Magazine, Vol. 32, No. 9, pages 33-38, September 1994.

  • [Neuman93a] B. C. Neuman and S. G. Stubblebine. A note on the use of timestamps as nonces. ACM SIGOPS Operating Systems Review, Vol. 27, No. 2, pages 10-14, April 1993.

  • [Freitas04a] S. de Freitas and M. Levene. Spam on the internet: Is it here to stay or can it be eradicated? JISC Technology and Standards Watch Reports, TSW 04-01, 2004.

  • [Kormann00a] D. P. Kormann and A. D. Rubin. Risks of the Passport single signon protocol. Computer Networks, Elsevier Science Press, Vol. 33, pages 51-58, 2000.
Authorization and Policy
  • [Barkley97a] J. Barkley. Comparing Simple Role Based Access Control Models and Access Control Lists. Proceedings of the 2nd ACM Workshop on Role-based Access Control, pages 127-132, Fairfax, VA, August 1997.
Intrusion Prevention, Detection, and Response
  • [Aslam96a] T. Aslam, I. Krsul, and E. Spafford. Use of a Taxonomy of Security Faults. Proceedings of the 19th NIST-NCSC National Information Systems Security Conference, September 1996.

  • [Ko94a] C. Ko, G. Fink, K. Levitt. Automated Detection of Vulnerabilities in Privileged Programs by Execution Monitoring. Proceedings of the 10th Annual Computer Security Applications Conference, pages 134-144, Orlando, FL, December 1994.

  • [Anderson95a] D. Anderson, T. Frivold, and A. Valdes. Next-generation Intrusion Detection Expert System (NIDES) -- A Summary. SRI-CSL-95-07, SRI International, Menlo Park, CA, May 1995.


  • [Yegneswaran03a] V. Yegneswaran, P. Barford, and J. Ullrich. Internet Intrusions: Global Characteristics and Prevalence. In Proceedings of the 2003 ACM SIGMETRICS, pages 138-147, 2003.

  • [Moore01a] D. Moore, G. Voelker, S. Savage. Inferring Internet Denial-of-Service Activity. In proceedings of the 2001 USENIX Security Symposium, pages 9-22, 2001.

  • [Hussain03b] A. Hussain, J. Heidemann, and C. Papadopoulos. A Framework for Classifying Denial of Service Attacks. In proceedings of SIGCOMM 2003, Karlsruhe, Germany, August 2003.

  • [Savage01a] S. Savage, D. Wetherall, A. Karlin, and T. Anderson. Network Support for IP Traceback. ACM/IEEE Transactions on Networking, 9(3), June 2001.
  • [Xydis02a] T. G. Xydis and S. Blake-Wilson. Security Comparisons: Bluetooth Communications vs. 802.11. White paper, November 2001, February 2002 (revised).
  • [Berghel04a] H. Berghel. Wireless Infidelity I: War Driving. Communications of the ACM, Volume 47, Issue 9, pages 21-26, September 2004.

  • [Berghel04b] H. Berghel and J. Uecker. Wireless Infidelity II: Airjacking. Communications of the ACM, Volume 47, Issue 12, pages 15-20, December 2004.

  • [Fluhrer01a] S. Fluhrer, I. Mantin, and A. Shamir. Weaknesses in the Key Scheduling Algorithm of RC4. Proceedings of the 8th Workshop on Selected Areas in Cryptography, LNCS 2259. Springer-Verlag, 2001.
Scalable Upload
  • [Cheng01a] W. C. Cheng, C.-F. Chou, L. Golubchik, and S. Khuller. A Secure and Scalable Wide-Area Upload Service. In Proceedings of the 2nd International Conference on Internet Computing, Vol. 2, pages 733-739, Las Vegas, Nevada, June 25-28, 2001.
  • [Bhattacharjee00a] B. Bhattacharjee, W. C. Cheng, C.-F. Chou, L. Golubchik, and S. Khuller. Bistro: a Platform for Building Scalable Wide-Area Upload Applications. In Performance Evaluation Review (also presented at the Workshop on Performance and Architecture of Web Servers (PAWS) in June 2000), Vol. 28, No. 2, pages 29-35, September, 2000.
  • [Cheng04a] W. C. Cheng, L. Golubchik, and D. G. Kay. Total Recall: Are Privacy Changes Inevitable? In Proceedings of the First ACM Workshop on Continuous Archival and Retrieval of Personal Experiences, New York, New York, October 15th 2004.
  • [Kumagai04a] J. Kumagai and S. Cherry. Sensors and Sensibility. IEEE Spectrum, pages 22-28, July 2004.

  • [Goldstein04a] H. Goldstein. We Like to Watch. IEEE Spectrum, pages 30-34, July 2004.

  • [Vinge04a] V. Vinge. Synthetic Serendipity. IEEE Spectrum, pages 35-44, July 2004.

  • [Goldstein04b] H. Goldstein. Mike Villas's World. IEEE Spectrum, pages 45-48, July 2004.

   [Please see copyright regarding copying.]