Relevant Papers for the Course: Information and System Seucrity
SECURITY FUNDAMENTALS
Protection, B. Lampson, Proc. 5th Princeton Conf. on Information Sciences and Systems, Princeton, 1971
Access control by Boolean expression evaluation, Miller and Baldwin, Proc. 5th Annual Computer Security Applications Conference, 1990
On Protection in Operating Systems, Harrison, Ruzzo, Ullman, CACM, 1976
A Linear Time Algorithm for Deciding Subject Security, Lipton and Snyder, JACM, 1977
On the Synthesis and Analysis of Protection Systems, L. Snyder, ACM Symposium on Operating System Principles, 1977
SECURITY POLICIES
Secure Computer System: Unified Exposition and Multics Interpretation, Bell and La-Padula, 1976
A Comparison of Commercial and Military Security Policies, Clark and Wilson, 1987
The Chinese Wall Security Policy, Brewer and Nash, 1989
Non-Discretionary Controls for Commercial Applications, Lipner, 1982
RBAC
Role Based Access Control Models, Sandhu et al., IEEE Computer, 1996
TRBAC: A Temporal Role-Based Access Control Model, Bertino et al., ACM TISSEC, 2001
The Role Mining Problem: Finding a Minimal Descriptive Set of Roles, Vaidya et al., ACM SACMAT, 2007
Fast Exact and Heuristic Methods for Role Minimization Problems, Ene et al., ACM SACMAT, 2008
AUTHENTICATION
Improving System Security Through Proactive Password Checking, Bishop and Klein, Computers and Security, 1995
Pass-algorithms - A user validation Scheme based on Knowledge of Secret Algorithms, Haskett, 1984
The SKEY One-Time Password System, Haller, 1994
Password Authentication with Insecure Communication, Lamport, CACM, 1981
Using Encryption for Authentication in Large Networks of Computers, Needham and Schroeder, CACM, 1978
Kerberos: An Authentication Service for Open Network Systems, Steiner, Neuman, Schiller, 1988
Designing an Authentication System: a Dialogue in Four Scenes, Bill Bryant, 1988
CRYPTOGRAPHY
Sample Simplified DES Encryption and
Sample Simplified DES Decryption
New Directions in Cryptography, Diffie and Hellman, 1976
A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Rivest, Shamir, Adleman
SECURE SYSTEMS DESIGN AND EVALUATION
The Protection of Information in Computer Systems, Proc. IEEE, 1975
TCSEC
ITSEC
Common Criteria Version 2.1 - Part1
Common Criteria Version 2.1 - Part2
Common Criteria Version 2.1 - Part3
A process standard for system security engineering development experiences and pilot results, R. Hefner, 1997
The SSE-CMM Appraisal Method (SSAM)
SYSTEM COMPROMISE
Computer Viruses Theory and Experiments, Cohen, 1984
A penetration analysis of a Burroughs Large System, Univ. of Caterbury
The non-technical threats to computing systems, Winkler
A taxonomy of computer program security flaws, Landwehr et al