Seminar in Computer Security
Fall 2000

Basics and Access Control (Sept 5 and 12)

  1. M. Satyanarayanan, Integrating Security in Large Scale Distributed Systems, ACM TOCS, August 1989. (Mustaque Ahamad)
  2. R. J. Hayton, J. M. Bacon and K. Moody, Access Control in an Open Distributed Environment, IEEE Symposium on Security and Privacy, 1998.  Available here.  (Patrick Widener)
  3. A. Herzberg, Y. Moss and J. Mihaeli, Access Control Meets Public Key Infrastructure, IEEE Symposium on  Security and Privacy 2000.  Available here.  (Mustaque Ahamad)
  4. R. Spencer, S. Smalley, P. Loscocco, M. Hibler, D. Andersen, and J. Lepreau, The Flask Security Architecture: System Support for Diverse Security Policies , The Eighth USENIX Security Symposium, August 1999, pp. 123-139. (??????)

Trust and Authentication (Sept 19) (Mike Covington)

  1. V. Swarup and J. Fabrega, Trust: Benefits, Models and Mechanisms, Springer-Verlag LNCS 1603, 1998.
  2. M. Reiter and S. Stubblebine, Toward Acceptable Metrics of Authentication, IEEE Symposium on Security and Privacy, 1996.

Cryptography (Sept 26 and Oct 3) (Arnab Paul and Paul Judge)

  1. P. Kocher, Timing attacks on Implementations of Diffie-Hellman, RSA, DSS and Other Systems, Advances in Cryptology - CRYPTO 96, pp 104-113, 1996
  2. P. Kocher, J. Jaffe and B. Jun Differential power analysis, Advances in Cryptology - CRYPTO 99, ed. M. Wiener, pp.388-397, 1999
  3. R. J. Anderson and F. A. P. Petitcolas, On the limits of steganography, IEEE Journal on Selected Areas in Communications (J-SAC), Special Issue on Copyright & Privacy Protection, vol. 16 no. 4, pp 474-481, May 1998.

Security in Mobile Environments (Oct 10 and 17) (Venkat and Subbu)

  1. C. Carroll, Y. Frankel and Y. Tsiounis, Efficient  Key Distribution for Slow Devices,  IEEE Symposium on Security and Privacy, 1998.
  2. T. Sanders and C. F. Tscudin, Towards Mobile Cryptography, IEEE Symposium on Security and Privacy, 1998.
  3. D. Malkhi, M. Reiter, and A. Rubin, Secure Execution of Java Applets using a Remote Playground, Proc. IEEE Symposium on Security and

  4. Privacy, May 1998.

Secure Multicast (Oct  31) (JinLiang Fan)

  1. C. K. Wong, M. Gouda and S. Lam, Secure Group Communication Using Key Graphs,  ACM SIGCOMM 1998.

Web Security (Nov 7 and 14)

  1. D. Dean, E. W. Felten, and D S. Wallach Java Security: From HotJava to Netscape and Beyond Proceedings of 1996 IEEE Symposium on Security and Privacy, May 1996. (Vidya)
  2. A. L. M. dos Santos, G. Vigna, R. A. Kemmerer Security Testing of the Online Banking Service of a Large International Bank, To be presented in the First Workshop on Security and Privacy in E-Commerce, November 2000.
  3. S. Bellovin, Cryptography and the Internet, Proceedings of CRYPTO '98, August 1998, pp. 46-55.

Tamper Resistant Devices (Nov 21)

  1. D. Boneh and N. Daswani, Experimenting with electronic commerce on the PalmPilot, In proceedings of Financial Cryptography '99, Lecture Notes in Computer Science, Vol. 1648, Springer-Verlag, pp. 1--16, 1999.
  2. R. Anderson and M. Kuhn, Tamper Resistance - a Cautionary Note, The Second USENIX Workshop on Electronic Commerce Proceedings, November 18-21, 1996
  3. H. Gobioff, S. Smith, J. D. Tyger and B. Yee, Smart cards in hostile environments, in Proceedings of the 2nd Usenix Workshop on Electronic Commerce, November 1996, pages 23 - 28.

Dealing with Denial-of-Service Attacks (Nov 28,  Dec 5 and 12)