Bibliography

Previous page
Table of content
 
 <  Free Open Study  >    

A few notes on the bibliography: URLs are used sparingly because the pages they reference tend to move, disappear, or change. URLs are given for some older papers that are hard to locate any other way and that are posted at sites that will probably serve as archives.

The following abbreviations are used in this bibliography.

ACM

Association for Computing Machinery

Comm

Communications

Conf

Conference

Corp

Corporation

Dept

Department

IEEE

Institute for Electrical and Electronics Engineers

Proc

Proceedings

Symp

Symposium

Trans

Transactions

Univ

University

[ABA94] Abadi, M., and Needham, R. "Prudent Engineering Practice for Cryptographic Protocols." Proc IEEE Symp on Security & Privacy , 1994, p122 “136.

[ABB76] Abbott, R., et al. "Security Analysis and Enhancements of Computer Operating Systems." NBS Tech Report , NBSIR-76-1041, 1976.

[ABR87] Abrams, M., and Podell, H. Computer & Network Security ”Tutorial . IEEE Computer Society Press, 1987.

[ACT02] ActivNewsletter. "Lloyd's TSB Secures Online Banking Services with ActivCard Gold." ActivNewsletter , Feb 2002.

[ADA89] Adam, N., and Wortman, J. "Security-Control Methods for Statistical Databases: A Study." ACM Computing Surveys , v21 n4, Dec 1989, p515 “556.

[ADA92a] Adam, J. "Threats and Countermeasures." IEEE Spectrum , v29 n8, Aug 1992, p21 “28.

[ADA92b] Adam, J. "Cryptography = Privacy?" IEEE Spectrum , v29 n8, Aug 1992, p29 “35.

[ADA92c] Adam, J. "Data Security." IEEE Spectrum , v29 n8, Aug 1992, p19 “20.

[ADA92d] Adam, J., ed. "A Security Roundtable." IEEE Spectrum , v29 n8, Aug 1992, p41 “44.

[ADA95] Adam, J. "The Privacy Problem." IEEE Spectrum , v32 n12, Dec 1995, p46 “52.

[ADL82] Adleman, L. "On Breaking the Iterated Merkle “Hellman Public-Key Cryptosystem." Proc Crypto Conf , 1982, p303 “308.

[ADL83] Adleman, L. "On Breaking Generalized Knapsack Public Key Cryptosystems." Proc ACM Symp Theory of Computing , 1983, p402 “412.

[AFS83] AFSB (Air Force Studies Board). "Multilevel Data Management Security." National Academy of Sciences Report , 1983.

[AGN84] Agnew, G., et al. "Secrecy and Privacy in a Local Area Network Environment." Proc Eurocrypt Conf , 1984, p349 “357.

[AGN88] Agnew, G., et al. "A Secure Public Key Protocol Based on Discrete Exponentiation." Proc Eurocrypt Conf , 1988.

[AGR00] Agrawal, R., and Srikant, R. "Privacy-Preserving Data Mining." Proc ACM SIGMOD Conf on Management of Data , May 2000.

[AIR00] U.S. Air Force. "Operational Risk Management." Air Force Policy Directive , 90-9, 1 Apr 2000.

[AKL83] Akl, S. "Digital Signatures: A Tutorial Survey." IEEE Computer , v16 n2, Feb 1983, p15 “26.

[ALB01] Alberts, C., et al. "OCTAVE Catalog of Practices." Software Engineering Institute Technical Report , CMU/SEI-2001-TR-020, Oct 2001.

[ALB99] Alberts, C., et al. "Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE)" Software Engineering Institute Technical Report , CMU/SEI-99-TR-017, Jun 1999.

[ALE96] Aleph One. "Smashing the Stack for Fun and Profit." Phrack , v7 n49, Nov 1996.

[ALL99] Allen, J., et al. "State of the Practice of Intrusion Detection Technologies." Software Engineering Institute Technical Report , CMU/SEI-99-TR-028, 1999.

[AME83] Ames, S., et al. "Security Kernel Design and Implementation: An Introduction." IEEE Computer , v16 n7, Jul 1983, p14 “23.

[AND01] Anderson, R. Security Engineering: Guide to Building Dependable Distributed Systems . Wiley, 2001.

[AND02] Anderson, R. "Security in Open versus Closed Systems ”The Dance of Boltzmann, Coase and Moore." Proc Open Source Software Conf: Economics, Law and Policy , Toulouse, France, 21 Jun 2002.

[AND02a] Anderson, R. "Unsettling Parallels Between Security and the Environment." Presentation at Univ of California Berkeley Workshop , 2002.

[AND72] Anderson, J. "Computer Security Technology Planning Study." U.S. Air Force Electronic Systems Division , TR-73-51, Oct 1972. URL: http://csrc.nist.gov/ publications /history/ande72.pdf.

[AND80] Anderson, J. "Computer Security Threat Monitoring and Surveillance." James P. Anderson Co. Technical Report , 1980.

[AND82] Anderson, J. "Accelerating Computer Security Innovation." Proc IEEE Symp on Security & Privacy , 1982, p91 “97.

[AND85] Anderson, J. "A Unification of Computer and Network Security Concepts." Proc IEEE Symp on Security & Privacy , 1985, p77 “87.

[AND94] Anderson, R. "Why Cryptosystems Fail." Comm of the ACM , v37 n11, Nov 1994, p32 “41.

[AND98] Anderson, R. "The DeCODE Proposal for an Icelandic Health Database." unpublished report , 20 Oct 1998.

[AND98a] Anderson, R., et al. "Serpent: A Proposal for the Advanced Encryption Standard." unpublished report , undated. URL: http://www.cs.technion.ac.il/~biham/Reports/Serpent.

[ANT02] Ant ³n, P., et al. "Finding and Fixing Vulnerabilities in Information Systems: The Vulnerability Assessment and Mitigation Methodology." RAND Corp Technical Report , MR-1601-DARPA, 2002.

[ARB97] Arbaugh, W., et al. "A Secure and Reliable Bootstrap Architecture." Proc IEEE Symp on Security & Privacy , 1997, p65 “71.

[ASL95] Aslam, T. "A Taxonomy of Security Faults in the UNIX Operating System." Purdue Univ Dept of Computer Science Master's Thesis , Aug 1995.

[ATT76] Attanasio, C., et al. "A Study of VM/370 Integrity." IBM Systems Journal , v15 n1, 1976, p102 “116.

[BAD89] Badger, L. "A Model for Specifying Multi-Granularity Integrity Policies." Proc IEEE Symp on Security & Privacy , 1989, p269 “277.

[BAD91a] Badger, L. "Covert Channel Analysis Planning for Large Systems." TIS Technical Report , Trusted Information Systems, Feb 1991.

[BAD91b] Badger, L. "TMach Covert Channel Analysis Plan." TIS Technical Report , Trusted Information Systems, Jan 1991.

[BAH02] Bahadur, G., et al. Privacy Defended: How to Protect Your Privacy and Secure Your PC . Que, 2002.

[BAL85] Baldwin, R., and Gramlich, W. "Cryptographic Protocol for Trustable Match Making." Proc IEEE Symp on Security & Privacy , 1985.

[BAL93] Balenson, D. "Privacy Enhancement for Internet Electronic Mail, Part III." Internet report , RFC 1423: Algorithms, Modes, Identifiers, Feb 1993.

[BAM82] Bamford, J. The Puzzle Palace . Houghton Mifflin, 1982.

[BAR90] Barker, W., and Pfleeger, C. "Civil and Military Applications of Trusted Systems Criteria." TIS Technical Report , 304, Feb 1990.

[BAR92] Barlow, J. "Decrypting the Puzzle Palace." Comm of the ACM , v35 n7, Jul 1992, p25 “31.

[BAR99] Barwick, C., et al. "The MARS Encryption Algorithm." unpublished IBM Corp Technical Report , 27 Aug 1999. URL: http://www.research.ibm.com/security/mars.html.

[BEA88] Beauchemin, P., et al. "The Generation of Random Numbers That Are Probably Prime." Journal Cryptology , v1 n1, 1988, p53 “64.

[BEC80] Beck, L. "A Security Mechanism for Statistical Data Bases." ACM Trans on Data Base Systems , v5 n3, Sep 1980, p316 “338.

[BEK82] Beker, H., and Piper, F. Cipher Systems . Northwood Books, 1982.

[BEL02] Belcher, T., and Yoram, E. "Riptech Internet Security Threat Report." Riptech, Inc Technical Report , vII, Jul 2002.

[BEL73] Bell, D., and La Padula, L. "Secure Computer Systems: Mathematical Foundations and Model." MITRE Report , MTR 2547 v2, Nov 1973.

[BEL76] Bell, D., and La Padula, L. "Secure Computer Systems: Unified Exposition and Multics Interpretation." U.S. Air Force Electronic Systems Division Technical Report , ESD-TR-75-306, 1976. URL: http://csrc.nist.gov/publications/history/bell76.pdf

[BEL83] Bell, D. "Secure Computer Systems: A Retrospective." Proc IEEE Symp on Security & Privacy , 1983, p161 “162.

[BEL89] Bellovin, S. "Security Problems in the TCP/IP Protocol Suite." Computer Comm Review , v19 n2, Apr 1989, p32 “48.

[BEL91] Bellovin, S., and Merritt, M. "Limitations of the Kerberos Authentication System." Proc Usenix Conf , Winter 1991, p253 “267.

[BEL92a] Bellare, M., and Micali, S. "How to Sign Given Any Trapdoor Permutation." Journal of the ACM , v39 n1, Jan 1992, p214 “233.

[BEL92b] Bellovin, S., and Merritt, M. "Encrypted Key Exchange." Proc IEEE Symp on Security & Privacy , 1992, p72 “84.

[BEL92c] Bellovin, S. "There Be Dragons." Proc Usenix Unix Security Symp , Sep 1992.

[BEL96] Bell, T. "Technology 1996: Communications." IEEE Spectrum , v33 n1, Jan 1996, p30 “41.

[BEN72] Bensoussan, A., et al. "The Multics Virtual Memory: Concepts and Design." Comm of the ACM , v15 n5, May 1972, p308 “318.

[BEN84] Benzel, T. "Analysis of a Kernel Verification." Proc IEEE Symp on Security & Privacy , 1984, p125 “131.

[BEN92a] Bennett, C. "Experimental Quantum Cryptography." Journal of Cryptology , v5 n1, 1992, p3 “28.

[BEN92b] Bennett, C., et al. "Quantum Cryptography." Scientific American , v267 n4, Oct 1992, p50 “57.

[BER00] Berard, E. "Abstraction, Encapsulation and Information Hiding." unpublished report , 2000. URL: http://www.itmweb.com/essay550.htm.

[BER01] Berghal, H. "The Code Red Worm." Comm of the ACM , v44 n12, Dec 2001, p15 “19.

[BER01a] Berghal, H. "Cyberprivacy in the New Millennium." IEEE Computer , v34 n1, Jan 2001, p134 “136.

[BER88] Berson, T. "Interview with Roger Schell." Unix Review , Feb 1988, p60 “69.

[BER92] Berson, T. "Differential Cryptanalysis Mod 2**32 with Applications to MD5." Proc Eurocrypt Conf , 1992.

[BIB77] Biba, K. "Integrity Considerations for Secure Computer Systems." U.S. Air Force Electronic Systems Division Technical Report , 76 “372, 1977.

[BIH90] Biham, E., and Shamir, A. "Differential Cryptanalysis of DES-like Cryptosystems." Proc Crypto Conf , 1990, p2 “21.

[BIH91] Biham, E., and Shamir, A. "Differential Cryptanalysis of FEAL and N-Hash." Proc Eurocrypt Conf , 1991, p1 “16.

[BIH92] Biham, E., and Shamir, A. "Differential Cryptanalysis of Snefru, Khafre REDOC-II, LOKI, and Lucifer." Proc Crypto Conf , 1992, p156 “171.

[BIH93] Biham, E., and Shamir, A. "Differential Cryptanalysis of the Full 16-Round DES." Proc Crypto Conf , 1993, p487 “496.

[BIS86] Bishop, M. "Analyzing the Security of an Existing Comput System." NASA RIACS Technical Report , TR86.13, 1986.

[BIS89] Biskup, J. "Protection of Privacy and Confidentiality in Medical Information Systems." Proc IFIP Workshop on Database Security , 1989.

[BLA01] Blair, B. "Nukes: A Lesson From Russia." Washington Post , 11 Jul 2001, pA19.

[BLA79c] Blakely, G. "Safeguarding Cryptographic Keys." Proc AFIPS National Computer Conf , 1979, p313 “317.

[BLA90] Black, D. "Scheduling Support for Concurrency and Parallelism in MACH." IEEE Computer , v23 n3, Mar 1990, p35 “43.

[BLA96] Blaze, M., et al. "Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Security." unpublished report , Jan 1996.

[BLU81] Blum, M. "Coin Flipping by Telephone." SIGACT News , 1981, p23 “27.

[BLU83] Blum, M., et al. "Reducibility Among Protocols." Proc Crypto Conf , 1983, p137 “146.

[BOE85] Boebert, W., and Kain, R. "A Practical Alternative to Hierarchical Integrity Policies." Proc National Computer Security Conf , 1985, p18 “27.

[BOE92] Boebert, E. "Assurance Evidence." Secure Computing Corp Technical Report , 1 Jun 1992.

[BOE93] den Boer, B., and Bosselaers, A. "Collisions for the Compression Function of MD5." Proc Eurocrypt Conf , 1993, p293 “304.

[BOL91] Bollinger, T., and McGowan, C. "A Critical Look at Software Capability Evaluations." IEEE Software , v8 n4, Jul 1991, p25 “41.

[BOO81] Booth, K. "Authentication of Signatures Using Public Key Encryption." Comm of the ACM , v24 n11, Nov 1981, p772 “774.

[BOW92] Bowles, J., and Pelaez, C. "Bad Code." IEEE Spectrum , v29 n8, Aug 1992, p36 “40.

[BOW95] Bowen, J., and Hinchley, M. "Ten Commandments of Formal Methods." IEEE Computer , v28 n4, Apr 1995, p56 “62.

[BRA02] Brauchle, R. "Hidden Risks in Web Code." Software Testing and Quality Engineering Magazine , v4 n2, Mar/Apr 2002, p12 “13.

[BRA73] Branstad, D. "Privacy and Protection in Operating Systems." IEEE Computer , v6 n1, Jan 1973, p43 “46.

[BRA77] Branstad, D., et al. "Report of the Workshop on Cryptography in Support of Computer Security." NBS Technical Report , NBSIR 77-1291, Sep 1977.

[BRA78] Branstad, D. "Security of Computer Communication." IEEE Communications Society Magazine , v16 n6, Nov 1978, p33 “40.

[BRA79] Branstad, D. "Hellman's Data Does Not Support His Conclusion." IEEE Spectrum , v16 n7, Jul 1979, p41.

[BRA88] Brassard, G. Modern Cryptology . Springer-Verlag, 1988.

[BRA89] Branstad, M., et al. "Access Mediation in a Message Passing Kernel." Proc IEEE Symp on Security & Privacy , 1989, p66 “72.

[BRE02] Brewin, B. "Retailers Defend Low-Level Security on Wireless LANs." Computerworld , 31 May 2002.

[BRE89] Brewer, D., and Nash, M. "The Chinese Wall Security Policy." Proc IEEE Symp on Security & Privacy , 1989, p206 “214.

[BRI72] Brinch Hanson, P. "Structured Multiprogramming." Comm of the ACM , v15 n7, Jul 1972, p574 “577.

[BRI82] Brickell, E., et al. "A Preliminary Report on Cryptanalysis of Merkle “Hellman Knapsacks." Proc Crypto Conf , 1982, p289 “303.

[BRI83] Bright, H. "Modern Computational Cryptography." Advances in Computer Security Management , Wiley, 1983, p173 “201.

[BRI88] Brickell, E., and Odlyzko, A. "Cryptanalysis: A Survey of Recent Results." Proc of the IEEE , v76 n5, May 1988, p578 “593.

[BRI93] Brickell, E., et al. "Skipjack Review: Interim Report 1 Aug 93." unpublished technical report , 1 Aug 1993.

[BRO02] Brouersma, M. "Study Warns of Open-Source Security Danger." ZDNet UK News , 31 May 2002.

[BRO83] Browne, P., and Troy, E. "Designing Secure Data Processing Applications." Advances in Computer Security Management , Wiley, 1983.

[BRO87] Brooks, F. "No Silver Bullet." IEEE Computer , v20 n4, Apr 1987, p10 “19.

[BRO96] Brooks, F. "The Computer Scientist as Toolsmith." Comm of the ACM , v39 n3, Mar 1996, p61 “68.

[BUR89] Burns, R. "DBMS Integrity and Security Controls." Report on Invitational Workshop on Data Integrity , Sep 1989, pA7.

[BUR90] Burns, R. "Referential Secrecy." Proc IEEE Symp on Security & Privacy , 1990, p133 “142.

[BUS01] Business Wire "Companies Hacked on Average Six or More Times Per Year." Business Wire , Aug 6, 2001.

[BUX02] Buxton, P. "Egg Rails at Password Security." Netimperative , 24 Jun 2002.

[CAL00] Caloyannides, M. "Encryption Wars: Early Battles." IEEE Spectrum , v37 n4, Apr 2000, p37 “43.

[CAL00a] Caloyannides, M. "Encryption Wars: Shifting Tactics." IEEE Spectrum , v37 n5, May 2000, p46 “51.

[CAM93] Campbell, K., and Wiener, M. "Proof That DES Is Not a Group ." Proc Crypto Conf , 1993, p512 “520.

[CCE94] CCEB (Common Criteria Editorial Board). "Common Criteria for Information Technology Security Evaluations." CCEB Report , Apr 1994.

[CCE98] CCEB (Common Criteria Editorial Board). "Common Criteria for Information Technology Security Evaluations." Report , CCIMB-99-031, Mar 1998.

[CER02] CERT (Computer Emergency Response Team). "Multiple Vulnerabilities in Many Implementations of Simple Network Management Protocol (SNMP)." CERT Advisory , CA-2002-03, 12 Feb 2002.

[CER99] CERT (Computer Emergency Response Team). "Results of the Distributed Systems Intruder Tools." CERT Coordination Center Report , Dec 1999.

[CHA00] Chapman, B., and Zwicky, E. Building Internet Firewalls , 2nd ed. O'Reilly, 2000.

[CHA01] Chaq, A. "Software Free-for-All." Washington Post , 5 Sep 2001.

[CHA81] Chaum, D. "Untraceable Electronic Mail, Return Addresses, and Pseudonyms." Comm of the ACM , v24 n2, Feb 1981, p84 “88.

[CHA82] Chaum, D. "Blind Signatures for Untracable Payments." Proc Crypto Conf , 1982, p199 “205.

[CHA85] Chaum, D. "Security Without Identification: Transaction Systems." Comm of the ACM , v28 n10, Oct 1985, p1030 “1044.

[CHE02] Cheswick, W., and Bellovin, S. Firewalls and Internet Security , 2nd ed. Addison-Wesley, 2002.

[CHE81] Cheheyl, M., et al. "Verifying Security." Computing Surveys , v13 n3, Sep 1981, p279 “339.

[CHE89] Chess, D. "Computer Viruses and Related Threats to Computer and Network Security." Computer Networks and ISDN Systems , v17, 1989, p141 “147.

[CHE94] Cheswick, B., and Bellovin, S. Firewalls and Internet Security . Addison-Wesley, 1994.

[CHI89] Chiou, G., and Chen, W. "Secure Broadcasting using the Secure Lock." IEEE Trans on Software Engineering , SE-15 n8, Aug 1989, p929 “934.

[CHR02] Christey, S., and Wysopal, C. "Responsible Vulnerability Disclosure Process." Internet-Draft , Internet Society, Feb 2002.

[CHR96] Christy, J. "Rome Laboratory Attacks: Prepared Testimony Before the Senate Governmental Affairs," in [DEN98], 22 May 1996.

[CLA77] Clark, R. The Man Who Broke Purple . Little-Brown, 1977.

[CLA87] Clark, D., and Wilson, D. "A Comparison of Commercial and Military Computer Security Policies." Proc IEEE Symp on Security & Privacy , 1987, p184 “194.

[COF02] Coffee, P. "On the Mend?" eWeek , 3 Jun 2002.

[COH84] Cohen, F. "Computer Viruses." Computer Security: A Global Challenge , Elsevier Press, 1984, p143 “158.

[COL94] Collins, W., et al. "How Good Is Good Enough?" Comm of the ACM , v37 n1, Jan 1994, p81 “91.

[COL96] Coleridge, R. "The Cryptography API, or How to Keep a Secret." Microsoft Technical White Paper , MSDN Library, 19 Aug 1996.

[COM88] Comer, D. Internetworking with TCP/IP . Prentice-Hall, 1988.

[COO02] Cook, G. "At MIT They Can Put Words in Our Mouths." Boston Globe , 15 May 2002.

[COO71] Cook, S. "The Complexity of Theorem-Proving Procedures." Proc ACM Symp Theory of Computing , 1971, p151 “158.

[COP92] Coppersmith, D. "DES and Differential Cryptanalysis." private communication , 23 Mar 1992.

[COR84] Corsini, P., et al. "Distributing and Revoking Authorizations on Abstract Objects." Software ”Practice and Experience , v14 n10, Oct 1984, p931 “943.

[COR91] Corbat ³, F. "On Building Systems That Will Fail." Comm of the ACM , v34 n9, Sep 1991, p72 “81.

[CRO89] Crocker, S., and Bernstein, M. "ARPANet Disruptions: Insight into Future Catastrophes." TIS (Trusted Information Systems) Report , 247, 24 Aug 1989.

[CSE88] CSE (Communications Security Establishment). "Proceedings of the Evaluation Criteria Workshop." Canadian Trusted Computing Product Evaluation Report , Aug 1988.

[CSE90] CSE (Communications Security Establishment). "Proceedings of 1990 CTCPEC Availability Workshop." Canadian Trusted Computing Product Evaluation Report , Feb 1990.

[CSE94] CSE (Communications Security Establishment). A Guide to Security Risk Management for IT Systems (Draft) . Government of Canada, May 1994.

[CSI01] (Computer Security Institute). "2001 CSI/FBI Computer Crime and Security Study." Computer Security Issues & Trends , v7 n1, Spring 2001.

[CSI02] CSI (Computer Security Institute). "2002 CSI/FBI Computer Crime and Security Study." Computer Security Issues & Trends , v8 n1, Spring 2002.

[CSR91] CSRI (Computer Systems Research Institute). "Composability of Trusted Systems." Univ of Toronto Report , Jan 1991.

[CSS93] CSSC (Canadian System Security Centre). Canadian Trusted Computer Product Evaluation Criteria . Jan 1993.

[CUG95] Cugini, J., et al. "Functional Security Criteria for Distributed Systems." Proc National Computer Security Conference , 1995, p310 “321.

[CUL01] Culp, S. "It's Time to End Information Anarchy." Microsoft Security Column , Oct 2001.

[CUR87] Curtis, B., et al. "On Building Software Process Models Under the Lamppost." Proc International Conf on Software Engineering , 1987, p96 “103.

[CUR90] Curry, D. "Improving the Security of Your Unix System." SRI Tech Report , ITSTD-721-FR-90-21, Apr 1990.

[CUT91] Cutler, K. "Commercial International Security Requirements." American Express Travel Related Services Report , American Express Travel Related Services, 1991.

[DAE00] Daemen, J., and Rikmen, V. "The Block Cipher Rijndael." Smart Card Research and Applications , Lecture Notes in Computer Science 1820, Springer-Verlag, 2000, p288 “296.

[DAE02] Daemen, J., and Rijmen, V. The Design of Rijndael . Springer-Verlag, 2002.

[DAT81] Date, C. An Introduction to Data Base Systems, vol 1 . Addison-Wesley, 1981.

[DAT83] Date, C. An Introduction to Data Base Systems, vol.2 . Addison-Wesley, 1983.

[DAV78] Davida, G. "Data Base Security." IEEE Trans on Software Engineering , vSE-4 n6, Nov 1978, p531 “533.

[DAV79] Davida, G. "Hellman's Scheme Breaks DES in its Basic Form." IEEE Spectrum , v16 n7, Jul 1979, p39.

[DAV80] Davies, D. "Protection." Distributed Systems, An Advanced Course , Springer-Verlag, 1980.

[DAV81] Davies, D. The Security of Data in Networks . IEEE Computer Society Press, 1981.

[DAV82] Davies, D. "Some Regular Properties of the Data Encryption Standard Algorithm." Proc Crypto Conf , 1982, p89 “97.

[DAV83] Davies, D. "Applying the RSA Digital Signature to Electronic Mail." IEEE Computer , v16 n2, Feb 1983, p55 “62.

[DAV83a] Davio, M., et al. "Propagation Characteristics of the Data Encryption Standard." Proc Crypto Conf , 1983, p171 “202.

[DAV85] Davida, G., and Matt, B. "Crypto-Secure Operating Systems." Proc AFIPS National Computer Conf , 1985, p577 “581.

[DAV89] Davies, D., and Price, W. Security for Computer Networks (2nd ed) . Wiley, 1989.

[DAV96] Davis, R., et al. "A New View of Intellectual Property and Software." Comm of the ACM , v39 n3, Mar 1996, p21 “30.

[DEA77] Deavours, C. "Unicity Points in Cryptanalysis." Cryptologia , v1 n1, Jan 1977, p46 “68.

[DEA85] Deavours, C. Machine Cryptography & Modern Cryptanalysis . Artech House, 1985.

[DEA96] Dean, D., et al. "Java Security: Web Browsers and Beyond." Proc IEEE Symp on Security & Privacy , 1996, also in [DEN98].

[DEM82] DeMillo, R., et al. "Cryptographic Protocols." Proc ACM Symp Theory of Computing , 1982, p383 “400.

[DEM83] DeMillo, R., and Merritt, M. "Protocols for Data Security." IEEE Computer , v16 n2, Feb 1983, p39 “54.

[DEM87] DeMarco, T., and Lister, T. Peopleware: Productive Projects & Teams . Dorset House, 1987.

[DEM95] DeMarco, T. Why Does Software Cost So Much? Dorset House, 1995.

[DEN76a] Denning, D. "A Lattice Model of Secure Information Flow." Comm of the ACM , v19 n5, May 1976, p236 “243.

[DEN77] Denning, D., and Denning, P. "Certification of Programs for Secure Information Flow." Comm of the ACM , v20 n7, Jul 1977, p504 “513.

[DEN79a] Denning, D., and Denning, P. "Data Security." Computing Surveys , v11 n3, Sep 1979, p227 “250.

[DEN79b] Denning, D., et al. "The Trackers: A Threat to Statistical Database Security." ACM Trans on Data Base Systems , v4 n1, Mar 1979, p76 “96.

[DEN81a] Denning, D. "Restricting Queries That Might Lead to Compromise." Proc IEEE Symp on Security & Privacy , 1981, p33 “40.

[DEN81b] Denning, D., and Sacco, G. "Timestamps in Key Distribution Protocols." Comm of the ACM , v24 n8, Jun 1981, p533 “536.

[DEN82] Denning, D. Cryptography and Data Security . Addison-Wesley, 1982.

[DEN83a] Denning, D., and Schl rer, J. "Inference Controls for Statistical Data Bases." IEEE Computer , v16 n7, Jul 1983, p69 “82.

[DEN83b] Denning, D. "Protecting Public Keys and Signature Keys." IEEE Computer , v16 n2, Feb 1983, p17 “35.

[DEN83c] Denning, D. "Field Encryption and Authentication." Proc Crypto Conf , 1983, p231 “247.

[DEN84] Denning, P., and Tichy, W. "Advanced Operating Systems." IEEE Computer , v17 n19, Oct 1984, p173 “190.

[DEN85] Denning, D. "Commutative Filters for Reducing Inference Threats." Proc IEEE Symp on Security & Privacy , 1985, p134 “146.

[DEN86] Denning, D. "An Intrusion-Detection Model." Proc IEEE Symp on Security & Privacy , 1986, p102 “117.

[DEN87a] Denning, D. "Views for Multilevel Database Security." IEEE Trans on Software Engineering , vSE-13 n2, Feb 1987, p129 “140.

[DEN87b] Denning, D. "An Intrusion-Detection Model." IEEE Trans on Software Engineering , vSE-13 n2, Feb 1987, p222 “226.

[DEN88] Denning, P. "Computer Viruses." American Scientist , v76, May-June 1988, p236 “238.

[DEN89] Denning, P. "The Internet Worm." American Scientist , v77, Mar-Apr 1989, p126 “128.

[DEN90a] Denning, P. Computers under Attack . Addison Wesley, 1990.

[DEN90b] Denning, P. "Sending a Signal." Comm of the ACM , v33 n8, Aug 1990, p11 “13.

[DEN91] Denning, D. "The United States vs Craig Neidorf." Comm of the ACM , v34 n3, Mar 1991, p24 “43.

[DEN96] Denning, D., and Branstad, D. "A Taxonomy of Key Escrow Encryption Systems." Comm of the ACM , v39 n3, Mar 1996, p34 “40.

[DEN98] Denning, D., and Denning, P. Internet Besieged ”Countering Cyberspace Scofflaws . Addison-Wesley, 1998.

[DEN99] Denning, D. Information Warfare and Security . Addison-Wesley, 1999.

[DEN99a] Denning, D. "Activism, Hactivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy." World Affairs Council Workshop , 10 Dec 1999.

[DES84] Desmedt, Y., et al. "Dependence of Output on Input in DES: Small Avalanche Characteristics." Proc Crypto Conf , 1984, p359 “376.

[DIF76] Diffie, W., and Hellman, M. "New Directions in Cryptography." IEEE Trans on Information Theory , vIT-22 n6, Nov 1976, p644 “654.

[DIF77] Diffie, W., and Hellman, M. "Exhaustive Cryptanalysis of the NBS Data Encryption Standard." IEEE Computer , v10 n6, Jun 1977, p74 “84.

[DIF79] Diffie, W., and Hellman, M. "Privacy and Authentication." Proc of the IEEE , v67 n3, Mar 1979, p397 “429.

[DIJ68a] Dijkstra, E. "GO TO Statement Considered Harmful." Comm of the ACM , v11 n3, Mar 68, p147.

[DIJ68b] Dijkstra, E. "The Structure of 'THE'-Multiprogramming System." Proc ACM Symp Operating Systems Principles , Oct 1968, reprinted in Comm of the ACM , v26 n1, Jan 1983.

[DIJ74] Dijkstra, E. "Self-Stabilizing Systems in Spite of Distributed Control." Comm of the ACM , v17 n11, Nov 1974, p643 “644.

[DIJ76] Dijkstra, E. A Discipline of Programming . Prentice-Hall, 1976.

[DIL96] Dill, D., and Rushby, J. "Acceptance for Formal Methods: Lessons from Hardware Design." IEEE Computer , v29 n4, Apr 1996, p23 “24.

[DIO92] Dion, R. "Elements of a Process Improvement Program." IEEE Software , v9 n4, Jul 1992, p83 “85.

[DIO93] Dion, R. "Process Improvement and the Corporate Balance Sheet." IEEE Software , v10 n4, Jul 1993, p28 “35.

[DOD85] DOD (U.S. Dept of Defense). "Trusted Computer Systems Evaluation Criteria." DOD , DOD5200.28-STD, Dec 1985.

[DOL82] Dolev, D., et al. "On the Security of Ping-Pong Protocols." Proc Crypto Conf , 1982, p177 “186.

[DOT95] Doty, T. "Test Driving SATAN ." Computer Security Journal , v ix n2, Fall 1995.

[DTI02] DTI (U.K. Dept. for Trade and Industry). "Information Security Breaches." DTI Technical Report , ISBS 2002, 2002.

[DTI89a] DTI (U.K. Dept. for Trade and Industry). "Security Functionality Manual." DRAFT report , v21 version 3.0, Feb 1989.

[DTI89b] DTI (U.K. Dept. for Trade and Industry). "Evaluation & Certification Manual." DRAFT report , v23 version 3.0, Feb 1989.

[DTI89c] DTI (U.K. Dept. for Trade and Industry). "Evaluation Levels Manual." DRAFT report , v22 version 3.0, Feb 1989.

[DUR99] Durst, R., et al. "Testing and Evaluating Computer Intrusion Detection Systems." Comm of the ACM , v42 n7, Jul 1999, p53 “61.

[EFF98] EFF (Electronic Frontier Foundation). Cracking DES . O'Reilly, 1998.

[EHR78] Ehrsam, W., et al. "A Cryptographic Key Management Scheme for Implementing the DES." IBM Systems Journal , v17 n2, 1978, p106 “125.

[EIC89] Eichlin, M., and Rochlis, J. "With Microscope and Tweezers: Analysis of Internet Virus." Proc IEEE Symp on Security & Privacy , 1989.

[ELG84] El Gamal, A. "A Public Key Cryptosystem and Signature Scheme Based on Discrete Logarithms." Proc Crypto Conf , 1984, p10 “18.

[ELG85] El Gamal, A. "A Public Key Cryptosystem and Signature Scheme Based on Discrete Logarithms." IEEE Trans on Information Theory , vIT-31 n4, Jul 1985, p469 “472.

[ELG86] El Gamal, A. "On Computing Logarithms over Finite Fields." Proc Crypto Conf , 1986, p396 “402.

[ENG96] English, E., and Hamilton, S. "Network Security Under Seige: The Timing Attack." IEEE Computer , v30 n3, Mar 1996, p95 “97.

[ERB01] Erbschloe, M. Information Warfare: How to Survive Cyber Attacks . Osborne/McGraw-Hill, 2001.

[EVA74] Evans, A., et al. "A User Authentication Scheme Not Requiring Secrecy in the Computer." Comm of the ACM , v17 n8, Aug 1974, p437 “441.

[EVE85] Even, S., et al. "A Randomizing Protocol for Signing Contracts." Comm of the ACM , v28 n6, Jun 1985, p637 “647.

[FAB74] Fabry, R. "Capability-Based Addressing." Comm of the ACM , v17 n7, Jul 1974, p403 “412.

[FAG96] Fagin, R., et al. "Comparing Information Without Leaking It." Comm of the ACM , v39 n5, May 1996, p77 “85.

[FAI97] Fairley, R., and Rook, P. "Risk Management for Software Development." In Dorfman M., and Thayer, R., eds. Software Engineering , Computer Society Press, 1997. Also in Thayer, R., and Christensen, M., eds. Software Engineering ”vol. 2 Supporting Processes , 2nd ed. Computer Society Press, 2002.

[FAR90] Farmer, D., and Spafford, E. "The COPS Security Checker System." Proc Summer Usenix Conf , 1990, p165 “170.

[FAR93] Farmer. D., and Venema, W. "Improving the Security of Your Site by Breaking Into It." unpublished technical report, 1993.

[FAR95] Farmer, D., and Venema, W. "SATAN: Security Administrator Tool for Analyzing Networks." unpublished report , 1995. URL: http://www.cerias.purdue.edu/ coast /satan.html.

[FAR96] Farmer, D. "Shall We Dust Moscow?" unpublished white paper , 18 Dec 1996.

[FAR96a] Farringdon, J. Analysing for Authorship: A Guide to the COSUM Technique . Univ of Wales Press, 1996.

[FEI75] Feistel, H., et al. "Some Cryptographic Techniques for Machine Data Communication." Proc of the IEEE , v63 n1, Nov 1975, p1545 “1554.

[FEI77] Feiertag, R., et al. "Proving Multilevel Security of a System Design." Operating Systems Review , v11 n5, Nov 1977, p57 “63.

[FER81] Fernandez, E., et al. Database Security and Integrity . Addison-Wesley, 1981.

[FER89] Fernandez, E., et al. "A Security Model for Object-Oriented Databases." Proc IEEE Symp on Security & Privacy , 1989, p110 “115.

[FIS02a] Fisher, D. "Trusting in Microsoft." eWeek , 4 Mar 2002.

[FIS02b] Fisher, D. "Patch or No, Flaws Go Public." eWeek , 28 May 2002.

[FIS02c] Fisher, D. "Coming Clean on Patches." eWeek , 3 Jun 2002.

[FIT89] Fites, P., et al. Control and Security of Computer Information Systems . Computer Science Press, 1989.

[FOR01] Forno, R. "Code Red Is Not the Problem." Help Net Security , Aug 27, 2001.

[FOR84] Fortune, S., and Merritt, M. "Poker Protocols." Proc Crypto Conf , 1984, p454 “464.

[FOR96] Forrest, S., et al. "A Sense of Self for Unix Processes." Proc IEEE Symp on Security & Privacy , 1996.

[FOS82] Foster, C. Cryptanalysis for Microcomputers . Hayden, 1982.

[FOX90] Fox, K., et al. "A Neural Network Approach Towards Intrusion Detection." Proc National Computer Security Conf , Oct 1990.

[FRA02] Frank, D., and Dorobek, C. "New Hopes for a Security Lockdown." Federal Computer Week , 10 Jun 2002.

[FRA73] Frankena, W. Ethics . Prentice Hall, 1973.

[FRA83] Fraim, L. "Scomp: A Solution to the Multilevel Security Problem." IEEE Computer , v16 n7, Jul 1983, p26 “34.

[FRI76a] Friedman, W. Elementary Military Cryptography . Aegean Park Press, 1976.

[FRI76b] Friedman, W. Elements of Cryptanalysis . Aegean Park Press, 1976.

[FRI76c] Friedman, W. Advanced Military Cryptography . Aegean Park Press, 1976.

[GAL99] Gallo, M., and Hancock, W. Networking Explained . Digital Press, 1999.

[GAN96] Ganesan, R. "The Yaksha Security System." Comm of the ACM , v39 n3, Mar 1996, p55 “60.

[GAR00] Garfinkel, S. Database Nation: The Death of Privacy in the 21st Century . O'Reilly, 2000.

[GAR79] Garey, M., and Johnson, D. Computers and Intractability . W.H. Freeman, 1979.

[GAR84] Garvin, D. "What Does 'Product Quality' Really Mean?" Sloan Management Review , Fall, 1984, p25 “45.

[GAR91a] Garfinkel, S., and Spafford, E. Practical Unix Security . O'Reilly & Assoc., 1991.

[GAR91b] Garvey, T., and Lunt, T. "Model-based Intrusion Detection." Proc National Computer Security Conf , 1991.

[GAR96] Garfinkel, S., and Spafford, [E.] Practrical Unix and Internet Security , 2nd ed. O'Reilly, 1996.

[GAS89] Gasser, M., et al. "Digital Distributed System Security Architecture." Proc National Computer Security Conf , 1989, p305 “319.

[GAS88] Gasser, M. Building a Secure System . Van Nostrand Reinhold, 1988.

[GAS90] Gasser, M., and McDermott, E. "An Architecture for Practical Delegation in Distributed Systems." Proc IEEE Symp on Security & Privacy , 1990, p20 “30.

[GER89] Gerhart, S. "Assessment of Formal Methods for Trustworthy Computer Systems." Proc ACM TAV Conf , 1989, p152 “155.

[GER94] Gerhart, S., et al. "Experience with Formal Methods in Critical Systems." IEEE Software , v11 n1, Jan 1994, p21 “28.

[GIB01] Gibson, S. "The Strange Tale of the Denial of Service Attacks Against GRC.COM." Gibson Research Corp. Technical Report , 2 Jun 2001. URL: http://grc.com/grcdos.html.

[GIF82] Gifford, D. "Cryptographic Sealing for Information Secrecy/Authenticity." Comm of the ACM , v25 n4, Apr 1982, p274 “285.

[GIL90] Gilbert, H., and Chauvaud, R. "A Statistical Attack on the FEAL-8 Cryptosystem." Proc Crypto Conf , 1990, p22 “33.

[GIS88] GISA (German Information Security Agency). IT-Security Criteria: Criteria for the Evaluation of Trustworthiness of IT Systems . 1988.

[GLI87] Gligor, V., et al. "A New Security Testing Method and Application to the Secure Xenix Kernel." IEEE Trans on Software Engineering , vSE-13 n2, Feb 1987, p169 “183.

[GLI88] Gligor, V., and Chandersekaran, C "Assessing the Costs." Unix Review , Feb 1988, p53 “58.

[GLI91] Gligor, V., et al. "Logics for Cryptographic Protocols ”Virtues and Limitations." Proc IEEE Computer Security Foundations Workshop , 1991, p219 “226.

[GOA99] Goan, T. "Collecting and Appraising Intrusion Evidence." Comm of the ACM , v42 n7, Jul 1999, p46 “52.

[GOG82] Goguen, J., and Meseguer, J. "Security Policies and Security Models." Proc IEEE Symp on Security & Privacy , 1982, p11 “20.

[GOG84] Goguen, J., and Meseguer, J. "Unwinding and Inference Control." Proc IEEE Symp on Security & Privacy , 1984, p75 “86.

[GOL77] Gold, B., et al. "VM/370 Security Retrofit Program." Proc ACM Annual Conf , 1977, p411 “418.

[GOL84] Gold, B., et al. "KVM/370 in Retrospect." Proc IEEE Symp on Security & Privacy , 1984, p13 “23.

[GOL99] Gollmann, D. Computer Security . Wiley, 1999.

[GON96] Gong, L., and Schemers, R. "Implementing Protection Domains in the Java Development Kit 1.2." Proc Internet Society Symp on Network and Distributed System Security , Mar 1996.

[GON97] Gong, L., et al. "Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2," Proc Usenix Symp on Internet Technologies and Systems , 1997.

[GOO84] Goodman, R., et al. "A New Trapdoor Knapsack Public Key Cryptosystem." Proc Eurocrypt Conf , 1984, p150 “158.

[GOS85] Gosler, J. "Software Protection: Myth or Reality." Proc Crypto Conf , 1985, p140 “157.

[GOS96] Gosling, J. The Java Language Specification . Addison-Wesley, 1996.

[GRA68] Graham, R. "Protection in an Information Processing Utility." Comm of the ACM , v11 n5, May 68, p365 “369.

[GRA72] Graham, R., and Denning, P. "Protection ”Principles and Practice." Proc AFIPS Spring Joint Computer Conf , 1972, p417 “429.

[GRA83a] Grant, P., and Riche, R. "The Eagle's Own Plume." US Naval Institute Proceedings , Jul 1983, p29 “33.

[GRA84a] Grampp, F., and Morris, R. "Unix Operating System Security." AT&T Bell Labs Technical Journal , v63 n8 pt2, Oct 1984, p1649 “1672.

[GRA84b] Graubert, R., and Kramer, S. "The Integrity Lock Approach to Secure Database Management." Proc IEEE Symp on Security & Privacy , 1984.

[GRA85] Graubert, R., and Duffy, K. "Design Overview for Retrofitting the Integrity Lock Architecture." Proc IEEE Symp on Security & Privacy , 1985, p147 “159.

[GRA87] Grady, R., and Caswell, D. Software Metrics: Establishing a Company-wide Program . Prentice Hall, 1987.

[GRA91] Gray, J. "Toward a Mathematical Foundation for Information Flow Security." Proc IEEE Symp on Security & Privacy , 1991, p21 “34.

[GRI02] Griffin, P. "Security Flaw Shuts Down Telecom's Mobile Email." New Zealand Herald , 28 Apr 2002.

[GRI81] Gries, D. Science of Programming . Springer-Verlag, 1981.

[GUP91] Gupta, S., and Gligor, V. "Towards a Theory of a Penetration-Resistant System and its Applications." Proc IEEE Workshop on Computer Security Foundations , 1991.

[HAB76] Habermann, A., et al. "Modularization and Hierarchy in a Family of Operating Systems." Comm of the ACM , v19 n5, May 1976, p266 “272.

[HAL67] Halmer, O. "Analysis of the Future: The Delphi Method." RAND Corporation Technical Report , P-3558, 1967.

[HAL95] Halme, L., and Bauer, R. "AINT Misbehaving ”A Taxonomy of Anti-Intrusion Techniques." Proc National Information Systems Security Conf , 1995, p12 “23.

[HAN00] Hancock, [W.] "A Practical Guide to Network Security." Exodus Communications white paper , 2000.

[HAN00a] Hancock, [W.] "Network Attacks: Denial of Service (DoS) and Distributed Denial of Service (DDoS)." Exodus Communications white paper , 2000.

[HAN76] Hantler, S., and King, J. "An Introduction to Proving the Correctness of Programs." Computing Surveys , v8 n3, Sep 1976, p331 “353.

[HAR76] Harrison, M., et al. "Protection in Operating Systems." Comm of the ACM , v19 n8, Aug 1976, p461 “471.

[HAR85] Harrison, M. "Theoretical Issues Concerning Protection in Operating System." Advances in Computers , 1985, p61 “100.

[HAR86] Harris, C. Applying Moral Theories . Wadsworth, 1986.

[HEB91] Heberlein, L., et al. "A Method to Detect Intrusion Activity in a Networked Environment." Proc National Computer Security Conf , 1991.

[HEI01] Heitmeyer, C. "Applying Practical Formal Methods to the Specification and Analysis of Security Properties." Proc Information Assurance in Computer Networks , Lecture Notes in Computer Science, n2052, Springer Verlag, 2001.

[HEL77] Hellman, M. "An Extension of the Shannon Theory Approach to Cryptography." IEEE Trans on Information Theory , vIT-23 n3, May 1977, p289 “294.

[HEL78] Hellman, M. "An Overview of Public Key Cryptography." IEEE Communications Society Magazine , v16 n6, Nov 1978, p24 “32.

[HEL79] Hellman, M. "DES Will be Totally Insecure Within Ten Years." IEEE Spectrum , v16 n7, Jul 1979, p32 “39.

[HEL79a] Hellman, M. "The Mathematics of Public Key Cryptography." Scientific American , v241 n2, Feb 1979, p146 “157.

[HEL80] Hellman, M. "A Cryptanalytic Time-Memory Trade Off." IEEE Trans on Information Theory , vIT-26 n4, Jul 1980, p401 “406.

[HIG88] Highland, H. "The Brain Virus: Fact and Fantasy." Computers & Security , v7 n5, 1988.

[HIN75] Hinke, T., and Schaefer, M. "Secure Data Management System." Rome Air Development Center Technical Report , TD-75-266, System Development Corp., 1975.

[HOA74] Hoare, C. "Monitors, An Operating System Structuring Concept." Comm of the ACM , v17 n10, Oct 1974, p548 “557.

[HOB97] Hobbit. "CIFS: Common Insecurities Fail Security." Avian Research white paper , 1997. URL: http://www.insecure.org/stf/cifs.txt.

[HOF00] Hoffman, L. "Internet Voting: Will It Spur or Corrupt Democracy?" Proc Computers, Freedom and Privacy Conf , 2000.

[HOF70] Hoffman, L., and Miller, W. "Getting a Personal Dossier from a Statistical Data Bank." Datamation , v16 n5, May 1970, p74 “75.

[HOF71] Hoffman, L. "The Formulary Model for Flexible Privacy and Access Controls." Proc AFIPS Fall Joint Computer Conf , 1971, p587 “601.

[HOF77] Hoffman, L. Modern Methods for Computer Security and Privacy . Prentice-Hall, 1977.

[HOF86] Hoffman, L. "Risk Analysis and Computer Security: Bridging the Cultural Gap." Proc National Computer Security Conf , 1986.

[HOF90] Hoffman, L. Rogue Programs: Viruses, Worms, Trojan Horses . Prentice-Hall, 1990.

[HOF93] Hoffman, L. "Clipping Clipper." Comm of the ACM , v36 n9, Sep 1993, p15 “17.

[HOF95a] Hoffman, L. Building in Big Brother . Prentice-Hall, 1995.

[HOF95b] Hoffman, L. "Balanced Key Escrow." GWU Tech Report , GWU-ICTSP-95-04, 4 Aug 1995.

[HOL91] Holbrook, P., and Reynolds, J., eds. "Site Security Handbook." Internet report , RFC 1244, Jul 1991.

[HOU01] Houle, K., and Weaver, G. "Trends in Denial of Service Attack Technology." CERT Coordination Center Report , 2001.

[HOU02] Householder, A., et al. "Computer Attack Trends Challenge Internet Security." IEEE Computer , Security and Privacy 2002 supplement, Apr 2002.

[HOU99] Housley, R. "Cryptographic Message Syntax." Internet report , RFC 2630, Apr 1999.

[HRW99] HRW (Human Rights Watch). "The Internet in the Mideast and North Africa: Free Expression and Censorship." Human Rights Watch White Paper , Jun 1999.

[HSI79] Hsiao, D., et al. Computer Security . Academic Press, 1979.

[HSI93] Hsieh, D., et al. "The Seaview Prototype." SRI Technical Report , 20 Aug 1993.

[HU91] Hu, W. "Reducing Timing Channels with Fuzzy Time." Proc IEEE Symp on Security & Privacy , 1991, p8 “20.

[HUF95] Huff, C., and Martin, C. "Computing Consequences: A Framework for Teaching Ethical Computing." Comm of the ACM , v38 n12, Dec 1995, p75 “84.

[HUL01] Hulme, G. "Full Disclosure." Information Week , 6 Aug 2001, p31 “32.

[HUL01a] Hulme, G. "Code Red: Are You Ready For the Next Attack?" Information Week , 6 Aug 2001, p22.

[HUL01b] Hulme, G. "Sanctum Upgrade Takes Aim at External Threats." Information Week , 24 Sep 2001, p71.

[HUL01c] Hulme, G. "Management Takes Notice." Information Week , 3 Sep 2001, p28 “34.

[HUL62] Hull, T., and Dobell, A. "Random Number Generators." SIAM Review , v4 n3, Jul 1962, p230 “254.

[HUM00] Humphries, J., et al. "No Silver Bullet: Limitations of Computer Security Technologies." Proc World Multiconference on Systems, Cybernetics and Informatics , 23-26 Jul 2000.

[HUM88] Humphrey, W. "Characterizing the Software Process: A Maturity Framework." IEEE Software , v5 n2, Mar 1988, p73 “79.

[HUM91a] Humphrey, W., and Curtis, B. "Comments on 'A Critical Look.'" IEEE Software , v8 n4, Jul 1991, p42 “46.

[HUM91b] Humphrey, W. "Software Process Improvement at Hughes Aircraft." IEEE Software , v8 n4, Jul 1991, p11 “23.

[ICO95] Icove, D., et al. Computer Crime: A Crimefighter's Handbook . O'Reilly & Assoc., 1995.

[IEE83] IEEE. IEEE Standard 729: Glossary of Software Engineering Terminology . IEEE Computer Society Press, 1983.

[ING86] Ingram, D. "Investigating and Prosecuting Computer Crime and Network Abuse." Proc National Computer Security Conf , Nov 1986.

[ISA02] ISA (Internet Security Alliance). "Common Sense Guides for Senior Managers: Top Ten Recommended Information Security Practices." ISA Report , Jul 2002.

[ISF00] ISF (Information Security Forum). "The Forum's Standard of Good Practice: The Standard for Information Security." ISF white paper , Nov 2000.

[ISO90] ISO (International Organization for Standardization). ISO 9000-3: Guidelines for Application of ISO 9001 . International Organization for Standardization, 1990.

[ISO94] ISO (International Organization for Standardization). ISO 9001: Model for Quality Assurance . International Organization for Standardization, 1994.

[ISS02] ISS (Internet Security Systems). "Internet Risk Impact Summary for March 26, 2002 through June 24, ISS Report , 2002. URL: http://www.iss.mnet

[ITS91a] ITSEC Working Group. ITSEC: Information Technology Security Evaluation Criteria . 10 Jan 1991.

[ITS91b] ITSEC Working Group. ITSEC: Information Technology Security Evaluation Criteria . version 1.2, Sept 1991.

[JAG93] Jagannathan, R. "Next Generation Intrusion Detection Expert System: System Design Document." SRI Tech Report , A007, 9 Mar 1993.

[JAJ90] Jajodia, S., and Sandhu, R. "Database Security: Current Status and Key Issues." SIGMOD Record , v19 n4, Dec 1990, p123 “126.

[JAN82] Janardan, R., and Lakshmanan, K. "A Public-Key Cryptosystem Based on the Matrix Cover NP-Complete Problem." Proc Crypto Conf , 1982, p21 “39.

[JAV93] Javitz, H., et al. "Next Generation Intrusion Detection Expert Systems." SRI Tech Report , A016, 8 Mar 1993.

[JOH94] Johnson, D. Computer Ethics , 2nd ed. Prentice Hall, 1994.

[JOH95] Johnson, D., and Mulvey, J. "Accountability and Computer Decision Systems." Comm of the ACM , v38 n12, Dec 1995, p58 “64.

[JON00] J ³natansson, H. "Iceland's Health Sector Database: A Significant Head Start in the Search for the Biological Grail or an Irreversible Error?" American Journal of Law and Medicine , v26 n1, 2000, p31 “68.

[JON02] Jones, W., and Avioli, D. "Carnivore Bites Madly." IEEE Spectrum , v39 n7, Jul 2002, p19.

[JON75] Jones, A., and Wulf, W. "Towards the Design of Secure Systems." Software ”Practice and Experience , v5 n4, Oct “Dec 1975, p321 “336.

[JON78a] Jones, A. "Protection Mechanism Models: Their Usefulness." In Foundations of Secure Computation , Academic Press, 1978, p237 “252.

[JON78b] Jones, A., and Lipton, R. "The Enforcement of Security Policies for Computation." Journal of Computer and System Science , v17 n1, Aug 1978, p35 “55.

[JON91] Jones, T. Applied Software Measurement . McGraw-Hill, 1991.

[JOS01] Joshi, J., et al. "Security Models for Web-Based Applications." Comm of the ACM , v44 n2, Feb 2001, p38 “44.

[JUE83] Jueneman, R., et al. "Authentication with Manipulation Detection Code." Proc IEEE Symp on Security & Privacy , 1983, p33 “54.

[JUE87] Jueneman, R. "Electronic Document Authentication." IEEE Network , v1 n2, Apr 1987, p17 “23.

[KAH67] Kahn, D. The Codebreakers . Macmillan, 1967.

[KAH96] Kahn, D. The Codebreakers . Scribners, 1996.

[KAI86] Kain, R., and Landwehr, C. "On Access Checking in Capability-Based Systems." Proc IEEE Symp on Security & Privacy , 1986, p95 “100.

[KAL93a] Kaliski, B. "Privacy Enhancement for Internet Electronic Mail, Part IV." Internet report , RFC 1424: Key Certificates and Services, Feb 1993.

[KAN98] Kaner, C., and Pels, D. Bad Software . Wiley, 1998.

[KAR01] Karr, M. "Semiotics and the Shakespeare Authorship Debate: The Author ”and His Icon ”Do Make a Difference in Understanding the Works." Shakespeare Oxford Newsletter , v36 n4, Winter 2001.

[KAR02] Karger, P., and Schell, R. "Thirty Years Later: Lessons from the Multics Security Evaluation." IBM Research Report , RC22534, 31 July 2002.

[KAR72] Karp, R. "Reducibility Among Combinatorial Problems." Complexity of Computer Computations , Plenum Press, 1972, p85 “104.

[KAR74] Karger, P., and Schell, R. "MULTICS Security Evaluation: Vulnerability Analysis, vol 2." Electronic Systems Division Technical Report , TR-74-193, 1974. URL: http://csrc.nist.gov/publications/history.

[KAR84] Karger, P., and Herbert, A. "An Augmented Capability Architecture to Support Lattice Security." Proc IEEE Symp on Security & Privacy , 1984, p2 “12.

[KAR88] Karger, P. "Implementing Commercial Data Integrity with Secure Capabilities." Proc IEEE Symp on Security & Privacy , 1988, p130 “139.

[KAR90] Karger, P., et al. "A VMM Security Kernel for the VAX Architecture." Proc IEEE Symp on Security & Privacy , 1990, p2 “19.

[KAR91a] Karger, P., et al. "A Retrospective on the VAX VMM Security Kernel." IEEE Trans on Software Engineering , v17 n11, Nov 1991, p1147 “1165.

[KAR91b] Karger, P., and Wray, J. "Storage Channels in Disk Arm Optimization." Proc IEEE Symp on Security & Privacy , 1991, p52 “61.

[KAU95] Kaufman, C., et al. Network Security: Private Communication in a Public World . Prentice Hall, 1995.

[KEE89] Keefe, T., et al. "Secure Query-Processing Strategies." IEEE Computer , v22 n3, Mar 1989, p63 “70.

[KEM02] Kemmerer, R., and Vigna, G. "Intrusion Detection: A Brief History and Overview." IEEE Computer , Security & Privacy 2002 supplement, Apr 2002, p27 “30.

[KEM83] Kemmerer, R. "Shared Resource Matrix Methodology." ACM Trans Computing Systems , v1 n3, Oct 1983, p256 “277.

[KEM86] Kemmerer, R. "Verification Assessment Study Final Report." National Computer Security Center Technical Report , NCSC C3-CR01-86, Mar 1986.

[KEM90] Kemmer, R. "A Multi-level Formal Specification of a Mental Health Care Database." Proc IFIP Workshop on Database Security , 1990, p1 “23.

[KEN00] Kent, S. "On the Trail of Intrusions into Information Systems." IEEE Spectrum , v37 n12, Dec 2000, p52 “56.

[KEN93] Kent, S. "Privacy Enhancement for Internet Electronic Mail, Part II." Internet report , RFC 1422: Certificate-Based Key Management, Feb 1993.

[KEN98] Kent, S., and Atkinson, R. "Security Architecture for the Internet Protocol." Internet technical report , RFC 2401, Nov 1998.

[KEP93] Kephart, J., et al. "Computers and Epidemiology." IEEE Spectrum , v30 n5, May 1993, p20 “26.

[KIE78] Kieburtz, R., and Silberschatz, A. "Capability Managers." IEEE Trans on Software Engineering , vSE-4 n6, Nov 1978, p467 “477.

[KIM98] Kim, G., and Spafford, E. "Tripwire: A Case Study in Integrity Monitoring." in [DEN98], 1998.

[KLE90] Klein, D. "Foiling the Cracker: Survey and Improvements of Password Security." Proc Usenix Unix Security II Wkshop , 1990, p5 “14.

[KNI02] Knight, W. "Anti-Snooping Operating System Close to Launch." The New Scientist , 28 May 2002.

[KNI98] Knight, E., and Hartley, C. "The Password Paradox." Business Security Advisor Magazine , Dec 1998.

[KNU73] Knuth, D. The Art of Computer Programming, vol. 1: Fundamental Algorithms . Addison-Wesley, 1973.

[KNU81] Knuth, D. The Art of Computer Programming, vol. 2: Seminumerical Algorithms . Addison-Wesley, 1981.

[KO97] Ko, C. "Execution Monitoring of Security-Critical Programs in Distributed Systems: A Proc IEEE Symp on Security & Privacy , 1997, p175 “187.

[KOC99] Kocher, P. "Breaking DES." RSA Laboratories Cryptobytes , v4 n2, 1999.

[KOH78] Kohnfelder, L. "Towards a Practical Public-Key Cryptosystem." MIT EE Bachelor's Thesis , 1978.

[KOH92] Kohl, J., et al. The Evolution of Kerberos Authentication . Computer Society Press, 1992.

[KOH93] Kohl, J., and Neuman, C. "The Kerberos Network Authentication Service (V5)." Internet report , RFC 1510, Sept 1993.

[KON80] Konheim, A., et al. "The IPS Cryptographic Programs." IBM Systems Journal , v19 n2, 1980, p253 “283.

[KON81] Konheim, A. Cryptography, A Primer . Wiley, 1981.

[KUL76] Kullback, S. Statistical Methods in Cryptanalysis . Aegean Park Press, 1976.

[KUM95] Kumar, S. "Classification and Detection of Computer Intrusions." Purdue Univ PhD Dissertation , Aug 1995.

[KUM95a] Kumar, S., and Spafford, E. "A Software Architecture to Support Misuse Intrusion Detection." Purdue Univ Computer Science Dept Technical Report , CSD-TR-95-009, Mar 1995.

[KUR92] Kurak, C., and McHugh, J. "A Cautionary Note on Image Downgrading." Proc Computer Security Applications Conf , 1992, p153 “159.

[LAG83] Lagarias, J. "Knapsack Public Key Cryptosystems and Diophantine Approximations." Proc Crypto Conf , 1983, p3 “23.

[LAK74] Lackey, R. "Penetration of Computer Systems: An Overview." Honeywell Computer Journal , v8 n2, Sep 1974, p81 “85.

[LAM00] Lampson, B. "Computer Security in the Real World." Proc Computer Security Applications Conf , 2000.

[LAM71] Lampson, B. "Protection." Proc Princeton Symp , reprinted in Oper Sys Rev , v8 n1, Jan 1974, p18 “24.

[LAM73] Lampson, B. "A Note on the Confinement Problem." Comm of the ACM , v16 n10, Oct 1973, p613 “615.

[LAM76] Lampson, B., and Sturgis, H. "Reflections on an Operating System Design." Comm of the ACM , v19 n5, May 1976, p251 “266.

[LAM69] Lampson, B. "Dynamic Protection Structures." Proc AFIPS Fall Joint Computer Conf , 1969, p27 “38.

[LAM81] Lamport, L. "Password Authentication with Insecure Communication." Comm of the ACM , v24 n11, Nov 1981, p770 “771.

[LAM82] Lamport, L., et al. "The Byzantine Generals Problem." ACM Trans on Prog. Languages and Systems , v4 n3, Jul 1982, p382 “401.

[LAM84] Lamport, L. " Solved Problems, Unsolved Problems, and Non-Problems in Concurrency." Proc ACM Principles of Distributed Computing Conf , 1984.

[LAM92] Lampson, B., et al. "Authentication in Distributed Systems: Theory and Practice." Digital Equipment Corporation Systems Research Center , Report 83, Feb 1992.

[LAN00a] Landau, S. "Standing the Test of Time: The Data Encryption Standard." Notices of the AMS , v47 n3, Mar 2000, p341 “349.

[LAN00b] Landau, S. "Communications Security for the Twenty-First Century: The Advanced Encryption Standard. Notices of the AMS , v47 n4, Apr 2000, p450 “459.

[LAN81] Landwehr, C. "Former Models for Computer Security." Computer Surveys , v13 n3, Sep 1981, p247 “278.

[LAN83] Landwehr, C., et al. "The Best Available Technologies for Computer Security." IEEE Computer , v16 n7, Jul 1983, p86 “100.

[LAN84] Landwehr, C., et al. "A Security Model for Military Message Systems." ACM Trans Computing Systems , v2 n2, Aug 1984, p198 “222.

[LAN93] Landwehr, C., et al. "Computer Program Security Flaws." NRL Tech Report , Nov 1993.

[LAN94] Landau, S., et al. "Crypto Policy Perspectives." Comm of the ACM , v37 n8, Aug 1994, p115 “121.

[LAU95] Laudon, K. "Ethical Concepts and Information Technology." Comm of the ACM , v38 n12, Dec 1995, p33 “39.

[LAW02] Lawton, G. "Open Source Security: Opportunity or Oxymoron?" IEEE Computer , v35 n3, Mar 2002, p18 “21.

[LEC83] Lechter, M. "Protecting Software and Firmware Devices." IEEE Computer , v16 n8, Aug 1983, p73 “82.

[LEE88] Lee, T. "Using Mandatory Integrity to Enforce Commercial Security." Proc IEEE Symp on Security & Privacy , 1988, p140 “146.

[LEM79] Lempel, A. "Cryptology in Transition." Computing Surveys , v11 n4, Dec 1979, p285 “303.

[LEN01] Lenstra, A., and Verheul, E. "Selecting Cryptographic Key Sizes." Journal of Cryptology , v14 n4, 2001, p255 “293.

[LEN78] Lennon, R. "Cryptographic Architecture for Information Security." IBM Systems Journal , v17 n2, 1978, p138 “150.

[LEX76] Lexan Corp. "An Evaluation of the DES." unpublished report , Lexan Corp., Sep 1976.

[LIE89] Liepins, G., and Vaccaro, H. "Anomaly Detection: Purpose and Framework." Proc National Computer Security Conf , 1989, p495 “504.

[LIE92] Liepens, G., and Vacarro, H. "Intrusion Detection: Its Role and Validation." Computers and Security , v11, 1992, p347 “355.

[LIN75] Linde, R. "Operating System Penetration." Proc AFIPS National Computer Conf , 1975.

[LIN76] Linden, T. "Operating System Structures to Support Security and Reliability." Computing Surveys , v8 n4, Dec 1976, p409 “445.

[LIN90] Linn, J. "Practical Authentication for Distributed Computing." Proc IEEE Symp on Security & Privacy , 1990, p31 “40.

[LIN93] Linn, J. "Privacy Enhancement for Internet Electronic Mail, Part I." Internet report , RFC 1421: Message Encipherment and Authentication Procedures, Feb 1993.

[LIN93a] Linn, J. "Generic Security Service Application Programming Interface." Internet report , RFC 1508, Sept 1993.

[LIN93b] Linn, J. "Common Authentication Technology Overview." Internet report , RFC 1511, Sept 1993.

[LIN97] Linn, J. "Generic Security Services Application Programming Interface, version 2." Internet tech report , RFC 2078, Jan 1997.

[LIN99] Lindqvist, U., and Porras, P. "Detecting Computer and Network Misuse with the Production-Based Expert System Toolset." Proc IEEE Symp on Security & Privacy , 1999, p146 “161.

[LIP77] Lipton, R., and Snyder, L. "A Linear Time Algorithm for Deciding Subject Security." Journal of the ACM , v 24 n3, Jul 1977, p455 “464.

[LIP82] Lipner, S. "Non-Discretionary Controls for Commercial Applications." Proc IEEE Symp on Security & Privacy , 1982, p2 “10.

[LIT99] Litchfield, D. "Alert: Microsoft's Phone Dialer Contains a Buffer Overflow that Allows Execution of Arbitrary Code." NTBugtraq archives , 30 Jul 1999.

[LOC94] Lockhart, H. OSF DCE . McGraw Hill, 1994.

[LON82] Longpre, L. "The Use of Public-Key Cryptology for Signing Checks." Proc Crypto Conf , 1982, p187 “197.

[LU89] Lu, W., and Sundareshan, M. "Secure Communication in Internet Environments." IEEE Trans on Communications , vCOM37 n10, Oct 1989, p1014 “1023.

[LUN89] Lunt, T. "Aggregation and Inference: Facts and Fallacies." Proc IEEE Symp on Security & Privacy , 1989, p102 “109.

[LUN90] Lunt, T., and Fernandez, E. "Database Security." SIGMOD Record , v19 n4, Dec 1990, p90 “97.

[LUN90a] Lunt, T., et al. "The SeaView Security Model." IEEE Trans on Software Engineering , vSE-16 n6, Jun 1990.

[LUN90b] Lunt, T., et al. "A Real-Time Intrusion Detection Expert System." SRI Technical Report , SRI-CSL-90-05, 1990.

[LUN92] Lunt, T., et al. "A Real-Time Intrusion Detection Expert System ( IDES )." SRI Technical Report , Final Report, Feb 1992.

[LUN93] Lunt, T. "A Survey of Intrusion Detection Techniques." Computers & Security , v12 n4, Jun 1993, p405 “418.

[LYN92] Lynch, D. Internet Systems Handbook . Addison Wesley, 1992.

[LYO89] de Lyons, G. "Ko Vaht Chan Ellz." private communication , 1989.

[MAH96] Maher, D. "Crypto Backup and Key Escrow." Comm of the ACM , v39 n3, Mar 1996, p48 “53.

[MAN01] Mansfield, T., et al. "Biometric Product Testing Final Report." National Physical Laboratory Technical Report , 19, Mar 2001.

[MAN98] Mann, C. "Who Will Own Your Next Good Idea?" Atlantic Monthly , Sep 1998, p57 “82.

[MAR98] Marks, L. Between Silk and Cyanide . Free Press, 1998.

[MAS95] Mason, R. "Ethics to Information Technology Issues." Comm of the ACM , v38 n12, Dec 1995, p55 “57.

[MAT02] Matsumoto, T., et al. "Impact of Artificial Gummy Fingers on Fingerprint Systems." Proc of SPIE: Optical Security and Counterfeit Detection Techniques IV , v4677, 2002. URL: tsuttomu@mlab.jks.ynu.ac.jp.

[MAT78] Matyas, S., and Meyer, C. "Generation, Distribution and Installation of Cryptographic Keys." IBM Systems Journal , v17 n2, 1978, p126 “137.

[MAT85] Matley, B. "Computer Privacy in America: Conflicting Practices ”Policy Choices." Proc IEEE Symp on Security & Privacy , 1985, p219 “223.

[MAT86] Matloff, N. "Another Look at Use of Noise Addition for Database Security." Proc IEEE Symp on Security & Privacy , 1986, p173 “180.

[MAY90] Mayer, F., and Padilla, S. "What Is a B3 Architecture?" Trusted Information Systems unpublished manuscript , Jan 1990.

[MAY91] Mayfield, T., et al. "Integrity in Automated Information Systems." C Technical Report , 79-91, Sep 1991.

[MCA89] McAfee, J. "The Virus Cure." Datamation , v35 n4, 15 Feb 1989, p29 “35.

[MCC79] McCauley, E., and Drongowski, P. "KSOS ”The Design of a Secure Operating System." Proc AFIPS National Computer Conf , 1979, p345 “353.

[MCC90] McCullough, D. "A Hookup Theorem for Multilevel Security." IEEE Trans on Software Engineering , vSE-16 n6, Jun 1990.

[MCD93] McDermid, John A. "Safety-Critical Software: A Vignette." IEE Software Engineering Journal , v8 n1, 1993, p2 “3.

[MCI92] McIlroy, M., and Reeds, J. "Multilevel Security in the UNIX Tradition." Software ”Practice and Experience , v22 n8, Aug 1992, p673 “694.

[MCL90a] McLean, J. "The Specification and Modeling of Computer Security." IEEE Computer , v23 n1, Jan 1990, p9 “16.

[MCL90b] McLean, J. "Security Models and Information Flow." Proc IEEE Symp on Security & Privacy , 1990, p180 “187.

[MEA02] Mearian, L. "Banks Eye Biometrics to Deter Consumer Fraud." Computerworld , 28 Jan 2002.

[MEA86] Meadows, C. "A More Efficient Cryptographic Matchmaking Protocol." Proc IEEE Symp on Security & Privacy , 1986, p134 “137.

[MER78a] Merkle, R. "Secure Communication over Insecure Channels." Comm of the ACM , v21 n4, Apr 1978, p294 “299.

[MER78b] Merkle, R., and Hellman, M. "Hiding Information and Signatures in Trapdoor Knapsacks." IEEE Trans on Information Theory , vIT-24 n5, Sep 1978, p525 “530.

[MER80] Merkle, R. "Protocols for Public Key Cryptosystems." Proc IEEE Symp on Security & Privacy , 1980, p122 “133.

[MER81] Merkle, R., and Hellman, M. "On the Security of Multiple Encryption." Comm of the ACM , v24 n7, Jul 1981, p465.

[MEY82] Meyer, C., and Matyas, S. Cryptography: A New Dimension in Computer Security . Wiley, 1982.

[MIL76] Millen, J. "Security Kernel Validation in Practice." Comm of the ACM , v19 n5, May 1976, p243 “250.

[MIL87a] Millen, J. "Covert Channel Capacity." Proc IEEE Symp on Security & Privacy , 1987.

[MIL87b] Millen, J., et al. "The Interrogator: Protocol Security Analysis." IEEE Trans on Software Engineering , vSE-13 n2, Feb 1987, p274 “288.

[MIL88] Millen, J. "Covert Channel Analysis." unpublished notes , 1988.

[MIL92] Millen, J. "A Resource Allocation Model for Denial of Service." Proc IEEE Symp on Security & Privacy , 1992, p137 “147.

[MIL95] Milberg, S., et al. "Values, Personal Information, Privacy, and Regulatory Approaches." Comm of the ACM , v38 n12, Dec 1995, p65 “74.

[MIY89] Miyaguchi, S. "The FEAL-8 Cryptosystem and Call for Attack." Proc Crypto Conf , 1989, p624 “627.

[MOF88] Moffett, J., and Sloman, M. "The Source of Authority for Commercial Access Control." IEEE Computer , v21 n2, Feb 1988, p59 “69.

[MOO88] Moore, J. "Protocol Failures in Cryptosystems." Proc of the IEEE , v76 n5, May 1988, p594 “602.

[MOR77] Morris, R., et al. "Assessment of the NBS Proposed Data Encryption Standard." Cryptologia , v1 n3, Jul 1977, p281 “291.

[MOR79] Morris, R., and Thompson, K. "Password Security: A Case History." Comm of the ACM , v22 n11, Nov 1979.

[MOR85] Morris, R. "A Weakness in the 4.2BSD Unix TCP/IP Software." AT&T Bell Laboratories Computing Science Technical Report , 117, 1985.

[MUD95] Mudge. "How to Write Buffer Overflows." L0pht report , 20 Oct 1995.

[MUD97] Mudge. "NT LAN Manager Password Vulnerabilities." L0phtcrack Technical Rant , 1997.

[MUF92] Muffett, A. "Crack, A Sensible Password Checker for Unix." unpublished report , 1992. URL: http://www.cert.org/pub/tools/crack.

[MUK94] Muklherjee, B., et al. "Network Intrusion Detection." IEEE Network , May “Jun 1994, p26 “41.

[MUL02] Mullins, J. "Making Unbreakable Code." IEEE Spectrum , v39 n5, May 2002, p40 “45.

[MUL90] Mullender, S., et al. "Amoeba ”A Distributed Operating System for the 1990s." IEEE Computer , v23 n5, May 1990, p44 “53.

[MUR90] Murphy, S. "The Cryptanalysis of FEAL-4 with 20 Chosen Plaintexts." Journal of Cryptology , v2 n3, 1990, p145 “154.

[MYE80] Myers, P. Subversion: The Neglected Aspect of Computer Security , Naval Postgraduate School Master's thesis, Jun 1980. URL: http://csrc.nist.gov/publications/history/myer80.pdf.

[NAS00] NASA. "MARS Program Assessment Report Outlines Route to Success." Press Release , 00-46, March 2000.

[NAS90] Nash, M., and Poland, K. "Some Conundrums Concerning Separation of Duty." Proc IEEE Symp on Security & Privacy , 1990, p201 “207.

[NAS98] NAS (National Academy of Sciences). Trust in Cyberspace . National Academy Press, 1998.

[NAU93] Naur, P. "Understanding Turing 's Universal Machine." Computer Journal , v36 n4, 1993, p351 “371.

[NAV86] Navathe, S. "Integrating User Views in Database Design." IEEE Computer , v19 n1, Jan 1986, p50 “61.

[NBS77] NBS (U.S. National Bureau of Standards). "Data Encryption Standard." FIPS , Publ. 46, Jan 1977.

[NBS80] NBS (U.S. National Bureau of Standards). "DES Modes of Operation." FIPS , Publ. 81, US Govt Print Ofc, 1980.

[NCS85] NCSC (National Comp Sec Center). "Orange Book," same as [DOD85].

[NCS87] NCSC (National Comp Sec Center). "Trusted Network Interpretation." National Computer Security Center , NCSC-TG-005-ver1, 1987.

[NCS91a] NCSC (National Comp Sec Center). "A Guide to Understanding Data Remanence." National Computer Security Center , NCSC-TG-025 ver2, Sept 1991.

[NCS91b] NCSC (National Computer Security Center). "Integrity-Oriented Control Objectives." C Technical Report , 111-91, Oct 1991.

[NCS92] NCSC (National Computer Security Center). "Trusted Computer System Architecture: Assessing Modularity." internal working paper , unpublished, 18 Dec 1992.

[NEC96] Necula, G., and Lee, P. "Proof-Carrying Code." Carnegie-Mellon Univ School of Computer Science Technical Report , CMU-CS-96-165, Nov 1996.

[NEE78] Needham, R., and Schroeder, M. "Using Encryption for Authentication in Large Networks of Computers." Comm of the ACM , v21 n12, Dec 1978, p993 “999.

[NEE78] Needham, R., and Schroeder, M. "Authentication Revisited." ACM Operating Systems Review , v21 n12, Dec 1978.

[NEE94] Needham, R. "Denial of Service: An Example." Comm of the ACM , v37 n11, Nov 1994, p42 “47.

[NES86] Nessett, D. "Factors Affecting Distributed System Security." Proc IEEE Symp on Security & Privacy , 1986, p204 “222.

[NES87] Nessett, D. "Factors Affecting Distributed System Security." IEEE Trans on Software Engineering , vSE-13, n2, Feb 1987.

[NEU78] Neumann, P. "Computer System Security Evaluation." Proc AFIPS National Computer Conf , 1978, p1087 “1095.

[NEU82] Neugent, W. "Acceptance Criteria for Computer Security." Proc AFIPS National Computer Conf , 1982, p443 “448.

[NEU83] Neumann, P. "Experience with Formality in Software Development." Theory and Practice of Software Technology , North-Holland, 1983, p203 “219.

[NEU86] Neumann, P. "On Hierarchical Design of Comp Sys for Critical Applns." IEEE Trans on Software Engineering , vSE-12 n9, Sep 1986, p905 “920.

[NEU90a] Neumann, P. "Toward Standards and Criteria for Critical Computer Systems." Proc COMPASS Conf , 1990.

[NEU90b] Neumann, P. "Rainbows and Arrows: How Security Criteria Address Misuse." Proc National Computer Security Conf , 1990, p414 “422.

[NEU96] Neumann, P. "Primary Colors and Computer Evidence." Risks Digest , v18 n26, 18 Jul 1996.

[NEU98] Neu, C., et al. "E-Mail Communication Between Government and Citizens." RAND Corp Issue Paper , IP-178, 1998.

[NIS01] NIST (National Institute of Standards and Technology). "Specification for the Advanced Encryption System AES." FIPS , 197, 2001.

[NIS91b] NIST (National Institute of Standards & Technology). "Glossary of Computer Security Terminology." NIST Tech Report , NISTIR 4659, Sep 1991.

[NIS92b] NIST (National Institute of Standards & Technology). "The Digital Signature Standard, Proposal and Discussion." Comm of the ACM , v35 n7, Jul 1992, p36 “54.

[NIS93] NIST (National Institute of Standards & Technology). "Secure Hash Standard." FIPS , Publ. 180, May 1993.

[NIS94] NIST (National Institute of Standards & Technology). "Digital Signature Standard." FIPS , Publ. 186, May 1994.

[NIS95] NIST (National Institute of Standards & Technology). "Secure Hash Standard." FIPS , Publ. 180-1, 17 Apr 1995.

[NOG02] Noguchi, Y. "High Wireless Acts." Washington Post , 28 Apr 2002.

[NOR00] Northcutt, S., et al. Network Intrusion Detection , 2nd ed. New Riders Publishing, 2000.

[NRC02] NRC (National Research Council). Cybersecurity Today and Tomorrow: Pay Now or Pay Later . National Academy Press, 2002.

[NRC91] NRC (National Research Council). Computers at Risk: Safe Computing in the Electronic Age . National Academy Press, 1991.

[NRC96] NRC (National Research Council). Cryptography's Role in Securing the Information Society . National Academy Press, 1996.

[NSA01] NSA (National Security Agency). "The 60 Minute Network Security Guide." NSA white paper , 2001. URL: http://www.nsa.gov/Security-Recommendation-Guides.

[NSA92] NSA (National Security Agency). "Federal Criteria for Information Technology Security." NSA , Dec 1992.

[NSA95a] NSA (National Security Agency). "SSE CMM: Systems Security Engineering Capability Maturity Model." NSA SSE-CMM Model and Application Report , Oct 2 1995.

[NSA95b] NSA (National Security Agency). "Security Service API Cryptographic API Recommendations." NSA Report , Jun 1995.

[OHA01] O'Harrow, R. "An Open Door to the E-Mailroom." Washington Post , 22 Jun 2001.

[OLO93] Olovsson, T. "Data Collection for Security Fault Forecasting." PDCS Technical Report , ESPRIT BRA 6362 PDCS 2, Aug 1993.

[OLS93] Olsen, N. "The Software Rush Hour." IEEE Software , v 10 n 5, May 1993, p29 “37.

[OWA02] OWASP (Open Web Application Security Project). "A Guide to Building Secure Web Applications." OWASP report , 2002. URL: http://www.owasp.org.

[PAD79] Padlipsky, M., et al. "KSOS ”Computer Network Applications." Proc AFIPS National Computer Conf , 1979, p373 “381.

[PAL01] Palmer, C. "Ethical Hacking." IBM Systems Journal , v40 n3, 2001, p769 “780.

[PAR72] Parnas, D. "On the Criteria to Be Used in Decomposing Systems into Modules." Comm of the ACM , v15 n12, Dec 1972, p1053 “1058.

[PAR75] Parnas, D., and Siewiorek, D. "Use of the Concept of Transparency in the Design of Hierarchically Structured Operating Systems." Comm of the ACM , v18 n7, July 1975, p401 “408.

[PAR79] Parker, D. Ethical Conflicts in Computer Science and Technology . AFIPS Press, 1979.

[PAR83] Parker, D. Fighting Computer Crime . Scribners, 1983.

[PAR84] Parker, D., and Nycum, S. "Computer Crime." Comm of the ACM , v27 n4, Apr 1984, p313 “321.

[PAR98] Parker, D. Fighting Computer Crime . Wiley, 1998.

[PAU93] Paulk, M., et al. "Capability Maturity Model, version 1.1." IEEE Software , v10 n4, Jul 1993, p18 “27.

[PAU95] Paulk, M. "How ISO 9001 Compares with the CMM." IEEE Software , v12 n1, Jan 1995, p74 “82.

[PCS81] PCSG (Public Cryptography Study Group). "Report of the Public Cryptography Study Group." Comm of the ACM , v24 n7, Jul 1981, p434 “450.

[PER95] Persson, S. "Security Policy for Swedish Post." TIS Technical Report , Aug 1995.

[PES01] Pescatore, J., et al. "Privacy and Security Still Challenge Microsoft Passport." Gartner Group First Take Report , FT-14-4259, 24 Sep 2001.

[PET85] Petroski, H. To Engineer Is Human: The Role of Failure in Successful Design . Petrocelli Books, 1985.

[PET91] Pethia, R., et al. "Guidelines for the Secure Operation of the Internet." Internet report , RFC 1281, Nov 1991.

[PET90] Pethia, R., and Crocker, S. "Internet Security Policy Recommendations." Internet Engineering Task Force draft report , 28 Nov 1990.

[PFL00] Pfleeger, S. "Risky Business: What We Have Yet to Learn About Software Risk Management." Journal of Systems and Software , v53 n3, Sep 2000.

[PFL01] Pfleeger, S., Software Engineering: Theory and Practice , 2nd ed. Prentice Hall, 2001.

[PFL01a] Pfleeger, S., et al. Solid Software . Prentice Hall, 2001.

[PFL85] Pfleeger, S., and Straight, D. Introduction to Discrete Structures . John Wiley and Sons, 1985.

[PFL88] Pfleeger, C., and Pfleeger S. "A Transaction Flow Approach to Software Security Certification." Computers & Security , v7 n3, 1988, p495 “502.

[PFL89] Pfleeger, C., et al. "A Methodology for Penetration Testing." Computers & Security , v8, 1989, p613 “620.

[PFL91] Pfleeger, S. Software Engineering . Macmillan, 1991.

[PFL91a] Pfleeger, S. "A Framework for Security Requirements." Computers and Security , v10, 1991, p515 “523.

[PFL92] Pfleeger, C., and Mayfield T. "NCSC Availability Study." Unpublished manuscript , Institute for Defense Analyses, 1992.

[PFL93] Pfleeger, C. "How Can IT Be Safe If It's Not Secure?" Proc Safety Critical Systems Conference , Apr 1993.

[PFL94] Pfleeger, C. "Uses and Misuses of Formal Methods in Computer Security." Proc IMA Conf on Mathematics of Dependable Systems , 1994.

[PFL97] Pfleeger, C. "The Fundamentals of Information Security." IEEE Software , v14 n1, January 1997, p15 “16, 60.

[PFL97a] Pfleeger, S., and Hatton, L. "Investigating the Influence of Formal Methods." IEEE Computer , v30 n2, Feb 1997.

[PLE77] Pless, V. "Encryption Schemes for Computational Confidentiality." IEEE Trans on Computers , vC-26 n11, Nov 1977, p1133 “1136.

[POP74a] Popek, G. "Protection Structures." IEEE Computer , v7 n6, Jun 1974, p22 “23.

[POP78] Popek, G., and Kline, C. "Encryption Protocols, Public Key Algorithms, and Digital Signatures." In DeMillo, R., ed. Foundations of Secure Computation . Academic Press, 1978, p133 “155.

[POP78a] Popek, G., and Kline, C. "Issues in Kernel Design." Proc AFIPS National Computer Conf , 1978, p1079 “1086.

[POP79a] Popek, G., et al. "UCLA Secure Unix." Proc AFIPS National Computer Conf , 1979, p355 “364.

[PUR74] Purdy, G. "A High Security Log-In Procedure." Comm of the ACM , v17 n8, Aug 1974, p4422 “445.

[PUR82] Purdy, G., et al. "A Software Protection Scheme." Proc IEEE Symp on Security & Privacy , 1982, p99 “103.

[QIA94] Qian, X. "Inference Channel-Free Integrity Constraints for Multilevel Databases." Proc IEEE Symp on Security & Privacy , 1994, p158 “167.

[RAB78] Rabin, M. "Digitalized Signatures." In DeMillo, R., ed. Foundations of Secure Computation . Academic Press, 1978, p155 “166.

[RAM99] Ramdell, B. "S/MIME Version3 Message Specification." Internet technical report , RFC 2633, Apr 1999.

[RAN92] Ranum, M. "A Network Firewall." Proc International Conf on Systems and Network Security and Management (SANS-1) , Nov 1992.

[RAN94] Ranum, M., and Avolio, F. "A Toolkit and Methods for Internet Firewalls." Proc Usenix Security Symp , 1994.

[RAN95] Ranum, M. "Marcus J Ranum Certified Apparently OK: On the Topic of Firewall Testing." Unpublished manuscript , 1995.

[REE77] Reeds, J. "'Cracking' a Random Number Generator." Cryptologia , v1 n1, Jan 1977, p20 “26.

[REE84] Reeds, J., and Weinberger, P. "File Security and the Unix Operating System 'crypt' Command." AT&T Bell Labs Technical Journal , v63 n8 pt2, Oct 1984, p1673 “1684.

[REI87] Reid, B. "Reflections on Some Recent Widespread Computer Breakins." Comm of the ACM , v30 n2, Feb 1987.

[RIP02] Riptech, Inc. "Internet Security Threat Report." Riptech Technical Report , v2, Jul 2002.

[RIT79] Ritchie, D. "On the Security of UNIX." Unix Programmer's Manual, secn. 2 , AT&T Bell Labs., 1979.

[RIV78] Rivest , R., et al. "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems." Comm of the ACM , v21 n2, Feb 1978, p120 “126.

[RIV91] Rivest, R. "The MD4 Message Digest Algorithm." Proc Crypto Conf , 1991, p303 “311.

[RIV92] Rivest, R. "The MD4 Message Digest Algorithm." Internet report , RFC 1186, Oct 1992.

[RIV92a] Rivest, R. "The MD4 Message-Digest Algorithm." Internet report , RFC 1320, Apr 1992.

[RIV92b] Rivest, R. "The MD5 Message-Digest Algorithm." Internet report , RFC 1321, Apr 1992.

[RIV92c] Rivest, R. "Response to NIST's Proposal." Comm of the ACM , v35 n7, Jul 1992, p41 “47.

[RIV98] Rivest, R., et al. "The RC6 BlockCipher, version 1.1." RSA Labs upublished report , 20 Aug 1998. URL: http://theory.lcs.mit.edu/~rivest/publications.html.

[ROC89] Rochlis, J., and Eichin, M. "With Microscope and Tweezers: The Worm from MIT's Perspective." Comm of the ACM , v30 n6, Jun 1989.

[ROO93] Rook, P. "Risk Management for Software Development." ESCOM Tutorial , 24 Mar 1993.

[ROS30] Ross, W. The Right and the Good . Springer-Verlag, 1930.

[ROS91] Rosen, K. "Network Security: Just Say 'Know' at Layer 7." Data Communications , Mar 1991, p103 “105.

[RUB00] Rubin, A. "Security Considerations for Remote Electronic Voting over the Internet." Proc Internet Policy Institute Workshop on Internet Voting , Oct 2000.

[RUB01] Rubin, A. White Hat Arsenal . Addison-Wesley, 2001.

[RUB97] Rubin, A., et al. Web Security Sourcebook . Wiley, 1997.

[RUB98] Rubin, A., and Geer, D. "Mobile Code Security." IEEE Internet Computing , Nov “Dec 1998.

[RUS83] Rushby, J., and Randell, B. "A Distributed Secure System." IEEE Computer , v16 n7, Jul 1983, p55 “67.

[RUS85] Rushby, J. "Networks Are Systems." Proc DOD Computer Security Center Workshop on Network Security , 1985, p7-24 “7-38.

[RUS91] Russell, D., and Gangemi, G. Computer Security Basics . O'Reilly & Assoc., 1991.

[SAI95] Saiedien, H., and Kuzara, R. "SEI Capability Maturity Model's Impact on Contractors." IEEE Computer , v28 n1, Jan 1995, p16 “26.

[SAI96] Saiedien, H. "An Invitation to Formal Methods." IEEE Computer , v29 n4, Apr 1996, p16 “30.

[SAL74] Saltzer, J. "Protection and the Control of Information Sharing in MULTICS." Comm of the ACM , v17 n7, Jul 1974, p388 “402.

[SAL75] Saltzer, J., and Schroeder, M. "The Protection of Information in Computing Systems." Proc of the IEEE , v63 n9, Sep 1975, p1278 “1308.

[SAL90] Salomaa, A. Public Key Cryptography . Springer-Verlag, 1990.

[SAN02] Sandoval, G. "Why Hackers Are a Step Ahead of the Law." CNET Tech News , 14 May 2002.

[SAN93] Sandhu, R. "Lattice-Based Access Control Models." IEEE Computer , v26 n11, Nov 1993, p9 “19.

[SCA01] Scambray, J., et al. Hacking Exposed , 3rd ed. McGraw-Hill, 2001.

[SCH00] Schneier, B. Secrets and Lies: Digital Security in a Networked World . Wiley, 2000.

[SCH01] Schell, R. "Invited Essay : Information Security: Science, Pseudoscience, and Flying Pigs." Proc Computer Security Applications Conf , 2001.

[SCH02] Schjolberg, S. "The Legal Framework ”Unauthorized Access to Computer Systems: Penal Legislation in 44 Countries." Report of Moss [Norway] District Court , 15 Apr 2002. URL: http://www.mossbyrett.of.no/ info /legal.html.

[SCH72] Schroeder, M., and Saltzer, J. "A Hardware Architecture for Implementing Protection Rings." Comm of the ACM , v15 n3, Mar 1972, p157 “170.

[SCH77] Schaefer, M., et al. "Program Confinement in KVM/370." Proc ACM Annual Conf , 1977, p404 “410.

[SCH79] Schell, R. "Computer Security." Air Univ Review , Jan-Feb 1979, p16 “33.

[SCH83b] Schell, R. "A Security Kernel for a Multiprocessor Microcomputer." IEEE Computer , v16 n7, July 1983, p47 “53.

[SCH84a] Schaefer, M., and Schell, R. "Toward an Understanding of Extensible Architectures." Proc IEEE Symp on Security & Privacy , 1984, p41 “49.

[SCH84b] Schaumueller-Bichl, I., and Piller, E. "A Method of Software Protection Based on the Use of Smart Cards." Proc Eurocrypt Conf , 1984, p446 “454.

[SCH86] Schell, R., and Denning, D. "Integrity in Trusted Database Systems." Proc National Computer Security Conf , 1986, p30 “36.

[SCH89a] Schaefer, M. "Symbol Security Condition Considered Harmful." Proc IEEE Symp on Security & Privacy , 1989, p20 “46.

[SCH89b] Schaefer, M., et al. "Tea and I: An Allergy." Proc IEEE Symp on Security & Privacy , 1989, p178 “182.

[SCH90a] Schaefer, M. "State of the Art and Trends in Trusted DBMS." Proc Deutsche Konferenz uber Computersicherheit , 1990, p1 “19.

[SCH90b] Schell, R., and Irvine, C. "Performance Implications for Multilevel Database Systems." unpublished report , 1990.

[SCH91] Schaefer, M. "Reflections on Current Issues in Trusted DBMS." Database Security IV: Status and Prospects , North-Holland, 1991.

[SCH96] Schneier, B. Applied Cryptography , 2nd ed. Wiley, 1996.

[SCH98] Schneier, B., et al. "Twofish: A 128-Bit Block Cipher." unpublished Counterpane Technical Report , 15 Jun 1998. URL: http://www.counterpane.com/twofish.html.

[SEC99] SEC Security Office. OPSEC Primer . 27 Jun 1999.

[SEE89] Seeley, D. "Password Cracking: A Game of Wits." Comm of the ACM , v32 n6, Jun 1989, p700 “703.

[SEI01] Seife, C. "More Than We Need to Know." Washington Post , 19 Nov 2001, pA37.

[SEI90] Seiden, K., and Melanson, J. "The Auditing Facility for a VMM Security Kernel." Proc IEEE Symp on Security & Privacy , 1990, p262 “277.

[SHA00] Shankland, S. "German Programmer 'Mixter' Addresses Cyberattacks." CNET News.com , 14 Feb 2000.

[SHA49] Shannon, C. "Communication Theory of Secrecy Systems." Bell Systems Technical Journal , v28, Oct 1949, p659 “715.

[SHA78] Shamir, A., et al. "Mental Poker." MIT Lab for Comp. Sci. , Report TM-125, Nov 1978.

[SHA79] Shamir, A. "How to Share a Secret." Comm of the ACM , v22 n11, Nov 1979, p612 “613.

[SHA80] Shamir, A., and Zippel, R. "On the Security of the Merkle-Hellman Cryptographic Scheme." IEEE Trans on Information Theory , vIT-26 n3, May 1980, p339 “340.

[SHA82] Shamir, A. "A Polynomial Time Algorithm for Breaking the Basic Merkle “Hellman Cryptosystem." Proc Crypto Conf , 1982, p279 “288.

[SHA83] Shamir, A. "On Generation of Cryptographically Strong Pseudorandom Sequences." ACM Trans on Computing Systems , v1 n1, Feb 1983, p38 “44.

[SHA93] Shamos, M. "Electronic Voting ”Evaluating the Threat." Proc Computers, Freedom and Privacy Conf , 1993.

[SHI87] Shimizu, A., and Miyaguchi, S. "Fast Data Encipherment Algorithm." Proc Eurocrypt Conf , 1987, p267 “278.

[SHI96] Shimomura, T., and Markoff, J. Takedown . Hyperion, 1996.

[SHO82] Shock, J., and Hupp, J. "The "Worm" Programs ”Early Experience with a Distributed Computing System." Comm of the ACM , v25 n3, Mar 1982, p172 “180.

[SIB87] Sibert, W., et al. "Unix and B2: Are They Compatible?" Proc National Computer Security Conf , 1987, p142 “149.

[SIM77] Simmons, G., and Norris, M. "Preliminary Comments on the M.I.T. Public-Key Cryptosystem." Cryptologia , v1 n4, Oct 1977, p406 “414.

[SIM79] Simmons, G. "Symmetric and Asymmetric Encryption." Computing Surveys , v11 n4, Dec 1979, p305 “330.

[SIM88a] Simmons, G. "A Survey of Information Authentication." Proc of the IEEE , v76 n5, May 1988, p603 “620.

[SIM88b] Simmons, G. "How to Insure that Data Acquired to Verify Treaty Compliance Are Trustworthy." Proc of the IEEE , v76 n5, May 1988, p621 “627.

[SIM92] Simmons, G. Contemporary Cryptology . IEEE Press, 1992.

[SIM94] Simmons, G. "Cryptanalysis and Protocol Failures." Comm of the ACM , v37 n11, Nov 1994, p56 “64.

[SIN66] Sinkov, A. Elementary Cryptanalysis: A Mathematical Approach . Math Assn Amer, 1966.

[SIN99] Singh, S. The Code Book . Doubleday, 1999.

[SIP95] Sipior, J., and Ward, B. "The Ethical and Legal Quandary of Email Privacy." Comm of the ACM , v38 n12, Dec 1995, p48 “54.

[SIT01] Sit, E., and Fu, K. "Web Cookies: Not Just a Privacy Risk." Comm of the ACM , v44 n9, Sept 2001, p120.

[SMA88] Smaha, S. "Haystack: An Intrusion Detection System." Proc Aerospace Computer Security Conf , Dec 1988, p37 “44.

[SMI01] Smith, R. "Deciphering the Advanced Encryption Standard." Network Magazine , 5 Mar 2001.

[SMI88a] Smid, M., and Branstad, D. "The Data Encryption Standard: Past Present and Future." Proc the IEEE , v76 n5, May 1988, p550 “559.

[SMI88b] Smith, G. "Inference and Aggregation Security Attack Analysis." George Mason University Technical Paper , Sept 1988.

[SMI91] Smith, G. "Modeling Security-Relevant Data Semantics." IEEE Trans on Software Engineering , vSE17 n11, Nov 1991, p1195 “1203.

[SMI93a] Smid, M., and Branstad, D. "Response to Comments on the NIST Proposed Digital Signature Standard." Proc Crypto Conf , 1993.

[SMI93b] Smith, H. "Privacy Policies and Practices: Inside the Organizational Maze." Comm of the ACM , v36 n12, Dec 1993, p105 “122.

[SNA91] Snapp, S., et al. "DIDS (Distributed Intrusion Detection System) ”Motivation, Architecture." Proc National Computer Security Conf , 1991.

[SNY81] Snyder, L. "Formal Models of Capability-Based Protection Systems." IEEE Trans on Computers , vC-30 n3, May 1981, p172 “181.

[SOL77] Solovay, R., and Strassen, V. "A Fast Monte-Carlo Test for Primality." SIAM Journal on Computing , v6, Mar 1977, p84 “85.

[SOL81] Solomon, D. "Processing Multilevel Secure Objects." Proc IEEE Symp on Security & Privacy , 1981, p56 “61.

[SOM96] Sommerville, I. Software Engineering , 5th ed. Addison-Wesley, 1996.

[SOO00] Soo Hoo, K. "How Much Is Enough? A Risk Management Approach to Computer Security." Center for International Security and Cooperation working paper , 2000. URL: http://cisac. stanford .edu/docs/soohoo.pdf.

[SPA89] Spafford, E "The Internet Worm Incident." Proc European Software Engineering Conf , 1989, reprinted in [HOF90], p203 “227.

[SPA92] Spafford, E. "Observing Reusable Password Choices." Proc Usenix Unix Security III Workshop , 1992, p299 “312.

[SPA95] Spafford, E. unpublished note, 26 Nov 1995.

[SPA96] Spafford, E. "Kerberos 4 Keys Not So Random?" unpublished report , Purdue Univ COAST Project, 23 Feb 1996.

[SPA98] Spafford, E. "Are Computer Hacker Break-Ins Ethical?" In [DEN98], p493 “506.

[SPO90] Spooner, D., and Landwehr, C., eds. Database Security III: Status and Prospects . North-Holland, 1990.

[STA02] Stajano, F., and Anderson, R. "The Resurrecting Duckling: Security Issues for Ubiquitous Computing." IEEE Computer , supplement on Security and Privacy, Apr 2002.

[STA02a] Staniford, S., et al. "How To Own the Internet in Your Spare Time." Proc Usenix Security Symp , Aug 2002. URL: http://www.icir.org/vern/papers/cdc-usenix-sec02.

[STA94] Stallings, W. Data and Computer Communications , 4th ed. Macmillan, 1994.

[STA96] Staniford-Chen, S., et al. "GrIDS ”A Graph-Based Intrusion Detection System for Large Networks." Proc National Information Systems Security Conf , 1996.

[STE74] Stevens, W., et al. "Structured Design." IBM Systems Journal , v13 n2, 1974, p115 “139.

[STE88] Steiner, J., "Kerberos: An Authentication Service for Open Network Systems." Proc Usenix Conf , Feb 1988, p191 “202.

[STI94] Stickel, M. "Elimination of Inference Channels by Optimal Upgrading." Proc IEEE Symp on Security & Privacy , 1994.

[STI96] Stinson, D. Cryptography: Theory and Practice , 2nd ed. CRC Press, 1996.

[STI99] Stillerman, M., et al. "Intrusion Detection for Distributed Applications." Comm of the ACM , v42 n7, Jul 1999, p62 “69.

[STO74] Stonebraker, M., and Wong, E. "Access Control in a Relational Data Base Management System by Query Modification." Proc ACM Annual Conf , 1974, p180 “186.

[STO81b] Stonebraker, M. "Operating System Support for Database Management." Comm of the ACM , v24 n7, Jul 1981, p412 “418.

[STO88] Stoll, C. "Stalking the Wily Hacker." Comm of the ACM , v31 n5, May 1988, p484 “497.

[STO89] Stoll, C. The Cuckoo's Egg . Doubleday, 1989.

[STU89a] Stubbs, B., and Hoffman, L. "Mapping the Virus Battlefield." GWU Technical Report , GWU-IIST-89-23, in [HOF90], Aug 1989.

[STU90] Stumm, M., and Zhou, S. "Algorithms Implementing Distributed Shared Memory." IEEE Computer , v23 n5, May 1990, p54 “64.

[SUG79] Sugarman, R. "On Foiling Computer Crime." IEEE Spectrum , v16 n7, Jul 1979, p31 “32.

[SYV97] Syverson, P., et al. "Anonymous Connections and Onion Routing." Proc IEEE Symp on Security & Privacy , 1997, p44 “54.

[TAN01] Tanenbaum, A. Modern Operating Systems . Prentice-Hall, 2001.

[TAN03] Tanenbaum, A. Computer Networks, 4th ed . Prentice-Hall, 2003.

[TEN90] Teng, H., et al. "Security Audit Trail Analysis Using Inductively Generated Predictive Rules." Proc Conf on Artificial Intelligence Applications , Mar 1990, p24 “29.

[TER98] Terry, D., et al. "The Case for Non-Transparent Replication: Examples from Bayou." IEEE Data Engineering , Dec 1998, p12 “20.

[THI01] Thibodeaux, M., et al. "Ethical Aspects of Information Assurance Education." Proc IEEE Systems Man and Cybernetics Information Assurance Workshop , 5 Jun 2001, p247 “251.

[THO84] Thompson, K. "Reflections on Trusting Trust." Comm of the ACM , v27 n8, Aug 1984, p761 “763.

[TIS92] TIS (Trusted Information Systems). "A Proposed Interpretation of TCSEC for Virtual Machine Monitor." TIS Tech Report , 10 Aug 1992.

[TIS97] TIS (Trusted Information Systems). "TMach Security Architecture." TIS TMach Report , Edoc-0001-97A, 1997.

[TOM84] Tompkins, J. Report on Computer Crime . American Bar Assn, 1984.

[TSA90] Tsai, J., et al. "A Noninvasive Architecture to Monitor Real-Time Distributed Systems." IEEE Computer , v23 n3, Mar 1990, p11 “23.

[TUC79] Tuchman, W. "Hellman Presents No Shortcut Solutions to the DES." IEEE Spectrum , v16 n7, Jul 1979, p40.

[TUR82] Turn , R. "Private Sector Needs for Trusted/Secure Computer Systems." Proc AFIPS National Computer Conf , 1982, p449 “460.

[UCS01] UCSD (Univ of California at San Diego). "Inferring Internet Denial-of-Service Activity." Cooperative Association for Internet Data Analysis Report , 25 May 2001.

[VAH82] Vahle, M., and Tolendino, L. "Breaking a Pseudo Random Number Based Cryptographic Algorithm." Cryptologia , v6 n4, Oct 1982, p319 “328.

[VIG01] Vigna, G., et al. "Designing a Web of Highly-Configurable Intrusion Detection Sensors." Proc Workshop on Recent Advances in Intrusion Detection (RAID 2001) , Oct 2001.

[VIG98] Vigna, G., and Kemmerer, R. "NetSTAT: A Network-Based Intrusion Detection System." Proc Annual Computer Security Applications Conf , Dec 1998.

[VIG99] Vigna, G., and Kemmerer, R. "NetSTAT: A Network-Based Intrusion Detection System." Journal of Computer Security , v7 n1, 1999.

[VOL96] Volpano, D. "A Sound Type System for Secure Flow Analysis." Journal of Computer Security , v4 n3, 1996, p167 “187.

[VOY83] Voydock, V., and Kent, S. "Security Mechanisms in High-Level Network Protocols." Computing Surveys , v15 n2, Jun 1983, p135 “171.

[WAC95] Wack, J., and Carnahan, L. "Keeping Your Site Comfortably Secure: An Introduction to Internet Firewalls." NIST Special Publication , 800-10, 1995.

[WAG83] Wagstaff, S. "How to crack an RSA cryptosystem." Proc Crypto Conf , 1983.

[WAL02] Walker, L. "Microsoft Wants Security Hard-Wired in Your Computer." Washington Post , 27 Jun 2002, pE1.

[WAL80] Walker, B., et al. "Specification and Verification of the UCLA Unix Security Kernel." Comm of the ACM , v23 n2, Feb 1980, p118 “131.

[WAL85] Walker, S. "Network Security Overview." Proc IEEE Symp on Security & Privacy , 1985, p62 “76.

[WAL96] Walker, S., et al. "Commercial Key Recovery." Comm of the ACM , v39 n3, Mar 1996, p41 “47.

[WAR79] Ware, W. "Security Controls for Computer Systems." RAND Corp Technical Report , R-609-1, Oct 1979. URL: http://csrc.nist.gov/publications/history/ware70.pdf.

[WAR84] Ware, W. "Information System Security and Privacy." Comm of the ACM , v27 n4, Apr 1984, p316 “321.

[WAR95] Ware, W. "A Retrospective on the Criteria Movement." Proc National Computer Security Conf , 1995, p582 “588.

[WEI71] Weinberg, G. The Psychology of Computer Programming . Van Nostrand Reinhold, 1971.

[WEI79] Weissman, C. "System Security Analysis/Certification." System Development Corp Technical Report , SP-3728, Oct 1973.

[WEI95] Weisband, S., and Reinig, B. "Managing User Perceptions of Email Privacy." Comm of the ACM , v38 n12, Dec 1995, p40 “47.

[WEL90] Welke, S., et al. "A Taxonomy of Integrity Models, Implementations, Mechanisms." Proc National Computer Security Conf , 1990, p541 “551.

[WHI01] Whitehorn-Umphres, D. "Hackers, Hot Rods, and The Information Drag Strip." IEEE Spectrum , v38 n10, October 2001, p14 “17.

[WHI89] White, S. "Coping with Computer Viruses and Related Problems." In [HOF90], p7 “28.

[WIE83] Wiesner, S. "Conjugate Coding." ACM SIGACT News , v15 n1, 1983, p78 “88.

[WIN90] Wing, J. "A Specifier's Introduction to Formal Methods." IEEE Computer , v23 n9, Sept 1990, p8 “24.

[WIS86] Wiseman, S. "A Secure Capability Computer System." Proc IEEE Symp on Security & Privacy , 1986, p86 “94.

[WOO77] Wood, H. "The Use of Passwords for Controlling Access to Remote Comp." Proc AFIPS National Computer Conf , 1977, p27 “32.

[WOO80] Wood, C., et al. "Data Base Security: Requirements, Policies, Models." IBM Systems Journal , v19 n2, 1980, p229 “252.

[WOO85] Wood, P., and Kochan, S. Unix System Security . Hayden Press, 1985.

[WOO87a] Woodward, J. "Exploiting the Dual Nature of Sensitivity Labels." Proc IEEE Symp on Security & Privacy , 1987.

[WOO87b] Wood, C., et al. Computer Security: A Comprehensive Controls Checklist . Wiley, 1987.

[WOO96] Wood, A., et al. "The Ethical Systems Analyst." Comm of the ACM , v39 n3, Mar 1996, p69 “77.

[WUL74] Wulf, W., et al. "Hydra: The Kernel of a Multiprocessor Operating System." Comm of the ACM , v17 n6, Jun 1974, p337 “345.

[YAC86] Yacoby, Y. "On Proving Privacy in Multiuser Systems." Technion Computer Science Dept Technical Report , 398, Feb 1986.

[YAR31] Yardley, H. The American Black Chamber . Bobbs-Merrill, 1931.

[ZEL78] Zelkowitz, M. "Implementation of a Capability-Based Data Abstraction." IEEE Trans on Software Engineering , vSE-4 n1, Jan 1978, p56 “64.

[ZIM86] Zimmerman, P. "A Proposed Standard Format for RSA Cryptosystems." IEEE Computer , v19 n9, Sep 1986, p21 “34.

[ZIM95a] Zimmerman, P. The Official PGP User's Guide . MIT Press, 1995.

[ZIM95b] Zimmerman, P. PGP Source Code and Internals . MIT Press, 1995.

 <  Free Open Study  >    

Previous page
Table of content
 
Security in Computing
Security in Computing, 4th Edition
ISBN: 0132390779
EAN: 2147483647
Year: 2002
Pages: 129
Authors: Charles P. Pfleeger, Shari Lawrence Pfleeger
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Documenting Software Architectures: Views and Beyond
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
PostgreSQL(c) The comprehensive guide to building, programming, and administering PostgreSQL databases
Cisco CallManager Fundamentals (2nd Edition)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy