Index | Security in Computing, 4th Edition

[ABA94] Abadi, M., and Needham, R. "Prudent Engineering Practice for Cryptographic Protocols." Proc IEEE Symp on Security & Privacy, 1994, p122136.

[ABC06] ABC (American Broadcasting Corporation). "This Tax Season Beware of Downloading Music of Movies." televised news program, 15 Feb 2006. URL: www.abcactionnews.com/stories/2006/02/060215p2p.shtml.

[ABR87] Abrams, M., and Podell, H. Computer & Network SecurityTutorial. IEEE Computer Society Press, 1987.

[ACT02] ActivNewsletter. "Lloyd's TSB Secures Online Banking Services with ActivCard Gold." ActivNewsletter, Feb 2002. URL: www.activcard.com/activ/newsroom/newsletter/0202_edition/lloyds.html.

[ADA89] Adam, N., and Wortman, J. "Security-Control Methods for Statistical Databases: A Study." Computing Surveys, v21 n4, Dec 1989, p515556.

[ADL83] Adleman, L. "On Breaking Generalized Knapsack Public Key Cryptosystems." Proc ACM Symp Theory of Computing, 1983, p402412.

[AFS83] AFSB (Air Force Studies Board). "Multilevel Data Management Security." National Academy of Sciences Report, 1983.

[AGR00] Agrawal, R., and Srikant, R. "Privacy-Preserving Data Mining." Proc ACM SIGMOD Conf on Management of Data, May 2000.

[AGR03] Agrawal, D., and Kesdogan, D. "Measuring Anonymity: The Disclosure Attack." IEEE Security & Privacy, v1 n6, Nov 2003, p2734.

[AIR00] U.S. Air Force. "Operational Risk Management." Air Force Policy Directive, 90-9, 1 Apr 2000.

[ALB01] Alberts, C., et al. "OCTAVE Catalog of Practices." Software Engineering Institute Technical Report, CMU/SEI-2001-TR-020, Oct 2001.

[ALB05] Alberts, C., and Dorofee, A. "Mission Assurance Analysis Protocol (MAAP): Assessing Risk in Complex Environments." Software Engineering Institute Technical Note, CMUSEI-2005-TN032, Sept 2005.

[ALB99] Alberts, C., et al. "Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE Framework)." Software Engineering Institute Technical Report, CMU/SEI-99-TR-017, Jun 1999.

[ALE96] Aleph One (Elias Levy). "Smashing the Stack for Fun and Profit." Phrack, v7 n49, Nov 1996.

[ALL99] Allen, J., et al. "State of the Practice of Intrusion Detection Technologies." Software Engineering Institute Technical Report, CMU/SEI-99-TR-028, 1999.

[AME83] Ames, S., et al. "Security Kernel Design and Implementation: An Introduction." IEEE Computer, v16 n7, Jul 1983, p1423.

[AND01] Anderson, R. Security Engineering: Guide to Building Dependable Distributed Systems. Wiley, 2001.

[AND02a] Anderson, R. "Unsettling Parallels Between Security and the Environment." Presentation at Univ of California Berkeley Workshop, 2002. URL: www.sims.berkeley.edu/resources/affiliates/workshops/econsecurity/econws/37.txt.

[AND02b] Anderson, R. "Security in Open versus Closed SystemsThe Dance of Boltzmann, Coase and Moore." Proc Open Source Software Conf: Economics, Law and Policy, Toulouse, France, 21 Jun 2002.

[AND03] Anderson, H. "Introduction to Nessus." Security Focus, Nessus Vulnerability Scanner, 23 Oct 2003. URL: nessus.org/.

[AND04] Anderson, E., et al. "Subversion as a Threat in Information Warfare." unpublished Naval Postgraduate School white paper, 2004.

[AND05] Anderson, R. "Open and Closed System Are Equivalent (That Is, In an Ideal World)." in Perspective on Free and Open Source Software, MIT Press, 2005.

[AND06] Andrews, M., and Whitaker, J. How to Break Web Software. Addison-Wesley, 2006.

[AND72] Anderson, J. "Computer Security Technology Planning Study." U.S. Air Force Electronic Systems Division, TR-73-51, Oct 1972. URL: csrc.nist.gov/publications/history/ande72.pdf.

[AND80] Anderson, J. "Computer Security Threat Monitoring and Surveillance." Technical Report, James P. Anderson Co., 1980. URL: csrc.nist.gov/publications/history/index.html.

[AND82] Anderson, J. "Accelerating Computer Security Innovation." Proc IEEE Symp on Security & Privacy, 1982, p9197.

[AND94a] Anderson, R. "Why Cryptosystems Fail." Comm of the ACM, v37 n11, Nov 1994, p3241.

[AND94b] Anderson, R. "Liability and Computer Security: Nine Principles." Proc ESORICS Conf, 1994.

[AND98a] Anderson, R. "The DeCODE Proposal for an Icelandic Health Database." unpublished report, 20 Oct 1998.

[AND98b] Anderson, R., et al. "Serpent: A Proposal for the Advanced Encryption Standard." unpublished report, undated. URL: www.cs.technion.ac.il/~biham/Reports/Serpent.

[ANT02] Antón, P., et al. "Finding and Fixing Vulnerabilities in Information Systems: The Vulnerability Assessment and Mitigation Methodology." RAND Corp Technical Report, MR-1601-DARPA, 2002.

[ANT04] Antón, A., et al. "Inside JetBlue's Privacy Policy Violations." IEEE Security & Privacy, v2 n6, Nov 2004, p1218.

[ANT06] Antón, A., et al. "An Analysis of Web Site Policy Evolution Post-HIPAA." IEEE Security & Privacy, to appear; North Carolina State Univ Tech Rpt, NCSU-TR-2004-021.

[APW05] APWG (Anti-Phishing Working Group). "Phishing Activity Trends Report." unpublished report, Dec 2005. URL: www.antiphishing.org.

[ARA05] Arazi, B., et al. "Revisiting Public-Key Cryptography for Wireless Sensor Networks." Computer, v38 n11, Nov 2005, p103105.

[ARB02] Arbaugh, W., et al. "Your 802.11 Wireless Network Has No Clothes." Wireless Communications, v9 n6, Nov 2002, p4451.

[ARB97] Arbaugh, W., et al. "A Secure and Reliable Bootstrap Architecture." Proc IEEE Symp on Security & Privacy, 1997, p6571.

[ATT76] Attanasio, C., et al. "A Study of VM/370 Integrity." IBM Systems Jl, v15 n1, 1976, p102116.

[AUC03] Aucsmith, D. "Monocultures are Hard to Find in Practice." IEEE Security & Privacy, v1 n6, Nov 2003, p1516.

[BAC99] Bacharach, M. "Interactive Team Reasoning: A Contribution to the Theory of Cooperation." Research in Economics, v53, 117147.

[BAD89] Badger, L. "A Model for Specifying Multi-Granularity Integrity Policies." Proc IEEE Symp on Security & Privacy, 1989, p269277.

[BAH02] Bahadur, G., et al. Privacy Defended: How to Protect Your Privacy and Secure Your PC. Que, 2002.

[BAI05] Baiardi, F., et al. "SEAS, A Secure e-Voting Protocol: Design and Implementation." Computers & Security, v24 n8, Nov 2005, p642652.

[BAL04] Balfanz, D., et al. "In Search of Usable Security: Five Lessons from the Field." IEEE Security & Privacy, v2 n5, Sep 2004, p1924.

[BAL93] Balenson, D. "Privacy Enhancement for Internet Electronic Mail, Part III: Algorithms, Modes, Identifiers." Internet Report, RFC 1423, Feb 1993.

[BAM82] Bamford, J. The Puzzle Palace, Houghton Mifflin, 1982.

[BAN05] Bank, R. "Cisco Tries to Squelch Claim About a Flaw In Its Internet Routers." Wall Street Jl, 28 Jul 2005.

[BAR90] Barker, W., and Pfleeger, C. "Civil and Military Applications of Trusted Systems Criteria." TIS Technical Report, 304, Feb 1990.

[BAR98] Baron, J. "Trust: Beliefs and Morality." Economics, Values and Organisation, Cambridge Univ Press, 1998.

[BAR99] Barwick, C., et al. "The MARS Encryption Algorithm." unpublished IBM Corp Technical Report, 27 Aug 1999. URL: www.research.iibm.com/security/mars.html.

[BEK82] Beker, H., and Piper, F. Cipher Systems. Northwood Books, 1982.

[BEL02] Belcher, T., and Yoran, A. "Riptech Internet Security Threat Report." Riptech, Inc Technical Report, vII, Jul 2002.

[BEL05] Bell, D. "Looking Back at the BellLa Padula Model." Proc ACSAC Conf, 2005. URL: www.acsa-admin.org/2005/papers/bell.pdf.

[BEL73] Bell, D., and La Padula, L. "Secure Computer Systems: Mathematical Foundations and Model." MITRE Report, MTR 2547 v2, Nov 1973.

[BEL76] Bell, D., and La Padula, L. "Secure Computer Systems: Unified Exposition and Multics Interpretation." U.S. Air Force Electronic Systems Division Technical Report, ESD-TR-75-306, 1976. URL: csrc.nist.gov/publications/history/bell76.pdf.

[BEL83] Bell, D. "Secure Computer Systems: A Retrospective." Proc IEEE Symp on Security & Privacy, 1983, p161162.

[BEL89] Bellovin, S. "Security Problems in the TCP/IP Protocol Suite." Computer Comm Review, v19 n2, Apr 1989, p3248.

[BEL91] Bellovin, S., and Merritt, M. "Limitations of the Kerberos Authentication System." Proc Usenix Conf, Winter 1991, p253267.

[BEL92a] Bellovin, S. "There Be Dragons." Proc Usenix Unix Security Symp, Sep 1992.

[BEL92b] Bellovin, S., and Merritt, M. "Encrypted Key Exchange." Proc IEEE Symp on Security & Privacy, 1992, p7284.

[BEN04] Bennet, J., et al. "Hack-a-Vote: Security Issues with Electronic Voting Systems." IEEE Security & Privacy, v2 n1, Jan 2004, p3237.

[BEN92a] Bennett, C. "Experimental Quantum Cryptography." Jl of Cryptology, v5 n1, 1992, p328.

[BEN92b] Bennett, C., et al. "Quantum Cryptography." Scientific American, v267 n4, Oct 1992, p5057.

[BER00] Berard, E. "Abstraction, Encapsulation and Information Hiding." unpublished report, 2000. URL: www.itmweb.com/essay550.htm.

[BER01] Berghal, H. "The Code Red Worm." Comm of the ACM, v44 n12, Dec 2001, p1519.

[BIB77] Biba, K. "Integrity Considerations for Secure Computer Systems." Mitre Technical Report, MTR-3153, 1977.

[BIH90] Biham, E., and Shamir, A. "Differential Cryptanalysis of DES-like Cryptosystems." Proc Crypto Conf, 1990, p221.

[BIH91] Biham, E., and Shamir, A. "Differential Cryptanalysis of FEAL and N-Hash." Proc Eurocrypt Conf, 1991, p116.

[BIH92] Biham, E., and Shamir, A. "Differential Cryptanalysis of Snefru, Khafre, REDOC-II, LOKI, and Lucifer." Proc Crypto Conf, 1992, p156171.

[BIH93] Biham, E., and Shamir, A. "Differential Cryptanalysis of the Full 16-Round DES." Proc Crypto Conf, 1993, p487496.

[BIK96] Bikson, T. "Groupware at the World Bank." Groupware & Teamwork, John Wiley & Sons, 1996.

[BIR05] Biryukov, A., et al. "Recent Attacks on Alleged SecurID and Their Practical Implications." Computers & Security, v24 n5, Aug 2005, p364370.

[BIS03] Bishop, M. Computer Security: Art and Science. Addison-Wesley, 2003.

[BIS89] Biskup, J. "Protection of Privacy and Confidentiality in Medical Information Systems." Proc IFIP Workshop on Database Security, 1989.

[BLA01] Blair, B. "Nukes: A Lesson From Russia." Washington Post, 11 Jul 2001, pA19.

[BLA03] Blaze, M. "Rights Amplification in Master-Keyed Mechanical Locks." IEEE Security & Privacy, v1 n2, Mar 2003, p2432.

[BLA96] Blaze, M., et al. "Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Security." unpublished report, Jan 1996.

[BOE92] Boebert, E. "Assurance Evidence." Secure Computing Corp Technical Report, 1 Jun 1992.

[BOL91] Bollinger, T., and McGowan, C. "A Critical Look at Software Capability Evaluations." IEEE Software, v8 n4, Jul 1991, p2541.

[BON03] Boneh, D., and Franklin, M. "Identity-Based Encryption from the Weil Pairing." SIAM Jl of Computing, v32 n3, 2003, p586615.

[BON06] Bono, S., et al. "Security Through Legality." Comm ACM, v49 n6, Jun 2005, p4143.

[BON99] Boneh, D. "Twenty Years of Attacks on the RSA Cryptosystem." Notices of the AMS, v46 n2, Feb 1999, p203213.

[BOR01] Borisov, N., et al. "Intercepting Mobile Communications: The Insecurity of 802.11." Proc 7th Intl Conf on Mobile Computing and Networking, 2001.

[BOU05] Boulanger, A. "Open-Source versus Proprietary Software: Is One More Reliable and Secure Than the Other?." IBM Systems Jl, v44 n2, 2005, p239.

[BOU98] Boulanger, A. "Catapults and Grappling Hooks: The Tools and Techniques of Information Warfare." IBM Systems Jl, v37 n1, 1998, p106.

[BOW95] Bowen, J., and Hinchley, M. "Ten Commandments of Formal Methods. IEEE Computer, v28 n4, Apr 1995, p5662.

[BRA02] Brauchle, R. "Hidden Risks in Web Code." Software Testing and Quality Engineering Magazine, v4 n2, Mar/Apr 2002, p1213.

[BRA06] Bradbury, D. "The Metamorphosis of Malware Writers." Computers & Security, v25 n2, Mar 2006, p8990.

[BRA77] Branstad, D., et al. "Report of the Workshop on Cryptography in Support of Computer Security." NBS Technical Report, NBSIR 77-1291, Sep 1977.

[BRA89] Branstad, M., et al. "Access Mediation in a Message Passing Kernel." Proc IEEE Symp on Security & Privacy, 1989, p6672.

[BRE00] Brennan, G., and Pettit, P. "The Hidden Economy of Esteem." Economics and Philosophy, v16, 2000, p7798.

[BRE02] Brewin, B. "Retailers Defend Low-Level Security on Wireless LANs." Computerworld, 31 May 2002.

[BRE89] Brewer, D., and Nash, M. "The Chinese Wall Security Policy." Proc IEEE Symp on Security & Privacy, 1989, p206214.

[BRI83] Bright, H. "Modern Computational Cryptography." Advances in Computer Security Management, Wiley, 1983, p173201.

[BRI88] Brickell, E., and Odlyzko, A. "Cryptanalysis: A Survey of Recent Results." Proc of the IEEE, v76 n5, May 1988, p578593.

[BRO02] Brouersma, M. "Study Warns of Open-Source Security Danger." ZDNet UK News, 31 May 2002.

[BRO87] Brooks, F. "No Silver Bullet." IEEE Computer, v20 n4, Apr 1987, p1019.

[BRO95] Brooks, F. The Mythical Man Month: Anniversary Edition. Addison-Wesley, 1995.

[BRU05] Brumley, D., and Boneh, D. "Remote Timing Attacks are Possible." Intl Jl of Computer and Telecommunications Networking, v48 n5, Aug 2005, p701716.

[BUR90] Burns, R. "Referential Secrecy." Proc IEEE Symp on Security & Privacy, 1990, p133142.

[BUS01] Business Wire. "Companies Hacked on Average Six or More Times Per Year." Business Wire, 6 Aug 2001.

[BUX02] Buxton, P. "Egg Rails at Password Security." Netimperative, 24 Jun 2002.

[BYE04] Byers, S. "Information Leakage Caused by Hidden Data in Published Documents." IEEE Security & Privacy, v2 n2, Mar 2004, p2328.

[CAF06] Cafésoft. "Security ROI: Web Application Security as a Business Enabler." unpublished white paper, undated. URL: cafesoft.com/products/cams/security-roi-white-paper.html.

[CAL00a] Caloyannides, M. "Encryption Wars: Early Battles." IEEE Spectrum, v37 n4, Apr 2000, p3743.

[CAL00b] Caloyannides, M. "Encryption Wars: Shifting Tactics." IEEE Spectrum, v37 n5, May 2000, p4651.

[CAM03] Campbell, K., et al. "The Economic Cost of Publicly Announced Information Security Breaches." Jl of Computer Security, v11 n3, Mar 2003, p431448.

[CAM04] Camp, L., and Lewis, S. (eds.). Economics of Information Security. Kluwer, 2004.

[CCE94] CCEB (Common Criteria Editorial Board). Common Criteria for Information Technology Security Evaluations. CCEB, Apr 1994.

[CCE98] CCEB (Common Criteria Editorial Board). "Common Criteria for Information Technology Security Evaluation, version 2." Report, CCIMB-99-031, Mar 1998.

[CDT03] CDT (Center for Democracy and Technology). "Ghosts in Our Machines: Background and Policy Proposals on the "Spyware" Problem." unpublished white paper, Nov 2003. URL: cdt.org/privacy/031100spyware.pdf.

[CER02] CERT (Computer Emergency Response Team). "Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP)." CERT Advisory, CA-2002-03, 12 Feb 2002.

[CER99] CERT (Computer Emergency Response Team). "Results of the Distributed Systems Intruder Tools Workshop." CERT Coordination Center Report, Dec 1999.

[CHA00] Chapman, B., and Zwicky, E. Building Internet Firewalls. 2nd ed, O'Reilly, 2000.

[CHA01] Chaq, A. "Software Free-for-All." Washington Post, 5 Sep 2001.

[CHA81] Chaum, D. "Untraceable Electronic Mail, Return Addresses and Pseudonyms." Comm of the ACM, v24 n2, Feb 1981, p8488.

[CHA82] Chaum, D. "Blind Signatures for Untraceable Payments." Proc Crypto Conf, 1982, p199205.

[CHA85] Chaum, D. "Security Without Identification: Transaction Systems." Comm of the ACM, v28 n10, Oct 1985, p10301044.

[CHE02] Cheswick, W., and Bellovin, S. Firewalls and Internet Security. 2nd ed., Addison-Wesley, 2002.

[CHE81] Cheheyl, M., et al. "Verifying Security." Computing Surveys, v13 n3, Sep 1981, p279339.

[CHE90] Cheswick, W. "An Evening with Berferd, in Which a Cracker Is Lured, Endured, and Studied." Proc Winter USENIX Conf, Jun 1990.

[CHR02] Christey, S., and Wysopal, C. "Responsible Vulnerability Disclosure Process." Internet Draft, Internet Society, Feb 2002.

[CLA02] Clasessens, J., et al. "A Tangled World Wide Web of Security Issues." First Monday, v7 n3, Mar 2002.

[CLA06] Clark, N., and Wald, M. "Hurdle for US in Getting Data on Passengers." New York Times, 31 May 2006.

[CLA87] Clark, D., and Wilson, D. "A Comparison of Commercial and Military Computer Security Policies." Proc IEEE Symp on Security & Privacy, 1987, p184194.

[CLI03] Clifton, C., et al. "Tools for Privacy-Preserving Distributed Data Mining." ACM SIGKDD Explorations, v4 n2, Jan 2003.

[COF02] Coffee, P. "On the Mend?." eWeek, 3 Jun 2002.

[COH84] Cohen, F. "Computer Viruses." Computer Security: A Global Challenge, Elsevier Press, 1984, p143158.

[COM04] Comer, D., and Droms, R. Computer Networks and Internets with Internet Applications. 4th ed., 2004.

[CON05] Conti, G., and Ahamad, M. "A Framework for Countering Denial of Information Attacks." IEEE Security & Privacy, v3 n6, Nov 2005.

[COO02] Cook, G. "At MIT They Can Put Words in Our Mouths." Boston Globe, 15 May 2002.

[COO71] Cook, S. "The Complexity of Theorem-Proving Procedures." Proc ACM Symp on Theory of Computing, 1971, p151158.

[COP92] Coppersmith, D. "DES and Differential Cryptanalysis." private communication, 23 Mar 1992.

[COR91] Corbató, F. "On Building Systems That Will Fail." Comm of the ACM, v34 n9, Sep 1991, p7281.

[COW97] Cowan, R., et al. "A Model of Demand with Interactions Among Customers." Intl Jl of Industrial Organization, v15, 1997, p711732.

[CRA03] Cranor, L. "P3P: Making Privacy Policies More Useful." IEEE Security & Privacy, v1 n6, Nov 2005, p5055.

[CRO06] Cross, T. "Academic Freedom and the Hacker Ethic." Comm ACM, v39 n6, Jun 2006, p3740.

[CRO89] Crocker, S., and Bernstein, M. "ARPANET Disruptions: Insight into Future Catastrophes." TIS (Trusted Information Systems) Report, 247, 24 Aug 1989.

[CSI05] CSI (Computer Security Institute) and FBI. "10th Annual Computer Crime and Security Survey." Computer Security Issues and Trends, v10 n1, 2005.

[CSS93] CSSC (Canadian System Security Centre). Canadian Trusted Computer Product Evaluation Criteria. Jan 1993.

[CUL01] Culp, S. "It's Time to End Information Anarchy." Microsoft Security Column, Oct 2001. URL: www.microsoft.com/technet/columns/secdurity/noarch.asp.

[CUL04] Cullison, A. "Inside Al Qaeda's Hard Drive." Atlantic Monthly, Sep 2004.

[CUR87] Curtis, B., et al. "On Building Software Process Models Under the Lamppost." Proc International Conf on Software Engineering, 1987, p96103.

[DAE00] Daemen, J., and Rijmen, V. "The Block Cipher Rijndael." Smart Card Research and Applications, Lecture Notes in Computer Science 1820, Springer-Verlag, 2000, p288296.

[DAE02] Daemen, J., and Rijmen, V. The Design of Rijndael. Springer-Verlag, 2002.

[DAT81] Date, C. An Introduction to Data Base Systems, vol. 1. Addison-Wesley, 1981.

[DAT83] Date, C. An Introduction to Data Base Systems, vol. 2. Addison-Wesley, 1983.

[DAV05] Davidson, M. "Leading by Example: The Case for IT Security in Academia." Educause, v40 n1, Jan 2005, p1422.

[DAV83] Davies, D. "Applying the RSA Digital Signature to Electronic Mail." IEEE Computer, v16 n2, Feb 1983, p5562.

[DAV83b] Davio, M., et al. "Propagation Characteristics of the Data Encryption Standard." Proc Crypto Conf, 1983, p171202.

[DAV89] Davies, D., and Price, W. Security for Computer Networks. 2nd ed, Wiley, 1989.

[DEA77] Deavours, C. "Unicity Points in Cryptanalysis." Cryptologia, v1 n1, Jan 1977, p4668.

[DEA85] Deavours, C. Machine Cryptography & Modern Cryptanalysis. Artech House, 1985.

[DEA96] Dean, D., et al. "Java Security: Web Browsers and Beyond." Proc IEEE Symp on Security & Privacy, also in [DEN98], 1996.

[DEM83] DeMillo, R., and Merritt, M. "Protocols for Data Security." IEEE Computer, v16 n2, Feb 1983, p3954.

[DEM87] DeMarco, T., and Lister, T. Peopleware: Productive Projects and Teams. Dorset House, 1987.

[DEM95] DeMarco, T. Why Does Software Cost So Much? Dorset House, 1995.

[DEN76] Denning, D. "A Lattice Model of Secure Information Flow." Comm of the ACM, v19 n5, May 1976, p236243.

[DEN77] Denning, D., and Denning, P. "Certification of Programs for Secure Information Flow." Comm of the ACM, v20 n7, Jul 1977, p504513.

[DEN79a] Denning, D., and Denning, P. "Data Security." Computing Surveys, v11 n3, Sep 1979, p227250.

[DEN79b] Denning, D., et al. "The Trackers: A Threat to Statistical Database Security." ACM Trans on Data Base Systems, v4 n1, Mar 1979, p7696.

[DEN82] Denning, D. Cryptography and Data Security. Addison-Wesley, 1982.

[DEN83a] Denning, D., and Schlorer, J. "Inference Controls for Statistical Data Bases." IEEE Computer, v16 n7, Jul 1983, p6982.

[DEN83b] Denning, D. "Protecting Public Keys and Signature Keys." IEEE Computer, v16 n2, Feb 1983, p1735.

[DEN85] Denning, D. "Commutative Filters for Reducing Inference Threats in Multilevel Database Systems." Proc IEEE Symp on Security & Privacy, 1985, p134146.

[DEN86] Denning, D. "An Intrusion-Detection Model." Proc IEEE Symp on Security & Privacy, 1986, p102117.

[DEN87a] Denning, D. "Views for Multilevel Database Security." IEEE Trans on Software Engineering, vSE-13 n2, Feb 1987, p129140.

[DEN87b] Denning, D. "An Intrusion-Detection Model." IEEE Trans on Software Engineering, vSE-13 n2, Feb 1987, p222226.

[DEN88] Denning, P. "Computer Viruses." American Scientist, v76, May-June 1988, p236238.

[DEN89] Denning, P. "The Internet Worm." American Scientist, v77, Mar-Apr 1989, p126128.

[DEN90a] Denning, P. Computers under Attack. Addison-Wesley, 1990.

[DEN90b] Denning, P. "Sending a Signal." Comm of the ACM, v33 n8, Aug 1990, p1113.

[DEN96] Denning, D., and Branstad, D. "A Taxonomy of Key Escrow Encryption Systems." Comm of the ACM, v39 n3, Mar 1996, p3440.

[DEN98] Denning, D., and Denning, P. Internet BesiegedCountering Cyberspace Scofflaws. Addison-Wesley, 1998.

[DEN99a] Denning, D. "Activism, Hactivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy." World Affairs Council Workshop, 10 Dec 1999. URL: www.nautilus.org/info-policy/workshop/papers/denning.html.

[DEN99b] Denning, D. Information Warfare and Security. Addison-Wesley, 1999.

[DES84] Desmedt, Y., et al. "Dependence of Output on Input in DES: Small Avalanche Characteristics." Proc Crypto Conf, 1984, p359376.

[DIF76] Diffie, W., and Hellman, M. "New Directions in Cryptography." IEEE Trans on Information Theory, vIT-22 n6, Nov 1976, p644654.

[DIF77] Diffie, W., and Hellman, M. "Exhaustive Cryptanalysis of the NBS Data Encryption Standard." IEEE Computer, v10 n6, Jun 1977, p7484.

[DIJ74] Dijkstra, E. "Self-Stabilizing Systems in Spite of Distributed Control." Comm of the ACM, v17 n11, Nov 1974, p643644.

[DIL96] Dill, D., and Rushby, J. "Acceptance of Formal Methods: Lessons from Hardware Design." IEEE Computer, v29 n4, Apr 1996, p2324.

[DIO92] Dion, R. "Elements of a Process Improvement Program." IEEE Software, v9 n4, Jul 1992, p8385.

[DIO93] Dion, R. "Process Improvement and the Corporate Balance Sheet." IEEE Software, v10 n4, Jul 1993, p2835.

[DOD85] DOD (Department of Defense). Trusted Computer System Evaluation Criteria. DOD5200.28-STD, Dec 1985.

[DOJ06] DOJ (Department of Justice). "Computer Crime Cases." unpublished web report, 2006. URL: www.usdoj.gov/criminal/cybercrime/cccases.html.

[DOT95] Doty, T. "Test Driving SATAN." Computer Security Jl, v ix n2, Fall 1995.

[DTI02] DTI (U.K. Dept. for Trade and Industry). "Information Security Breaches." DTI Technical Report, ISBS 2002, 2002.

[DTI89a] DTI (U.K. Dept. for Trade and Industry). "Security Functionality Manual." DRAFT Report, v21 version 3.0, Feb 1989.

[DTI89b] DTI (U.K. Dept. for Trade and Industry). "Evaluation & Certification Manual." DRAFT Report, v23 version 3.0, Feb 1989.

[DTI89c] DTI (U.K. Dept. for Trade and Industry). "Evaluation Levels Manual." DRAFT Report, v22 version 3.0, Feb 1989.

[DUR99] Durst, R., et al. "Testing and Evaluating Computer Intrusion Detection Systems." Comm of the ACM, v42 n7, Jul 1999, p5361.

[EFF06] EFF (Electronic Frontier Foundation). "Unintended Consequences: Seven Years under the DMCA." unpublished web report, v4, Apr 2006. URL: www.eff.org.

[EFF98] EFF (Electronic Frontier Foundation). Cracking DES. O'Reilly, 1998.

[EIC89] Eichlin, M., and Rochlis, J. "With Microscope and Tweezers: Analysis of the Internet Virus." Proc IEEE Symp on Security & Privacy, 1989.

[ELE95] El Emam, K., and Madhavji, N. "The Reliability of Measuring Organizational Maturity." Software Process Improvement and Practice, v1 n1, 1995, p325.

[ELG85] El Gamal, A. "A Public Key Cryptosystem and Signature Scheme Based on Discrete Logarithms." IEEE Trans on Information Theory, vIT-31 n4, Jul 1985, p469472.

[ELG86] El Gamal, A. "On Computing Logarithms over Finite Fields." Proc Crypto Conf, 1986, p396402.

[ELL04] Elliott, C. "Quantum Cryptography." IEEE Security & Privacy, v2 n4, Jul 2004, p5761.

[ENG96] English, E., and Hamilton, S. "Network Security Under Siege: The Timing Attack." IEEE Computer, v30 n3, Mar 1996, p9597.

[ERB01] Erbschloe, M. Information Warfare: How to Survive Cyber Attacks. Osborne/McGraw-Hill, 2001.

[FAB74] Fabry, R. "Capability-Based Addressing." Comm of the ACM, v17 n7, Jul 1974, p403412.

[FAG96] Fagin, R., et al. "Comparing Information Without Leaking It." Comm of the ACM, v39 n5, May 1996, p7785.

[FAI97] Fairley, R., and Rook, P. "Risk Management for Software Development." Software Engineeringvol 2: Supporting Processes, Dorfman, M., and Thayer, R., (eds.), 2002.

[FAR90] Farmer, D., and Spafford, E. "The COPS Security Checker System." Proc Summer Usenix Conf, 1990, p165170.

[FAR93] Farmer. D., and Venema, W. "Improving the Security of Your Site by Breaking Into It." unpublished report, 1993.

[FAR95] Farmer, D., and Venema, W. "SATAN: Security Administrator Tool for Analyzing Networks." unpublished report, 1995. URL: www.cerias.purdue.edu/coast/satan.html.

[FAR96a] Farringdon, J. Analysing for Authorship: A Guide to the COSUM Technique. Univ of Wales Press, 1996.

[FAR96b] Farmer, D. "Shall We Dust Moscow?." unpublished white paper, 18 Dec 1996. URL: www.trouble.org/survey/.

[FAV96] Favaro, J. "Value Based Principles for Management of Reuse in the Enterprise." Proc Fourth Intl Conf on Software Reuse, 1996.

[FAV98] Favaro, J., and Pfleeger, S. "Making Software Development Investment Decisions." ACM Software Engineering Notes, v23 n5, Sep 1998, p6974.

[FEI04] Feinberg, S. "Datamining and Disclosure Limitation for Categorical Statistical Databases." Workshop on Privacy and Security Aspects of Data Mining, Nov 2004, p112.

[FEL06] Felten, E., and Halderman, J. "Digital Rights Management, Spyware and Security." IEEE Security & Privacy, v4 n1, Jan 2006, p1823.

[FER03] Ferraiolo, D., et al. Role-Based Access Controls. Artech House, 2003.

[FER81] Fernandez, E., et al. Database Security and Integrity. Addison-Wesley, 1981.

[FIS02a] Fisher, D. "Trusting in Microsoft." eWeek, 4 Mar 2002.

[FIS02b] Fisher, D. "Patch or No, Flaws Go Public." eWeek, 28 May 2002.

[FIT89] Fites, P., et al. Control and Security of Computer Information Systems. Computer Science Press, 1989.

[FLU01] Fluhrer, S., et al. "Weaknesses in the Key Scheduling Algorithm of RC4." Proc 8th Annual Workshop on Selected Areas in Cryptography, 2001.

[FOR01] Forno, R. "Code Red Is Not the Problem." HelpNet Security, 27 Aug 2001.

[FOR96] Forrest, S., et al. "A Sense of Self for Unix Processes." Proc IEEE Symp on Security & Privacy, 1996.

[FOS82] Foster, C. Cryptanalysis for Microcomputers. Hayden, 1982.

[FOX90] Fox, K., et al. "A Neural Network Approach Towards Intrusion Detection." Proc National Computer Security Conf, Oct 1990.

[FRA02] Frank, D., and Dorobek, C. "New Hopes for a Security Lockdown." Federal Computer Week, 10 Jun 2002.

[FRA73] Frankena, W. Ethics. Prentice-Hall, 1973.

[FRA83] Fraim, L. "Scomp: A Solution to the Multilevel Security Problem." IEEE Computer, v16 n7, Jul 1983, p2634.

[FRE97] Freedman, D., and Mann, C. At Large. Simon & Schuster, 1997.

[FRI76a] Friedman, W. Elementary Military Cryptography. Aegean Park Press, 1976.

[FRI76b] Friedman, W. Elements of Cryptanalysis. Aegean Park Press, 1976.

[FRI76c] Friedman, W. Advanced Military Cryptography. Aegean Park Press, 1976.

[FTC00] FTC (Federal Trade Commission). "Privacy Online: Fair Information Practices in the Electronic Marketplace." FTC Report to Congress, May 2000.

[FTC06] FTC (Federal Trade Commission). "Consumer Fraud and Identity Theft Complaint Data JanuaryDecember 2005." white paper, 2006.

[FUR05] Furnell, S. "Why Users Cannot Use Security." Computers & Security, v24 n4, Jun 2005, p274279.

[GAL05] Gal-Or, E. and Ghose, A. "The Economic Consequences for Sharing Security Information." Information Systems Research, v16 n2, 2005, p186208.

[GAL99] Gallo, M., and Hancock, W. Networking Explained. Digital Press, 1999.

[GAR00] Garfinkel, S. Database Nation: The Death of Privacy in the 21st Century. O'Reilly, 2000.

[GAR03a] Garfinkel, S. and Shelat, A. "Remembrance of Data Passed: A Study of Disk Sanitization Practices." IEEE Security & Privacy, v1 n1, Jan 2003, p1727.

[GAR03b] Garfinkel, S. "Email-Based Identification and Authentication: An Alternative to PKI." IEEE Security & Privacy, v1 n6, Nov 2003, p2026.

[GAR79] Garey, M., and Johnson, D. Computer and Intractability. W. H. Freeman, 1979.

[GAR96] Garfinkel, S., and Spafford, E. Practical Unix and Internet Security. 2nd ed., O'Reilly, 1996.

[GAS88] Gasser, M. Building a Secure System. Van Nostrand Reinhold, 1988, p372385.

[GAS89] Gasser, M., et al. "Digital Distributed System Security Architecture." Proc National Computer Security Conf, 1989, p305319.

[GAS90] Gasser, M., and McDermott, E. "An Architecture for Practical Delegation in Distributed Systems." Proc IEEE Symp on Security & Privacy, 1990, p2030.

[GEE03a] Geer, D., et al. "Cyberinsecurity: The Cost of Monopoly." unpublished white paper, 24 Sep 2003. URL: ccianet.org/papers/cyberinsecurity.pdf.

[GEE03b] Geer, D. "Monopoly Considered Harmful." IEEE Security & Privacy, v1 n6, Nov 2003, p14.

[GER89] Gerhart, S. "Assessment of Formal Methods for Trustworthy Computer Systems." Proc ACM TAV Conf, 1989, p152155.

[GER94] Gerhart, S., et al. "Experience with Formal Methods in Critical Systems." IEEE Software, v11 n1, Jan 1994, p2128.

[GIB01] Gibson, S. "The Strange Tale of the Denial of Service Attacks Against GRC.COM." Gibson Research Corp. Technical Report, 2 Jun 2001. URL: grc.com/grcdos.html.

[GIL90] Gilbert, H., and Chauvaud, R. "A Statistical Attack on the FEAL-8 Cryptosystem." Proc Crypto Conf, 1990, p2233.

[GIS88] GISA (German Information Security Agency). IT-Security Criteria: Criteria for the Evaluation of Trustworthiness of IT Systems. 1989.

[GOA99] Goan, T. "Collecting and Appraising Intrusion Evidence." Comm of the ACM, v42 n7, Jul 1999, p4652.

[GOG82] Goguen, J., and Meseguer, J. "Security Policies and Security Models." Proc IEEE Symp on Security & Privacy, 1982, p1120.

[GOG84] Goguen, J., and Meseguer, J. "Unwinding and Inference Control." Proc IEEE Symp on Security & Privacy, 1984, p7586.

[GOL77] Gold, B., et al. "VM/370 Security Retrofit Program." Proc ACM Annual Conf, 1977, p411418.

[GOL84] Gold, B., et al. "KVM/370 in Retrospect." Proc IEEE Symp on Security & Privacy, 1984, p1323.

[GOL99] Gollmann, D. Computer Security. Wiley, 1999.

[GON96] Gong, L., and Schemers, R. "Implementing Protection Domains in the Java Development Kit 1.2." Proc Internet Society Symp on Network and Distributed System Security, Mar 1996.

[GON97] Gong, L., et al. "Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2." Proc Usenix Symp on Internet Technologies and Systems, 1997.

[GOO04] Goo, S. "Hundreds Report Watch List Trials." Washington Post, 21 Aug 2004.

[GOR02a] Gordon, L., and Loeb, M. "The Economics of Investment in Information Security." ACM Trans on Information and System Security, v5 n4, Nov 2002, p438457.

[GOR02b] Gordon, L., and Loeb, M. "Return on Information Security Investments: Myths vs. Reality." Strategic Finance, 2002.

[GOR06a] Gordon, L., and Loeb, M. Managing Cyber-Security Resources. McGraw Hill, 2006.

[GOR06b] Gordon, L., and Loeb, M. "Budgeting Process for Information Security Expenditures." Comm ACM, v49 n1, Jan 2006, p121125.

[GOS96] Gosling, J. The Java Language Specification. Addison-Wesley, 1996.

[GRA06] Grand, J. "Research Lessons from Hardware Hacking." Comm ACM, v49 n6, Jun 2006, p4449.

[GRA68] Graham, R. "Protection in an Information Processing Utility." Comm of the ACM, v11 n5, May 1968, p365369.

[GRA72] Graham, R., and Denning, P. "Protection-Principles and Practice." Proc AFIPS Spring Joint Computer Conf, 1972, p417429.

[GRA83] Grant, P., and Riche, R. "The Eagle's Own Plume." US Naval Institute Proceedings, July 1983, p2933.

[GRA84a] Grampp, F., and Morris, R. "Unix Operating System Security." AT&T Bell Laboratories Technical Jl, v63 n8 pt2, Oct 1984, p16491672.

[GRA84b] Graubert, R., and Kramer, S. "The Integrity Lock Approach to Secure Database Management." Proc IEEE Symp on Security & Privacy, 1984.

[GRA85] Graubert, R., and Duffy, K. "Design Overview for Retrofitting Integrity-Lock Architecture onto a Commercial DBMS." Proc IEEE Symp on Security & Privacy, 1985, p147159.

[GRA87] Grady, R., and Caswell, D. Software Metrics: Establishing a Company-wide Program. Prentice-Hall, 1987.

[GRE06] Greenemeier, L. "Oracle Security Under Scrutiny." Information Week, 6 Mar 2006.

[GRI02] Griffin, P. "Security Flaw Shuts Down Telecom's Mobile Email." New Zealand Herald, 28 Apr 2002.

[GRI81] Gries, D. Science of Programming. Springer-Verlag, 1981.

[GUI05] Gui, B., and Sugden, R. (eds.). Economics and Social Interaction: Accounting for Interpersonal Relations. Cambridge Univ Press, 2005.

[HAL67] Halmer, O. "Analysis of the Future: The Delphi Method." RAND Corp Technical Report, P-3558, 1967.

[HAL95] Halme, L., and Bauer, R. "AINT MisbehavingA Taxonomy of Anti-Intrusion Techniques." Proc National Information Systems Security Conf, 1995, p1223.

[HAN00a] Hancock, W. "Network Attacks: Denial of Service (DoS) and Distributed Denial of Service (DDoS)." Exodus Communications white paper, 2000.

[HAN00b] Hancock, W. "A Practical Guide to Network Security." Exodus Communications white paper, 2000.

[HAN76] Hantler, S., and King, J. "An Introduction to Proving the Correctness of Programs." Computing Surveys, v8 n3, Sep 1976, p331353.

[HAR76] Harrison, M., et al. "Protection in Operating Systems." Comm of the ACM, v19 n8, Aug 1976, p461471.

[HAR85] Harrison, M. "Theoretical Issues Concerning Protection in Operating System." Advances in Computers, 1985, p61100.

[HAR86] Harris, C. Applying Moral Theories. Wadsworth, 1986.

[HEI01] Heitmeyer, C. "Applying 'Practical' Formal Methods to the Specification and Analysis of Security Properties." Proc Information Assurance in Computer Networks, LNCS 2052, Springer-Verlag, 2001.

[HEL79] Hellman, M. "DES Will be Totally Insecure Within Ten Years." IEEE Spectrum, v16 n7, Jul 1979, p3239.

[HEL80] Hellman, M. "A Cryptanalytic TimeMemory Trade Off." IEEE Trans on Information Theory, vIT-26 n4, Jul 1980, p401406.

[HIN75] Hinke, T., and Schaefer, M. "Secure Data Management System." Rome Air Development Center Technical Report, TD-75-266, System Development Corp., 1975.

[HOA74] Hoare, C. "Monitors, An Operating System Structuring Concept." Comm of the ACM, v17 n10, Oct 1974, p548557.

[HOB97] Hobbit. "CIFS: Common Insecurities Fail Security." Avian Research white paper, 1997. URL: www.insecure.org/stf/cifs.txt.

[HOF00] Hoffman, L. "Internet Voting: Will It Spur or Corrupt Democracy?." Proc Computers, Freedom and Privacy Conf, 2000. URL: www.acm.org/pubs/citations/proceedings/cas/332186/p219-hoffman.

[HOF05] Hofstede, G., and Hofstede, G. Cultures and Organizations: Software of the Mind. 2nd ed., McGraw-Hill, 2005.

[HOF70] Hoffman, L., and Miller, W. "Getting a Personal Dossier from a Statistical Data Bank." Datamation, v16 n5, May 1970, p7475.

[HOF77] Hoffman, L. Modern Methods for Computer Security and Privacy. Prentice-Hall, 1977.

[HOF86] Hoffman, L. "Risk Analysis and Computer Security: Bridging the Cultural Gap." Proc National Computer Security Conf, 1986.

[HOF90] Hoffman, L. Rogue Programs: Viruses, Worms, Trojan Horses. Prentice-Hall, 1990.

[HOF95a] Hoffman, L. Building in Big Brother. Prentice-Hall, 1995.

[HOG04] Hoglund, G., and McGraw, G. Exploiting Software: How to Break Code. Addison-Wesley, 2004.

[HOR60] Horsburgh, H. "The Ethics of Trust." Philosophical Quarterly, v10, 1960, p343354.

[HOU01a] Houle, K., and Weaver, G. "Trends in Denial of Service Attack Technology." CERT Coordination Center Report, 2001.

[HOU01b] Housley, R., and Polk, T. Planning for PKI. Wiley, 2001.

[HOU02] Householder, A., et al. "Computer Attack Trends Challenge Internet Security." IEEE Computer, supplement on Security and Privacy 2002, Apr 2002.

[HOU99] Housley, R. "Cryptographic Message Syntax." Internet Report, RFC 2630, Apr 1999.

[HOV05] Hovav, A., and d'Arcy, J. "Capital Market Reaction to Defective IT Products: The Case of Computer Viruses." Computers & Security, v24 n5, Aug 2005, p409424.

[HOW05] Howard, M., et al. 19 Deadly Sins of Software Security. McGraw-Hill, 2005.

[HRW99] HRW (Human Rights Watch). "The Internet in the Mideast and North Africa: Free Expression and Censorship." Human Rights Watch white paper, Jun 1999.

[HUB04] Hubaux, J., et al. "The Security and Privacy of Smart Vehicles." IEEE Security & Privacy, v2 n3, May 2004, p4955.

[HUF95] Huff, C., and Martin, C. "Computing Consequences: A Framework for Teaching Ethical Computing." Comm of the ACM, v38 n12, Dec 1995, p7584.

[HUL01a] Hulme, G. "Code Red: Are You Ready For the Next Attack?." Information Week, 6 Aug 2001, p22.

[HUL01b] Hulme, G. "Sanctum Upgrade Takes Aim at External Threats." Information Week, 24 Sep 2001, p71.

[HUL01c] Hulme, G. "Management Takes Notice." Information Week, 3 Sep 2001, p2834.

[HUL01d] Hulme, G. "Full Disclosure." Information Week, 6 Aug 2001, p3132.

[HUM00] Humphries, J., et al. "No Silver Bullet: Limitations of Computer Security Technologies." Proc World Multiconference on Systems, Cybernetics and Informatics, 23-26 Jul 2000.

[ICC06] ICCC (Internet Crime Complaint Center). 2005 Internet Crime Report. FBIICCC report, 2005.

[ICO95] Icove, D., et al. Computer Crime: A Crimefighter's Handbook. O'Reilly & Assoc., 1995.

[IEE83] IEEE. IEEE Standard 729: Glossary of Software Engineering Terminology. IEEE Computer Society Press, 1983.

[ISA02] ISA (Internet Security Alliance). "Common Sense Guides for Senior Managers: Top Ten Recommended Information Security Practices." ISA Report, Jul 2002.

[ISF00] ISF (Information Security Forum). "The Forum's Standard of Good Practice: The Standard for Information Security." ISF white paper, Nov 2000.

[ISO94] ISO (Int'l Org for Standardization). ISO 9001: Model for Quality Assurance. Int'l Organization for Standardization, 1994.

[ISS02] ISS (Internet Security Systems). "Internet Risk Impact Summary for March 26, 2002 through June 24, 2002." ISS Report, 2002. URL: www.iss.net.

[ITS91a] ITSEC Working Group. ITSEC: "Information Technology Security Evaluation Criteria." 10 Jan 1991.

[ITS91b] ITSEC Working Group. ITSEC: "Information Technology Security Evaluation Criteria." version 1.2, Sep 1991.

[JAS91] Jasanoff, S. "Acceptable Evidence in a Pluralistic Society." in Acceptable Evidence: Science and Values in Risk Management, Oxford Univ Press, 1991.

[JOH94] Johnson, D. Computer Ethics, 2nd ed. Prentice-Hall, 1994.

[JOH95] Johnson, D., and Mulvey, J. "Accountability and Computer Decision Systems." Comm of the ACM, v38 n12, Dec 1995, p5864.

[JON00] Jónatansson, H. "Iceland's Health Sector Database: A Significant Head Start in the Search for the Biological Grail or an Irreversible Error?." American Jl of Law and Medicine, v26 n1, 2000, p3168.

[JON02] Jones, W., and Avioli, D. "Carnivore Bites Madly." IEEE Spectrum, v39 n7, Jul 2002, p19.

[JON75] Jones, A., and Wulf, W. "Towards the Design of Secure Systems." SoftwarePractice and Experience, v5 n4, Oct-Dec 1975, p321336.

[JON78] Jones, A. "Protection Mechanism Models: Their Usefulness." in DeMillo. Foundations of Secure Computation, 237252.

[JON91] Jones, T. Applied Software Measurement, McGraw-Hill, 1991.

[JOS01] Joshi, J., et al. "Security Models for Web-Based Applications." Comm of the ACM, v44 n2, Feb 2001, p3844.

[JUE05] Juels, A. "RFID Security and Privacy: A Research Study." RSA Laboratories white paper, 28 Sep 2005.

[KAH00] Kahneman, D., and Tversky, A. (eds.). Choices, Values and Frames. Cambridge Univ Press, 2000.

[KAH67] Kahn, D. The Codebreakers. Macmillan, 1967.

[KAH96] Kahn, D. The Codebreakers. Scribner, 1996.

[KAL93a] Kaliski, B. "Privacy Enhancement for Internet Electronic Mail, Part IV." Internet Report, RFC 1424: Key Certificates and Services, Feb 1993.

[KAM06] Kaminsky, D. "Explorations in Namespace: White-Hat Hacking Across the Domain Name System." Comm ACM, v49 n6, Jun 2006, p6268.

[KAN04] Kantarcioglu, M., and Clifton, C. "Privacy Preserving Data Mining of Association Rules on Horizontally Partitioned Data." Trans on Knowledge and Data Engineering, v16 n9, Sept 2004, p10261037.

[KAN98] Kaner, C., and Pils, D. Bad Software. Wiley, 1998.

[KAP92] Kaplan, R., and Norton, D. The Balanced Scorecard: Measures That Drive Performance. Harvard Business Review, 1992.

[KAR01] Karr, M. "Semiotics and the Shakespeare Authorship Debate: The Authorand His IconDo Make a Difference in Understanding the Works." Shakespeare Oxford Newsletter, v36 n4, Winter 2001.

[KAR02] Karger, P., and Schell, R. "Thirty Years Later: Lessons from the Multics Security Evaluation." IBM Research Report, RC22543, 31 Jul 2002.

[KAR72] Karp, R. "Reducibility Among Combinatorial Problems." Complexity of Computer Computations, Plenum Press, 1972, p85104.

[KAR74] Karger, P., and Schell, R. "MULTICS Security Evaluation: Vulnerability Analysis, vol 2." Electronic Systems Division Technical Report, TR-74-193, 1974. URL: csrc.nist.gov/publications/history/karg74.pdf.

[KAR84] Karger, P., and Herbert, A. "An Augmented Capability Architecture to Support Lattice Security." Proc IEEE Symp on Security & Privacy, 1984, p212.

[KAR88] Karger, P. "Implementing Commercial Data Integrity with Secure Capabilities." Proc IEEE Symp on Security & Privacy, 1988, p130139.

[KAR90] Karger, P., et al. "A VMM Security Kernel for the VAX Architecture." Proc IEEE Symp on Security & Privacy, 1990, p219.

[KAR91a] Karger, P., et al. "A Retrospective on the VAX VMM Security Kernel." IEEE Trans on Software Engineering, v17 n11, Nov 1991, p11471165.

[KAR91b] Karger, P., and Wray, J. "Storage Channels in Disk Arm Optimization." Proc IEEE Symp on Security & Privacy, 1991, p5261.

[KEM02] Kemmerer, R., and Vigna, G. "Intrusion Detection: A Brief History and Overview." IEEE Security & Privacy, v1 n1, Apr 2002, p2730.

[KEM83] Kemmerer, R. "Shared Resource Matrix Methodology." ACM Trans on Computing Systems, v1 n3, Oct 1983, p256277.

[KEM86] Kemmerer, R. "Verification Assessment Study Final Report." National Computer Security Center Technical Report, NCSC C3-CR01-86, Mar 1986.

[KEN03] Kent, S. and Millett, L. (eds). Who Goes There? Authentication Through the Lens of Privacy. National Academy of Sciences Press, 2003.

[KEN93] Kent, S. "Privacy Enhancement for Internet Electronic Mail, Part II." Internet Report, RFC 1422: Certificate-Based Key Management, Feb 1993.

[KEN98] Kent, S., and Atkinson, R. "Security Architecture for the Internet Protocol." Internet Technical Report, RFC 2401, Nov 1998.

[KEP93] Kephart, J., et al. "Computers and Epidemiology." IEEE Spectrum, v30 n5, May 1993, p2026.

[KIM98] Kim, G., and Spafford, E. "Tripwire: A Case Study in Integrity Monitoring." in [DEN98], 1998.

[KLE90] Klein, D. "Foiling the Cracker: Survey and Improvements to Password Security." Proc Usenix Unix Security II Workshop, 1990, p514.

[KNI02] Knight, W. "Anti-Snooping Operating System Close to Launch." The New Scientist, 28 May 2002. URL: www.newscientist.com/news/print.jsp?id-ns99992335.

[KNI98] Knight, E., and Hartley, C. "The Password Paradox." Business Security Advisor Magazine, Dec 1998.

[KNU02] Knudsen, L., et al. "On the Design and Security of RC2." Proc First Fast Software Encryption Workshop (Springer Lecture Notes), n1372, Springer, Mar 1998, p206221.

[KNU73] Knuth, D. The Art of Computer Programming, vol. 1: Fundamental Algorithms. Addison-Wesley, 1973.

[KNU81] Knuth, D. The Art of Computer Programming, vol. 2: Seminumerical Algorithms. Addison-Wesley, 1981.

[KO97] Ko, C. "Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-Based Approach." Proc IEEE Symp on Security & Privacy, 1997, p175187.

[KOC99] Kocher, P. "Breaking DES." RSA Laboratories Cryptobytes, v4 n2, 1999.

[KOH78] Kohnfelder, L. "Towards a Practical Public-Key Cryptosystem." MIT EE Bachelor's Thesis, 1978.

[KOH93] Kohl, J., and Neuman, C. "The Kerberos Network Authentication Service (V5)." Internet Report, RFC 1510, Sep 1993.

[KON80] Konheim, A., et al. "The IPS Cryptographic Programs." IBM Systems Jl, v19 n2, 1980, p253283.

[KON81] Konheim, A. Cryptography, A Primer. Wiley, 1981.

[KOV98] Koved, L., et al. "The Evolution of Java Security." IBM Systems Jl, v37 n3, 1998, p349.

[KUR92] Kurak, C., and McHugh, J. "A Cautionary Note on Image Downgrading." Proc Computer Security Applications Conf, 1992, p153159.

[LAG83] Lagarias, J. "Knapsack Public Key Cryptosystems and Diophantine Approximations." Proc Crypto Conf, 1983, p323.

[LAM00] Lampson, B. "Computer Security in the Real World." Proc Computer Security Applications Conf, 2000. URL: www.acsac.org/invited-essay/essays/2000-lampson.pdf.

[LAM06] Lambert, R. "Understanding Elliptical-Curve Cryptography." unpublished web report, Embedded.com, 18 Jan 2006. URL: www.embedded.com/showarticle.jhtml?articleID=177101463.

[LAM71] Lampson, B. "Protection." Proc Princeton Symp, reprinted in Operating Systems Review, v8 n1, Jan 1974, p1824. URL: research.microsoft.com/~lampson/09-protection/Acrobat.pdf.

[LAM73] Lampson, B. "A Note on the Confinement Problem." Comm of the ACM, v16 n10, Oct 1973, p613615.

[LAM76] Lampson, B., and Sturgis, H. "Reflections on an Operating System Design." Comm of the ACM, v19 n5, May 1976, p251266.

[LAM82] Lamport, L., et al. "The Byzantine Generals Problem." ACM Trans on Prog Languages and Systems, v4 n3, Jul 1982, p382401.

[LAM84] Lamport, L. "Solved Problems, Unsolved Problems, and Non-Problems in Concurrency." Proc ACM Principles of Distributed Computing Conf, 1984.

[LAM92] Lampson, B., et al. "Authentication in Distributed Systems: Theory and Practice." Digital Equip Corp Sys Research Center, Report 83, Feb 1992.

[LAN00a] Landau, S. "Standing the Test of Time: The Data Encryption Standard." Notices of the AMS, V47 n3, Mar 2000, p341349.

[LAN00b] Landau, S. "Communications Security for the Twenty-First Century: The Advanced Encryption Standard." Notices of the AMS, v47 n4, Apr 2000, p450459.

[LAN81] Landwehr, C. "Formal Models for Computer Security." Computing Surveys, v13 n3, Sep 1981, p247278.

[LAN83] Landwehr, C., et al. "The Best Available Technologies for Computer Security." IEEE Computer, v16 n7, Jul 1983, p86100.

[LAN93] Landwehr, C., et al. "Computer Program Security Flaws." NRL Technical Report, Nov 1993.

[LAN94] Landau, S., et al. "Crypto Policy Perspectives." Comm of the ACM, v37 n8, Aug 1994, p115121.

[LAU95] Laudon, K. "Ethical Concepts and Information Technology." Comm of the ACM, v38 n12, Dec 1995, p3339.

[LAW02] Lawton, G. "Open Source Security: Opportunity or Oxymoron?." IEEE Computer, v35 n3, Mar 2002, p1821.

[LEE88] Lee, T. "Using Mandatory Integrity to Enforce Commercial Security." Proc IEEE Symp on Security & Privacy, 1988.

[LEE98] Lee, W., and Stolfo, S. "Data Mining Approaches for Intrusion Detection." Proc 1998 7th USENIX Security Symp, 1998, p7994.

[LEH05] Lehembre, G. "WiFi SecurityWEP, WPA and WPA2." Internet white paper, hakin9.org, Jun 2005.

[LEM79] Lempel, A. "Cryptology in Transition." Computing Surveys, v11 n4, Dec 1979, p285303.

[LEN01] Lenstra, A., and Verheul, E. "Selecting Cryptographic Key Sizes." Jl of Cryptology, v13 n4, 2001, p255293.

[LEV04] Levy, E. "Interface Illusions." IEEE Security & Privacy, v2 n6, Nov 2004, p6669.

[LEV06] Levine J., et al. "Detecting and Categorizing Kernel-Level Rootkits to Aid Future Detection." IEEE Security & Privacy, v4 n1, Jan 2006, p2432.

[LEX76] Lexan Corp. "An Evaluation of the DES." unpublished report, Lexan Corp., Sep 1976.

[LIE89] Liepins, G., and Vaccaro, H. "Anomaly Detection: Purpose and Framework." Proc National Computer Security Conf, 1989, p495504.

[LIE92] Liepens, G., and Vaccaro, H. "Intrusion Detection: Its Role and Validation." Computers & Security, v11 n4, Jul 1992, p347355.

[LIN75] Linde, R. "Operating System Penetration." Proc AFIPS National Computer Conf, 1975.

[LIN76] Linden, T. "Operating System Structures to Support Security and Reliable Software." Computing Surveys, v8 n4, Dec 1976, p409445.

[LIN90] Linn, J. "Practical Authentication for Distributed Computing." Proc IEEE Symp on Security & Privacy, 1990, p3140.

[LIN93] Linn, J. "Privacy Enhancement for Internet Electronic Mail, Part I." Internet Report, RFC 1421: Message Encipherment & Authentication, Feb 1993.

[LIN97] Linn, J. "Generic Security Services Application Programming Interface, version 2." Internet Technical Report, RFC 2078, Jan 1997.

[LIN99] Lindqvist, U., and Porras, P. "Detecting Computer and Network Misuse with the Production-Based Expert System Toolset." Proc IEEE Symp on Security & Privacy, 1999, p146161.

[LIP77] Lipton, R., and Snyder, L. "A Linear Time Algorithm for Deciding Subject Security." Jl of the ACM, v24 n3, Jul 1977, p455464.

[LIT99] Litchfield, D. "Alert: Microsoft's Phone Dialer Contains a Buffer Overflow that Allows Execution of Arbitrary Code." NTBugtraq archives, 30 Jul 1999.

[LOR06] Lorenzi, R. "Mafia Boss's Encrypted Messages Deciphered." Discovery News, 17 Apr 06.

[LUN89] Lunt, T. "Aggregation and Inference: Facts and Fallacies." Proc IEEE Symp on Security & Privacy, 1989, p102109.

[LUN90a] Lunt, T., et al. "The SeaView Security Model." IEEE Trans on Software Engineering, vSE-16 n6, Jun 1990.

[LUN90b] Lunt, T., and Fernandez, E. "Database Security." SIGMOD Record, v19 n4, Dec 1990, p9097.

[LUN92] Lunt, T., et al. "A Real-Time Intrusion Detection Expert System (IDES)." SRI Technical Report, Final Report, Feb 1992.

[LUN93] Lunt, T. "A Survey of Intrusion Detection Techniques." Computers & Security, v12 n4, Jun 1993, p405418.

[LYN93] Lynch, D. Internet Systems Handbook. Addison-Wesley, 1993.

[LYO89] de Lyons, G. "Ko Vaht Chan Ellz." private communication, 1989.

[MAL02] Malin, B., and Sweeney, L. "Compromising Privacy in Distributed Population-Based Databases with Trail Matching: A DNA Example." CMU Tech Report CMU-CS-02-189, Dec 2002.

[MAN00] Manski, C. "Economic Analysis of Social Interaction." Jl of Economic Perspectives, v4 n3, Summer 2000, p115136.

[MAN01] Mansfield, T., et al. "Biometric Product Testing Final Report." National Physical Laboratory Technical Report, version 1.0, 19 Mar 2001.

[MAN98] Mann, C. "Who Will Own Your Next Good Idea?" Atlantic Monthly, Sep 1998, p5782.

[MAR05] Marin, G. "Network Security Basics." IEEE Security & Privacy, v3 n6, Nov 2005.

[MAR98] Marks, L. Between Silk and Cyanide. Free Press, 1998.

[MAS95] Mason, R. "Applying Ethics to Information Technology Issues." Comm of the ACM, v38 n12, Dec 1995, p5557.

[MAT02] Matsumoto, T., et al. "Impact of Artificial Gummy Fingers on Fingerprint Systems." Proc of SPIE: Optical Security and Counterfeit Detection Techniques IV, v4677, 2002. URL: www.lfca.net/Fingerprint-System-Security-Issues.pdf.

[MAT03] Matyas, V., and Riha, Z. "Toward Reliable User Authentication Through Biometrics." IEEE Security & Privacy, v1 n3, May 2003, p4549.

[MAT78] Matyas, S., and Meyer, C. "Generation, Distribution and Installation of Cryptographic Keys." IBM Systems Jl, v17 n2, 1978, p126137.

[MAY90] Mayer, F., and Padilla, S. "What Is a B3 Architecture." Trusted Information Systems unpublished manuscript, Jan 1990.

[MAY91] Mayfield, T., et al. "Integrity in Automated Information Systems." C Technical Report, 7991, Sep 1991.

[MCC03] McCarty, B. "The Honeynet Arms Race." IEEE Security & Privacy, v1 n6, 2003, p7982.

[MCC79] McCauley, E., and Drongowski, P. "KSOSThe Design of a Secure Operating System." Proc AFIPS National Computer Conf, 1979, p345353.

[MCD93] McDermid, John A. "Safety-Critical Software: A Vignette." IEEE Software Engineering Jl, v8 n1, 1993, p23.

[MCL90a] McLean, J. "The Specification and Modeling of Computer Security." IEEE Computer, v23 n1, Jan 1990, p916.

[MCL90b] McLean, J. "Security Models and Information Flow." Proc IEEE Symp on Security & Privacy, 1990, p180187.

[MEA02] Mearian, L. "Banks Eye Biometrics to Deter Consumer Fraud." Computerworld, 28 Jan 2002.

[MER78a] Merkle, R. "Secure Communication over Insecure Channels." Comm of the ACM, v21 n4, Apr 1978, p294299.

[MER78b] Merkle, R., and Hellman, M. "Hiding Information and Signatures in Trapdoor Knapsacks." IEEE Trans on Information Theory, vIT-24 n5, Sep 1978, p525530.

[MER80] Merkle, R. "Protocols for Public Key Cryptosystems." Proc IEEE Symp on Security & Privacy, 1980, p122133.

[MER81] Merkle, R., and Hellman, M. "On the Security of Multiple Encryption." Comm of the ACM, v24 n7, Jul 1981, p465.

[MEY82] Meyer, C., and Matyas, S. Cryptography: A New Dimension in Computer Security. Wiley, 1982.

[MIL03] Millett, L., and Holden, S. "Authentication and Its Privacy Effects." IEEE Internet Computing, v7 n6, Nov 2003, p5458.

[MIL88] Millen, J. "Covert Channel Analysis." unpublished notes, 1988.

[MIL92] Millen, J. "A Resource Allocation Model for Denial of Service." Proc IEEE Symp on Security & Privacy, 1992, p137147.

[MIY89] Miyaguchi, S. "The FEAL-8 Cryptosystem and Call for Attack." Proc Crypto Conf, 1989, p624627.

[MOR77] Morris, R., et al. "Assessment of the NBS Proposed Data Encryption Standard." Cryptologia, v1 n3, Jul 1977, p281291.

[MOR79] Morris, R., and Thompson, K. "Password Security: A Case History." Comm of the ACM, v.22 n11, Nov 1979, p594597. URL: portal.acm.org/citation.cfm?doid=359168.359172.

[MOR85] Morris, R. "A Weakness in the 4.2BSD Unix TCP/IP Software." AT&T Bell Laboratories Computing Science Technical Report, 117, 1985.

[MUD95] Mudge. "How to Write Buffer Overflows." L0pht Report, 20 Oct 1995.

[MUD97] Mudge. "NT LAN Manager Password Vulnerabilities." L0phtcrack Technical Rant, 1997. URL: www.kbeta.com/Security_Tips/Vulnerabilities/NTTLanManPassRant.htm.

[MUF92] Muffett, A. "Crack, A Sensible Password Checker for Unix." unpublished report, 1992. URL: www.cert.org/pub/tools/crack.

[MUK94] Muklherjee, B., et al. "Network Intrusion Detection." IEEE Network, MayJun 1994, p2641.

[MUL99] Mulligan, D. "Testimony of the Center for Democracy and Technology." Public Workshop on Online Profiling, 30 No 1999.

[MUR90] Murphy, S. "The Cryptanalysis of FEAL-4 with 20 Chosen Plaintexts." Jl of Cryptology, v2 n3, 1990, p145154.

[MYE80] Myers, P. Subversion: The Neglected Aspect of Computer Security. Naval Postgraduate School Master's thesis, Jun 1980. URL: csrc.nist.gov/publications/history/myer80.pdf.

[NAR06a] Naraine, R. "Return of the Web Mob." eWeek, 10 Apr 2006.

[NAR06b] Naraine, R. "Microsoft Says Recovery from Malware Becoming Impossible." eWeek, 4 Apr 2006.

[NAS00] NASA (National Aeronautics & Space Administration). "MARS Program Assessment Report Outlines Route to Success." Press Release, 00-46, March 2000.

[NAS90] Nash, M., and Poland, K. "Some Conundrums Concerning Separation of Duty." Proc IEEE Symp on Security & Privacy, 1990, p201207.

[NAS98] NAS (National Academy of Sciences). Trust in Cyberspace. National Academy Press, 1998.

[NAU93] Naur, Peter. "Understanding Turing's Universal Machine." Computer Jl, v36 n4, 1993, p351371.

[NBS77] NBS (U.S. Natl Bureau of Standards). "Data Encryption Standard." FIPS, Publ. 46, Jan 1977.

[NBS80] NBS (U.S. Natl Bureau of Standards). "DES Modes of Operation." FIPS, Publ. 81, US Government Printing Office, 1980.

[NCS85] NCSC (Natl Comp Sec Center). "Orange Book". same as [DOD85], 1985.

[NCS87] NCSC (Natl Comp Sec Center). "Trusted Network Interpretation." National Computer Security Center, NCSC-TG-005-ver1, 1987.

[NCS91a] NCSC (Natl Comp Sec Center). "A Guide to Understanding Data Remanence." National Computer Security Center, NCSC-TG-025 ver2, Sep 1991.

[NCS91b] NCSC (Natl Comp Sec Center). "Integrity-Oriented Control Objectives." C Technical Report, 11191, Oct 1991.

[NCS92] NCSC (Natl Comp Sec Center). "Trusted Computer System Architecture: Assessing Modularity." internal working paper, unpublished, 18 Dec 1992.

[NEC96] Necula, G., and Lee, P. "Proof-Carrying Code." Carnegie-Mellon Univ School of Computer Science Technical Report, CMU-CS-96-165, Nov 1996.

[NEU78] Neumann, P. "Computer System Security Evaluation." Proc AFIPS National Computer Conf, 1978, p10871095.

[NEU82] Neugent, W. "Acceptance Criteria for Computer Security." Proc AFIPS National Computer Conf, 1982, p443448.

[NEU83] Neumann, P. "Experience with Formality in Software Development." Theory and Practice of Software Technology, North-Holland, North-Holland, 1983, p203219.

[NEU86] Neumann, P. "On the Hierarchical Design of Computing Systems for Critical Applications." IEEE Trans on Software Engineering, vSE-12 n9, Sep 1986, p905920.

[NEU90a] Neumann, P. "Toward Standards and Criteria for Critical Computer Systems." Proc COMPASS Conf, 1990.

[NEU90b] Neumann, P. "Rainbows and Arrows: How Security Criteria Address Misuse." Proc National Computer Security Conf, 1990, p414422.

[NEU96] Neumann, P. "Primary Colors and Computer Evidence." Risks Digest, v18 n26, 18 Jul 1996.

[NEU98] Neu, C., et al. "E-Mail Communication Between Government and Citizens." RAND Corp Issue Paper, IP-178, 1998.

[NEW06] Newitz, A. "The RFID Hacking Underground." Wired, v14 n5, May 2006.

[NIS01] NIST (National Institute of Standards and Technology). "Specification for the Advanced Encryption Standard (AES)." FIPS, 197, 2001.

[NIS05] NIST (Natl Inst of Standards and Technology). "Recommendations for Key Management: Part 1General." NIST Special Publication 800-57, Aug 2005.

[NIS06] NIST (Natl Inst of Standard and Technology). "NIST Comments on Cryptanalytic Attacks on SHA-1." unpublished web report, 25 Apr 2006. URL: www.csrc.nist.gov/pki/Hash-Workshop/NIST%20Statement/Burr_Apr2006.html.

[NIS91] NIST (National Institute of Standards and Technology). "Glossary of Computer Security Terminology." NIST Technical Report, NISTIR 4659, Sep 1991.

[NIS92] NIST (National Institute of Standards and Technology). "The Digital Signature Standard, Proposal and Discussion." Comm of the ACM, v35 n7, Jul 1992, p3654.

[NIS93] NIST (National Institute of Standards and Technology). "Secure Hash Standard." FIPS, Publ. 180, May 1993.

[NIS94] NIST (National Institute of Standards and Technology). "Digital Signature Standard." FIPS, Publ. 186, May 1994.

[NIS95] NIST (National Institute of Standards and Technology). "Secure Hash Standard." FIPS, Publ. 180-1, 17 Apr 1995.

[NOG02] Noguchi, Y. "High Wireless Acts." Washington Post, 28 Apr 2002.

[NOR00] Northcutt, S., et al. Network Intrusion Detection. 2nd ed, New Riders Publishing, 2000.

[NRC02] NRC (National Research Council). Cybersecurity Today and Tomorrow: Pay Now or Pay Later. National Academy Press, 2002.

[NRC05] NRC (National Research Council). "Asking the Right Questions About Electronic Voting." National Academies of Science white paper, 25 Sep 2005.

[NRC91] NRC (National Research Council). Computers at Risk: Safe Computing in the Electronic Age. National Academy Press, 1991.

[NRC96] NRC (National Research Council). Cryptography's Role in Securing the Information Society. National Academy Press, 1996.

[NSA01] NSA (National Security Agency). "The 60 Minute Network Security Guide." NSA white paper, 2001. URL: www.nsa.gov/Security-Recommendation-Guides.

[NSA05] NSA (National Security Agency). "Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF." NSA Report, I333-015R-2005, 13 Dec 2005.

[NSA92] NSA (National Security Agency). "Federal Criteria for Information Technology Security." NSA, Dec 1992.

[NSA95] NSA (National Security Agency). "SSE CMM: Systems Security Engineering Capability Maturity Model." NSA SSE-CMM Model and Application Report, 2 Oct 1995.

[OHA01] O'Harrow, R. "An Open Door to the E-Mailroom." Washington Post, 22 Jun 2001.

[OLI04] Oliveira, S., and Zaiane, O. "Achieving Privacy Preservation When Sharing Data for Clustering." Proc Intl Workshop on Secure Data Management in a Connected World, Aug 2004.

[OLS93] Olsen, N. "The Software Rush Hour." IEEE Software, v10 n5, May 1993, p2937.

[ORM03] Orman, H. "The Morris Worm: A Fifteen Year Retrospective." IEEE Security & Privacy, v1 n5, Sep 2003, p3543.

[OWA02] OWASP (Open Web Application Security Project). "A Guide to Building Secure Web Applications." OWASP Report, 2002. URL: www.owasp.org.

[OWA05] OWASP (Open Web Application Security Project). "A Guide to Building Secure Web Applications and Web Services." OWASP Tech Report, ver 2.0, 27 Jul 2005.

[PAL01] Palmer, C. "Ethical Hacking." IBM Systems Jl, v40 n3, 2001, p769780.

[PAN06] Panja, T. "Fingerprints Confirm Identity of Missing Man." Washington Post, 8 May 2006.

[PAR79] Parker, D. Ethical Conflicts in Computer Science and Technology. AFIPS Press, 1979.

[PAR81] Parker, D. Computer Security Management. Reston, 1981.

[PAR83] Parker, D. Fighting Computer Crime. Scribner, 1983.

[PAR84] Parker, D., and Nycum, S. "Computer Crime." Comm of the ACM, v27 n4, Apr 1984, p313321.

[PAR98] Parker, D. Fighting Computer Crime. Wiley, 1998.

[PAU93] Paullk, M., et al. "Capability Maturity Model, version 1.1." IEEE Software, v10 n4, Jul 1993, p1827.

[PAU95] Paulk, M. "How ISO 9001 Compares with the CMM." IEEE Software, v12 n1, Jan 1995, p7482.

[PEL05] Pelligra, V. "Under Trusting Eyes: The Responsive Nature of Trust." Economics and Social Interaction: Accounting for Interpersonal Relations, Cambridge Univ Press, 2005.

[PES01] Pescatore, J., et al. "Privacy and Security Still Challenge Microsoft Passport." Gartner Group First Take Report, FT-14-4259, 24 Sep 2001.

[PET91] Pethia, R., et al. "Guidelines for the Secure Operation of the Internet." Internet Report, RFC 1281, Nov 1991.

[PET95] Pettit, P. "The Cunning of Trust." Philosophy and Public Affairs, v24 n3, Jun 1995, p202225.

[PFL00] Pfleeger, S. "Risky Business: What We Have Yet to Learn About Software Risk Management." Jl of Systems and Software, v53 n3, Sep 2000.

[PFL01] Pfleeger, S., et al. Solid Software. Prentice-Hall, 2001.

[PFL06a] Pfleeger, S., and Atlee, J. Software Engineering: Theory and Practice. 4th ed., Prentice-Hall, 2006.

[PFL06b] Pfleeger, S., and Pfleeger, C. "Why We Won't Review Books by Hackers." IEEE Security & Privacy, v4 n4, Jul 2006.

[PFL06c] Pfleeger, S., et al. "Investing in Cyber Security: The Path to Good Practice." Cutter IT Jl, v19 n1, Jan 2006, p1118.

[PFL85] Pfleeger, S., and Straight, D. Introduction to Discrete Structures. John Wiley and Sons, 1985.

[PFL88] Pfleeger, C., and Pfleeger S. "A Transaction Flow Approach to Software Security Certification." Computers & Security, v7 n5, Oct 1988, p495502.

[PFL89] Pfleeger, C., et al. "A Methodology for Penetration Testing." Computers & Security, v8 n7, Nov 1989, p613620.

[PFL91] Pfleeger, S. "A Framework for Security Requirements." Computers & Security, v10 n6, Oct 1991, p515523.

[PFL92] Pfleeger, C., and Mayfield T. "NCSC Availability Study." Unpublished manuscript, Institute for Defense Analyses, 1992.

[PFL93] Pfleeger, C. "How can IT be Safe If It's Not Secure?." Proc Safety Critical Systems Conf, Apr 1993.

[PFL94] Pfleeger, C. "Uses and Misuses of Formal Methods in Computer Security." Proc IMA Conf on Mathematics of Dependable Systems, 1994.

[PFL97a] Pfleeger, S., and Hatton, L. "Investigating the Influence of Formal Methods." IEEE Computer, v30 n2, Feb 1997.

[PFL97b] Pfleeger, C. "The Fundamentals of Information Security." IEEE Software, v14 n1, January 1997, p1516, 60.

[PIN04] Pincus, J., and Baker, B. "Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns." IEEE Security & Privacy, v2 n4, Jul 2004, p2027.

[PIT05] PITAC (President's Information Technology Advisory Committee). "Cyber Security: A Crisis of Prioritization." Natl Coordination Office for Info Tech Research and Development, Feb 2005.

[POP74] Popek, G. "Protection Structures." IEEE Computer, v7 n6, Jun 1974, p2223.

[POT06] Potter, B. "Wireless Hotspots: Petri Dish of Wireless Security." Comm ACM, v49 n6, Jun 2006, p5056.

[PRA03] Prabhakar, S., et al. "Biometric Recognition: Security and Privacy Concerns." IEEE Security & Privacy, v1 n2, Mar 2003, p3342.

[PUB01] Public Citizen. "The Real Root Cause of the Ford/Firestone Tragedy: Why the Public Is Still at Risk." Public Citizen white paper, 25 Apr 2001. URL: www.citizen.org/documents/rootcause.pdf.

[PWC06] PWC (PricewaterhouseCoopers)DTI (Dept of Trade & Industry). "Information Security Breaches Survey 2006." PWC white paper, 2006. URL: www.pwc.com/uk/eng/ins-sol/publ/pwc_dti-fullsurveyresults06.pdf.

[RAB93] Rabin, M. "Incorporating Fairness Into Game Theory and Economics." American Economic Review, v83 n5, Sep 1993, p12811302.

[RAM99] Ramdell, B. "S/MIME Version3 Message Specification." Internet Technical Report, RFC 2633, Apr 1999.

[RAN05] Ranum, M. "Six Dumbest Ideas in Computer Security." Certified Security Online Magazine, 6 Sep 2005. URL: www.certifiedsecuritypro.com/content/view/154/90/.

[RAN92] Ranum, M. "A Network Firewall." Proc International Conf on Systems and Network Security and Management (SANS-1), Nov 1992.

[RAN94] Ranum, M., and Avolio, F. "A Toolkit and Methods for Internet Firewalls." Proc Usenix Security Symp, 1994.

[RAY04a] Raynal, F., et al. "Honeypot Forensics, Part I: Analyzing the Network." IEEE Security & Privacy, v2 n4, 2004, p7278.

[RAY04b] Raynal, F., et al. "Honeypot Forensics, Part II: Analyzing the Compromised Host." IEEE Security & Privacy, v2 n5, 2004, p7780.

[REZ03] Rezgui, A., et al. "Privacy on the Web: Facts, Challenges, and Solutions." IEEE Security & Privacy, v1 n6, Nov 2005, p4049.

[RIP02] Riptech, Inc. "Internet Security Threat Report." Riptech, Inc Technical Report, v2, Jul 2002.

[RIT03] Rittinghouse, J., and Hancock, W. Cybersecurity Operations Handbook. Elsevier, 2003.

[RIV78] Rivest, R., et al. "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems." Comm of the ACM, v21 n2, Feb 1978, p120126.

[RIV94] Rivest, R. "The RC5 Encryption Algorithm (corrected)." Proc 1994 Leuven Workshop on Fast Software Encryption, 1994.

[RIV98] Rivest, R., et al. "The RC6 Block Cipher, version 1.1." RSA Labs unpublished report, 20 Aug 1998. URL: theory.lcs.mit.edu/~rivest/publications.html.

[ROC89] Rochlis, J., and Eichin, M. "With Microscope and Tweezers: The Worm From MIT's Perspective." Comm of the ACM, v32 n6, Jun 1989.

[ROO93] Rook, P. "Risk Management for Software Development." ESCOM Tutorial, 24 March 1993.

[ROS30] Ross, W. The Right and the Good. Springer-Verlag, 1930.

[ROW06] Rowe, B., and Gallagher, M. "Private Sector Cyber Security Investment Strategies: An Empricial Analysis." Proc Fifth Annual Workshop on the Economics of Information Security, June 2006.

[RSA05] RSA Laboratories. "RSA-200 is Factored!." unpublished web report, 2005. URL: www.rsasecurity.com/rsalabs/node.asp?id=2879.

[RUB00] Rubin, A. "Security Considerations for Remote Electronic Voting over the Internet." Proc Internet Policy Institute Workshop on Internet Voting, Oct 2000.

[RUB01] Rubin, A. White Hat Arsenal. Addison-Wesley, 2001.

[RUB02] Rubin. A. "Security Considerations for Remote Electronic Voting." Comm ACM, v45 n12, Dec 2002, p3944.

[RUB98] Rubin, A., and Geer, D. "Mobile Code Security." IEEE Internet Computing, Nov-Dec 1998.

[RUS05] Russinovich, M. "Sony, Rootkits and Digital Rights Management Gone Too Far." internet blog, 31 Oct 2005. URL: www.sysinternals.com/blog/2005_10_01_archive.html.

[RUS83] Rushby, J., and Randell, B. "A Distributed Secure System." IEEE Computer, v16 n7, Jul 1983, p5567.

[RUS91] Russell, D., and Gangemi, G. Computer Security Basics. O'Reilly & Assoc., 1991.

[SAI05] Saita, A. "Laptops Lifted Right Under Corporate Noses." SearchSecurity, 4 Oct 2005.

[SAI96] Saiadian, H. "An Invitation to Formal Methods." IEEE Computer, v29 n4, Apr 1995, p1626.

[SAL74] Saltzer, J. "Protection and the Control of Information Sharing in MULTICS." Comm of the ACM, v17 n7, Jul 1974, p388402. URL: doi.acm.org/10.1145/361011.361067.

[SAL75] Saltzer, J., and Schroeder, M. "The Protection of Information in Computing Systems." Proc of the IEEE, v63 n9, Sep 1975, p12781308. URL: web.mit.edu/Saltzer/www/publications/protection/index.html.

[SAL90] Salomaa, A. Public Key Cryptography. Springer-Verlag, 1990.

[SAN02] Sandoval, R. "Why Hackers Are a Step Ahead of the Law." CNET Tech News, 14 May 2002.

[SAN05] Sandoval, G. "180Solutions Upgrades Security." cnet News, 6 Dec 2005.

[SAN93] Sandhu, R. "Lattice-Based Access Control Models." IEEE Computer, v26 n11, Nov 1993, p919.

[SAN96] Sandhu, R., et al. "Role Based Access Control Models." IEEE Computer, v29 n2, 1996, p3847.

[SCA01] Scambray, J., et al. Hacking Exposed. 3rd ed., McGraw-Hill, 2001.

[SCH00a] Schneier, B. Secrets and Lies: Digital Security in a Networked World. Wiley, 2000.

[SCH00b] Schell, R. "Note on Malicious Software." unpublished Naval Postgraduate School white paper, 2000.

[SCH01] Schell, R. "Information Security: Science, Pseudoscience, and Flying Pigs." Proc Computer Security Applications Conf, 2001. URL: www.acsac.org/invited-essay/essays/2001-schell.pdf.

[SCH02] Schjolberg, S. "The Legal FrameworkUnauthorized Access to Computer Systems: Penal Legislation in 43 Countries." Report of Moss [Norway] District Court, 15 Apr 2002. URL: www.mossbyrett.of.no/info/legal.html.

[SCH03] Schneier, B. "Locks and Full Disclosure." IEEE Security & Privacy, v1 n2, Mar 2003, p88.

[SCH04a] Schaefer, M. "If A1 Is the Answer, What Was the Question?." Proc ACSAC 2004 Applications Conf, 2004, p204228. URL: doi.ieeecomputersociety.org/10.1109/CSAC.2004.22.

[SCH04b] Schneier, B. "What's Wrong with Electronic Voting Machines." Open Democracy tech report, 9 Nov 2004.

[SCH05] Schneider, F., and Zhou, L. "Implementing trustworthy services using replicated state machines." IEEE Security & Privacy, v3 n5, Sept 2005, p3445.

[SCH06a] Schuman, E. "Consumers Resist Retail Biometrics." eWeek, 30 Jan 2006.

[SCH06b] Schneier, B. "Everyone Wants to 'Own'Your PC." Wired News, 4 May 06.

[SCH06c] Schneier, B. "Economics and Information Security." CryptoGram Newsletter, 15 Jul 2006.

[SCH72] Schroeder, M., and Saltzer, J. "A Hardware Architecture for Implementing Protection Rings." Comm of the ACM, v15 n3, Mar 1972, p157170.

[SCH77] Schaefer, M., et al. "Program Confinement in KVM/370." Proc ACM Annual Conf, 1977, p404410.

[SCH79] Schell, R. "Computer Security." Air Univ Review, Jan-Feb 1979, p1633. URL: www.airpower.au.af.mil/airchronicles/aureview/1979/jan-feb/schell.html.

[SCH83] Schell, R. "A Security Kernel for a Multiprocessor Microcomputer." IEEE Computer, v16 n7, July 1983, p4753.

[SCH89a] Schaefer, M. "Symbol Security Condition Considered Harmful." Proc IEEE Symp on Security & Privacy, 1989, p2046.

[SCH89b] Schaefer, M., et al. "Tea and I: An Allergy." Proc IEEE Symp on Security & Privacy, 1989.

[SCH90] Schaefer, M. "State of the Art and Trends in Trusted DBMS." Proc Deutsche Konferenz uber Computersicherheit, 1990, p119.

[SCH91] Schaefer, M. "Reflections on Current Issues in Trusted DBMS." Database Security IV: Status and Prospects, North-Holland, North-Holland, 1991.

[SCH96] Schneier, B. Applied Cryptography. 2nd ed. Wiley, 1996.

[SCH98] Schneier, B., et al. "Twofish: A 128-Bit Block Cipher." Unpublished Counterpane Technical Report, 15 Jun 1998. URL: www.counterpane.com/twofish.html.

[SEC99] SEC (US Army Software Engineering Center Security Office). OPSEC Primer. 27 Jun 1999.

[SEE89] Seeley, D. "Password Cracking: A Game of Wits." Comm of the ACM, v32 n6, Jun 1989, p700703.

[SEI01] Seife, C. "More Than We Need to Know." Washington Post, 19 Nov 2001, pA37.

[SEI03] Seigneur, J., and Jensen, C. "Privacy Recovery with Disposable Email Addresses." IEEE Security & Privacy, v1 n6, Nov 2003, p3539.

[SEI06] Seifert, J. "Data Mining and Homeland Security: An Overview." Congressional Research Service Report for Congress, RL31798, 27 Jan 2006.

[SEI90] Seiden, K., and Melanson, J. "The Auditing Facility for a VMM Security Kernel." Proc IEEE Symp on Security & Privacy, 1990, p262277.

[SHA00] Shankland, S. "German Programmer 'Mixter' Addresses Cyberattacks." CNET News.com, 14 Feb 2000.

[SHA49] Shannon, C. "Communication Theory of Secrecy Systems." Bell Systems Technical Jl, v28, Oct 1949, p659715.

[SHA79] Shamir, A. "How to Share a Secret." Comm of the ACM, v22 n11, Nov 1979, p612613.

[SHA80] Shamir, A., and Zippel, R. "On the Security of the Merkle-Hellman Cryptographic Scheme." IEEE Trans on Information Theory, vIT-26 n3, May 1980, p339340.

[SHA82] Shamir, A. "A Polynomial Time Algorithm for Breaking the Basic Merkle-Hellman Cryptosystem." Proc Crypto Conf, 1982, p279288.

[SHA93] Shamos, M. "Electronic VotingEvaluating the Threat." Proc Computers, Freedom and Privacy Conf, 1993.

[SHI96] Shimomura, T., and Markoff, J. Takedown. Hyperion, 1996.

[SHN04] Shneiderman, B. "Designing for Fun: How Can We Design Computer Interfaces to Be More Fun?" ACM Interactions, v11 n5, Sept 04, p4850.

[SHO82] Shock, J., and Hupp, J. "The "Worm" ProgramsEarly Experience with a Distributed Computing. System." Comm of the ACM, v25 n3, Mar 1982, p172180.

[SIB87] Sibert, W., et al. "Unix and B2: Are They Compatible?." Proc National Computer Security Conf, 1987, p142149.

[SID05] Sidiroglou, S., and Keromytis, A. "Countering Network Worms Through Automatic Patch Generation." IEEE Security & Privacy, v3 n6, Nov 2005, p4149.

[SIM78] Simon, H. "Rationality as Process and as Product of Thought." American Economic Review, v68, 1978, p116.

[SIM79] Simmons, G. "Symmetric and Asymmetric Encryption." Computing Surveys, v11 n4, Dec 1979, p305330.

[SIM92] Simmons, G. Contemporary Cryptology. IEEE Press, 1992.

[SIM94] Simmons, G. "Cryptanalysis and Protocol Failures." Comm of the ACM, v37 n11, Nov 1994, p5664.

[SIN66] Sinkov, A. Elementary Cryptanalysis: A Mathematical Approach. Mathematical Association of America, 1966.

[SIN99] Singh, S. The Code Book. Doubleday, 1999.

[SIP95] Sipior, J., and Ward, B. "The Ethical and Legal Quandary of Email Privacy." Comm of the ACM, v38 n12, Dec 1995, p4854.

[SIT01] Sit, E., and Fu, K. "Web Cookies: Not Just a Privacy Risk." Comm of the ACM, v44 n9, Sep 2001, p120.

[SLO02] Slovic, P., et al. "Rational Actors or Rational Fools: Implications of the Affect Heuristic for Behavioral Economics." Jl of Socio-Economics, v31 n4, 2002, p329342.

[SMI01] Smith, R. "Deciphering the Advanced Encryption Standard." Network Magazine, 5 Mar 2001. URL: www.networkmagazine.com/article/NMG20010226S0010/2.

[SMI05] Smith, S. "Pretending that Systems Are Secure." IEEE Security & Privacy, v3 n6, Nov 2005, p7376.

[SMI88a] Smid, M., and Branstad, D. "The Data Encryption Standard: Past Present and Future." Proc of the IEEE, v76 n5, May 1988, p550559.

[SMI88b] Smith, G. "Inference and Aggregation Security Attack Analysis." George Mason University Technical Paper, Sep 1988.

[SNO05] Snow, B. "We Need Assurance!." Proc ACSAC Conf, 2005. URL: www.acsa-admin.org/2005/papers/snow.pdf.

[SNO06] Sourcefire, Inc. "SNORT Intrusion Detection System." Unpublished web report, 2006. URL: snort.org/.

[SNY81] Snyder, L. "Formal Models of Capability-Based Protection Systems." IEEE Trans on Computers, vC-30 n3, May 1981, p172181.

[SOL03] Solove, D. and Rotenberg, M. Information Privacy Law. Aspen Publishers, 2003.

[SOL77] Solovay, R., and Strassen, V. "A Fast Monte-Carlo Test for Primality." SIAM Jl on Computing, v6, Mar 1977, p8485.

[SOO00] Soo Hoo, K. "How Much Is Enough? A Risk Management Approach to Computer Security." Center for International Security and Cooperation working paper, 2000. URL: cisac.stanford.edu/docs/soohoo.pdf.

[SPA89] Spafford, E. "The Internet Worm Incident." Proc European Software Engineering Conf, reprinted in [HOF90], 1989, p203227.

[SPA92a] Spafford, E. "Observing Reusable Password Choices." Proc Usenix Unix Security III Workshop, 1992, p299312.

[SPA92b] Spafford, E., and Weeber, S. "Software Forensics: Can We Track Code to its Authors?." SERC Technical Report, SERC-TR-110-P, 19 Feb 1992.

[SPA98] Spafford, E. "Are Computer Hacker Break-Ins Ethical?" in Denning. Internet Besieged, [DEN98], 493506.

[SPI02] Spitzner, L. Honeypots: Tracking Hackers. Addison-Wesley, 2002.

[SPI03a] Spitzner, L. "Honeypots: Catching the Insider Threat." 19th Computer Security Applications Conf, 2003, p170179.

[STA02a] Staniford, S., et al. "How To Own the Internet in Your Spare Time." Proc Usenix Security Symp, Aug 2002. URL: www.icir.org/vern/papers/cdc-usenix-sec02.

[STA02b] Stajano, F., and Anderson, R. "The Resurrecting Duckling: Security Issues for Ubiquitous Computing." IEEE Computer, supplement on Security and Privacy, Apr 2002.

[STA96] Staniford-Chen, S., et al. "GrIDSA Graph-Based Intrusion Detection System for Large Networks." Proc National Information Systems Security Conf, 1996.

[STE02] Steinke, S. Network Tutorial. 5th ed., Publishers Group West, 2002.

[STE88] Steiner, J. "Kerberos: An Authentication Service for Open Network Systems." Proc Usenix Conf, Feb 1988, p191202.

[STI96] Stinson, D. Cryptography: Theory and Practice. 2nd ed., CRC Press, 1996.

[STI99] Stillerman, M., et al. "Intrusion Detection for Distributed Applications." Comm of the ACM, v42 n7, Jul 1999, p6269.

[STO74] Stonebraker, M., and Wong, E. "Access Control in a Relational Data Base Management System by Query Modification." Proc ACM Annual Conf, 1974, p180186.

[STO88] Stoll, C. "Stalking the Wily Hacker." Comm of the ACM, v31 n5, May 1988, p484497.

[STO89] Stoll, C. The Cuckoo's Egg. Doubleday, 1989.

[SUG00] Sugden, R. "Team Performance." Economics and Philosophy, v16, 2000, p175204.

[SWA04] Swanson, E., and Ramiller, N. "Innovating Mindfully with Information Technology." MIS Quarterly, v28 n4, Oct 2004, p553583.

[SWE01] Sweeney, L. "Information Explosion." Confidentiality, Disclosure and Data Access, Urban Institute, 2001.

[SWE04] Sweeney, L. "Finding Lists of People on the Web." ACM Computers and Society, v37 n1, Apr 2004.

[SYM06] Symantec Corp. "Trends for July 05December 05." Symantec Internet Threat Report, v IX, Mar 2006.

[SYV97] Syverson, P., et al. "Anonymous Connections and Onion Routing." Proc IEEE Symp on Security & Privacy, 1997, p4454.

[TAN01] Tanenbaum, A. Modern Operating Systems. Prentice-Hall, 2001.

[TAN03] Tanenbaum, A. Computer Networks. 4th ed. Prentice-Hall PTR, 2003.

[TAP04] TAPAC (Technology and Privacy Advisory Committee to the DoD). "Safeguarding Privacy in the Fight Against Terrorism." committee report, 1 Mar 2004.

[TEC05] TechWeb News. "Many Would Trade Password for a Grande Mocha." TechWeb News, 6 May 2005.

[TEN90] Teng, H., et al. "Security Audit Trail Analysis Using Inductively Generated Predictive Rules." Proc Conf on Artificial Intelligence Applications, Mar 1990, p2429.

[TER98] Terry, D., et al. "The Case for Non-Transparent Replication: Examples from Bayou." IEEE Data Engineering, Dec 1998, p1220.

[THI01] Thibodeaux, M., et al. "Ethical Aspects of Information Assurance Education." Proc IEEE Systems Man and Cybernetics Information Assurance Workshop, 5 Jun 2001, p247251.

[THO03] Thompson, H. "Why Security Testing Is Hard." IEEE Security & Privacy, v1 n4, Jul 2003, p8386.

[THO06] Thompson, C. "Google's China Problem (And China's Google Problem)." New York Times, 23 Apr 2006.

[THO84] Thompson, K. "Reflections on Trusting Trust." Comm of the ACM, v27 n8, Aug 1984, p761763.

[TIP04] Tipton, H., and Krause, M. Information Security Management Handbook. Auerbach, 2004.

[TIS97] TIS (Trusted Information Systems). "TMach Security Architecture." TIS TMach Report, Edoc-0001-97A, 1997.

[TRO04] Trope, R. "A Warranty of Cyberworthiness." IEEE Security & Privacy, v2 n2, Mar 2004, p7376.

[TSI05] Tsipenyuk, K., et al. "Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors." IEEE Security & Privacy, v3 n6, Nov 2005, p8186.

[TUR03] Turos, J., et al. "Americans and Online Privacy: The System is Broken." Annenberg Public Policy Center / Univ of Pennsylvania report, Jun 2003.

[TUR05] Turow, J., et al. "Open to Exploitation: American Shoppers Online and Offline." Annenberg Public Policy Center/Univ of Pennsylvania report, Jun 2005.

[TUR75] Turn, R., and Ware, W. "Privacy and Security in Computer Systems." RAND Technical Report, P-5361, Jan 1975.

[UCS01] UCSD (Univ of California at San Diego). "Inferring Internet Denial-of-Service Activity." Cooperative Association for Internet Data Analysis Report, 25 May 2001. URL: www.caida.org/outreach/papers/backscatter/usenixsecurity01.pdf.

[VAI02] Vaidya, J., and Clifton, C. "Privacy Preserving Association Rule Mining in Vertically Partitioned Data." Proc ACM SIGKDD Intl Conf on Knowledge Discovery and Data Mining, 2002.

[VAI04] Vaidya, J., and Clifton, C. "Privacy-Preserving Data Mining: Why, How and When." IEEE Security & Privacy, v2 n6, Nov 2004, p1927.

[VIG01] Vigna, G., et al. "Designing a Web of Highly-Configurable Intrusion Detection Sensors." Proc Workshop on Recent Advances in Intrusion Detection (RAID 2001), Oct 2001.

[VIG99] Vigna, G., and Kemmerer, R. "NetSTAT: A Network-Based Intrusion Detection System." Jl of Computer Security, v7 n1, 1999, p3771.

[VIL05] Villarroel, R., et al. "Secure Information Systems DevelopmentA Survey and Comparison." Computers & Security, v24 n4, Jun 2005, p308321.

[VOL96] Volpano, D. "A Sound Type System for Secure Flow Analysis." Jl of Computer Security, v4 n3, 1996, p167187.

[WAL02] Walker, L. "Microsoft Wants Security Hard-Wired in Your Computer." Washington Post, 27 Jun 2002, pE1.

[WAN05] Wang, X., et al. "Finding Collisions in the Full SHA-1." Proc Crypto 2005, 2005.

[WAR73a] Ware, W. "Records, Computers and the Rights of Citizens." RAND Technical Report, P-5077, Aug 1973.

[WAR73b] Ware, W. "Data Banks, Privacy, and Society." RAND Technical Report, P-5131, Nov 1973.

[WAR79] Ware, W. "Security Controls for Computer Systems." RAND Technical Report, R-609-1, Oct 1979. URL: csrc.nist.gov/publications/history/ware70.pdf.

[WAR84] Ware, W. "Information System Security and Privacy." Comm of the ACM, v27 n4, Apr 1984, p316321.

[WAR95] Ware, W. "A Retrospective on the Criteria Movement." Proc National Computer Security Conf, 1995, p582588.

[WEA06] Weaver, A. "Biometric Authentication." IEEE Computer, v38 n2, Feb 2006, p9699.

[WEI95] Weissman, C. "Penetration Testing." in Information Security: An Integrated Collection of Essays, IEEE Computer Society Press, 1995.

[WEL90] Welke, S., et al. "A Taxonomy of Integrity Models, Implementations, and Mechanisms." Proc National Computer Security Conf, 1990, p541551.

[WHI01a] Whitehorn-Umphres, D. "Hackers, Hot Rods, and The Information Drag Strip." IEEE Spectrum, v38 n10, October 2001, p1417.

[WHI01b] Whitmore, J. "A Method for Designing Secure Solutions." IBM Systems Jl, v40 n3, 2001, p747.

[WHI03a] Whitaker, J., and Thompson, H. How to Break Software. Pearson Education, 2003.

[WHI03b] Whitaker, J. "No Clear Answers on Monoculture Issues." IEEE Security & Privacy, v1 n6, Nov 2005, p1819.

[WHI89] White, S. "Coping with Computer Viruses and Related Problems." Rogue Programs: Viruses, Worms, Trojan Horses, in [HOF90], 728.

[WHI99] Whitten, A., and Tygar, J. "Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0." Proc 8th USENIX Security Symp, Aug 1999.

[WIE83] Wiesner, S. "Conjugate Coding." ACM SIGACT News, v15 n1, 1983, p7888.

[WIL01] Williams, P. "Organized Crime and Cybercrime: Synergies, Trends and Responses." Global Issues, v8 n1, Aug 2001.

[WIL05] Wilson, C. "Computer Attack and Cyberterrorism: Vulnerabilities and Policy Issues for Congress." Congressional Research Service Report for Congress, RL45184, 1 Apr 2005.

[WIL06] Willemson, J. "On the Gordon and Loeb Model for Information Security Investment." Proc Fifth Annual Workshop on the Economics of Information Security, June 2006.

[WOO87] Wood, C., et al. Computer Security: A Comprehensive Controls Checklist. Wiley, 1987.

[WU05] Wu, H. "The Misuses of RC4 in Microsoft Word and Excel." IACR cryptology e-print archive, v2005 n7, 2005. URL: eprint.iacr.org/2005/007.

[WUL74] Wulf, W., et al. "Hydra: The Kernel of a Multiprocessor Operating System." Comm of the ACM, v17 n6, Jun 1974, p337345.

[YAN04] Yan, J., et al. "Password Memorability and Security: Empirical Results." IEEE Security & Privacy, v 4 n5, Sep 2004, p2531.

[YAR31] Yardley, H. The American Black Chamber. Bobbs-Merrill, 1931.

[ZIM86] Zimmerman, P. "A Proposed Standard Format for RSA Cryptosystems." IEEE Computer, v19 n9, Sep 1986, p2134.

[ZIM95a] Zimmerman, P. The Official PGP User's Guide. MIT Press, 1995.

[ZIM95b] Zimmerman, P. PGP Source Code and Internals. MIT Press, 1995.