Security engineering - a guide to building dependable distributed systems (2. ed.)

Gigantically comprehensive and carefully researched, Security Engineering makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorized use, and general malice. Better, Ross Anderson offers a lot of thoughts on how information can be made more secure (though probably not absolutely secure, at least not forever) with the help of both technologies and management strategies. His work makes fascinating reading and will no doubt inspire considerable doubt--fear is probably a better choice of words--in anyone with information to gather, protect, or make decisions about. Be aware: This is absolutely not a book solely about computers, with yet another explanation of Alice and Bob and how they exchange public keys in order to exchange messages in secret. Anderson explores, for example, the ingenious ways in which European truck drivers defeat their vehicles' speed-logging equipment. In another section, he shows how the end of the cold war brought on a decline in defenses against radio-frequency monitoring (radio frequencies can be used to determine, at a distance, what's going on in systems--bank teller machines, say), and how similar technology can be used to reverse-engineer the calculations that go on inside smart cards. In almost 600 pages of riveting detail, Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity, and always use common sense in defending valuables. A terrific read for security professionals and general readers alike. --David Wall Topics covered: How some people go about protecting valuable things (particularly, but not exclusively, information) and how other people go about getting it anyway. Mostly, this takes the form of essays (about, for example, how the U.S. Air Force keeps its nukes out of the wrong hands) and stories (one of which tells of an art thief who defeated the latest technology by hiding in a closet). Sections deal with technologies, policies, psychology, and legal matters.

[1]  G. R. Blakley,et al.  Safeguarding cryptographic keys , 1899, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[2]  Zoe Emily Schnabel The Estimation of the Total Fish Population of a Lake , 1938 .

[3]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[4]  H. F. Gaines,et al.  Cryptanalysis: A Study of Ciphers and Their Solution , 1956 .

[5]  Edsger W. Dijkstra,et al.  Solution of a problem in concurrent programming control , 1965, CACM.

[6]  R. M. Graham Protection in an information processing utility , 1968, CACM.

[7]  Clark Weissman,et al.  Security controls in the ADEPT-50 time-sharing system , 1899, AFIPS '69 (Fall).

[8]  Brian Randell,et al.  Software engineering : report on a conference sponsored by the NATO Science Committee, Garmisch, Germany, 7th to 11th October 1968 , 1969 .

[9]  Michael D. Schroeder,et al.  Cooperation of mutually suspicious subsystems in a computer utility , 1972 .

[10]  Butler W. Lampson,et al.  A note on the confinement problem , 1973, CACM.

[11]  Gerald J. Popek,et al.  Preliminary Notes on the Design of Secure Military Computer Systems. , 1973 .

[12]  K. G. Walter,et al.  Primitive Models for Computer Security , 1974 .

[13]  F. W. Winterbotham The Ultra Secret , 1974 .

[14]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[15]  Dorothy E. Denning,et al.  A lattice model of secure information flow , 1976, CACM.

[16]  Jeffrey D. Ullman,et al.  Protection in operating systems , 1976, CACM.

[17]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[18]  K. J. Bma Integrity considerations for secure computer systems , 1977 .

[19]  C. Baum EMP radiation and protective techniques , 1978, Proceedings of the IEEE.

[20]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[21]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[22]  Leslie Chapman Your disobedient servant , 1978 .

[23]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[24]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[25]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[26]  Maurice V. Wilkes,et al.  The Cambridge CAP computer and its operating system (Operating and programming systems series) , 1979 .

[27]  Willis H Ware Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security , 1979 .

[28]  Summary , 1981, Vision Research.

[29]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[30]  A. Giordano,et al.  A Spread-Spectrum Simulcast MF Radio Network , 1982, IEEE Trans. Commun..

[31]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[32]  Roger S. Pressman,et al.  Software Engineering: A Practitioner's Approach , 1982 .

[33]  L. B. Milstein,et al.  Theory of Spread-Spectrum Communications - A Tutorial , 1982, IEEE Transactions on Communications.

[34]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[35]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[36]  Richard A. Kemmerer,et al.  Shared resource matrix methodology: an approach to identifying storage and timing channels , 1983, TOCS.

[37]  L. J. Fraim Scomp: A Solution to the Multilevel Security Problem , 1983, Computer.

[38]  Brian Randell,et al.  A Distributed Secure System , 1983, 1983 IEEE Symposium on Security and Privacy.

[39]  Dorothy E. Denning,et al.  Inference Controls for Statistical Databases , 1983, Computer.

[40]  Gustavus J. Simmons,et al.  The Prisoners' Problem and the Subliminal Channel , 1983, CRYPTO.

[41]  Ken Thompson,et al.  Reflections on trusting trust , 1984, CACM.

[42]  Gordon Welchman The Hut Six Story , 1984 .

[43]  J. Wilkins Mercury or The Secret and Swift Messenger , 1984 .

[44]  Abraham Bookstein,et al.  Cryptography: A new dimension in computer data security ? and ?. Wiley-Interscience, New York (1982). xxi + 775 pp., $43.95. ISBN 0471-04892-5. , 1985 .

[45]  Louis Kruh,et al.  Machine Cryptography and Modern Cryptanalysis , 1985 .

[46]  David K. Gifford,et al.  The CIRRUS banking network , 1985, CACM.

[47]  Henry Petroski,et al.  To Engineer is Human , 1985 .

[48]  P. S. Tasker,et al.  DEPARTMENT OF DEFENSE TRUSTED COMPUTER SYSTEM EVALUATION CRITERIA , 1985 .

[49]  Harold Joseph Highland,et al.  Electromagnetic radiation revisited , 1986, Computers & security.

[50]  N. Koblitz A Course in Number Theory and Cryptography , 1987 .

[51]  W. W. Royce,et al.  Managing the development of large software systems: concepts and techniques , 1987, ICSE '87.

[52]  Peter Wright,et al.  Spy Catcher : The Candid Autobiography of a Senior Intelligence Officer , 1987 .

[53]  H. Varian Intermediate Microeconomics: A Modern Approach , 1987 .

[54]  Leslie Lamport,et al.  The Byzantine generals , 1987 .

[55]  David D. Clark,et al.  A Comparison of Commercial and Military Computer Security Policies , 1987, 1987 IEEE Symposium on Security and Privacy.

[56]  B. Clifford Neuman,et al.  Kerberos: An Authentication Service for Open Network Systems , 1988, USENIX Winter.

[57]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[58]  Gustavus J. Simmons,et al.  A survey of information authentication , 1988, Proc. IEEE.

[59]  Gustavus J. Simmons,et al.  How to insure that data acquired to verify treaty compliance are trustworthy , 1988, Proc. IEEE.

[60]  Jon A. Rochlis,et al.  With microscope and tweezers: an analysis of the Internet virus of November 1988 , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[61]  J. Rubenfeld The Right of Privacy , 1989 .

[62]  M. Schaefer,et al.  Symbol security condition considered harmful , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[63]  Eugene H. Spafford,et al.  The internet worm program: an analysis , 1989, CCRV.

[64]  Yvo Desmedt,et al.  Threshold Cryptosystems , 1989, CRYPTO.

[65]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[66]  John E. Gaffney,et al.  On predicting software reliability , 1989, [1989] Proceedings of the Thirteenth Annual International Computer Software & Applications Conference.

[67]  Steve R. White,et al.  An evaluation system for the physical security of computing systems , 1990, [1990] Proceedings of the Sixth Annual Computer Security Applications Conference.

[68]  C. Powell The Radar War: Germany's Pioneering Achievement 1904–45; .David Pritchard. 240 pages, 16×24 cm, 39 Figs, 63 photographs, Patrick Stevens Ltd, 1989. £14.95 (hardcover) , 1990 .

[69]  John McLean,et al.  The specification and modeling of computer security , 1990, Computer.

[70]  Peter Smulders,et al.  The threat of information theft by reception of electromagnetic radiation from RS-232 cables , 1990, Comput. Secur..

[71]  G. B. Finelli,et al.  The infeasibility of experimental quantification of life-critical software reliability , 1991, SIGSOFT '91.

[72]  Marie A. Wright Security controls in ATM systems , 1991 .

[73]  Wayne Madsen Government-sponsored computer warfare and sabotage , 1992, Comput. Secur..

[74]  C. Weissman BLACKER: security for the DDN examples of A1 security engineering trades , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[75]  James L. Clark,et al.  UNIX Operating System Security , 1992, SEC.

[76]  Gustavus J. Simmons,et al.  The Smart Card: A Standardized Security Device Dedicated to Public Cryptology , 1992 .

[77]  Derrick Grover,et al.  The Protection of Computer Software: Its Technology and Application , 1992 .

[78]  Simon N. Foley,et al.  Aggregation and Separation as Noninterference Properties , 1992, J. Comput. Secur..

[79]  Daniel Klein,et al.  Foiling the cracker: A survey of, and improvements to, password security , 1992 .

[80]  Gustavus J. Simmons,et al.  An Introduction to Shared Secret and/or Shared Control Schemes and Their ApplicationThis work was performed at Sandia National Laboratories and supported by the U.S. Department of Energy under contract number DEAC0476DPOO789. , 1992 .

[81]  Serge Vaudenay,et al.  FFT-Hash-II is not yet Collision-free , 1992, CRYPTO.

[82]  Harold Joseph Highland,et al.  Perspectives in Information Technology Security , 1992, IFIP Congress.

[83]  Eugene H. Spafford,et al.  OPUS: Preventing weak password choices , 1992, Comput. Secur..

[84]  Alan Solomon,et al.  A brief history of PC viruses , 1993 .

[85]  Eli Biham,et al.  Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[86]  Bradford G. Nickerson,et al.  The cascade vulnerability problem , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[87]  Rainer A. Rueppel,et al.  Criticism of ISO CD 11166 Banking: Key Management by Means of Asymmetric Algorithms , 1993 .

[88]  Jeremy Epstein,et al.  User interface for a high assurance, windowing system , 1993, Proceedings of 9th Annual Computer Security Applications Conference.

[89]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[90]  Jeffrey O. Kephart,et al.  Measuring and modeling computer virus prevalence , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[91]  Hans van Vliet,et al.  Software engineering - principles and practice , 1993 .

[92]  Carl E. Landwehr,et al.  A Taxonomy of Computer Program Security Flaws, with Examples , 1993 .

[93]  Helen C. Shen,et al.  System for the Recognition of Human Faces , 1993, IBM Syst. J..

[94]  David Safford,et al.  The TAMU Security Package: An Ongoing Response to Internet Intruders in an Academic Environment , 1993, USENIX Security Symposium.

[95]  Ya-Qin Zhang,et al.  Security Analysis of the INTELSAT VI and VII Command Network , 1993, IEEE J. Sel. Areas Commun..

[96]  K. Gordon,et al.  Conducting filament of the programmed metal electrode amorphous silicon antifuse , 1993, Proceedings of IEEE International Electron Devices Meeting.

[97]  Jonathan K. Millen,et al.  A Resource Allocation Model for Denial of Service Protection , 1993, J. Comput. Secur..

[98]  D. Richard Kuhn,et al.  Improving public switched network security in an open environment , 1993, Computer.

[99]  Hank M. Kluepfel Securing a global village and its resources: baseline security for interconnected signaling system #7 telecommunications networks , 1993, CCS '93.

[100]  Moshe Zviran,et al.  A Comparison of Password Techniques for Multilevel Authentication Mechanisms , 1990, Comput. J..

[101]  John Daugman,et al.  High Confidence Visual Recognition of Persons by a Test of Statistical Independence , 1993, IEEE Trans. Pattern Anal. Mach. Intell..

[102]  Ira S. Moskowitz,et al.  A pump for rapid, reliable, secure communication , 1993, CCS '93.

[103]  John McHugh,et al.  A High Assurance Window System Prototype , 1993 .

[104]  Virgil D. Gligor,et al.  A guide to understanding covert channel analysis of trusted systems , 1993 .

[105]  D. Schilling Meteor burst communications : theory and practice , 1993 .

[106]  Paul C. van Oorschot,et al.  Parallel collision search with application to hash functions and discrete logarithms , 1994, CCS '94.

[107]  R. Hanson Can wiretaps remain cost-effective? , 1994, CACM.

[108]  Jean-Bernard Condat Toll fraud on french PBX systems , 1994, Comput. Law Secur. Rev..

[109]  Roger M. Needham,et al.  Denial of service: an example , 1994, CACM.

[110]  Gustavus J. Simmons,et al.  Subliminal channels; past and present , 2010, Eur. Trans. Telecommun..

[111]  Richard E. Smith Constructing a High Assurance Mail Guard , 1994 .

[112]  Oliver Costich,et al.  Achieving Database Security Through Data Replication: The Sintra Prototype , 1994 .

[113]  Benjamin Wright The verdict of plaintext signatures: they're legal , 1994, CACM.

[114]  J. Frizzell,et al.  The electronic intrusion threat to national security and emergency preparedness telecommunications , 1994, Proceedings of MILCOM '94.

[115]  Gustavus J. Simmons,et al.  Contemporary Cryptology: The Science of Information Integrity , 1994 .

[116]  Don Coppersmith,et al.  The Data Encryption Standard (DES) and its strength against attacks , 1994, IBM J. Res. Dev..

[117]  A. Fleischmann Distributed Systems , 1994, Springer Berlin Heidelberg.

[118]  Peter G. Neumann,et al.  Computer-related risks , 1994 .

[119]  Harvey H. Rubinovitz Issues associated with Porting Applications to the Compartmented Mode Workstation , 1994, SGSC.

[120]  Carl Pomerance,et al.  The Development of the Number Field Sieve , 1994 .

[121]  Rajiv Gupta,et al.  On randomization in sequential and distributed algorithms , 1994, CSUR.

[122]  Matt Blaze,et al.  Protocol failure in the escrowed encryption standard , 1994, CCS '94.

[123]  Gary Huber CMW Introduction , 1994, SGSC.

[124]  J. J. Lim,et al.  A technical approach for determining the importance of information in computerized alarm systems , 1994 .

[125]  G. Davies,et al.  A history of money : from ancient times to the present day , 1995 .

[126]  Ross Ihaka,et al.  Cryptographic Randomness from Air Turbulence in Disk Drives , 1994, CRYPTO.

[127]  S. Landau Codes, keys, and conflicts: issues in U.S. crypto policy: report of a special panel of the ACM U.S. Public Policy Committee (USACM) June 1994 , 1994 .

[128]  Ross J. Anderson Liability and Computer Security: Nine Principles , 1994, ESORICS.

[129]  Bart Preneel,et al.  MDx-MAC and Building Fast MACs from Hash Functions , 1995, CRYPTO.

[130]  CharlesCresson Wood Identity token usage at American commercial banks , 1995 .

[131]  P. F. Sass,et al.  Communications for the digitized battlefield of the 21st century , 1995 .

[132]  Ross J. Anderson Crypto in Europe - Markets, Law and Policy , 1995, Cryptography: Policy and Algorithms.

[133]  Chris J. Mitchell,et al.  A Proposed Architecture for Trusted Third Party Services , 1995, Cryptography: Policy and Algorithms.

[134]  W. S. Ciciora Inside the set-top box , 1995 .

[135]  R. I. Lackey,et al.  Speakeasy: the military software radio , 1995, IEEE Commun. Mag..

[136]  Qian Zhang,et al.  An automatic seal imprint verification approach , 1995, Pattern Recognit..

[137]  D. Newton Organised Plastic Counterfeiting , 1995 .

[138]  Judith King Bolero — a practical application of trusted third party services , 1995 .

[139]  R. D. Blackledge DNA versus fingerprints. , 1995, Journal of forensic sciences.

[140]  Christopher L. J. Holloway,et al.  Controlling the use of cryptographic keys , 1995, Comput. Secur..

[141]  Pamela Samuelson,et al.  Copyright and digital libraries , 1995, CACM.

[142]  John D. Howard,et al.  An analysis of security incidents on the Internet 1989-1995 , 1998 .

[143]  Dan Brown,et al.  Techniques for privacy and authentication in personal communication systems , 1995, IEEE Wirel. Commun..

[144]  Rama Chellappa,et al.  Human and machine recognition of faces: a survey , 1995, Proc. IEEE.

[145]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[146]  Karanjit S. Siyan Windows Nt Server 4 Professional Reference , 1995 .

[147]  Mark A. Ludwig The Giant Black Book Of Computer Viruses , 1995 .

[148]  Joe Kilian,et al.  How to Protect DES Against Exhaustive Key Search , 1996, CRYPTO.

[149]  Wietse Z. Venema,et al.  Murphy's Law and Computer Security , 1996, USENIX Security Symposium.

[150]  Ian Goldberg,et al.  Randomness and the Netscape browser , 1996 .

[151]  Protection of computer programs in Ireland , 1996, Comput. Law Secur. Rev..

[152]  Matt Bishop,et al.  Checking for Race Conditions in File Accesses , 1996, Comput. Syst..

[153]  Gene Tsudik,et al.  Mixing E-mail with Babel , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[154]  Dennis Shasha,et al.  The dangers of replication and a solution , 1996, SIGMOD '96.

[155]  Ken Wong Mobile phone fraud — Are GSM networks secure? , 1996 .

[156]  Per Enge,et al.  Wide area augmentation of the Global Positioning System , 1996, Proc. IEEE.

[157]  Matthew K. Franklin,et al.  The Omega Key Management Service , 1996, J. Comput. Secur..

[158]  Peter Gutmann,et al.  Secure deletion of data from magnetic and solid-state memory , 1996 .

[159]  Joan Feigenbaum,et al.  Decentralized trust management , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[160]  Bennet S. Yee,et al.  Cryptographic Postage Indicia , 1996, ASIAN.

[161]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[162]  Robert Lindell,et al.  An Analysis of the Intel 80x86 Security Architecture and Implementations , 1996, IEEE Trans. Software Eng..

[163]  M. Nash,et al.  Implementing security policy in a large defence procurement , 1996, Proceedings 12th Annual Computer Security Applications Conference.

[164]  Hannes Federrath,et al.  Location management strategies increasing privacy in mobile communication , 1996, SEC.

[165]  Pamela Samuelson,et al.  Intellectual property rights and the global information economy , 1996, CACM.

[166]  Bruce Schneier,et al.  Analysis of the SSL 3.0 protocol , 1996 .

[167]  Tatu Ylonen,et al.  SSH: secure login connections over the internet , 1996 .

[168]  Claudia Eckert On security models , 1996, SEC.

[169]  Julie L. Connolly Operation chain link: the deployment of a firewall at Hanscom Air Force Base , 1996, Proceedings 12th Annual Computer Security Applications Conference.

[170]  Pedro R. Vizcaya,et al.  A nonlinear orientation model for global description of fingerprints , 1996, Pattern Recognit..

[171]  Ross Anderson,et al.  Information hiding terminology , 1996 .

[172]  Adi Shamir,et al.  PayWord and MicroMint: Two Simple Micropayment Schemes , 1996, Security Protocols Workshop.

[173]  Authentication in Analogue Telephone Access Networks , 1996 .

[174]  John Micklethwait,et al.  The witch doctors : what the management gurus are saying, why it matters and how to make sense of it , 1996 .

[175]  Telecommunications Board Cryptography's Role in Securing the Information Society , 1996 .

[176]  Gustavus J. Simmons,et al.  The history of subliminal channels , 1996, IEEE J. Sel. Areas Commun..

[177]  Jan Camenisch,et al.  An efficient fair payment system , 1996, CCS '96.

[178]  Ira S. Moskowitz,et al.  A case study of two NRL Pump prototypes , 1996, Proceedings 12th Annual Computer Security Applications Conference.

[179]  Stephen Hinde Fraud the unmanaged risk , 1996 .

[180]  Ross J. Anderson Proceedings of the First International Workshop on Information Hiding , 1996 .

[181]  Daniel R. Simon,et al.  Anonymous Communication and Anonymous Cash , 1996, CRYPTO.

[182]  P. Kidwell,et al.  The mythical man-month: Essays on software engineering , 1996, IEEE Annals of the History of Computing.

[183]  Michael K. Reiter A Secure Group Membership Protocol , 1996, IEEE Trans. Software Eng..

[184]  Dorothy E. Denning,et al.  Location-based authentication: Grounding cyberspace for better security , 1996 .

[185]  John McLean,et al.  A General Theory of Composition for a Class of "Possibilistic'' Properties , 1996, IEEE Trans. Software Eng..

[186]  E. Smith Economic issues. , 1996, Journal of the National Medical Association.

[187]  Peter G. Bishop,et al.  A conservative theory for long term reliability growth prediction , 1996, Proceedings of ISSRE '96: 7th International Symposium on Software Reliability Engineering.

[188]  Andrew Edwards Bolero - A TTP project for the shipping industry , 1996, Inf. Secur. Tech. Rep..

[189]  Tony Greening Ask and ye shall receive: a study in “social engineering” , 1996, SGSC.

[190]  Dan S. Wallach,et al.  Java security: from HotJava to Netscape and beyond , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[191]  Ross J. Anderson,et al.  Clinical system security: interim guidelines , 1996, BMJ.

[192]  Torben P. Pedersen Electronic Payments of Small Amounts , 1995, Security Protocols Workshop.

[193]  Ira S. Moskowitz,et al.  A Network Pump , 1996, IEEE Trans. Software Eng..

[194]  Ross J. Anderson,et al.  A security policy model for clinical information systems , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[195]  Charles G. Menk System Security Engineering Capability Maturity Model and Evaluations: Partners Within the Assurance Framework , 1996 .

[196]  David A. Wagner,et al.  A "bump in the stack" encryptor for MS-DOS systems , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[197]  Wei-Chung Lin,et al.  Extracting facial features by an inhibitory mechanism based on gradient distributions , 1996, Pattern Recognit..

[198]  Ross Anderson,et al.  Security in Clinical Information Systems , 1996 .

[199]  Johan Degraeve Initial Report on Security Requirements , 1996 .

[200]  Jon Toigo Disaster recovery planning: for computers and communication resources , 1996 .

[201]  R. Anderson The Eternity Service , 1996 .

[202]  Don Davis Compliance Defects in Public Key Cryptography , 1996, USENIX Security Symposium.

[203]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[204]  Markus Jakobsson,et al.  Proactive public key and signature systems , 1997, CCS '97.

[205]  L Sweeney,et al.  Weaving Technology and Policy Together to Maintain Confidentiality , 1997, Journal of Law, Medicine & Ethics.

[206]  Roderick Neame Managing Health Data Privacy and Security: A Case Study from New Zealand , 1997, Personal Medical Information.

[207]  Gideon Yuval,et al.  Reinventing the Travois: Encryption/MAC in 30 ROM Bytes , 1997, FSE.

[208]  Jr. J.P. Campbell,et al.  Speaker recognition: a tutorial , 1997, Proc. IEEE.

[209]  Dario Maio,et al.  Direct Gray-Scale Minutiae Detection In Fingerprints , 1997, IEEE Trans. Pattern Anal. Mach. Intell..

[210]  Janet Osen The cream of other men's wit: Plagiarism and misappropriation in cyberspace , 1997 .

[211]  Adrian Perrig,et al.  A Copyright Protection Environment for Digital Images , 1997, Verläßliche IT-Systeme.

[212]  G. Pike,et al.  When Seeing should not be Believing: Photographs, Credit Cards and Fraud , 1997 .

[213]  Tom Mulhall Where have all the hackers gone? A study in motivation, deterrence, and crime displacement: Part 1 - introduction & methodology , 1997, Comput. Secur..

[214]  Bruce Schneier,et al.  The Electronic Privacy Papers: Documents on the Battle for Privacy in the Age of Surveillance , 1997 .

[215]  Ira S. Moskowitz,et al.  An architecture for multilevel secure interoperability , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[216]  Julie Bunnell,et al.  Cognitive, associative and conventional passwords: Recall and guessing rates , 1997, Comput. Secur..

[217]  Alex Pentland,et al.  Probabilistic Visual Learning for Object Representation , 1997, IEEE Trans. Pattern Anal. Mach. Intell..

[218]  Sharath Pankanti,et al.  An identity-authentication system using fingerprints , 1997, Proc. IEEE.

[219]  Ravi S. Sandhu,et al.  Lattice-based models for controlled sharing of confidential information in the Saudi Hajj system , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[220]  Ross Anderson,et al.  An Update on the BMA Security Policy , 1997, Personal Medical Information.

[221]  Simon R. Wiseman,et al.  Simple assured bastion hosts , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[222]  J. Hoffman Implementing RBAC on a type enforced system , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[223]  Wayne Madsen Airline passengers to be subject to database monitoring , 1997 .

[224]  Robert Buderi,et al.  The invention that changed the world : the story of radar from war to peace , 1997 .

[225]  Bruce Schneier,et al.  Cryptanalysis of the cellular message encryption algorithm , 1997 .

[226]  Telecommunications Board For the Record: Protecting Electronic Health Information [link] , 1997 .

[227]  A. R. Roddy,et al.  Fingerprint features-statistical analysis and system performance estimates , 1997 .

[228]  Stuart Haber,et al.  Secure names for bit-strings , 1997, CCS '97.

[229]  M. Kam,et al.  Writer Identification by Professional Document Examiners , 1997 .

[230]  Bruce Schneier,et al.  Protocol Interactions and the Chosen Protocol Attack , 1997, Security Protocols Workshop.

[231]  Ross J. Anderson Personal medical information : security, engineering, and ethics : personal information workshop, Cambridge, UK, June 21-22, 1996 : proceedings , 1997 .

[232]  Alma Kondi SOFTWARE ENCRYPTION IN THE DOD , 1997 .

[233]  Mitsuru Matsui,et al.  New Block Encryption Algorithm MISTY , 1997, FSE.

[234]  Eugene H. Spafford,et al.  Authorship analysis: identifying the author of a program , 1997, Comput. Secur..

[235]  V. Matyás Protecting the identity of doctors in drug prescription analysis , 1998 .

[236]  Markus G. Kuhn,et al.  Cipher Instruction Search Attack on the Bus-Encryption Security Microcontroller DS5002FP , 1998, IEEE Trans. Computers.

[237]  George C. Necula,et al.  Safe, Untrusted Agents Using Proof-Carrying Code , 1998, Mobile Agents and Security.

[238]  Terry Dwain Escamilla,et al.  Intrusion detection: network security beyond the firewall , 1998 .

[239]  Edward L. Waltz,et al.  Information Warfare Principles and Operations , 1998 .

[240]  Martin Freiss,et al.  Protecting Networks with SATAN , 1998 .

[241]  Larry Loeb Secure Electronic Transactions Introduction and Technical Reference , 1998 .

[242]  Donn B. Parker,et al.  Fighting computer crime - a new framework for protecting information , 1998 .

[243]  D. Brin The Transparent Society: Will Technology Force Us to Choose Between Privacy and Freedom? , 1998 .

[244]  B. Koops The Crypto Controversy: A Key Conflict in the Information Society , 1998 .

[245]  Birgit Pfitzmann,et al.  Real-time mixes: a bandwidth-efficient anonymity protocol , 1998, IEEE J. Sel. Areas Commun..

[246]  Amy R. Reibman,et al.  Intellectual Property Protection Systems and Digital Watermarking , 1998, Information Hiding.

[247]  Jean-Paul M. G. Linnartz The "Ticket" Concept for Copy Control Based on Embedded Signalling , 1998, ESORICS.

[248]  David A. Wagner Cryptanalysis of Some Recently-Proposed Multiple Modes of Operation , 1998, FSE.

[249]  Richard C. Benson,et al.  Technology approaches to currency security , 1998, Electronic Imaging.

[250]  Oded Goldreich,et al.  Modern Cryptography, Probabilistic Proofs and Pseudorandomness , 1998, Algorithms and Combinatorics.

[251]  Markus G. Kuhn,et al.  Soft Tempest: Hidden Data Transmission Using Electromagnetic Emanations , 1998, Information Hiding.

[252]  David Kahn,et al.  Soviet Comint in the Cold War , 1998, Cryptologia.

[253]  Thomas A. Peters,et al.  Privacy on the line: The politics of wiretapping and encryption , 1998 .

[254]  Markus G. Kuhn,et al.  Attacks on Copyright Marking Systems , 1998, Information Hiding.

[255]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1998, IEEE J. Sel. Areas Commun..

[256]  Simon R. Wiseman,et al.  Private desktops and shared store , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[257]  I. Denley,et al.  Implementing access control to protect the confidentiality of patient information in clinical information systems in the acute hospital , 1998 .

[258]  J. Campbell,et al.  The art of balance in health policy : maintaining Japan's low-cost, egalitarian system , 1998 .

[259]  Rolf Oppliger,et al.  Internet And Intranet Security , 1998 .

[260]  Gordon E. Pickett How do you select the right security features for your company's products , 1998, Electronic Imaging.

[261]  Bruce Schneier,et al.  Cryptanalytic Attacks on Pseudorandom Number Generators , 1998, FSE.

[262]  John W. Mercer Document fraud deterrent strategies: four case studies , 1998, Electronic Imaging.

[263]  Peter Gutmann,et al.  Software Generation of Practically Strong Random Numbers , 1998, USENIX Security Symposium.

[264]  M. Kam,et al.  Effects of Monetary Incentives on Performance of Nonprofessionals in Document-Examination Proficiency Tests , 1998 .

[265]  David Mazières,et al.  The design, implementation and operation of an email pseudonym server , 1998, CCS '98.

[266]  V. Varadharajan,et al.  Security Agent Based Distributed Authorization : An Approach , 1998 .

[267]  Paul F. Syverson,et al.  A logical approach to multilevel security of probabilistic systems , 1998, Distributed Computing.

[268]  Andrew Odlyzko,et al.  'Smart' and 'Stupid' networks: why the Internet is like Microsoft , 1998, NTWK.

[269]  Jean-Paul M. G. Linnartz,et al.  Analysis of the Sensitivity Attack against Electronic Watermarks in Images , 1998, Information Hiding.

[270]  Walter Bender,et al.  Information Hiding to Foil the Casual Counterfeiter , 1998, Information Hiding.

[271]  Leo Marks Between Silk and Cyanide: A Codemaker's War, 1941-1945 , 1998 .

[272]  M. Watve The Red Queen: Sex and the evolution of human nature , 1998 .

[273]  Maurice Maes,et al.  Twin Peaks: The Histogram Attack to Fixed Depth Image Watermarks , 1998, Information Hiding.

[274]  Jacques Stern,et al.  Probing Attacks on Tamper-Resistant Devices , 1999, CHES.

[275]  Roger M. Needham The hardware environment , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[276]  Mladen A. Vouk Software Reliability Engineering , 1999 .

[277]  Frank Stajano,et al.  The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[278]  Steven H. Low,et al.  Copyright protection for the electronic distribution of text documents , 1999, Proc. IEEE.

[279]  Eric S. Raymond,et al.  The magic Cauldron , 1999 .

[280]  B. Blakley CORBA Security: An Introduction to Safe Computing with Objects , 1999 .

[281]  Markus G. Kuhn,et al.  Information hiding-a survey , 1999, Proc. IEEE.

[282]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[283]  J. Doug Tygar,et al.  Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0 , 1999, USENIX Security Symposium.

[284]  Susan Pancho-Festin Paradigm shifts in protocol analysis , 1999, NSPW.

[285]  Lawrence C. Paulson,et al.  Inductive analysis of the Internet protocol TLS , 1999, TSEC.

[286]  Li Gong,et al.  Inside Java 2 Platform Security: Architecture, API Design, and Implementation , 1999 .

[287]  Thomas S. Messerges,et al.  Investigations of Power Analysis Attacks on Smartcards , 1999, Smartcard.

[288]  Robert Morris A Weakness in the 4.2BSD Unix† TCP/IP Software , 1999 .

[289]  I.J. Cox,et al.  Watermarking in the real world: an application to DVD , 1999, Conference Record of the Thirty-Third Asilomar Conference on Signals, Systems, and Computers (Cat. No.CH37020).

[290]  Benoît Macq,et al.  Special issue on identification and protection of multimedia information , 1999 .

[291]  Geraint Price,et al.  The interaction between fault tolerance and security , 1999 .

[292]  I. McMillan Protection money. , 1999, Nursing standard (Royal College of Nursing (Great Britain) : 1987).

[293]  Frank Stajano,et al.  The Cocaine Auction Protocol: On the Power of Anonymous Broadcast , 1999, Information Hiding.

[294]  Andreas Pfitzmann,et al.  Proceedings of the Third International Workshop on Information Hiding , 1999 .

[295]  Tiago Rosa Maria Paula Queluz,et al.  Content-Based Watermarking for Image Authentication , 1999, Information Hiding.

[296]  Michael K. Reiter,et al.  Anonymous Web transactions with Crowds , 1999, CACM.

[297]  Sean W. Smith,et al.  Building a high-performance, programmable secure coprocessor , 1999, Comput. Networks.

[298]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[299]  Chris Elliot Development of surveillance technology and risk of abuse of economic information. The legality of the interception of electronic communications: a concise survey of the principal legal issues and instruments under international, European and national law. Vol 4/5. PE 168.184/ , 1999 .

[300]  I Denley,et al.  Privacy in clinical information systems in secondary care. , 1999, BMJ.

[301]  James H. Ellis,et al.  The History of Non-Secret Encryption , 1999, Cryptologia.

[302]  Andreas Pfitzmann,et al.  Attacks on Steganographic Systems , 1999, Information Hiding.

[303]  Markus G. Kuhn,et al.  StegFS: A Steganographic File System for Linux , 1999, Information Hiding.

[304]  A. Odlyzko The History of Communications and its Implications for the Internet , 2000 .

[305]  Tony Sammes,et al.  Forensic computing: a practitioner's guide , 2000 .

[306]  Stephen Smalley,et al.  The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments , 2000 .

[307]  Alex Biryukov,et al.  Real Time Cryptanalysis of A5/1 on a PC , 2000, FSE.

[308]  K. J. Koelman A Hard Nut to Crack: The Protection of Technological Measures , 2000 .

[309]  Aviel D. Rubin,et al.  Risks of the Passport single signon protocol , 2000, Comput. Networks.

[310]  Michael Walker On the Security of 3GPP Networks , 2000, EUROCRYPT.

[311]  L. Strous Integrity and Internal Control in Information Systems , 2000, IFIP — The International Federation for Information Processing.

[312]  Aviel D. Rubin,et al.  Publius: a robust, tamper-evident, censorship-resistant web publishing system , 2000 .

[313]  D. Chadwick,et al.  Using the internet to access confidential patient records: a case study , 2000, BMJ : British Medical Journal.

[314]  P. Salus The Cathedral and the Bazaar , 2000 .

[315]  R. Field THE LIMITS OF PRIVACY , 2000 .

[316]  Paul A. Karger,et al.  A New Mandatory Security Policy Combining Secrecy and Integrity , 2000 .

[317]  Alan F. Blackwell,et al.  The memorability and security of passwords – some empirical results , 2000 .

[318]  L. J. Camp Pricing Security , 2000 .

[319]  Leo Van Hove,et al.  Electronic Purses: (Which) Way to Go? , 2000, First Monday.

[320]  John Daugman,et al.  Biometric decision landscapes , 2000 .

[321]  Rita Mayer-Sommer,et al.  Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards , 2000, CHES.

[322]  A.,et al.  The Origins of Spread-Spectrum Communications , 2000 .

[323]  O. Roeva,et al.  Information Hiding: Techniques for Steganography and Digital Watermarking , 2000 .

[324]  Günther Horn,et al.  Authentication and Payment in Future Mobile Systems , 1998, J. Comput. Secur..

[325]  Timothy Fraser,et al.  LOMAC: Low Water-Mark integrity protection for COTS environments , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[326]  Ross J. Anderson,et al.  The XenoService { A Distributed Defeat for Distributed Denial of Service , 2000 .

[327]  Peter Pesic THE CLUE TO THE LABYRINTH: FRANCIS BACON AND THE DECRYPTION OF NATURE , 2000, Cryptologia.

[328]  P. J. Kerry EMC in the new millennium , 2001 .

[329]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[330]  D. Denning Activism, Hacktivism, and Cyberterrorism: the Internet As a Tool for Influencing Foreign Policy , 2001 .

[331]  Ben J Hicks,et al.  SPIE - The International Society for Optical Engineering , 2001 .

[332]  Paul Jones,et al.  Secrets and Lies: Digital Security in a Networked World , 2002 .

[333]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[334]  A.J. Viterbi,et al.  Spread spectrum communications: myths and realities , 2002, IEEE Communications Magazine.

[335]  Dale A. Stirling,et al.  Information rules , 2003, SGMD.

[336]  Digital audio interface , .

[337]  LONDON: HER MAJESTY'S STATIONERY OFFICE , 2022 .