Basic Defenses and Attack Trends

[1]  Peter G. Neumann,et al.  Risking Communications Security: Potential Hazards of the Protect America Act , 2008, IEEE Security & Privacy.

[2]  Xavier Boyen,et al.  Halting Password Puzzles: Hard-to-break Encryption from Human-memorable Keys , 2007, USENIX Security Symposium.

[3]  Michael E. Lesk,et al.  The New Front Line: Estonia under Cyberassault , 2007, IEEE Security & Privacy.

[4]  Diomidis Spinellis,et al.  The Athens Affair , 2007, IEEE Spectrum.

[5]  Andreas Terzis,et al.  My Botnet Is Bigger Than Yours (Maybe, Better Than Yours): Why Size Estimates Remain Challenging , 2007, HotBots.

[6]  Alisa Shevchenko The evolution of self-defense technologies in malware , 2007 .

[7]  Robert A. Martin,et al.  Vulnerability Type Distributions in CVE , 2007 .

[8]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[9]  Christophe De Cannière,et al.  Finding SHA-1 Characteristics: General Results and Applications , 2006, ASIACRYPT.

[10]  Alexander Aiken,et al.  Static Detection of Security Vulnerabilities in Scripting Languages , 2006, USENIX Security Symposium.

[11]  John S. Baras,et al.  A framework for the evaluation of intrusion detection systems , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[12]  Zhendong Su,et al.  The essence of command injection attacks in web applications , 2006, POPL '06.

[13]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[14]  Rob Thomas,et al.  The underground economy: priceless , 2006 .

[15]  Robert J. Turk Cyber Incidents Involving Control Systems , 2005 .

[16]  Benjamin Livshits,et al.  Finding Security Vulnerabilities in Java Applications with Static Analysis , 2005, USENIX Security Symposium.

[17]  Gary McGraw,et al.  Software Penetration Testing , 2005, IEEE Secur. Priv..

[18]  Xiaoyun Wang,et al.  Colliding X.509 Certificates , 2005, IACR Cryptol. ePrint Arch..

[19]  Gary McGraw,et al.  Static Analysis for Security , 2004, IEEE Secur. Priv..

[20]  David Moore,et al.  The Spread of the Witty Worm , 2004, IEEE Secur. Priv..

[21]  Jonathan D. Pincus,et al.  Beyond stack smashing: recent advances in exploiting buffer overruns , 2004, IEEE Security & Privacy Magazine.

[22]  Eugene H. Spafford,et al.  A failure to learn from the past , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[23]  L. O'Gorman,et al.  Comparing passwords, tokens, and biometrics for user authentication , 2003, Proceedings of the IEEE.

[24]  Junfeng Yang,et al.  MECA: an extensible, expressive system and language for statically checking security properties , 2003, CCS '03.

[25]  Colin Boyd,et al.  Protocols for Authentication and Key Establishment , 2003, Information Security and Cryptography.

[26]  Niels Provos,et al.  Improving Host Security with System Call Policies , 2003, USENIX Security Symposium.

[27]  Wenbo Mao,et al.  Modern Cryptography: Theory and Practice , 2003 .

[28]  Dave Ahmad The Rising Threat of Vulnerabilities Due to Integer Errors , 2003, IEEE Secur. Priv..

[29]  Stefan Savage,et al.  Inside the Slammer Worm , 2003, IEEE Secur. Priv..

[30]  Matt Bishop,et al.  Testing C Programs for Buffer Overflow Vulnerabilities , 2003, NDSS.

[31]  Matt Bishop,et al.  Computer Security: Art and Science , 2002 .

[32]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[33]  Amit Klein,et al.  Cross Site Scripting Explained , 2002 .

[34]  David A. Wagner,et al.  A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.

[35]  Dieter Gollmann,et al.  Computer Security , 1979, Lecture Notes in Computer Science.

[36]  R. Perlman,et al.  An overview of PKI trust models , 1999, IEEE Netw..

[37]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[38]  Ian Goldberg,et al.  A secure environment for untrusted helper applications confining the Wily Hacker , 1996 .

[39]  A. One,et al.  Smashing The Stack For Fun And Profit , 1996 .

[40]  Matt Bishop,et al.  Checking for Race Conditions in File Accesses , 1996, Comput. Syst..

[41]  Bill Cheswick,et al.  Firewalls and internet security - repelling the wily hacker , 2003, Addison-Wesley professional computing series.

[42]  Radia J. Perlman,et al.  Network security - private communication in a public world , 2002, Prentice Hall series in computer networking and distributed systems.

[43]  Steven M. Bellovin,et al.  Using the Domain Name System for System Break-ins , 1995, USENIX Security Symposium.

[44]  Mihir Bellare,et al.  Optimal Asymmetric Encryption-How to Encrypt with RSA , 1995 .

[45]  Fred Cohen,et al.  Computational aspects of computer viruses , 1989, Comput. Secur..

[46]  Leonard M. Adleman,et al.  An Abstract Theory of Computer Viruses , 1988, CRYPTO.

[47]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[48]  Ken Thompson,et al.  Reflections on trusting trust , 1984, CACM.

[49]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[50]  Danny Dolev,et al.  On the Security of Public Key Protocols (Extended Abstract) , 1981, FOCS.

[51]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[52]  Edsger W. Dijkstra,et al.  The humble programmer , 1972, CACM.