Course pages 2012–13
Current Applications and Research in Computer Security
Introduction
Introductory talk slidesReading materials
- Covert and anonymous communications.
- Protecting Free Expression Online with Freenet, Ian Clarke, Theodore W. Hong, Scott G. Miller, Oskar Sandberg, and Brandon Wiley, IEEE Internet Computing v 6 no 1, 40-49 (2002)
- Mixminion: Design of a Type III Anonymous Remailer Protocol, George Danezis, Roger Dingledine, and Nick Mathewson, In Proceedings of the 2003 IEEE Symposium on Security and Privacy pp 2–15
- Tor: The Second-Generation Onion Router, Roger Dingledine, Nick Mathewson, and Paul Syverson, Proceedings of the 13th USENIX Security Symposium (2004)
- Tampering with hardware.
- Differential Power Analysis, Paul Kocher, Joshua Jaffe, Benjamin Jun, CRYPTO '99: Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology pp 388-397
- Optical Fault Induction Attacks, Sergei Skorobogatov, Ross Anderson, CHES '02: 4th International Workshop on Cryptographic Hardware and Embedded Systems pp 2-12
- The State-of-the-Art in IC Reverse Engineering, Randy Torrance, Dick James, CHES 2009: 11th International Workshop on Cryptographic Hardware and Embedded Systems pp 363-381
- (optional further reading) New Differential Fault Analysis on AES Key Schedule: Two Faults Are Enough, Chong Hee Kim, Jean-Jacques Quisquater, Cardis 2008: Smart Card Research and Advanced Applications, Springer LNCS v 5189, 2008 pp 48-60
- Bootstrapping security relationships.
- The Resurrecting Duckling: security issues for ubiquitous computing, Frank Stajano and Ross Anderson, IEEE Security & Privacy inaugural issue, Supplement to Computer 35(4), April 2002 pp 22-26
- A key-management scheme for distributed sensor networks, Laurent Eschenauer, Virgil D. Gligor, ACM CCS '02 – Proceedings of the 9th ACM conference on Computer and communications security pp 41-47
- Seeing-Is-Believing: using camera phones for human-verifiable authentication, Jonathan M. McCune, Adrian Perrig, Michael K. Reiter, International Journal of Security and Networks 2009 – v 4, no 1/2 pp 43-56
- Behavioural economics of privacy.
- The Best of Strangers: Context Dependent Willingness to Divulge Personal Information, Leslie K. John, Alessandro Acquisti, George Loewenstein, SSRN 1430482
- Unwillingness to pay for privacy: A field experiment, Alastair R. Beresford, Dorothea Kübler, Sören Preibusch, IZA DP No. 5017 (2010)
- Your browsing behavior for a Big Mac: Economics of Personal Information Online, Juan Pablo Carrascal, Christopher Riederer, Vijay Erramilli, Mauro Cherubini, Rodrigo de Oliveira, arXiv:1112.6098 [cs.HC]
- (optional further reading) The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study, Janice Tsai, Serge Egelman, Lorrie Cranor, Alessandro Acquisti, WEIS 2007
- Social network security.
- Social phishing, Tom Jagatic, Nathaniel Johnson, Markus Jakobsson and Filippo Menczer, Communications of the ACM 50:10 (Oct 2007)1
- Privacy Violations Using Microtargeted Ads: A Case Study, Aleksandra Korolova, ICDMW 2010: Proceedings of the 10th IEEE International Conference on Data Mining Workshops pp 474–482
- A Critical Look at Decentralized Personal Data Architectures, Arvind Narayanan, Solon Barocas, Vincent Toubiana, Helen Nissenbaum and Dan Boneh, DUMW: Data Usage Management on the Web (2012)
- API security.
- On the Security of PKCS#11, Jolyon Clulow, in Cryptographic Hardware and Embedded Systems (CHES) 2003, LNCS 2779
- Integrity of Intention, Mike Bond, Jolyon Clulow, in Royal Holloway Information Security Technical Journal
- Automatic Analysis of the Security of XOR-Based Key Management Schemes, Veronique Cortier, Gavin Keighren and Graham Steel, in TACAS '07, LNCS 4424, pp 538-552
- (optional further reading) Exploiting Concurrency Vulnerabilities in System Call Wrappers, Robert Watson, WOOT'07: First USENIX Workshop on Offensive Technologies
- Mobile system security.
- A survey of mobile malware in the wild, Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steven Hanna, and David Wagner, SPSM 2011
- TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, Anmol N. Sheth, Usenix OSDI 2011
- Progressive authentication: deciding when to authenticate on mobile phones, Oriana Riva, Chuan Qin, Karin Strauss, and Dimitrios Lymberopoulos, Usenix Security 2012
- (optional further reading) TapLogger: Inferring User Inputs On Smartphone Touchscreens Using On-board Motion Sensors, Zhi Xu, Kun Bai, Sencun Zhu, Wisec 12
- Psychology and security.
- Daniel Kahneman's Nobel Prize lecture
- Understanding scam victims: seven principles for systems security by Frank Stajano and Paul Wilson
- Human Behaviour and Deception Detection, by Mark Frank and colleagues
- (optional further reading)The evolution and psychology of self-deception by Bill Von Hippell and Bob Trivers
- © 2012 Computer Laboratory, University of Cambridge
Information provided by Prof Ross Anderson