Computer Laboratory

Course pages 2012–13

Current Applications and Research in Computer Security

Introduction

Introductory talk slides

Reading materials

  1. Covert and anonymous communications.
    1. Protecting Free Expression Online with Freenet, Ian Clarke, Theodore W. Hong, Scott G. Miller, Oskar Sandberg, and Brandon Wiley, IEEE Internet Computing v 6 no 1, 40-49 (2002)
    2. Mixminion: Design of a Type III Anonymous Remailer Protocol, George Danezis, Roger Dingledine, and Nick Mathewson, In Proceedings of the 2003 IEEE Symposium on Security and Privacy pp 2–15
    3. Tor: The Second-Generation Onion Router, Roger Dingledine, Nick Mathewson, and Paul Syverson, Proceedings of the 13th USENIX Security Symposium (2004)
  2. Tampering with hardware.
    1. Differential Power Analysis, Paul Kocher, Joshua Jaffe, Benjamin Jun, CRYPTO '99: Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology pp 388-397
    2. Optical Fault Induction Attacks, Sergei Skorobogatov, Ross Anderson, CHES '02: 4th International Workshop on Cryptographic Hardware and Embedded Systems pp 2-12
    3. The State-of-the-Art in IC Reverse Engineering, Randy Torrance, Dick James, CHES 2009: 11th International Workshop on Cryptographic Hardware and Embedded Systems pp 363-381
    4. (optional further reading) New Differential Fault Analysis on AES Key Schedule: Two Faults Are Enough, Chong Hee Kim, Jean-Jacques Quisquater, Cardis 2008: Smart Card Research and Advanced Applications, Springer LNCS v 5189, 2008 pp 48-60
  3. Bootstrapping security relationships.
    1. The Resurrecting Duckling: security issues for ubiquitous computing, Frank Stajano and Ross Anderson, IEEE Security & Privacy inaugural issue, Supplement to Computer 35(4), April 2002 pp 22-26
    2. A key-management scheme for distributed sensor networks, Laurent Eschenauer, Virgil D. Gligor, ACM CCS '02 – Proceedings of the 9th ACM conference on Computer and communications security pp 41-47
    3. Seeing-Is-Believing: using camera phones for human-verifiable authentication, Jonathan M. McCune, Adrian Perrig, Michael K. Reiter, International Journal of Security and Networks 2009 – v 4, no 1/2 pp 43-56
  4. Behavioural economics of privacy.
    1. The Best of Strangers: Context Dependent Willingness to Divulge Personal Information, Leslie K. John, Alessandro Acquisti, George Loewenstein, SSRN 1430482
    2. Unwillingness to pay for privacy: A field experiment, Alastair R. Beresford, Dorothea Kübler, Sören Preibusch, IZA DP No. 5017 (2010)
    3. Your browsing behavior for a Big Mac: Economics of Personal Information Online, Juan Pablo Carrascal, Christopher Riederer, Vijay Erramilli, Mauro Cherubini, Rodrigo de Oliveira, arXiv:1112.6098 [cs.HC]
    4. (optional further reading) The Effect of Online Privacy Information on Purchasing Behavior: An Experimental Study, Janice Tsai, Serge Egelman, Lorrie Cranor, Alessandro Acquisti, WEIS 2007
  5. Social network security.
    1. Social phishing, Tom Jagatic, Nathaniel Johnson, Markus Jakobsson and Filippo Menczer, Communications of the ACM 50:10 (Oct 2007)1
    2. Privacy Violations Using Microtargeted Ads: A Case Study, Aleksandra Korolova, ICDMW 2010: Proceedings of the 10th IEEE International Conference on Data Mining Workshops pp 474–482
    3. A Critical Look at Decentralized Personal Data Architectures, Arvind Narayanan, Solon Barocas, Vincent Toubiana, Helen Nissenbaum and Dan Boneh, DUMW: Data Usage Management on the Web (2012)
  6. API security.
    1. On the Security of PKCS#11, Jolyon Clulow, in Cryptographic Hardware and Embedded Systems (CHES) 2003, LNCS 2779
    2. Integrity of Intention, Mike Bond, Jolyon Clulow, in Royal Holloway Information Security Technical Journal
    3. Automatic Analysis of the Security of XOR-Based Key Management Schemes, Veronique Cortier, Gavin Keighren and Graham Steel, in TACAS '07, LNCS 4424, pp 538-552
    4. (optional further reading) Exploiting Concurrency Vulnerabilities in System Call Wrappers, Robert Watson, WOOT'07: First USENIX Workshop on Offensive Technologies
  7. Mobile system security.
    1. A survey of mobile malware in the wild, Adrienne Porter Felt, Matthew Finifter, Erika Chin, Steven Hanna, and David Wagner, SPSM 2011
    2. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones, William Enck, Peter Gilbert, Byung-Gon Chun, Landon P. Cox, Jaeyeon Jung, Patrick McDaniel, Anmol N. Sheth, Usenix OSDI 2011
    3. Progressive authentication: deciding when to authenticate on mobile phones, Oriana Riva, Chuan Qin, Karin Strauss, and Dimitrios Lymberopoulos, Usenix Security 2012
    4. (optional further reading) TapLogger: Inferring User Inputs On Smartphone Touchscreens Using On-board Motion Sensors, Zhi Xu, Kun Bai, Sencun Zhu, Wisec 12
  8. Psychology and security.
    1. Daniel Kahneman's Nobel Prize lecture
    2. Understanding scam victims: seven principles for systems security by Frank Stajano and Paul Wilson
    3. Human Behaviour and Deception Detection, by Mark Frank and colleagues
    4. (optional further reading)The evolution and psychology of self-deception by Bill Von Hippell and Bob Trivers

    • © 2012 Computer Laboratory, University of Cambridge
      Information provided by Prof Ross Anderson