Course pages 2016–17
Computer Security: Current Applications and Research
R210 Slides and Readings
The following papers are assigned reading for R210, which should be read prior to the class indicated. This list is still being finalised, and further changes may be made before the start of term. Please contact the module instructors if you have any questions.
- Vulnerability management (Eireann Leverett - 23 January 2017)
- Optimal Policy for Software Vulnerability Disclosure, Ashish Arora, Rahul Telang, and Hao Xu, Management Science 200854:4, 642-656.
- Milk or Wine: Does Software Security Improve with Age?, Andy Ozment and Stuart Schecter, Proceedings of the 15th USENIX Security Symposium, USENIX, 2007.
- You’ve Got Vulnerability: Exploring Effective Vulnerability Notifications, Frank Li, Zakir Durumeric, Jakub Czyz, Mohammad Karami, Michael Bailey, Damon McCoy, Stefan Savage, and Vern Paxson, Proceedings of the 25th USENIX Security Symposium, 2016, ISBN 978-1-931971-32-4.
- Empirical Estimates and Observations of 0Day Vulnerabilities, Miles McQueen, Trevor McQueen, Wayne Boyer, and May Chaffin, Proceedings of the 42nd Hawaii International Conference on System Sciences, 2009, IEEE.
- Capture-recapture in Software Inspections after 10 Years Research – Theory, Evaluation and Application, Håkan Petersson, Thomas Thelin, Per Runeson1 and Claes Wohlin. Journal of Software and Systems, Vol. 72, No. 2, pp. 249-264, 2004.
- TBC (TBC - 30 January 2017)
- Anonymity systems (Steven Murdoch - 6 February 2017)
- Mixminion: Design of a Type III Anonymous Remailer Protocol, George Danezis, Roger Dingledine, and Nick Mathewson. In Proceedings of the 2003 IEEE Symposium on Security and Privacy.
- Tor: The Second-Generation Onion Router (2014 DRAFT v1), Roger Dingledine, Nick Mathews on, Steven Murdoch and Paul Syverson. Technical Report, Tor Project, January 201 4.
- Hot or Not: Revealing Hidden Services by their Clock Skew, Steven J. Murdoch. In Proceedings of the 2006 ACM Conference on Computer and Communications Security (CCS)
- Usable security (Kat Krol - 30 January 2017)
- Why Johnny can't encrypt: A usability evaluation of PGP 5.0, Alma Whitten and J.D. Tygar, Usenix Security, 1999.
- More is not the answerCormac Herley, 2014.
- The usability canary in the security coal mine: A cognitive framework for evaluation and design of usable authentication solutionsBrian Glass, Graeme Jenkinson, Yuqi Liu, M. Angela Sasse, Frank Stajano, 2016.
- So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by UsersCormac Herley, 2009.
- Daniel Kahneman's Nobel Prize lecture
- Censorship resistance (Sheharbano Khattak - 20 February 2017)
- TBC (TBC - 27 February 2017)
- Banking security (Mike Bond - 6 March 2017)
- Encrypted data systems (Alastair Beresford - 13 March 2017)