Computer Laboratory

Course pages 2016–17

Computer Security: Current Applications and Research

R210 Slides and Readings

Reading assignments

The following papers are assigned reading for R210, which should be read prior to the class indicated. This list is still being finalised, and further changes may be made before the start of term. Please contact the module instructors if you have any questions.

  1. Vulnerability management (Eireann Leverett - 23 January 2017)
    1. Optimal Policy for Software Vulnerability Disclosure, Ashish Arora, Rahul Telang, and Hao Xu, Management Science 200854:4, 642-656.
    2. Milk or Wine: Does Software Security Improve with Age?, Andy Ozment and Stuart Schecter, Proceedings of the 15th USENIX Security Symposium, USENIX, 2007.
    3. You’ve Got Vulnerability: Exploring Effective Vulnerability Notifications, Frank Li, Zakir Durumeric, Jakub Czyz, Mohammad Karami, Michael Bailey, Damon McCoy, Stefan Savage, and Vern Paxson, Proceedings of the 25th USENIX Security Symposium, 2016, ISBN 978-1-931971-32-4.
    Optional additional readings:
  2. TBC (TBC - 30 January 2017)
    1. Anonymity systems (Steven Murdoch - 6 February 2017)
      1. Mixminion: Design of a Type III Anonymous Remailer Protocol, George Danezis, Roger Dingledine, and Nick Mathewson. In Proceedings of the 2003 IEEE Symposium on Security and Privacy.
      2. Tor: The Second-Generation Onion Router (2014 DRAFT v1), Roger Dingledine, Nick Mathews on, Steven Murdoch and Paul Syverson. Technical Report, Tor Project, January 201 4.
      3. Hot or Not: Revealing Hidden Services by their Clock Skew, Steven J. Murdoch. In Proceedings of the 2006 ACM Conference on Computer and Communications Security (CCS)
    2. Usable security (Kat Krol - 30 January 2017)
      1. Why Johnny can't encrypt: A usability evaluation of PGP 5.0, Alma Whitten and J.D. Tygar, Usenix Security, 1999.
      2. More is not the answerCormac Herley, 2014.
      3. The usability canary in the security coal mine: A cognitive framework for evaluation and design of usable authentication solutionsBrian Glass, Graeme Jenkinson, Yuqi Liu, M. Angela Sasse, Frank Stajano, 2016.
      Optional additional readings:
    3. Censorship resistance (Sheharbano Khattak - 20 February 2017)
      1. TBC (TBC - 27 February 2017)
        1. Banking security (Mike Bond - 6 March 2017)
          1. Encrypted data systems (Alastair Beresford - 13 March 2017)