Papers

Listed below is a sampling of classic Cybersecurity papers.

As yet the papers remain uncategorised – but subject headings are coming soon.


NSA Winner(s) Of Annual Cybersecurity Research Paper

Honourable mentions:

  • Increasing Cybersecurity Investments in Private Sector Firms was written by Lawrence Gordon, Martin Loeb, William Lucyshyn and Lei Zhou and was published in the Journal of Cybersecurity. This paper develops an economics-based framework for evaluating governmental approaches to increase private sector investment in cybersecurity.
  • Quantum-Secure Covert Communication on Bosonic Channels was written by Boulat Bash, Andrei H. Gheorghe, Monika Patel, Jonathan L. Habif, Dennis Goeckel, Don Towsley, and Saikat Guha. It was published last year in Nature Communications. This research adds critical information to the exploration of “covert communications,” which the authors define as the “transmission of information without detection by watchful adversaries.”

The winning paper, Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration, discusses the “Nomad” system’s defense against certain attacks that remove private information from cloud clients.

Eight distinguished experts were among the external reviewers:

  • Dr. Whitfield Diffie, cybersecurity advisor
  • Dr. Dan Geer, In-Q-Tel
  • Dr. John McLean, Naval Research Laboratory
  • Professor Angela Sasse, University College London
  • Professor Fred Schneider, Cornell University
  • Phil Venables, Goldman Sachs
  • Professor David Wagner, University of California-Berkeley
  • Dr. Jeannette Wing, Microsoft Research

Recent Papers on Cybersecurity

1. “Additive and Multiplicative Notions of Leakage and Their Capacities,” is a research paper presented at the 2014 IEEE Computer Security Foundations Symposium written by Prof. Mario S. Alvim, Dr. Kostas Chatzikokolakis, Prof. Annabelle McIver, Prof. Carroll Morgan, Dr. Catuscia Palamidessi and Prof. Geoffrey Smith

2.  “Increasing Security Sensitivity with Social Proof: A Large-Scale Experimental Confirmation,” was written by Sauvik Das, Dr. Adam D.I. Kramer, Prof. Laura Dabbish and Prof. Jason Hong.

3.  “Quantitative Evaluation of Dynamic Platform Techniques as a Defensive Mechanism,” was written by Dr. Hamed Okhravi, Dr. James Roirdan, and Dr. Kevin Cater and presented at the 17th International Symposium on Research in Attacks, Intrusions and Defenses.

4. Attacks and defenses for the vulnerability of the decade : Page on utexas.edu

5. The geometry of innocent flesh on the bone :
The Geometry of Innocent Flesh on the Bone

6. Interpreter exploitation :
Page on usenix.org

7. Control-flow integrity :
Page on princeton.edu

8. Intrusion detection via static analysis :
Page on sri.com

9. SYN cookies :
Page on cr.yp.to

10. Inferring Internet denial-of-service activity Outwitting the Witty worm : Page on caida.org

11. New directions in cryptography : Page on utexas.edu

12. Intercepting mobile communications: The insecurity of 802.11 :
Page on berkeley.edu

13.  Tor : Page on torproject.org

14. Cold boot attacks on encryption keys : Page on jhalderm.com

15.  SecKit: A Model-based Security Toolkit for the Internet of Things :
SecKit: A Model-based Security Toolkit for the Internet of Things

16. Security of Software Defined Networks: A survey
Security of Software Defined Networks: A survey

17. Profiling user-trigger dependence for Android malware detection
Profiling user-trigger dependence for Android malware detection

18. Anomaly-based network intrusion detection: Techniques, systems and challenges :
Anomaly-based network intrusion detection: Techniques, systems and challenges

19. The cyber threat landscape: Challenges and future research directions : The cyber threat landscape: Challenges and future research directions

20. A survey of information security incident handling in the cloud:
A survey of information security incident handling in the cloud

21. From information security to cyber security : From information security to cyber security

22. Cyber warfare: Issues and challenges : Cyber warfare: Issues and challenges

23.  Digital media triage with bulk data analysis and bulk_extractor:
Digital media triage with bulk data analysis and bulk_extractor

24. A taxonomy for privacy enhancing technologies :
A taxonomy for privacy enhancing technologies

25. Future directions for behavioral information security research:
Future directions for behavioral information security research

26. Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory: Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory

27. Radio frequency identification (RFID) : Radio frequency identification (RFID)

28. Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon : Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon

29. A situation awareness model for information security risk management : A situation awareness model for information security risk management

30. Permission based Android security: Issues and countermeasures:
Permission based Android security: Issues and countermeasures


Papers on Cybersecurity Science

[1] The Science Of CybersecurityThe Science Of Cybersecurity, By Dan Geer.

[2] Carl Landwehr – “Cybersecurity: From Engineering to Science”, The Next Wave – The National Security Agency’s Review Of Emerging Technologies – Vol 19. No2, 2012.

[3]  Carl Landwehr – “Cybersecurity: How did we get here and how do we get out of here?”


Early / Seminal Security Papers [A] (1970-1985)

  • Anderson, J. P., Computer Security Technology Planning Study, ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA (Oct. 1972) [NTIS AD-758 206]; Volumes I [PDF] and II [PDF]
    Seminal paper on computer security mechanisms
  • Anderson, J. P., Computer Security Threat Monitoring and Surveillance, James P. Anderson Co., Fort Washington, PA (1980) [PDF]
    Seminal paper on the use of auditing and logging for security
  • Bell, D. E., and La Padula, L., Secure Computer System: Unified Exposition and Multics Interpretation, ESD-TR-75-306, ESD/AFSC, Hanscom AFB, Bedford, MA (1975) [DTIC AD-A023588] [PDF]
  • Biba, K., Integrity Considerations for Secure Computer Systems, ESD-TR-76-372, ESD/AFSC, Hanscom AFB, Bedford, MA (Apr. 1977) [NTIS ADA039324] [PDF]
    Seminal paper on integrity
  • Bisbey II, R., and Hollingworth, D., Protection Analysis: Final Report; USC/ISI, Marina Del Rey, CA 90291 (May 1978) [PDF]
    One of two seminal studies of computer system vulnerabilities.
  • Committee on Multilevel Data Management Security, Multilevel Data Management Security, Air Force Studies Board, Commission on Engineering and Technical Systems, National Research Council, National Academy Press (1983)
    Popularly known as the “Woods Hole Report,” this was a major, influential study of database security
  • Department of Defense Computer Security Evaluation Center, Trusted Computer System Evaluation Criteria (1982)
    First version of the TCSEC made available to the public, it is also called the Powder Blue TCSEC
  • Department of Defense Computer Security Evaluation Center; Trusted Computer System Evaluation Criteria (Orange Book); (1983, 1985) [PDF]
    Full version of the TCSEC that influenced study and development of systems
  • DeWolf, B. and Szulewski, P., Final Report of the 1979 Summer Study on Air Force Computer Security (1979)
    Also called the Draper Report, this describes the state of the art at that time
  • Ford Aerospace, Secure Minicomputer Operating System (KSOS) (1978) [PDF]
    Describes an implementation of a provably secure operating system compatible with the UNIX operating system
  • Hinke, T. H. and Schaefer, M., Secure Data Management System, RADC-TR-75-266, Rome Air Dev. Center, AFSC, Griffiss AFB NY (Nov 1975) [NTIS AD A019201]
  • Jelen, G., Information Security: An Elusive Goal (1985)
    Study arguing that no strategies for making secure products are promising
  • Karger, P. A., and Schell, R. R., Multics Security Evaluation: Vulnerability Analysis, ESD-TR-74-193 Vol. II, ESD/AFSC, Hanscom AFB, Bedford, MA (June 1974) [PDF]
    Described a number of attacks, including the trap-door compiler that Ken Thompson used so effectively in his Turing Award lecture
  • Lee, T., Processors, Operating Systems and Nearby Peripherals: A Consensus Report (Miami Report) (1980)
    First description of evaluation process and criteria
  • Linden, T., Operating System Structures to Support Security and Reliable Software (1976) [PDF]
    Described capability-based architectures
  • Myers, P., Subversion: The Neglected Aspect of Computer Security (1980) [PDF]
    Demonstrated how a Trojan horse could spread to secure system without the attacker having direct access to that system
  • Neumann, P., et al., A Provably Secure Operating System (1976) [PDF]
    First formal design of a system, emphasizing proofs of design before implementation
  • Nibaldi, G., Proposed Technical Evaluation Criteria for Trusted Computer Systems (1979) [PDF]
    First evaluation criteria with levels (5 of them)
  • Padilla, S. and Benzel, T., Final Evaluation Report of SCOMP (Secure Communications Processor), Department of Defense Computer Security Center (1985)
    First A1-rated system
  • Proceedings of the DoD Computer Security Center Invitational Workshop on Network Security(1985)
    Also called the New Orleans Workshop Report, this extensively discussed network security problem
  • Schacht, J. M., Jobstream Separator System Design, MTR-3022 Vol. 1, The MITRE Corporation, Bedford, MA 01730 (May 1975) [PDF]
  • Schell, R. R., Downey, P. J., and Popek, G. J., Preliminary Notes on the Design of Secure Military Computer Systems, MCI-73-1, ESD/AFSC, Hanscom AFB, Bedford, MA (Jan. 1973) [PDF]
  • Schiller, W. L., The Design and Specification of a Security Kernel for the PDP-11/45 (1975) [PDF]
    First formal specification of a kernel satisfying the Bell-LaPadula model
  • Walter, K. G., Ogden, W. F., Gilligan, J. M., Schaeffer, D. D., Schaen, S. L., and Shumway, D. G., Initial Structured Specifications for an Uncompromisable Computer Security System, ESD-TR-75-82, ESD/AFSC, Hanscom AFB, Bedford, MA (July 1975) [NTIS AD-A022 490]
  • Ware, W., Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security, Rand Report R609-1 (Feb. 1970) [PDF]
    The paper that started it all, first raising computer security as a problem
  • Weissman, C., System Security Analysis/Certification (1973)
    Introduced flaw hypothesis methodology
  • Whitmore, J., Bensoussan, A., Green, P., Hunt, D., Robziar, A., and Stern, J., Design for Multics Security Enhancements, ESD-TR-74-176, ESD/AFSC, Hanscom AFB, Bedford, MA (1074). [PDF]

Early / Seminal Security Papers [B]

Most Cited Papers

[1]  Most Cited Computers & Security Articles, by Elsevier.