Listed below is a sampling of classic Cybersecurity papers.
As yet the papers remain uncategorised – but subject headings are coming soon.
Recent Papers on Cybersecurity
1. “Additive and Multiplicative Notions of Leakage and Their Capacities,” is a research paper presented at the 2014 IEEE Computer Security Foundations Symposium written by Prof. Mario S. Alvim, Dr. Kostas Chatzikokolakis, Prof. Annabelle McIver, Prof. Carroll Morgan, Dr. Catuscia Palamidessi and Prof. Geoffrey Smith
2. “Increasing Security Sensitivity with Social Proof: A Large-Scale Experimental Confirmation,” was written by Sauvik Das, Dr. Adam D.I. Kramer, Prof. Laura Dabbish and Prof. Jason Hong.
3. “Quantitative Evaluation of Dynamic Platform Techniques as a Defensive Mechanism,” was written by Dr. Hamed Okhravi, Dr. James Roirdan, and Dr. Kevin Cater and presented at the 17th International Symposium on Research in Attacks, Intrusions and Defenses.
4. Attacks and defenses for the vulnerability of the decade : Page on utexas.edu
5. The geometry of innocent flesh on the bone :
The Geometry of Innocent Flesh on the Bone
6. Interpreter exploitation :
Page on usenix.org
7. Control-flow integrity :
Page on princeton.edu
8. Intrusion detection via static analysis :
Page on sri.com
9. SYN cookies :
Page on cr.yp.to
10. Inferring Internet denial-of-service activity Outwitting the Witty worm : Page on caida.org
11. New directions in cryptography : Page on utexas.edu
12. Intercepting mobile communications: The insecurity of 802.11 :
Page on berkeley.edu
13. Tor : Page on torproject.org
14. Cold boot attacks on encryption keys : Page on jhalderm.com
15. SecKit: A Model-based Security Toolkit for the Internet of Things :
SecKit: A Model-based Security Toolkit for the Internet of Things
16. Security of Software Defined Networks: A survey
Security of Software Defined Networks: A survey
17. Profiling user-trigger dependence for Android malware detection
Profiling user-trigger dependence for Android malware detection
18. Anomaly-based network intrusion detection: Techniques, systems and challenges :
Anomaly-based network intrusion detection: Techniques, systems and challenges
19. The cyber threat landscape: Challenges and future research directions : The cyber threat landscape: Challenges and future research directions
20. A survey of information security incident handling in the cloud:
A survey of information security incident handling in the cloud
21. From information security to cyber security : From information security to cyber security
22. Cyber warfare: Issues and challenges : Cyber warfare: Issues and challenges
23. Digital media triage with bulk data analysis and bulk_extractor:
Digital media triage with bulk data analysis and bulk_extractor
24. A taxonomy for privacy enhancing technologies :
A taxonomy for privacy enhancing technologies
25. Future directions for behavioral information security research:
Future directions for behavioral information security research
26. Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory: Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory
27. Radio frequency identification (RFID) : Radio frequency identification (RFID)
28. Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon : Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon
29. A situation awareness model for information security risk management : A situation awareness model for information security risk management
30. Permission based Android security: Issues and countermeasures:
Permission based Android security: Issues and countermeasures
Papers on Cybersecurity Science
[1] The Science Of CybersecurityThe Science Of Cybersecurity, By Dan Geer.
[2] Carl Landwehr – “Cybersecurity: From Engineering to Science”, The Next Wave – The National Security Agency’s Review Of Emerging Technologies – Vol 19. No2, 2012.
[3] Carl Landwehr – “Cybersecurity: How did we get here and how do we get out of here?”
Early / Seminal Security Papers [A] (1970-1985)
- Anderson, J. P., Computer Security Technology Planning Study, ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA (Oct. 1972) [NTIS AD-758 206]; Volumes I [PDF] and II [PDF]
Seminal paper on computer security mechanisms - Anderson, J. P., Computer Security Threat Monitoring and Surveillance, James P. Anderson Co., Fort Washington, PA (1980) [PDF]
Seminal paper on the use of auditing and logging for security - Bell, D. E., and La Padula, L., Secure Computer System: Unified Exposition and Multics Interpretation, ESD-TR-75-306, ESD/AFSC, Hanscom AFB, Bedford, MA (1975) [DTIC AD-A023588] [PDF]
- Biba, K., Integrity Considerations for Secure Computer Systems, ESD-TR-76-372, ESD/AFSC, Hanscom AFB, Bedford, MA (Apr. 1977) [NTIS ADA039324] [PDF]
Seminal paper on integrity - Bisbey II, R., and Hollingworth, D., Protection Analysis: Final Report; USC/ISI, Marina Del Rey, CA 90291 (May 1978) [PDF]
One of two seminal studies of computer system vulnerabilities. - Committee on Multilevel Data Management Security, Multilevel Data Management Security, Air Force Studies Board, Commission on Engineering and Technical Systems, National Research Council, National Academy Press (1983)
Popularly known as the “Woods Hole Report,” this was a major, influential study of database security - Department of Defense Computer Security Evaluation Center, Trusted Computer System Evaluation Criteria (1982)
First version of the TCSEC made available to the public, it is also called the Powder Blue TCSEC - Department of Defense Computer Security Evaluation Center; Trusted Computer System Evaluation Criteria (Orange Book); (1983, 1985) [PDF]
Full version of the TCSEC that influenced study and development of systems - DeWolf, B. and Szulewski, P., Final Report of the 1979 Summer Study on Air Force Computer Security (1979)
Also called the Draper Report, this describes the state of the art at that time - Ford Aerospace, Secure Minicomputer Operating System (KSOS) (1978) [PDF]
Describes an implementation of a provably secure operating system compatible with the UNIX operating system - Hinke, T. H. and Schaefer, M., Secure Data Management System, RADC-TR-75-266, Rome Air Dev. Center, AFSC, Griffiss AFB NY (Nov 1975) [NTIS AD A019201]
- Jelen, G., Information Security: An Elusive Goal (1985)
Study arguing that no strategies for making secure products are promising - Karger, P. A., and Schell, R. R., Multics Security Evaluation: Vulnerability Analysis, ESD-TR-74-193 Vol. II, ESD/AFSC, Hanscom AFB, Bedford, MA (June 1974) [PDF]
Described a number of attacks, including the trap-door compiler that Ken Thompson used so effectively in his Turing Award lecture - Lee, T., Processors, Operating Systems and Nearby Peripherals: A Consensus Report (Miami Report) (1980)
First description of evaluation process and criteria - Linden, T., Operating System Structures to Support Security and Reliable Software (1976) [PDF]
Described capability-based architectures - Myers, P., Subversion: The Neglected Aspect of Computer Security (1980) [PDF]
Demonstrated how a Trojan horse could spread to secure system without the attacker having direct access to that system - Neumann, P., et al., A Provably Secure Operating System (1976) [PDF]
First formal design of a system, emphasizing proofs of design before implementation - Nibaldi, G., Proposed Technical Evaluation Criteria for Trusted Computer Systems (1979) [PDF]
First evaluation criteria with levels (5 of them) - Padilla, S. and Benzel, T., Final Evaluation Report of SCOMP (Secure Communications Processor), Department of Defense Computer Security Center (1985)
First A1-rated system - Proceedings of the DoD Computer Security Center Invitational Workshop on Network Security(1985)
Also called the New Orleans Workshop Report, this extensively discussed network security problem - Schacht, J. M., Jobstream Separator System Design, MTR-3022 Vol. 1, The MITRE Corporation, Bedford, MA 01730 (May 1975) [PDF]
- Schell, R. R., Downey, P. J., and Popek, G. J., Preliminary Notes on the Design of Secure Military Computer Systems, MCI-73-1, ESD/AFSC, Hanscom AFB, Bedford, MA (Jan. 1973) [PDF]
- Schiller, W. L., The Design and Specification of a Security Kernel for the PDP-11/45 (1975) [PDF]
First formal specification of a kernel satisfying the Bell-LaPadula model - Walter, K. G., Ogden, W. F., Gilligan, J. M., Schaeffer, D. D., Schaen, S. L., and Shumway, D. G., Initial Structured Specifications for an Uncompromisable Computer Security System, ESD-TR-75-82, ESD/AFSC, Hanscom AFB, Bedford, MA (July 1975) [NTIS AD-A022 490]
- Ware, W., Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security, Rand Report R609-1 (Feb. 1970) [PDF]
The paper that started it all, first raising computer security as a problem - Weissman, C., System Security Analysis/Certification (1973)
Introduced flaw hypothesis methodology - Whitmore, J., Bensoussan, A., Green, P., Hunt, D., Robziar, A., and Stern, J., Design for Multics Security Enhancements, ESD-TR-74-176, ESD/AFSC, Hanscom AFB, Bedford, MA (1074). [PDF]
Early / Seminal Security Papers [B]
- Whitfield Diffie and Martin E. Hellman, New Directions in Cryptography, IEEE Transactions on Information Theory, November 1976
- R. L. Rivest and A. Shamir and L. M. Adelman, A Method For Obtaining Digital Signatures And Public-Key Cryptosystems, MIT/LCS/TM-82, 1977
- Merkle, R. Security, Authentication, and Public Key Systems, PhD Thesis, 1979 Stanford University. (Just read chapter 2, pages 11–15, in which Merkle invents cryptographic hash functions.)
- Morris, Robert and Thompson, Ken. Password security: a case history, Communications of the ACM CACM Homepage archive Volume 22 Issue 11, Nov. 1979 Pages 594-597. PDF
- Mazurek et al., Measuring password guessability for an entire university, CCS ’13 Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security, Pages 173-186
- Saltzer and Schroeder, The Protection of Information in Computer Systems, ACM Symposium on Operating System Principles (October 1973) HTML HTML2
- Karger and Schell, Thirty Years later: Lessons from the Multics Security Evaluation, ACSAC 2002
- Lamport, Butler. A Note on the Confinement Problem, Communications of the ACM, 16:10 (Oct. 1973), pp. 613–615. PDF
- Thompson, Reflections on Trusting Trust, Communications of the ACM, 27:8, Aug 1984
- J.E. Forrester and B.P. Miller, An Empirical Study of the Robustness of Windows NT Applications Using Random Testing, 4th USENIX Windows Systems Symposium, Seattle, August 2000.
- Whitten, Alma, Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0, Proceedings of the 8th conference on USENIX Security Symposium, Volume 8, Pages 14–28
- Garfinkel, Simson and Shelat, Abhi, Remembrance of Data Passed, IEEE Security and Privacy, Volume 1 Issue 1, January 2003, Page 17-27
Most Cited Papers
[1] Most Cited Computers & Security Articles, by Elsevier.