disLEXia

We are planning a Seminar “Top 18 Papers in information security”. This is the result of our collection so far:

D.E. Bell und L. LaPadula: Secure Computer Systems: Unified Exposition
and MULTICS Interpretation. MITRE TR, July 1975.

M Burrows, M. Abadi, R. Needham: A logic for authentication. ACM
Sym. Operating Sys. Principles, 1989.

W. Diffie und M.E. Hellman: New Directions in Cryptography. IEEE Trans
Inf. Theory, 1976.

Mark W. Eichin and Jon A. Rochlis: With Microscope and Tweezers: An
Analysis of the Internet Virus of November 1988. IEEE Symposium on
Research in Security and Privacy. 1989.

Ken Thompson: Reflections on Trusting Trust. Communication of the ACM,
Vol. 27, No. 8, August 1984, pp. 761-763

Programming Satan’s Computer (Anderson, Needham)

On the Security of Public Key Protocols (Dolev, Yao)

Random Oracles are Practical: A Paradigm for Designing Efficient
Protocols (Bellare, Rogaway)

Aleph One: “Smashing The Stack For Fun And Profit”, Phrack 49, Volume 7.
zusammen mit Matt Conover: “w00w00 on Heap Overflows”

K. Mitnick, “The Art of Deception: Controlling the Human Element of Security”

C. E. Shannon, “A Mathematical Theory of Communication”, 1948

Fluhrer, Mantin und Shamir: “Weakness in the Key Scheduling Algorihtm of RC4″
zusammen mit David Hulton: “Practical Exploitation of RC4 Weaknesses in WEP
Environments”

“Intercepting Mobile Communications: The Insecurity of 802.11″
Nikita Borisov, Ian Goldberg, and David Wagner. MOBICOM 2001.

“How to Own the Internet in Your Spare Time”
Stuart Staniford, Silicon Defense; Vern Paxson, ICSI Center for Internet
Research; Nicholas Weaver, University of California, Berkeley, 11th
Usenix Security Symposium

“Inferring Internet Denial-of-Service Activity”
David Moore, CAIDA; Geoffrey M. Voelker and Stefan Savage, University of
California, San Diego, 10th Usenix Security Symposium (Best paper)

?Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms,?
D. Chaum, Communications of the ACM, vol. 24 no. 2, February, 1981.

“Mixminion: Design of a Type III Anonymous Remailer Protocol”
George Danezis, Roger Dingledine, and Nick Mathewson.
In the Proceedings of the 2003 IEEE Symposium on Security and Privacy,
May 2003

W.E. Winkler:Re-identification Methods for Masked Microdata. Research
Report Series (2004)

Marcin Wolak: Erstellung von Shellcode f?r MS Windows-Systeme. hakin9
2/2004 Ausgabe 4

Konstantin Klyagin: Instant Paranoia. hakin9 3/2004 Ausgabe 5

Silvio Micali and Ronald L. Rivest, Micropayments Revisited,
RSA Conference on Topics in Cryptology 2002

Christian Cachin and Reto Strobl, Asynchronous Group Key Exchange
with Failures, PODC 2004

Wenliang Du and Mikhail J. Atallah, Secure Multi-Party Computation
Problems and their Applications: A Review and Open Problems,
New Security Paradigms Workshop 2001

Ross Anderson: Why Information Security is Hard – an economic
Perspective
http://www.acsac.org/2001/papers/110.pdf

Karger, Schell: Thirty Years Later: Lessons from the Multics Security
Evaluation
http://www.acsac.org/2002/papers/classic-multics.pdf
i.V.m.
Multics Security Evaluation
http://csrc.nist.gov/publications/history/karg74.pdf

Martin Abadi, Roger Needham:
Prudent Engineering Practice for Cryptographic Protocols
http://citeseer.ist.psu.edu/abadi96prudent.html

Ross Anderson: Why Cryptosystems Fail
http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/wcf.pdf