References

[Aleph, 1996] One, Aleph. Smashing the Stack for Fun and Profit. Phrack 49, November 1996.

[Arbaugh, 2000] Arbaugh, Bill, Bill Fithen, and John McHugh. Windows of Vulnerability: A Case Study Analysis. IEEE Computer, 33 (10), 2000.

[Atluri, 2000] Atluri, Vijay, Pierangela Samarati, eds. Security of Data and Transaction Processing. Kluwer Academic Publications, 2000.

[Balfanz, 2000] Balfanz, Dirk, and Drew Dean. A security infrastructure for distributed Java applications. In Proceedings of IEEE Symposium on Security and Privacy. Oakland, CA, 2000.

[Baratloo, 2000] Baratloo, Arash, Timothy Tsai, and Navjot Singh. Transparent run-time defense against stack smashing attacks. In Proceedings of the USENIX Annual Technical Conference, San Diego, CA, June 2000.

[Beizer, 1990] Beizer, Boris. Software Testing Techniques. 2nd ed. New York: Van Nostrand Reinhold, 1990.

[Bellovin, 1996] Bellovin, Steven M. Problem areas for the IP security protocols. In Proceedings of the Sixth Usenix Unix Security Symposium. San Jose, CA, July 1996.

[Bellovin, 1997] Bellovin, Steven M. Probable plaintext cryptanalysis of the IP security protocols. In Proceedings of the Symposium on Network and Distributed System Security. San Diego, CA, February 1997.

[Bellovin, 1998] Bellovin, Steven M. Cryptography and the Internet. In Proceedings of CRYPTO ‘98, Santa Barbara, CA, August 1998.

[Bhowmik, 1999] Bhowmik, Anasua, and William Pugh. A Secure Implementation of Java Inner Classes. Programming language design and implementation (PLDI) poster sessions. 1999. Available at http://www.cs.umd.edu/~pugh/java/SecureInnerClasses.pdf

[Bishop, 1996] Bishop, Matt, and Mike Dilger. Checking for Race Conditions in File Access. Computing Systems, 9(2):131–152, 1996.

[Black, 1999] Black, John, Shai Halevi, Hugo Krawczyk, Ted Krovetz, and Phillip Rogaway. UMAC: Fast and Secure Message Authentication. Advances in Cryptology—CRYPTO ‘99. Lecture Notes in Computer Science, vol. 1666, Springer-Verlag, 1999, pp. 216-233.

[Boneh, 1999] Boneh, Dan. Twenty Years of Attacks Against the RSA Cryptosystem. Notices of the American Mathematics Society, 5(2), 1999.

[Brooks, 1995] Brooks, Jr., Frederick. The Mythical Man-Month: Essays On Software Engineering. 2nd ed. Reading, MA: Addison-Wesley, 1995.

[Castano, 1994] Castano, Silvano, ed. Database Security. Reading, MA: Addison-Wesley, 1994.

[Cheswick, 2001] Cheswick, William R., and Steven M. Bellovin. Firewalls and Internet Security. 2nd ed. Boston: Addison-Wesley, 2001.

[Collberg, 1997] Collberg, Christian S., Clark Thomborson, and Douglas Low. A Taxonomy of Obfuscating Transformations. Technical report no. 148. Auckland, New Zealand: Department of Computer Science, University of Auckland. July 1997.

[Cowan, 1998] Cowan, C., et al. Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the Seventh USENIX Security Symposium, San Antonio, TX, 63–77, 1998.

[Cowan, 2000] Cowan, Crispin, Steve Beattie, Greg Kroah–Hartman, Calton Pu, Perry Wagle, and Virgil Gligor. SubDomain: parsimonious server security. In The 14th USENIX Systems Administration Conference (LISA 2000). New Orleans, LA, December 2000.

[Dobbertin, 1996] Dobbertin, Hans. The Status of MD5 after a recent attack. RSA CryptoBytes. Summer, 1996.

[Eichin, 1989] Eichin, M., and J. Rochlis. With microscope and tweezers: an analysis of the Internet virus of November 1988. In IEEE Symposium on Security and Privacy. Oakland, CA. 1989.

[Felten, 1997] Felten, Edward, Dirk Balfanz, Drew Dean, and Dan Wallach. Web Spoofing: An Internet Con Game. In Proceedings of the 20th National Information Systems Security Conference (NISSC). Baltimore, MD, October, 1997.

[FIPS 140-1] Security Requirements for Cryptographic Modules. National Institute of Standards and Technology FIPS 140-1. United States Government. January 1994.

[Friedman, 2001] Friedman, Daniel, Mitchell Wand, and Christopher Haynes. Essentials of Programming Languages. 2nd ed. MIT Press, 2001.

[Ghosh, 1998] Ghosh, Anup, Tom O’Connor, and Gary McGraw. An automated approach for identifying potential vulnerabilities in software. In Proceedings of the IEEE Symposium on Security and Privacy. Oakland, CA. May 1998.

[Gilmore, 1998] Gilmore, John, ed. Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design. Sebastopol, CA: O’Reilly and Associates, May 1998.

[Goldberg, 1996a] Goldberg, Ian, and David Wagner. Randomness and the Netscape browser. Dr. Dobb’s Journal, 9: January 1996.

[Goldberg, 1996b] Goldberg, Ian, David Wagner, Randi Thomas, and Eric A. Brewer. A secure environment for untrusted helper applications: confining the wily hacker. In Proceedings of 1996 USENIX Security Symposium. San Jose, CA, 1996.

[Gutmann, 1996] Gutmann, Peter. Secure deletion of data from magnetic and solid-state memory. In Proceedings of the Usenix Security Symposium, 1996.

[Gutmann, 2001] Gutmann, Peter. The Design and Verification of a Cryptographic Security Architecture. Draft PhD thesis. University of Auckland, New Zealand. 2001.

[Hamlet, 2001] Hamlet, Dick, and Joe Mayber. The Engineering of Software: Technical Foundations for the Individual. New York: Addison Wesley, 2001.

[Kahn, 1996] Kahn, David. The Code-Breakers. Rev. ed. New York: Scribner, 1996.

[Kaner, 1999] Kaner, Cem, Jack Falk, and Hung Quoc Nguyen. Testing Computer Software. 2nd ed. New York: John Wiley & Sons, 1999.

[Kelsey, 1999] Kelsey, John, Bruce Schneier, and Niels Ferguson. Yarrow-160: Notes on the Design and Analysis of the Yarrow Cryptographic Random Number Generator. Sixth Annual Workshop on Selected Areas in Cryptography, Springer Verlag, August 1999.

[Kim, 1993] Kim, Gene, and Eugene Spafford. The Design and Implementation of Tripwire: A File System Integrity Checker. Technical report CSD-TR-93-071. West Lafayette, IN: Purdue University, November 1993.

[Knudsen, 1998] Knudsen, Jonathan. Java Cryptography. O’Reilly and Associates, May, 1998.

[Knuth, 1997] Knuth, Donald. The Art of Computer Programming vol. 2. Seminumerical Algorithms. 3rd ed. Reading, MA: Addison-Wesley, 1997.

[Koenig, 1988] Koenig, Andrew. C Traps and Pitfalls. Reading, MA: Addison-Wesley, October, 1988.

[Lake, 2000] Lake, David. Asleep at the wheel. The Industry Standard December 4, 2000.

[Leveson, 1995] Leveson, Nancy G. Safeware: System Safety and Computers. Reading, MA: Addison-Wesley, 1995.

[MacLennan, 1987] MacLennan, Bruce. Principles of Programming Languages. Holt, Rinehart and Winston, 1987.

[McGraw, 1999a] McGraw, Gary, and Edward Felten. Securing Java: Getting Down to Business with Mobile Code. New York: John Wiley & Sons, 1999.

[McGraw, 1999b] McGraw, Gary. Software Assurance for Security. IEEE Computer 32(4). April, 1999.

[McGraw, 2000] McGraw, Gary, and Greg Morrisett. Attacking Malicious Code: A Report to the Infosec Research Council. IEEE Software, 17(5), 2000.

[Miller, 1990] Miller, Barton, Lars Fredriksen, and Bryan So. An Empirical Study of the Reliability of Unix Utilities. Communications of the ACM, 33(12), 1990.

[Nielson, 1993] Nielson, Jakob. Usability Engineering. Cambridge, MA: Academic Press, 1993.

[Norman, 1989] Norman, Donald A. The Design of Everyday Things. New York: Doubleday, 1989.

[Orange, 1985] The Department of Defense Trusted Computer System Evaluation Criteria. Washington, DC: US Department of Defense, 1985.

[Raymond, 2001] Raymond, Eric S. The Cathedral and the Bazaar: Musings on Linux and Open Source by an Accidental Revolutionary. 2nd Edition. O’Reilly and Associates, January, 2001.

[RFC 822] Standard for the Format of ARPA Internet Text Messages. Request for Comments 822. August, 1982.

[Saltzer, 1975] Saltzer, J.H., and M.D. Schroeder. The protection of information in computer systems. Proceedings of the IEEE, 9(63), 1975.

[Schneider, 1998] Schneider, Fred, ed. Trust in Cyberspace. Washington, DC: National Academy Press. 1998.

[Schneier, 1996] Schneier, Bruce. Applied Cryptography. New York: John Wiley & Sons, 1996.

[Schneier, 1998] Schneier, Bruce, and mudge. Cryptanalysis of Microsoft’s Point-to-Point Tunneling Protocol (PPTP). In Proceedings of the 5th ACM Conference on Communications and Computer Security. San Francisco: ACM Press, 1998.

[Schneier, 2000] Schneier, Bruce. Secrets and Lies. New York: John Wiley & Sons, 2000.

[Silberschatz, 1999] Silberschatz, Abraham, and Peter Baer Galvin. Operating System Concepts. 5th ed. New York: John Wiley & Sons, 1999.

[SQL92] ISO/IEC 9075:1992, “Information Technology—Database Languages—SQL” American National Standards Institute. July 1992.

[Theriault, 1998] Theriault, Marlene L., and William Heney. Oracle Security. Sebastopol, CA: O’Reilly and Associates, 1998.

[Thompson, 1984] Thompson, Ken. Reflections on trusting trust. Communications of the ACM, 27(8), 1984.

[Tung, 1999] Tung, Brian. Kerberos: A Network Authentication System. Addison-Wesley, June, 1999.

[Viega, 2000] Viega, John, J.T. Bloch, Tadayoshi Kohno, and Gary McGraw. ITS4: a static vulnerability scanner for C and C++ code. In Proceedings of Annual Computer Security Applications Conference. New Orleans, LA, December, 2000.

[Visa, 1997] Visa International. Integrated Circuit Card. Security Guidelines Summary for: IC Chip Design, Operating System and Application Design, Implementation Verification. Version 2, draft 1. November 1997.

[Voas, 1998] Voas, Jeff, and Gary McGraw. Software Fault Injection: Innoculating Programs Against Errors. New York: John Wiley & Sons, 1998.

[Wagner, 2000] Wagner, D., J. Foster, E. Brewer, and A. Aiken. A first step towards automated detection of buffer over-run vulnerabilities. In Proceedings of the Year 2000 Network and Distributed System Security Symposium (NDSS). San Diego, CA, 2000.

[Winkler, 1997] Winkler, Ira. Corporate Espionage. Rocklin, CA: Prima Publishing, 1997.