CS 259: System Security

READING LIST

Cryptography

Watermarking

• I. J. Cox and J.-P. M. G. Linnartz. Some general methods for tampering with watermarks. IEEE Journal on Selected Areas in Communications, 16(4):587--593, May 1998. 
• F. Hartung, J. K. Su, and B. Girod, "Spread spectrum watermarking: Malicious attacks and counterattacks," in Security and Watermarking of Multimedia Contents, Proc. SPIE 3657, Jan. 1999.
• Fabien A. P. Petitcolas. Watermarking schemes evaluation. IEEE Signal Processing, vol. 17, no. 5, pp. 58–64, September 2000.

    Static artifacts

• I. Cox, J. Killian, T. Leighton, and T. Shamoon. Secure spread spectrum watermarking for images, audio and video. In Proc. of the IEEE Int. Conf. on Image Processing, pages 243--246, Lausanne, Switzerland, September 1996.
• S. Craver, N. Memon, B.-L. Yeo, and M. M. Yeung, "Resolving rightful ownerships with invisible watermarking techniques: Limitations, attacks and implications," To be published in IEEE Journal on Selected Areas of Communications.
• Mitchell D. Swanson, Mei Kobayashi, and Ahmed H. Tewfik. Multimedia data-embedding and watermarking technologies. Proceedings of the IEEE, 86(6):1064--1087, June 1998.
• Joe J. K. ' O Ruanaidh, W. J. Dowling, and F. M. Boland.Watermarking digital images for copyright protection. IEEE Proceedings on Vision, Signal and Image Processing, 143(4):250--256, August 1996. 
• F. Hartung and B. Girod. Watermarking of uncompressed and compressed video. Signal Processing, 66:283--301, 1998.
  
• S. D. Servetto, C. I. Podilchuk, and K. Ramchandran, "Capacity issues in digital image watermarking," in Proc. ICIP'98, IEEE Int. Conf. on Image Processing, pp. I:445--449, (Chicago, Illinois, USA), 4-7 October 1998.
  
• M.D. Swanson, B.Zhu, A.H. Tewfik and L. Boney, Robust audio watermarking using perceptual masking, to appear in Signal Proc. sp.issue on Copyright Protection and Access control (1998).
  
• J. Dittmann, M. Steinebach, I. Rimac, S. Fischer, R. Steinmetz, "Combined video and audio watermarking: Embedding content information in multimedia data," Proceedings of the SPIE Security and Watermarking of Multimedia Contents II, vol. 3971, pp. 455-464, San Jose, California, January 24-26, 2000.
• J. Brassil, S. Low, N. Maxemchuk, and L. O'Gorman. Document marking and identification using both line and word shifting. Technical report, AT&T Bell Laboratories, 1994. 

    Functional artifacts

• A. B. Kahng, S. Mantik, I. L. Markov, M. Potkonjak, P. Tucker, H. Wang and G. Wolfe, "Robust IP Watermarking Methodologies for Physical Design", Proc. ACM/IEEE Design Automation Conf., 1998.
• G. Qu and M. Potkonjak, "Analysis of Watermarking Techniques for Graph Coloring Problem", Proc. IEEE/ACM International Conference on Computer Aided Design, 1998.
• E. Praun, H. Hoppe, and A. Finkelstein. Robust mesh watermarking. In Computer Graphics (Proceedings of SIGGRAPH 99), pages 49--56, August 1999.
• Palsberg, J., Krishnaswamy, S., Minseok, K., Ma, D., Shao, Q., and Zhang, Y. (2000). Experience with software watermarking. In Proceedings of the 16th Annual Computer Security Applications Conference, ACSAC '00, pages 308-- 316. IEEE. 
• Collberg, C., and Thomborson, C. Software watermarking: Models and dynamic embeddings. In Conference Record of POPL '99: The 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (to appear) (Jan. 1999). 

Fingerprinting

• B. Chor, A. Fiat, and M. Naor. Tracing traitors. In Advances in Cryptology - CRYPTO '94, volume 839 of Springer Lecture Notes in Computer Science, pages 257--270. Springer-Verlag, 1994.
  

Copy Detection

Forensic Engineering

Applied Cryptography

BufferOverflow

Firewalls

• S. Ioannidis, A. Keromytis, S. Bellovin, and J. Smith. Implementing a Distributed Firewall. In Proceedings of Computer and Communications Security (CCS) 2000, November 2000.
• Cheswick, Bellovin. Firewalls and Internet Security: Repelling the Wily Hacker. 1994.
• Yair Bartal, Alain Mayer, Kobbi Nissim, and Avishai Wool. Firmato: A novel firewall management toolkit. In Proc. IEEE Computer Society Symposium on Security and Privacy, 1999. 
• Butler W. Lampson, Martin Abadi, Michael Burrows, and Edward Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10(4):265--310, November 1992.
• Chapman and Elizabeth Zwicky, Building Internet Firewalls, O'Reilly & Associates, 1995.
• Marcus J. Ranum. Thinking about firewalls. In Proceedings of Second International Conference on Systems and Network Security andManagement (SANS-II), Apr 1994.

Intrusion Detection

• B. Mukherjee, L.T. Heberlein, and K.N. Levitt, "Network Intrusion Detection", IEEE Network, vol. 8, no. 3, pp. 26-4l, 1994.
• Denning, "An Intrusion Detection Model", IEEE Transactions on Software Engineering, vol. SE-13, pp. 222-232, February 1987.
• Kumar, S. and Spafford, E., "A Pattern Matching Model for Misuse Intrusion Detection," Proceedings of the Seventeenth National Computer Security Conference, pp. 11--21 (Oct. 1994). 
  

Junk Email

• X. Carreras and L. Mrquez. Boosting trees for anti-spam email filtering. In Proceedings of RANLP-01, Jth International Conference on Recent Advances in Natural Language Processing, Tzigov Chark, BG, 2001.
• Ricardo Baeza-Yates and Ribeiro-Neto. Modern Information Retrieval. ACM Press Series/Addison Wesley, New York, May 1999.
• N. Kushmerick, D. Weld and R. Doorenbos. Wrapper induction for information extraction, IJCAI-97, 1997.
• Mehran Sahami, Susan Dumais, David Heckerman, and Eric Horvitz. A bayesian approach to filtering junk e-mail. In AAAI-98 Workshop on Learning for Text Categorization, 1998.
• Salton, G., McGill, M.J., An Introduction to Modern Information Retrieval, McGraw-Hill, 1983.
  
  Project: Filtering SN queries, data

Licensing
Metering
Privacy in DB
Privacy in Pervasive
SandBoxing

• Li GONG, Marianne MUELLER, Hemma PRAFULLCHANDRA AND, Roland SCHEMERS. Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2, In Proceedings of the USENIX Symposium on Internet Technologies and Systems, Monterey, California, December 1997.
• J. Aldrich, V. Kostadinov, and C. Chambers. Alias annotations for program understanding. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), November 2002.
• A. Whitaker, M. Shaw, and S. D. Gribble. Denali: Lightweight virtual machines for distributed and networked applications. In Proceedings of the USENIX Annual Technical Conference, Monterey, CA, June 2002. 10
• J. Vitek and G. Castagna. Seal: A framework for secure mobile computations. In Proc. Internet Programming Languages. Springer Verlag, 1999. To appear. 
• L. Gong. Java Security: Present and Near Future. IEEE Micro, 17(3):14--19, May/June 1997. 

Trojan Horses
Viruses
Anonymity
Honeypots

Hippocratic databases

• Rakesh Agrawal, Jerry Kiernan, Ramakrishnan Srikant, Yirong Xu "Hippocratic Databases " 28th Int'l Conf. on Very Large Databases, Morgan Kaufmann, 2002. pp 143-154.

Privacy-Preserving Data Mining

• R. Agrawal and S. Ramakrishnan. Privacy-preserving data mining. In Proceedings of of the 2000 ACM SIGMOD International Conference on Management of Data, pp. 439--450, 2000. 
• A. Evfimievski, J. Gehrke, and R. Srikant. Limiting privacy breaches in privacy preserving data mining. In Proceedings 2003. 

Information Sharing across private repositories

• Y. Lindell and B. Pinkas, Privacy preserving data mining. In Advances in Cryptology - CRYPTO '00, volume 1880 of Lecture Notes in Computer Science, pages 36--54. Springer-Verlag, 2000. 
• R. Agrawal, A. Evfimievski, and R. Srikant. Information sharing across private databases. In Proc. of the 2003. 
• Joan G.  Dyer, et al. "Building the IBM 4758 Secure Coprocessor," Computer, Oct 2001, pp. 57-66.

Privacy-preserving search

• Mayank Bawa, Roberto J. Bayardo Jr., Rakesh Agrawal: Privacy-Preserving Indexing of Documents on the Network. VLDB 2003: 922-933 
• B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan. Private information retrieval. In Proc. of 36th FOCS, pages 41--50, 1995.