Reports and Notes

These are technical reports and other reports that I either wrote or worked with other people on.

2013

• S. Peisert and M. Bishop, “Dynamic, Flexible, and Optimistic Access Control,” Technical Report CSE-2013-76, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (July 2013).

2012

• M. Bishop, “Some Thoughts on Teaching Secure Programming”, unpublished (Feb. 2012).

2011

• D. Burley and M. Bishop, “Summit on Education in Secure Software: Final Report” Technical Report CSE-2011-15, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (June 2011).

2010

• S. Peisert, M. Bishop, and K. Marzullo, “What Do Firewalls Protect? An Empirical Study of Firewalls, Vulnerabilities, and Attacks”, Technical Report CSE-2010-8, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (Mar. 2010).
• M. Bishop, D. Howard, S. Engle, and S. Whalen, “A Taxonomy of Buffer Overflow Preconditions”, Technical Report CSE-2010-1, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (Jan. 2010).

2009

• M. Bishop, “Report on the Workshop on GENI and Security” (Aug. 2009).
• M. Bishop, “Workshop on GENI and Security: Executive Summary”, Technical Report CSE-2009-28, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (Aug. 2009).
• D. Fu and M. Bishop, “Metaphor Computing”, Technical Report TR2009-01, Stottler Henke Associates, San Mateo, CA 94404 (Aug. 2009).

2008

• M. Bishop, M. Graff, C. Hoke, D. Jefferson, and S. Peisert, “Resolving the Unexpected in Elections: Election Officials’ Options” Technical Report, Center for Election Excellence, Cleveland, OH (Oct. 2008).
• S. Engle, S. Whalen. and M. Bishop, “Modeling Computer Insecurity”, Technical Report CSE-2008-14, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (2008).
• S. Engle and M. Bishop, “A Model for Vulnerability Analysis and Classification”, Technical Report CSE-2008-5, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (2008).

2007

• L. Osterweil, L. Millett, and J. Winston (editors), Social Security Administration Electronic Service Provision: A Strategic Assessment, National Academies Press, Washington DC 20055 (Aug. 2007).
• R. Gardner, A. Yasinsac, M. Bishop, T. Kohno, Z. Hartley, J. Kerski, D. Gainey, R. Walega, E. Hollander, and M. Gerke, “Software Review and Security Analysis of the Diebold Voting Machine Software”, Security and Assurance in Information Technology Laboratory, Florida State University, Tallahassee, FL 32306-4530 (July 2007).
• M. Bishop, “Overview of Red Team Reports”, Office of the Secretary of State of California, 1500 11th St, Sacramento, CA 95814 (July 2007).
• A. Yasinsac, D. Wagner, M. Bishop, T. Baker, B. de Medeiros, G. Tyson, M. Shamos, and M. Burmester, “Software Review and Security Analysis of the ES&S iVotronic 8.0.1.2 Voting Machine Firmware”, Security and Assurance in Information Technology Laboratory, Florida State University, Tallahassee, FL 32306-4530 (Feb. 2007).

2006

• Voting Technology Assessment Project, The Machinery of Democracy: Voting System Security, Accessibility, Usability, and Cost, Brennan Center for Justice, New York University School of Law, New York, NY (Oct. 2006).
• M. Bishop and S. Peisert, “Your Security Policy is What??” Technical Report CSE-2006-20, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (2006).
• S. Engle, S. Whalen, D. Howard, A. Carlson, E. Proebstel, and M. Bishop, “A Practical Formalism for Vulnerability Comparison”, Technical Report CSE-2006-11, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (Aug. 2006).
• Task Force on Voting System Security, The Machinery of Democracy: Protecting Elections in an Electronic World, Brennan Center for Justice, New York University School of Law, New York, NY (June 2006).
• S. Engle, S. Whalen, D. Howard, and M. Bishop, “Tree Approach to Vulnerability Classification”, Technical Report CSE-2006-10, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (May 2006).
• D. Wagner, D. Jefferson, M. Bishop, C. Karlof, and N. Sastry, “Security Analysis of the Diebold AccuBasic Interpreter”, Technical Report, Voting Systems Technology Assessment Advisory Board, Office of the Secretary of State of California, Sacramento, CA 95814 (Feb. 2006).

2005

• M. Bishop, “Spam and the CAN-SPAM Act”, Expert Report, Federal Trade Commission, Washington DC 20580 (Dec. 2005).
• M. Bishop, L. Guarino, D. Jefferson, D. Wagner, and M. Orkin, “Analysis of Volume Testing of the AccuVote TSx/AccuView”, Technical Report, Voting Systems Technology Assessment Advisory Board, Office of the Secretary of State of California, Sacramento, CA 95814 (Oct. 2005).
• E. Barr, M. Bishop, D. DeFigueiredo, M. Gondree, and P. Wheeler, “Toward Clarifying Election Systems Standards”, Technical Report CSE-2005-21, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (Sep. 2005).
• S. Whalen, M. Bishop, and S. Engle, “Protocol Vulnerability Analysis”, Technical Report CSE-2005-4, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (May 2005).

2004

• M. Bishop and V. Neagoe, “Some Attributes of a Language for Property-Based Testing”, Technical Report SAND2004-5610, Sandia National Laboratory, Livermore, CA 94550 (Nov. 2004).
• M. Bishop, “Issues for a ‘Do Not Email’ List”, Expert Report, Federal Trade Commission, Washington DC 20580 (June 2004).
• J. Chambers and J. Thompson, “Vulnerability Disclosure Framework: Final Report and Recommendations by the Council”, National Infrastructure Advisory Council (Jan. 2004).
• RABA Innovative Solution Cell, “Trusted Agent Report Diebold AccuVote-TS Voting System”, RABA Technologies LLC, Columbia, MD 21045 (Jan. 2004).

2003

• M. Bishop, “An Overview of Electronic Voting and Security”, Yolo County Clerk/Recorder, Woodland, CA 95695 (Dec. 2003).

2000

• B. Hashii, S. Malabarba, R. Pandey, and M. Bishop, “Supporting Reconfigurable Security Policies for Mobile Programs”, Technical Report CSE-2000-8, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (2000).

1998

• M. Bishop and S. Northcutt, “Executive Summary of the UC Davis Intrusion Detection and Response Data Sharing Workshop”, Technical Report CSE-98-7, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (Sep. 1998).

1996

• M. Bishop and D. Bailey, “A Critical Analysis of Vulnerability Taxonomies”, Technical Report CSE-96-11, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (Sep. 1996).

1995

• G. Fink, M. Helmke, M. Bishop, and K. Levitt, “An Interface Language Between Specifications and Testing”, Technical Report CSE-95-15, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (Aug. 1995).
• M. Bishop and M. Dilger, “Checking for Race Conditions in File Accesses”, Technical Report CSE-95-10, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (Sep. 1995).
• M. Bishop, “Race Conditions, Files, and Security Flaws; or the Tortoise and the Hare Redux”, Technical Report CSE-95-9, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (Sep. 1995).
• M. Bishop, M. Valence, and L. Wisniewski, “Process Migration for Heterogeneous Distributed Systems”, Technical Report PCS-TR95-264, Dept. of Mathematics and Computer Science, Dartmouth College, Hanover, NH 03755 (Aug. 1995).
• M. Bishop, “A Taxonomy of UNIX System and Network Vulnerabilities”, Technical Report CSE-95-8, Dept. of Computer Science, University of California at Davis, Davis, CA 95616-8562 (May 1995).

1992

• P. Su and M. Bishop, “How to Encrypt /usr/dict/words in About a Second”, Technical Report PCS-TR92-182, Dept. of Mathematics and Computer Science, Dartmouth College, Hanover, NH 03755 (1992).
• D. Kotz, F. Makedon, M. Bishop, R. Drysdale, D. Johnson, and P. Metaxas, “Parallel Computer Needs at Dartmouth College”, Technical Report PCS-TR92-176, Dept. of Mathematics and Computer Science, Dartmouth College, Hanover, NH 03755 (June 1992).

1991

• M. Bishop, “Implementation Notes on bdes(1)”, Technical Report PCS-TR91-158, Dept. of Mathematics and Computer Science, Dartmouth College, Hanover, NH 03755 (Apr. 1991).
• M. Bishop, “An Overview of Computer Viruses in a Research Environment”, Technical Report PCS-TR91-156, Dept. of Mathematics and Computer Science, Dartmouth College, Hanover, NH 03755 (Mar. 1991).
• M. Bishop, “A Security Analysis of Version 2 of the Network Time Protocol NTP: A Report to the Privacy and Security Research Group”, Technical Report PCS-TR91-154, Dept. of Mathematics and Computer Science, Dartmouth College, Hanover, NH 03755 (Feb. 1991).
• M. Bishop, “Privacy-Enhanced Electronic Mail”, Technical Report PCS-TR91-150, Dept. of Mathematics and Computer Science, Dartmouth College, Hanover, NH 03755 (Jan. 1991).

1990

• M. Bishop, “Administrator’s Guide to the Digital Signature Facility ‘Rover’”, Technical Report PCS-TR90-153, Dept. of Mathematics and Computer Science, Dartmouth College, Hanover, NH 03755 (Aug. 1990).
• M. Bishop, “A Proactive Password Checker”, Technical Report PCS-TR90-152, Dept. of Mathematics and Computer Science, Dartmouth College, Hanover, NH 03755 (June 1990).
• M. Bishop, “Applying the Take-Grant Protection Model”, Technical Report PCS-TR90-151, Dept. of Mathematics and Computer Science, Dartmouth College, Hanover, NH 03755 (May 1990).

1988

• M. Bishop, “An Application of a Fast Data Encryption Standard Implementation”, Technical Report PCS-TR88-138, Dept. of Mathematics and Computer Science, Dartmouth College, Hanover, NH 03755 (Aug. 1988); also appeared as “A Fast Version of the DES and a Password Encryption Algorithm," Technical Report 87.18 (revised), Research Institute for Advanced Computer Science, NASA Ames Research Center, Moffett Field, CA 94035 (Aug. 1988).
• M. Bishop, “Theft of Information in the Take-Grant Protection Model”, Technical Report PCS-TR88-137, Dept. of Mathematics and Computer Science, Dartmouth College, Hanover, NH 03755 (July 1988).
• M. Bishop, “The Sharing of Rights and Information in a Capability-Based Protection System”, Technical Report PCS-TR88-136, Dept. of Mathematics and Computer Science, Dartmouth College, Hanover, NH 03755 (July 1988).

1987

• M. Bishop, “A Fast Version of the DES and a Password Encryption Algorithm,” Technical Report 87.18, Research Institute for Advanced Computer Science, NASA Ames Research Center, Moffett Field, CA 94035 (July 1987; revised Aug. 1988).
• M. Bishop, “A Mechanism for Sharing Accounts,” Technical Report 87.10, Research Institute for Advanced Computer Science, NASA Ames Research Center, Moffett Field, CA 94035 (Mar. 1987).
• M. Bishop, “The RIACS Mail System,” Technical Report 87.6, Research Institute for Advanced Computer Science, NASA Ames Research Center, Moffett Field, CA 94035 (Feb. 1987).

1986

• M. Bishop, “Profiling under UNIX by Patching,” Technical Report 86.24, Research Institute for Advanced Computer Science, NASA Ames Research Center, Moffett Field, CA 94035 (Oct. 1986).
• M. Bishop, “A User’s Guide to PEGS,” Technical Report 86.18, Research Institute for Advanced Computer Science, NASA Ames Research Center, Moffett Field, CA 94035 (Sep. 1986).
• M. Bishop, “Analyzing the Security of an Existing Computer System,” Technical Report 86.13, Research Institute for Advanced Computer Science, NASA Ames Research Center, Moffett Field, CA 94035 (May 1986).
• B. Leiner and M. Bishop, “Access Control and Privacy in Large Distributed Systems” Technical Report 86.6, Research Institute for Advanced Computer Science, NASA Ames Research Center, Moffett Field, CA 94035 (Mar. 1986).

1985

• M. Bishop, “Trnum — A Program To Number Figures,” Technical Report 85.7, Research Institute for Advanced Computer Science, NASA Ames Research Center, Moffett Field, CA 94035 (July 1985).
• M. Bishop, “How To Write a Setuid Program,” Technical Report 85.6, Research Institute for Advanced Computer Science, NASA Ames Research Center, Moffett Field, CA 94035 (May 1985).

1984

• M. Bishop, “Practical Take-Grant Systems: Do They Exist?”, Ph.D. Thesis, Dept. of Computer Sciences, Purdue University, West Lafayette, IN 47907 (May 1984).

1983

• M. Bishop, “Security Problems with the UNIX Operating System”, Dept. of Computer Sciences, Purdue University, West Lafayette, IN 47907 (Jan. 1983).

1979

• M. Bishop and L. Snyder, “The Transfer of Information and Authority in a Protection System,” Research Report #166, Department of Computer Science, Yale University, New Haven, CT 06520 (July 1979).