Bibliography (with DOIs, URLs, and ISBNs)

The purpose of this page is to add the DOIs, URLs, and ISBNs of the references. The publisher omitted them because the references took up too much room with them. I do not have this information for some of the documents. I would be most grateful if folks could supply any missing ones or let me know of any incorrect or broken links — they all worked originally, but some may have moved

Important note: This was assembled from the initial version of the bibliography, which was in LaTeX and BibTeX. I used the conversion program latex2html, and then hand-edited the result. The published bibliography was copy-edited and cleaned up quite a bit, and while I tried to capture all the revisions, I would appreciate being told of anything I missed.

  1. I. Aad, J.-P. Hubaux, and E. W. Knightly. “Denial of Service Resilience in Ad Hoc Networks,” Proceedings of the Tenth Annual International Conference on Mobile Computing and Networking pp. 202–215 (Sep. 2004).
    DOI: 10.1145/1023720.1023741
  2. M. Abadi. “Explicit Communication Revisited: Two New Attacks on Authentication Protocols,” IEEE Transactions on Software Engineering 23(3) pp. 185–196 (Mar. 1997).
    DOI: 10.1109/32.585505
  3. M. Abadi and C. Fournet. “Access Control Based on Execution History,” Proceedings of the 2003 Symposium on Network and Distributed System Security pp. 107–121 (Feb. 2003).
    URL: https://www.isoc.org/isoc/conferences/ndss/03/proceedings/papers/7.pdf
  4. M. Abadi and R. Needham. “Prudent Engineering Practice for Cryptographic Protocols,” IEEE Transactions on Software Engineering 22(1) pp. 6–15 (Jan. 1996).
    DOI: 10.1109/32.481513
  5. R. P. Abbott, J. S. Chin, J. E. Donnelley, W. L. Konigsford, S. Tokubo, and D. A. Webb. Security Analysis and Enhancements of Computer Operating Systems, NBSIR 76-1041, ICET, National Bureau of Standards, Washington, DC (Apr. 1976)
    URL: http://nvlpubs.nist.gov/nistpubs/Legacy/IR/nbsir76-1041.pdf
  6. A. Abdul-Rahman and S. Hailes. “A Distributed Trust Model,” Proceedings of the 1997 Workshop on New Security Paradigms pp. 48–60 (Sep. 1997).
    DOI: 10.1145/283699.283739
  7. J. Abel. “Do You Have to Keep the Government’s Secrets? Retroactively Classified Documents, the First Amendment, and the Power to Make Secrets Out of the Public Record,” University of Pennsylvania Law Review 163(4) pp. 1037–1097 (Mar. 2015)
    URL: https://scholarship.law.upenn.edu/penn_law_review/vol163/iss4/2
  8. M. Abrams and D. Bailey. “Abstraction and Refinement of Layered Security Policy,” in [10], pp. 126–136.
  9. M. D. Abrams and P. J. Brusil. “Application of the Common Criteria to a System: A Real-World Example,” Computer Security Journal 16(2) pp. 11–21 (Mar. 2000).
  10. M. D. Abrams, S. Jajodia, and H. J. Podell (eds.). Information Security: An Integrated Collection of Essays, IEEE Computer Society Press, Los Alamitos, CA, USA (June 1995)
    ISBN: 978-0-8186-3662-2
  11. S. Abt and H. Baier. “Are We Missing Labels? A Study of the Availability of Ground-Truth in Network Security Research,” Proceedings of the Third International Workshop on Building Analysis Datasets and Gathering Experience Returns for Security pp. 40–55 (Sep. 2014).
    DOI: 10.1109/BADGERS.2014.11
  12. R. Accorsi. “BBox: A Distributed Secure Log Architecture,” Proceedings of the 2010 European Public Key Infrastructure Workshop: Public Key Infrastructures, Services and Applications (Lecture Notes in Computer Science 6711) pp. 109–124 (Sep. 2010).
    DOI: 10.1007/978-3-642-22633-5_8
  13. A. Acquisti, I. Adjerid, R. Balebako, L. Brandimarte, L. F. Cranor, S. Komanduri, P. G. Leon, N. Sadeh, F. Schaub, M. Sleeper, Y. Wang, and S. Wilson. “Nudges for Privacy and Security: Understanding and Assisting Users’ Choices Online,” ACM Computing Surveys 50(3) pp. 44:1–44:41 (Oct. 2017).
    DOI: 10.1145/3054926
  14. C. Adams and S. Lloyd. Understanding the Public-Key Infrastructure: Concepts, Standards, and Deployment Considerations, SAMS, Indianapolis, IN, USA (1999)
    ISBN: 978-1-57870-166-7
  15. E. Adams and S. S. Muchnick. “Dbxtool: A Window-Based Symbolic Debugger for Sun Workstations,” Software: Practice and Experience 16(7) pp. 653–659 (July 1986).
    DOI: 10.1002/spe.4380160705
  16. B. Adida. “Helios: Web-based Open-Audit Voting,” Proceedings of the 17th USENIX Security Symposium pp. 335–348 (July 2008)
    URL: https://www.usenix.org/legacy/event/sec08/tech/full_papers/adida/adida.pdf
  17. L. M. Adleman. “An Abstract Theory of Computer Viruses,” Advances in Cryptology — CRYPTO ’88 (Lecture Notes in Computer Science 403) pp. 354–374 (Aug. 1988).
    DOI: 10.1007/0-387-34799-2_28
  18. Adobe Systems, Inc. PostScript Language Reference, Addison-Wesley Professional (Mar. 1999)
    ISBN: 978-0-201-37922-8
  19. D. Adrian, K. Bhargavan, Z. Durumeric, P. Gaudry, M. Green, J. A. Halderman, N. Heninger, D. Springall, E. Thomé, L. Valenta, B. VanderSloot, E. Wustrow, S. Zanella-Beguelin, and P. Zimmermann. “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice,” Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security pp. 5–17 (2015).
    DOI: 10.1145/2810103.2813707
  20. K. Agarwal, B. Jain, and D. E. Porter. “Containing the Hype,” Proceedings of the Sixth Asia-Pacific Workshop on Systems pp. 8:1–8:9 (July 2015).
    DOI: 10.1145/2797022.2797029
  21. A. Aggarwal and P. Jalote. “Integrating Static and Dynamic Analysis for Detecting Vulnerabilities,” Proceedings of the 30th Annual International Computer Software and Applications Conference (Sep. 2006).
    DOI: 10.1109/COMPSAC.2006.55
  22. G. B. Agnew. “Random Sources for Cryptographic Systems,” Advances in Cryptology — CRYPTO ’87 (Lecture Notes in Computer Science 304) pp. 77–81 (Apr. 1987).
    DOI: 10.1007/3-540-39118-5_8
  23. D. Agrawal, S. Baktir, D. Karakoyunlu, P. Rohatgi, and B. Sunar. “Trojan Detection using IC Fingerprinting,” Proceedings of the 2007 IEEE Symposium on Security and Privacy pp. 296–310 (May 2007).
    DOI: 10.1109/SP.2007.36
  24. D. Agrawal, S. Calo, J. Giles, K.-W. Lww, and D. Verma. “Policy Management for Networked Systems and Applications,” Proceedings of the Ninth IFIP/IEEE International Symposium on Integrated Network Management pp. 455–468 (May 2005).
    DOI: 10.1109/INM.2005.1440816
  25. D. Agrawal, S. Calo, K.-W. Lee, and J. Lobo. “Issues in Designing a Policy Language for Distributed Management of IT Infrastructures,” Proceedings of the Tenth IFIP/IEEE International Symposium on Integrated Network Management pp. 30–39 (May 2007).
    DOI: 10.1109/INM.2007.374767
  26. R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. “XPref: A Preference Language for P3P,” Computer Networks 48(5) pp. 809–827 (Aug. 2005).
    DOI: 10.1016/j.comnet.2005.01.004
  27. A. Ahmad, J. Hadgkiss, and A. B. Ruighaver. “Incident Response Teams — Challengess in Supporting the Organisational Security Function,” Computers & Security 31(5) pp. 643–652 (July 2012).
    DOI: 10.1016/j.cose.2012.04.001
  28. G.-J. Ahn and R. Sandhu. “Role-Based Authorization Constraints Specification,” ACM Transactions on Information and System Security 3(4) pp. 207–226 (Nov. 2000).
    DOI: 10.1145/382912.382913
  29. R. Akella, H. Tang, and B. McMillin. “Analysis of Information Flow Security in Cyber-Physical Systems,” International Journal of Critical Infrastructure Protection 3(3-4) pp. 157–173 (Dec. 2010).
    DOI: 10.1016/j.ijcip.2010.09.001
  30. S. S. Al-Riyami and K. G. Paterson. “Certificateless Public Key Cryptography,” Advances in Cryptology — ASIACRYPT 2003 (Lecture Notes in Computer Science 2894) pp. 452–473 (Nov. 2003).
    DOI: 10.1007/978-3-540-40061-5_29
  31. E. Al-Shaer, H. Hamed, R. Boutaba, and M. Hasan. “Conflict Classification and Analysis of Distributed Firewall Policies,” IEEE Journal on Selected Areas in Communication 23(10) pp. 2069–2084 (Oct. 2005).
    DOI: 10.1109/JSAC.2005.854119
  32. AlephOne. “Smashing the Stack for Fun and Profit,” Phrack 7(49) (Nov. 1996)
    URL: http://phrack.org/issues/49/14.html
  33. D. S. Alexander, W. A. Arbaugh, A. D. Keromytis, and J. M. Smith. “A Secure Active Network Environment Architecture: Realization in SwitchWare,” IEEE Network 12(3) pp. 37–45 (May 1998).
    DOI: 10.1109/65.690960
  34. N. AlFardan, D. J. Bernstein, K. G. Paterson, B. Poettering, and J. C. Schuldt. “On the Security of RC4 in TLS,” Proceedings of the 22nd USENIX Security Symposium pp. 305–320 (Aug. 2013)
    URL: https://www.usenix.org/conference/usenixsecurity13/technical-sessions/paper/alFardan
  35. P. G. Allen. “A Comparison of Non-Interference and Non-Deducibility using CSP,” Proceedings of the Fourth Computer Security Foundations Workshop pp. 43–54 (June 1991).
    DOI: 10.1109/CSFW.1991.151568
  36. M. H. Almeshekah and E. H. Spafford. “Planning and Integrating Deception into Computer Security Defenses,” Proceedings of the 2014 Workshop on New Security Paradigms pp. 127–138 (Sep. 2014).
    DOI: 10.1145/2683467.2683482
  37. F. T. Alotaiby and J. X. Chen. “A Model for Team-Based Access Control (TMAC 2004),” Proceedings of the 2004 International Conference on Information Technology: Coding and Computing pp. 450–454 (Apr. 2004).
    DOI: 10.1109/ITCC.2004.1286497
  38. M. Alsabah and I. Goldberg. “Performance and Security Improvements for Tor: A Survey,” ACM Computing Surveys 49(2) pp. 32:1–32:36 (Nov. 2016).
    DOI: 10.1145/2946802
  39. J. Alves-Foss, D. Frincke, and G. Saghi. “Applying the TCSEC Guidelines to a Real-Time Embedded System Environment,” Proceedings of the 19th National Information Systems Security Conference pp. 89–97 (Oct. 1996).
  40. P. E. Ammann and P. E. Black. “A Specification-Based Coverage Metric to Evaluate Test Sets,” Proceedings of the Fourth IEEE International Symposium on High-Assurance Systems Engineering pp. 1–10 (Nov. 1999).
    DOI: 10.1109/HASE.1999.809499
  41. P. Ammann, J. Pamula, R. Ritchey, and J. Street. “A Host-Based Approach to Network Attack Chaining Analysis,” Proceedings of the 21st Annual Computer Security Applications Conference pp. 72–83 (Dec. 2005).
    DOI: 10.1109/CSAC.2005.6
  42. P. Ammann and R. S. Sandhu. “The Extended Schematic Protection Model,” Journal of Computer Security 1(3-4) pp. 335–383 (1992).
    DOI: 10.3233/JCS-1992-13-408
  43. P. Ammann and R. S. Sandhu. “Implementing Transaction Control Expressions by Checking for Absence of Access Rights,” Proceedings of the Eighth Annual Computer Security Applications Conference pp. 131–140 (Nov. 1992).
    DOI: 10.1109/CSAC.1992.228226
  44. P. Ammann, R. S. Sandhu, and R. Lipton. “The Expressive Power of Multi-Parent Creation in Monotonic Access Control Models,” Journal of Computer Security 4(2/3) pp. 149–165 (1996).
    DOI: 10.3233/JCS-1996-42-303
  45. E. G. Amoroso. Intrusion Detection: An Introduction to Internet Surveillance, Correlation, Trace Back, Traps, and Response, Intrusion.Net Books, Sparta, NJ, USA (Feb. 1999)
    ISBN: 978-0-9666700-7-3
  46. E. Amoroso, T. Nguyen, J. Weiss, J. Watson, Lapiska, and T. Starr. “Toward an Approach to Measuring Software Trust,” Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy pp. 198–218 (May 1991).
    DOI: 10.1109/RISP.1991.130788
  47. P. Amthor, W. E. Kühnhauser, and A. Pölck. “Model-Based Safety Analysis of SELinux Security Policies,” Proceedings of the Fifth International Conference on Network and System Security pp. 208–215 (Sep. 2011).
    DOI: 10.1109/ICNSS.2011.6060002
  48. P. Amthor, W. E. Kühnhauser, and A. Pölck. “Heuristic Safety Analysis of Access Control Models,” Proceedings of the 18th ACM Symposium on Access Control Models and Technologies pp. 137–148 (June 2013).
    DOI: 10.1145/2462410.2462413
  49. A. H. Anderson. “An Introduction to the Web Services Policy Language (WSPL),” Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks pp. 189–192 (June 2004).
    DOI: 10.1109/POLICY.2004.1309166
  50. J. Anderson. Computer Security Technology Planning Study, Technical Report ESD-TR-73-51, ESD/AFSC, Hanscom AFB, Bedford, MA (Oct. 1972).
  51. J. P. Anderson. “Information Security in a Multi-User Computer Environment,” in Information Security in a Multi-User Computer Environment, edited by M. Rubinoff, Academic Press, New York, NY, USA pp. 1–36 (1972).
  52. J. P. Anderson. Computer Security Threat Monitoring and Surveillance, Technical Report, James P. Anderson Co., Fort Washington, PA 19034 USA (Apr. 1980)
    URL: https://csrc.nist.gov/csrc/media/publications/conference-paper/1998/10/08/proceedings-of-the-21st-nissc-1998/documents/early-cs-papers/ande80.pdf
  53. J. P. Anderson. On the Feasibility of Connecting RECON to an External Network, Technical Report, James P. Anderson Co., Fort Washington, PA, USA (Mar. 1981).
  54. R. Anderson. “Clinical System Security: Intermin Guidelines,” British Medical Journal 312(7023) pp. 109–111 (1996).
    DOI: 10.1136/bmj.312.7023.109
  55. R. Anderson and S. Fuloria. “Security Economics and Critical National Infrastructure,” Chapter 4 in Security Economics and Critical National Infrastructure, Springer pp. 55–66 (2010).
    DOI: 10.1007/978-1-4419-6967-5_4
  56. R. J. Anderson. “UEPS—A Second Generation Electronic Wallet,” Proceedings of the Second European Symposium on Research in Computer Security (Lecture Notes in Computer Science 648) pp. 409–418 (Nov. 1992).
    DOI: 10.1007/BFb0013910
  57. R. J. Anderson. “A Security Policy Model for Clinical Information Systems,” Proceedings of the 1996 IEEE Symposium on Security and Privacy pp. 30–43 (May 1996).
    DOI: 10.1109/SECPRI.1996.502667
  58. R. Anderson, C. Manifavas, and C. Sutherland. “NetCard—A Practical Electronic Cash System,” Proceedings of the International Workshop on Security Protocols (Lecture Notes in Computer Science 1189) pp. 49–57 (Apr. 1996).
    DOI: 10.1007/3-540-62494-5_4
  59. R. Anderson and T. Moore. “Information Security Economics — and Beyond,” Advances in Cryptology — CRYPTO 2007 (Lecture Notes in Computer Science) pp. 68–91 (Aug. 2007).
    DOI: 10.1007/978-3-540-74143-5_5
  60. R. Anderson and R. Needham. “Robustness Principles for Public Key Protocols,” Advances in Cryptology — CRYPTO ’95 (Lecture Notes in Computer Science 963) pp. 236–347 (Aug. 1995).
    DOI: 10.1007/3-540-44750-4_19
  61. T. E. Anderson. The Case for Application-Specific Operating Systems, Technical Report UCB/CSD-93-738, Division of Computer Science, Electrical Engineering and Computer Science Department, University of California, Berkeley, Berkeley, CA, USA (1993)
    URL: http://www2.eecs.berkeley.edu/Pubs/TechRpts/1993/6023.html
  62. G. R. Andrews and R. P. Reitman. “An Axiomatic Approach to Information Flow in Programs,” ACM Transactions on Programming Languages and Systems 2(1) pp. 56–76 (Jan. 1980).
    DOI: 10.1145/357084.357088
  63. T. Antonyan, S. Davtyan, S. Kentros, A. Kiayias, K. Michel, N. Nicolaou, A. Russell, and A. A. Shvartsman. “Automating Voting Terminal Event Log Analysis,” Proceedings of the 2009 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections pp. 1–15 (Aug. 2009)
    URL: https://www.usenix.org/legacy/event/evtwote09/tech/full_papers/antonyan.pdf
  64. A. A. Appel. “Foundational Proof-Carrying Code,” Proceedings of the 2003 Foundations of Intrusion Tolerant Systems pp. 247–256 (Dec. 2003).
    DOI: 10.1109/FITS.2003.1264926
  65. A. W. Appel and A. P. Felty. “A Semantic Model of Types and Machine Instructions for Proof-carrying Code,” Proceedings of the 27th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages pp. 243–253 (Jan. 2000).
    DOI: 10.1145/325694.325727
  66. A. Apvrille and P. Makan. “XML Distributed Security Policy for Clusters,” Computers & Security 23(8) pp. 649–658 (Dec. 2004).
    DOI: 10.1016/j.cose.2004.09.006
  67. L. C. F. Araújo, L. H. R. Sucupira Jr., M. G. Lizárraga, L. L. Ling, and J. B. T. Yabu-Uti. “User Authentication Through Typing Biometrics Features,” IEEE Transactions on Signal Processing 53(2) pp. 851–855 (Feb. 2005).
    DOI: 10.1109/TSP.2004.839903
  68. W. A. Arbaugh, D. J. Farber, and J. M. Smith. “A Secure and Reliable Bootstrap Architecture,” Proceedings of the 1997 IEEE Symposium on Security and Privacy pp. 65–71 (May 1997).
    DOI: 10.1109/SECPRI.1997.601317
  69. R. S. Arbo, E. M. Johnson, and R. L. Sharp. “Extending Mandatory Access Controls to a Networked MLS Environment,” Proceedings of the 12th National Computer Security Conference pp. 286–295 (Oct. 1989).
  70. R. Archibald and D. Ghosal. “A Comparative Analysis of Detection Metrics for Covert Timing Channels,” Computers & Security 45(5) pp. 284–292 (Sep. 2014).
    DOI: 10.1016/j.cose.2014.03.007
  71. C. A. Ardagna, R. Asal, E. Damiani, and Q. H. Vu. “From Security to Assurance in the Cloud: A Survey,” ACM Computing Surveys 48(1) pp. 2:1–2:50 (July 2015).
    DOI: 10.1145/2767005
  72. M. A. Ardis, J. A. Chaves, L. Jategaonkar, P. Mataga, C. Puchol, M. G. Staskauskas, and J. Von Olnhausen. “A Framework for Evaluating Specification Methods for Reactive Systems: Experience Report,” IEEE Transactions on Software Engineering 22(6) pp. 378–389 (June 1996).
    DOI: 10.1109/32.508312
  73. R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. DNS Security Introduction and Requirements, RFC 4033 (Mar. 2005).
    DOI: 10.17487/RFC4033
  74. R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Protocol Modifications for the DNS Security Extensions, RFC 4035 (Mar. 2005).
    DOI: 10.17487/RFC4035
  75. R. Arends, R. Austein, M. Larson, D. Massey, and S. Rose. Resource Records for the DNS Security Extensions, RFC 4034 (Mar. 2005).
    DOI: 10.17487/RFC4034
  76. S. Ariyapperuma and C. J. Mitchell. “Security Vulnerabilities in DNS and DNSSEC,” Proceedings of the 2007 International Conference on Availability, Reliability and Security pp. 335–342 (Apr. 2007).
    DOI: 10.1109/ARES.2007.139
  77. J. Arlat, Y. Crouzet, J. Karlsson, P. Folkesson, E. Fuchs, and G. Leber. “Comparison of Physical and Software-Implemented Fault Injection Techniques,” IEEE Transactions on Computers 52(9) pp. 1115–1133 (Sep. 2003).
    DOI: 10.1109/TC.2003.1228509
  78. ARM. ARM11 MPCore Processor Revision r2p0 Technical Reference Manual, Technical Report ARM DDI 0360F, ARM Ltd., San Jose, CA, USA (Oct. 2008)
    URL: https://developer.arm.com/docs/ddi0360/f
  79. N. D. Arnold. UNIX Security: A Practical Tutorial, McGraw-Hill, New York, NY, USA (1993)
    ISBN: 978-0-07-002560-8
  80. J. J. Arnold Jr.. “Analysis Requirements for Low Assurance Evaluations,” Proceedings of the 18th National Computer Security Conference pp. 356–365 (Oct. 1995).
  81. A. Arsenault and R. Housley. “Protection Profiles for Certificate Issuing and Management Systems,” Proceedings of the 22nd National Information Systems Security Conference pp. 189–199 (Oct. 1999).
  82. W. Arthur and D. Challener. A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security, Apress, Inc., New York, NY, USA (2015)
    ISBN: 978-1-4302-6583-2
  83. D. Artz and Y. Gil. “A Survey of Trust in Computer Science and the Semantic Web,” Journal of Web Semantics 5(2) pp. 58–71 (June 2007).
    DOI: 10.1016/j.websem.2007.03.002
  84. S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau, and P. McDaniel. “FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps,” Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation pp. 259–269 (June 2014).
    DOI: 10.1145/2594291.2594299
  85. H. Asghari, M. Ciere, and M. J. G. van Eeten. “Post-Mortem of a Zombie: Conficker Cleanup After Six Years,” Proceedings of the 24th USENIX Security Symposium pp. 1–16 (Aug. 2015)
    URL: https://www.usenix.org/node/190883
  86. A. Askarov and A. Sabelfeld. “Gradual Release: Unifying Declassification, Encryption and Key Release Policies,” Proceedings of the 2007 IEEE Symposium on Security and Privacy pp. 207–221 (May 2007).
    DOI: 10.1109/SP.2007.22
  87. T. Aslam. “A Taxonomy of Security Faults in the UNIX Operating System,” Master’s Thesis, Department of Computer Sciences, Purdue University, West Lafayette, IN, USA (Aug. 1995)
    URL: https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/95-09.ps
  88. C. Asmuth and J. Bloom. “A Modular Approach to Key Safeguarding,” IEEE Transactions on Information Theory 29(2) pp. 208–210 (Mar. 1983).
    DOI: 10.1109/TIT.1983.1056651
  89. M. Atighetchi, P. Pal, F. Webber, and C. Jones. “Adaptive Use of Network-Centric Mechanisms in Cyber-Defense,” Proceedings of the Second IEEE International Symposium on Network Computing and Applications pp. 179–188 (Apr. 2003).
    DOI: 10.1109/NCA.2003.1201154
  90. M. Atighetchi, P. Pal, F. Webber, R. Schantz, C. Jones, and J. Loyall. “Adaptive Cyberdefense for Survival and Intrusion Tolerance,” IEEE Internet Computing 8(6) pp. 25–33 (Nov. 2004).
    DOI: 10.1109/MIC.2004.54
  91. D. Atkins and R. Austein. Threat Analysis of the Domain Name System (DNS), RFC 3833 (Aug. 2004).
    DOI: 10.17487/RFC3833
  92. S. Atkinson and D. Scholefield. “Transformational vs Reactive Refinement in Real-Time Systems,” Information Processing Letters 55(4) pp. 201–210 (Aug. 1995).
    DOI: 10.1016/0020-0190(95)00095-T
  93. V. Atluri, E. Bertino, and S. Jajodia. “Achieving Stricter Correctness Requirements in Multilevel Secure Databases,” Proceedings of the 1993 IEEE Symposium on Research in Security and Privacy pp. 135–147 (May 1993).
    DOI: 10.1109/RISP.1993.287636
  94. V. Atluri, S. A. Chun, and P. Mazzoleni. “Chinese Wall Security for Decentralized Workflow Management Systems,” Journal of Computer Security 12(6) pp. 799–840 (2004).
    DOI: 10.3233/JCS-2004-12601
  95. P. Auffret. “SinFP, Unification of Active and Passive Operating System Fingerprinting,” Journal of Computer Virology 6(3) pp. 197–205 (Aug. 2010).
    DOI: 10.1007/s11416-008-0107-z
  96. C. Augier. “Excel-lent Leaks,” Risks Digest 21(39) (May 2001)
    URL: http://catless.ncl.ac.uk/Risks/21.39.html#subj4
  97. T. Aura, M. Becker, M. Roe, and P. Zieliński. “Reconciling Multiple IPsec and Firewall Policies,” Proceedings of the 15th International Workshop on Security Protocols (Lecture Notes in Computer Science) pp. 81–97 (Apr. 2007).
    DOI: 10.1007/978-3-642-17773-6_9
  98. T. Aura, M. Bishop, and D. Sniegowski. “Analyzing Single-Server Network Inhibition,” Proceedings of the 13th Computer Security Foundations Workshop pp. 108–117 (July 2000).
    DOI: 10.1109/CSFW.2000.856930
  99. T. H. Austin and C. Flanagan. “Permissive Dynamic Information Flow Analysis,” Proceedings of the Fifth ACM SIGPLAN Workshop on Programming Languages and Analysis for Security pp. 3:1–3:12 (2010).
    DOI: 10.1145/1814217.1814220
  100. A. Avižienis. “The N-Version Approach to Fault-Tolerant Software,” IEEE Transactions on Software Engineering SE-11(12) pp. 1491–1501 (Dec. 1985).
    DOI: 10.1109/TSE.1985.231893
  101. A. Avižienis, J.-C. Laprie, B. Randell, and C. Landwehr. “Basic Concepts and Taxonomy of Dependable and Secure Computing,” IEEE Transactions on Dependable and Secure Computing 1(1) pp. 11–33 (Jan. 2004).
    DOI: 10.1109/TDSC.2004.2
  102. S. Axelsson. “The Base-Rate Fallacy and the Difficulty of Intrusion Detection,” ACM Transactions on Information and System Security 3(3) pp. 186–205 (Aug. 2000).
    DOI: 10.1145/357830.357849
  103. J. Aycock. Computer Viruses and Malware (Advances in Information Security 22), Springer Science+Business Media, LLC, New York, NY, USA (Dec. 2006)
    ISBN: 978-0-387-30236-2
  104. A. Bacard. The Computer Privacy Handbook: A Practical Guide to E-Mail Encryption, Data Protection, and PGP Privacy Software, Peachpit Press, Berkeley, CA, USA (1995)
    ISBN: 978-1566091718
  105. A. Bacard. Anonymous Remailer FAQ (July 1998)
    URL: http://www.di.unisa.it/~ads/corso-security/www/NEW/remail.html
  106. R. Bace. Intrusion Detection, Macmillan Technical Publications, Indianapolis, IN, USA (2000)
    ISBN: 978-1-57870-185-8
  107. E. M. Bačić. “The Canadian Trusted Computer Product Evaluation Criteria,” Proceedings of the Sixth Annual Computer Security Applications Conference pp. 188–196 (Dec. 1990).
    DOI: 10.1109/CSAC.1990.143768
  108. M. Backes and B. Pfitzmann. “Computational Probabilistic Noninterference,” International Journal of Information Security 3(1) pp. 42–60 (Oct. 2004).
    DOI: 10.1007/s10207-004-0039-7
  109. A. Baddeley. “The Magic Number Seven: Still Magic After All These Years?,” Psychological Review 101(2) pp. 353–356 (Apr. 1994).
    DOI: 10.1037/0033-295X.101.2.353
  110. C. Badertscher, C. Matt, U. Maurer, P. Rogaway, and B. Tackmann. “Augmented Secure Channels and the Goal of the TLS 1.3 Record Layer,” Proceedings of the Ninth International Conference on Provable Security pp. 85–104 (Nov. 2015).
    DOI: 10.1007/978-3-319-26059-4_5
  111. L. Badger, D. F. Sterne, D. L. Sherman, and K. M. Walker. “A Domain and Type Enforcement UNIX Prototype,” Computing Systems 9(1) pp. 47–83 (Winter 1996)
    URL: https://www.usenix.org/legacy/publications/compsystems/1996/win_badger.pdf
  112. J. Baek, R. Safavi-Naini, and W. Susilo. “Certificateless Public Key Encryption Without Pairing,” Proceedings of the Eighth International Information Security Conference (Lecture Notes in Computer Science 3650) pp. 134–148 (Sep. 2005).
    DOI: 10.1007/11556992_10
  113. S. Bahram, X. Jiang, Z. Wang, M. Grace, J. Li, D. Srinivasan, J. Rhee, and X. Dongyan. “DKSM: Subverting Virtual Machine Introspection for Fun and Profit,” Proceedings of the 29th IEEE Symposium on Reliable Distributed Systems pp. 82–91 (Oct. 2010).
    DOI: 10.1109/SRDS.2010.39
  114. L. Bai, G. Kane, and P. Lyons. “Open Architecture for Contactless Smartcard-Based Portable Electronic Payment Systems,” Proceedings of the 2008 IEEE International Conference on Automation Science and Engineering pp. 715–719 (Aug. 2008).
    DOI: 10.1109/COASE.2008.4626497
  115. D. Bailey. “A Philosophy of Security Management,” in [10], pp. 98–111.
  116. D. W. Baker, S. M. Christey, W. H. Hill, and D. E. Mann. “The Development of a Common Enumeration of Vulnerabilities and Exposures,” Proceedings of the Second International Workshop on Recent Advances in Intrusion Detection (Sep. 1999)
    URL: http://www.raid-symposium.org/raid99/PAPERS/Hill.pdf
  117. B. S. Bakloğlu. “The Gray Zone: Networks of Piracy, Control, and Resistance,” The Information Society 32(1) pp. 40–50 (2016).
    DOI: 10.1080/01972243.2015.1107164
  118. D. Balenson and T. Markham. “ISAKMP Key Recovery Extensions,” Computers & Security 19(1) pp. 91–99 (Jan. 2000).
    DOI: 10.1016/S0167-4048(00)86368-3
  119. T. Ballad and W. Nallad. Securing PHP Web Applications, Addison-Wesley, Boston, MA, USA (2009)
    ISBN: 978-0-321-53434-7
  120. L. Ballard, S. Kamara, and M. K. Reiter. “The Practical Subtleties of Biometric Key Generation,” Proceedings of the 17th USENIX Security Symposium pp. 61–74 (July 2008)
    URL: https://www.usenix.org/legacy/event/sec08/tech/full_papers/ballard/ballard.pdf
  121. D. Balzarotti, G. Banks, M. Cova, V. Felmetsger, R. A. Kemmerer, W. Robertson, F. Valeur, and G. Vigna. “An Experience in Testing the Security of Real-World Electronic Voting Systems,” IEEE Transactions on Software Engineering 36(4) pp. 453–473 (July 2010).
    DOI: 10.1109/TSE.2009.53
  122. J. Bamford. “The Espionage Economy,” Foreign Policy 216 pp. 70–72 (Jan/Feb 2016)
    URL: http://foreignpolicy.com/2016/01/22/the-espionage-economy/
  123. K.-S. Bang, J.-Y. Choi, and C. Yoo. “Comments on “The Spin Model Checker”,” IEEE Transactions on Software Engineering 27(6) pp. 573–576 (June 2001).
    DOI: 10.1109/32.926177
  124. D. Banning, G. Ellingwood, C. Franklin, C. Muckenhrin, and D. Price. “Auditing of Distributed Systems,” Proceedings of the 14th National Computer Security Conference pp. 59–68 (Oct. 1991).
  125. P. Barham, B. Dragovic, K. Fraser, S. Hand, T. Harris, A. Ho, R. Neugebauer, I. Pratt, and A. Warfield. “Xen and the Art of Virtualization,” Proceedings of the 19th ACM Symposium on Operating Systems Principles pp. 164–177 (Dec. 2003).
    DOI: 10.1145/945445.945462
  126. E. Barker. Recommendation for Key Management, Part 1: General (Revision 4), Special Publication 800-57 Part 1, Rev. 4, National Institute of Standards and Technology, Gaithersburg, MD, USA (Jan. 2016).
    DOI: 10.6028/NIST.SP.800-57pt1r4
  127. E. Barker and N. Mouha. Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher, Special Publication 800-67 Revision 2, National Institute of Standards and Technology, Gaithersburg, MD, USA (Nov. 2017).
    DOI: 10.6028/ NIST.SP.800- 67r2
  128. T. H. Barr. Invitation to Cryptology, Prentice Hall, Inc, Upper Saddle River, NJ, USA (2002)
    ISBN: 978-0-13-088976-8
  129. E. G. Barrantes, D. H. Ackley, S. Forrest, and D. Stefanovic. “Randomized Instruction Set Emulation,” ACM Transactions on Information and System Security 8(1) pp. 3–40 (Feb. 2005).
    DOI: 10.1145/1053283.1053286
  130. C. Barrett, R. Sebastiani, S. Seshia, and C. Tinelli. “Satisfiability Modulo Theories,” Chapter 26 in Handbook of Satisfiability, edited by A. Biere, M. Heule, H. Van Maaren, and T. Walsh (Frontiers in Artificial Intelligence and Applications 185), IOS Press, Amsterdam, The Netherlands pp. 825–885 (Feb. 2009).
    DOI: 10.3233/978-1-58603-929-5-825
  131. D. J. Barrett, R. E. Silverman, and R. G. Byrnes. SSH, the Secure Shell: The Definitive Guide, O’Reilly Media, Inc., Sebastopol, CA, USA (June 2009)
    ISBN: 978-0-596-00895-6
  132. Y. Bartal, A. Mayer, K. Nissim, and A. Wool. “Firmato: A Novel Firewall Management Toolkit,” ACM Transactions on Computer Systems 22(4) pp. 381–420 (Nov. 2004).
    DOI: 10.1145/1035582.1035583
  133. A. Barth. HTTP State Management Mechanism, RFC 6265 (Apr. 2011).
    DOI: 10.17487/RFC6265
  134. G. Barthe, D. Naumann, and T. Rezk. “Deriving an Information Flow Checker and Certifying Compiler for Java,” Proceedings of the 2006 IEEE Symposium on Security and Privacy pp. 229–242 (May 2006).
    DOI: 10.1109/SP.2006.13
  135. J. Bartlett. Familiar Quotations, Little, Brown and Co., Boston, MA, USA (1901).
  136. R. Bate, A. Reichner, S. Garcia-Miller, J. Armitage, K. Cusick, R. Jones, D. Kuhn, I. Minnich, H. Pierson, and T. Powell. A Systems Engineering Capability Maturity Model, Version 1.0, Technical Report CMU/SEI-94-HB-004, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, USA (Dec. 1994)
    URL: https://resources.sei.cmu.edu/asset_files/Handbook/1994_002_001_16247.pdf
  137. B. L. A. Batista and M. P. Fernandez. “PonderFlow: A Policy Specification Language for Openflow Networks,” Proceedings of the 13th International Conference on Networks pp. 204–209 (Feb. 2014).
  138. M. Baum. NIST Withdraws Outdated Data Encryption Standard, National Institute of Standards and Technology, Gaithersburg, MD, USA (June 2005)
    URL: http://www.nist.gov/itl/fips/060205_des.cfm
  139. P. Baxter, A. Edmundson, K. Ortiz, A. M. Quevado, S. Rodriguez, C. Sturton, and D. Wagner. “Automated Analysis of Election Audit Logs,” Proceedings of the 2012 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections (Aug. 2012)
    URL: https://www.usenix.org/conference/evtwote12/workshop-program/presentation/baxter
  140. B. Bayh. “Unclassified Summary: Involvement of NSA in the Development of the Data Encryption Standard (United States Senate Select Committee on Intelligence),” IEEE Communications Society Magazine 16(6) pp. 53–55 (Nov. 1978).
    DOI: 10.1109/MCOM.1978.1089789
  141. M. Bazaliy, S. Hardy, M. Flossman, K. Edwards, A. Blaich, and M. Murray. Technical Analysis of Pegasus Spyware: An Investigation into Highly Sophisticated Espionage Software, Technical Report 051-ESQ-475, Lookout, Wachington, DC, USA (Aug. 2016)
    URL: https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf
  142. C. Beame, B. Callaghan, M. Eisler, D. Noveck, D. Robinson, and R. Thurlow. Network File System (NFS) Version 4 Protocol, RFC 3530 (Apr. 2003).
    DOI: 10.17487/RFC3530
  143. K. Beck, M. Beedle, A. van Bennekum, A. Cockburn, W. Cunningham, M. Fowler, J. Grenning, J. Highsmith, A. Hunt, R. Jeffries, J. Kern, B. Marick, R. C. Martin, S. Mellor, K. Schwaber, J. Sutherland, and D. Thomas. Manifesto for Agile Software Development (2001)
    URL: http://agilemanifesto.org/
  144. M. Y. Becker and P. Sewell. “Cassandra: Flexible Trust Management, Applied to Electronic Health Records,” Proceedings of the 17th Computer Security Foundations Workshop pp. 139–154 (June 2004).
    DOI: 10.1109/CSFW.2004.1310738
  145. K. M. Begnum. “Managing Large Networks of Virtual Machines,” Proceedings of the 20th Large Installation System Administration Conference pp. 205–214 (Dec. 2006)
    URL: https://www.usenix.org/legacy/event/lisa06/tech/begnum.html
  146. R. Bejtlich. The Practice of Network Security Monitoring, No Starch Press, Inc., San Francisco, CA, USA (2013)
    ISBN: 978-1-59327-509-9
  147. H. Beker and F. Piper. Cipher Systems: The Protection of Communications, Northwood Books, London, UK (1982)
    ISBN: 978-0-442-30608-3
  148. D. E. Bell. “Concerning ‘Modeling’ of Computer Security,” Proceedings of the 1988 IEEE Symposium on Security and Privacy pp. 8–13 (Apr. 1988).
    DOI: 10.1109/SECPRI.1988.8093
  149. D. E. Bell and L. J. LaPadula. Secure Computer Systems: Mathematical Foundations, Technical Report MTR-2547, Vol. I, The MITRE Corporation, Bedford, MA, USA (Mar. 1973)
    URL: http://www.dtic.mil/dtic/tr/fulltext/u2/770768.pdf
  150. D. E. Bell and L. J. LaPadula. Secure Computer System: Unified Exposition and Multics Interpretation, Technical Report MTR-2997 Rev. 1, The MITRE Corporation, Bedford, MA, USA (Mar. 1976)
    URL: http://www.dtic.mil/dtic/tr/fulltext/u2/a023588.pdf
  151. R. M. Bell, Y. Koren, and C. Volinsky. “All Together Now: A Perspective on the Netflix Prize,” Chance 23(1) pp. 24–29 (2010).
    DOI: 10.1080/09332480.2010.10739787
  152. G. Bella, F. Massacci, and L. C. Paulson. “Verifying the SET Registration Protocols,” IEEE Journal on Selected Areas in Communication 21(1) pp. 77–87 (Jan. 2003).
    DOI: 10.1109/JSAC.2002.806133
  153. G. Bella, F. Massacci, and L. C. Paulson. “Verifying the SET Purchase Protocols,” Journal of Automated Reasoning 36(1-2) pp. 5–37 (2006).
    DOI: 10.1007/s10817-005-9018-6
  154. M. Bellare. “New Proofs for NMAC and HMAC: Security Without Collision-Resistance,” Journal of Cryptology 28(4) pp. 1–35 (Oct. 2015).
    DOI: 10.1007/s00145-014-9185-x
  155. M. Bellare, R. Canetti, and H. Krawczyk. “Keying Hash Functions for Message Authentication,” Advances in Cryptology — CRYPTO ’96 (Lecture Notes in Computer Science 1109) pp. 1–15 (Aug. 1996).
    DOI: 10.1007/3-540-68697-5_1
  156. M. Bellare and S. Micali. “Non-Interactive Oblivious Transfer and Applications,” Advances in Cryptology — CRYPTO ’89 (Lecture Notes in Computer Science 435) pp. 547–557 (Aug. 1989).
    DOI: 10.1007/0-387-34805-0_48
  157. M. Bellare, D. Pointcheval, and P. Rogaway. “Authenticated Key Exchange Secure against Dictionary Attacks,” Advances in Cryptology — EUROCRYPT 2000 (Lecture Notes in Computer Science 1807) pp. 139–155 (May 2000).
    DOI: 10.1007/3-540-45539-6_11
  158. M. Bellare and R. L. Rivest. “Translucent Cryptography—An Alternative to Key Escrow, and Its Implementation via Fractional Oblivious Transfer,” Journal of Cryptology 12(2) pp. 117–139 (Mar. 1999).
    DOI: 10.1007/PL00003819
  159. M. Bellare and P. Rogaway. “Provably Secure Session Key Distribution: The Three Party Case,” Proceedings of the 27th Annual ACM Symposium on Theory of Computing pp. 57–66 (May 1995).
    DOI: 10.1145/225058.225084
  160. M. Bellare, P. Rogaway, and D. Wagner. “The EAX Mode of Operation,” Proceedings of the 11th International Workshop on Fast Software Encryption (Lecture Notes in Computer Science 3017) pp. 389–407 (Feb. 2004).
    DOI: 10.1007/978-3-540-25937-4_25
  161. S. Bellovin. “DRM, Complexity, and Correctness,” IEEE Security & Privacy 5(1) p. 80 (Jan. 2007).
    DOI: 10.1109/MSP.2007.5
  162. S. M. Bellovin. “Security Problems in the TCP/IP Protocol Suite,” ACM SIGCOMM Computer Communications Review 19(2) pp. 32–48 (Apr. 1989).
    DOI: 10.1145/378444.378449
  163. S. M. Bellovin. “Using the Domain Name System for System Break-ins,” Proceedings of the Fifth USENIX UNIX Security Symposium (June 1995)
    URL: http://www.usenix.org/publications/library/proceedings/security95/bellovin.html
  164. S. M. Bellovin. “Probable Plaintext Cryptanalysis of the IP Security Protocols,” Proceedings of the 1997 Symposium on Network and Distributed System Security pp. 52–59 (Feb. 1997).
    DOI: 10.1109/NDSS.1997.579220
  165. S. M. Bellovin and M. Merritt. “Limitations of the Kerberos Authentication System,” Proceedings of the 1991 Winter USENIX Conference pp. 253–267 (Winter 1991).
  166. S. M. Bellovin and M. Merritt. “Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks,” Proceedings of the 1992 IEEE Symposium on Research in Security and Privacy pp. 72–84 (May 1992).
    DOI: 10.1109/RISP.1992.213269
  167. F. Belvin, D. Bodeau, and S. Razvi. “Design Analysis in Evaluations Against the TCSEC C2 Criteria,” Proceedings of the 19th National Information Systems Security Conference pp. 67–75 (Oct. 1996).
  168. M. Ben Salem and S. J. Stolfo. “Decoy Document Deployment for Effective Masquerade Attack Detection,” Proceedings of the Eighth International Conference on the Detection of Intrusions and Malware, and Vulnerability Assessment (Lecture Notes in Computer Science 6739) pp. 35–54 (Aug. 2011).
    DOI: 10.1007/978-3-642-22424-9_3
  169. S. Benferhat, T. Kenaza, and A. Mokhtari. “A Naive Bayes Approach for Detecting Coordinated Attacks,” Proceedings of the 32nd Annual IEEE International Computer Software and Applications Conference pp. 704–709 (July 2008).
    DOI: 10.1109/COMPSAC.2008.213
  170. C. H. Bennett, F. Bessette, G. Brassard, L. Salvail, and J. Smolin. “Experimental Quantum Cryptography,” Journal of Cryptology 5(1) pp. 3–28 (1992).
    DOI: 10.1007/BF00191318
  171. J. Bennett. “Analysis of the Encryption Algorithm Used in the WordPerfect Processing Program,” Cryptologia 11(4) pp. 206–210 (Oct. 1987).
    DOI: 10.1080/0161-118791862027
  172. S. Berezin. “Model Checking and Theorem Proving: A Unified Framework,” Ph.D. Dissertation, Carnegie Mellon University, Pittsburgh, PA, USA (Jan. 2002)
    URL: http://reports-archive.adm.cs.cmu.edu/anon/2002/CMU-CS-02-100.pdf
  173. H. A. Bergen and W. J. Caelli. “File Security in WordPerfect 5.0,” Cryptologia 15(1) pp. 57–66 (Jan. 1991).
    DOI: 10.1080/0161-119191865795
  174. H. Berghel. “The Code Red Worm,” Communications of the ACM 44(12) pp. 15–19 (Dec. 2001).
    DOI: 10.1145/501317.501328
  175. J. Bergstra and M. Burgess (eds.). Handbook of Network and System Administration, Elsevier, Amsterdam, The Netherlands (2007)
    ISBN: 978-0-444-52198-9
  176. T. S. Bernard, T. Hsu, N. Perlroth, and R. Lieber. “Equifax Says Cyberattack May Have Affected 143 Million in the U.S.,” The New York Times p. A1 (Sep. 7 2017)
    URL: https://www.nytimes.com/2017/09/07/business/equifax-cyberattack.html
  177. A. J. Bernstein. “Analysis of Programs for Parallel Processing,” IEEE Transactions on Electronic Computers 15(5) pp. 757–763 (Oct. 1966).
    DOI: 10.1109/PGEC.1966.264565
  178. C. Bernstein and B. Woodward. All the President’s Men, Simon & Schuster, New York, NY, USA (1974)
    ISBN: 978-0-88225-094-6
  179. C. Bernstein and B. Woodward. The Final Days, Simon & Schuster, New York, NY, USA (1976)
    ISBN: 978-0-671-22298-7
  180. D. J. Bernstein. “Curve25519: New Diffie-Hellman Speed Records,” Proceedings of the Ninth International Conference on Theory and Practice in Public-Key Cryptography (Lecture Notes in Computer Science 3958) pp. 207–228 (Apr. 2006).
    DOI: 10.1007/11745853_14
  181. D. J. Bernstein, T. Chou, C. Chuengsatiansup, Hülsing, T. Lange, R. Niederhagen, and C. van Vredendaal. “How to Manipulate Curve Standards: A White Paper for the Black Hat,” Proceedings of the Second International Conference on Research in Security Standardisation ( Lecture Notes in Computer Science 9497) pp. 109–139 (Dec. 2015).
    DOI: 10.1007/978-3-319-27152-1_6
  182. D. J. Bernstein, M. Hamburg, A. Krasnova, and T. Lange. “Elligator: Elliptic-Curve Points Indistinguishable from Uniform Random Strings,” Proceedings of the 20th ACM SIGSAC Conference on Computer and Communications Security pp. 967–980 (Nov. 2013).
    DOI: 10.1145/2508859.2516734
  183. D. J. Bernstein and E. Schenk. SYN Cookies (Oct. 1996)
    URL: http://cr.yp.to/syncookies.html
  184. B. N. Bershad, S. Savage, P. Pardyak, E. G. Sirer, F. M. E., D. Becker, C. Chambers, and S. Eggers. “Extensibility, Safety and Performance in the SPIN Operating System,” Proceedings of the Fifteenth ACM Symposium on Operating Systems Principles pp. 267–283 (Dec. 1995).
    DOI: 10.1145/224056.224077
  185. B. Bershad and C. Pinkerton. “Watchdogs: Extending the UNIX File System,” Proceedings of the 1988 Winter USENIX Conference pp. 267–276 (Feb. 1988).
  186. E. Bertino, P. A. Bonatti, and E. Ferrari. “TRBAC: A Temporal Role-Based Access Control Model,” ACM Transactions on Information and System Security 4(3) pp. 191–233 (Aug. 2001).
    DOI: 10.1145/501978.501979
  187. V. Berzins and L. Luqi. Software Engineering with Abstractions, Addison-Wesley Longman Publishing Co., Inc., Reading, MA, USA (1991)
    ISBN: 978-0-201-08004-9
  188. T. Beth, H.-J. Knobloch, M. Otten, G. J. Simmons, and P. Wichmann. “Towards Acceptable Key Escrow Systems,” Proceedings of the Second ACM Conference on Computer and Communications Security pp. 51–58 (Nov. 1994).
    DOI: 10.1145/191177.191191
  189. B. Beurdouche, K. Bhargavan, A. Delignat-Lavaud, C. Fournet, A. Kohlweiss, Markulf anf Pironti, P.-Y. Strub, and J. K. Zinzindohoue. “A Messy State of the Union: Taming the Composite State Machines of TLS,” Proceedings of the 2015 IEEE Symposium on Security and Privacy pp. 535–552 (May 2015).
    DOI: 10.1109/SP.2015.39
  190. W. R. Bevier and W. D. Young. “A State-Based Approach to Noninterference,” Journal of Computer Security 3(1) pp. 55–70 (1994/1995).
    DOI: 10.3233/JCS-1994/1995-3105
  191. P. V. Bhansali. “Software Dissimilarity Debate Revisited,” ACM SIGSOFT Software Engineering Notes 30(1) pp. 1–3 (Jan. 2005).
    DOI: 10.1145/1039174.1039192
  192. R. Bharadwaj and C. Heitmeyer. “Developing High Assurance Avionics Systems with the SCR Requirements Method,” Proceedings of the 19th Digital Avionics Systems Conference pp. 1.D.1-1–8 (Oct. 2000).
    DOI: 10.1109/DASC.2000.886888
  193. S. Bhatkar, D. C. DuVarney, and R. Sekar. “Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits,” Proceedings of the 12th USENIX Security Symposium pp. 105–120 (Aug. 2003)
    URL: https://www.usenix.org/conference/12th-usenix-security-symposium/address-obfuscation-efficient-approach-combat-broad-range
  194. S. Bhatkar, R. Sekar, and D. C. DuVarney. “Efficient Techniques for Comprehensive Protection from Memory Error Exploits,” Proceedings of the 15th USENIX Security Symposium pp. 255–270 (July 2005)
    URL: https://www.usenix.org/conference/14th-usenix-security-symposium/efficient-techniques-comprehensive-protection-memory-error
  195. R. Bhatti, E. Bertino, A. Ghafoor, and J. B. D. Joshi. “XML-Based Specification for Web Services Document Security,” IEEE Computer 37(4) pp. 41–49 (Apr. 2004).
    DOI: 10.1109/MC.2004.1297300
  196. K. J. Biba. Integrity Considerations for Secure Computer Systems, Technical Report MTR-3153, The MITRE Corporation, Bedford, MA, USA (June 1975)
    URL: http://www.dtic.mil/dtic/tr/fulltext/u2/a039324.pdf
  197. R. Biddle, S. Chiasson, and P. C. van Oorschot. “Graphical Passwords: Learning from the First Twelve Years,” ACM Computing Surveys 44(4) pp. 19:1–19:41 (Aug. 2014).
    DOI: 10.1145/2333112.2333114
  198. N. Bielova, D. Devriese, F. Massacci, and F. Piessens. “Reactive Non-Interference for a Browser Model,” Proceedings of the Fifth International Conference on Network and System Security pp. 97–104 (Sep. 2011).
    DOI: 10.1109/ICNSS.2011.6059965
  199. E. Biham, R. Anderson, and L. Knudsen. “Serpent: A New Block Cipher Proposal,” Proceedings of the Fifth International Workshop on Fast Software Encryption (Lecture Notes in Computer Science 1372) pp. 222–238 (Mar. 1998).
    DOI: 10.1007/3-540-69710-1_15
  200. E. Biham, A. Biryukov, and A. Shamir. “Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials,” Journal of Cryptology 18(4) pp. 291–311 (Autumn 2005).
    DOI: 10.1007/s00145-005-0129-3
  201. E. Biham, O. Dunkelman, and N. Keller. “Differential-Linear Cryptanalysis of Serpent,” Proceedings of the Tenth International Workshop on Fast Software Encryption (Lecture Notes in Computer Science 2887) pp. 9–21 (Feb. 2003).
    DOI: 10.1007/978-3-540-39887-5_2
  202. E. Biham, O. Dunkelman, and N. Keller. “Related-Key Boomerang and Rectangle Attacks,” Advances in Cryptology — EUROCRYPT 2005 (Lecture Notes in Computer Science 3494) pp. 507–525 (May 2005).
    DOI: 10.1007/11426639_30
  203. E. Biham, O. Dunkelman, and N. Keller. “A New Attack on 6-Round IDEA,” Proceedings of the 14th International Workshop on Fast Software Encryption (Lecture Notes in Computer Science 4593) pp. 211–224 (Mar. 2007).
    DOI: 10.1007/978-3-540-74619-5_14
  204. E. Biham and A. Shamir. “Differential Cryptanalysis of DES-like Cryptosystems,” Journal of Cryptology 4(1) pp. 3–72 (1991).
    DOI: 10.1007/BF00630563
  205. E. Biham and A. Shamir. “Differential Cryptanalysis of Snefru, Khafre, Redoc-II, LOKI and Lucifer (Extended Abstract),” Advances in Cryptology — CRYPTO ’91 (Lecture Notes in Computer Science 576) pp. 156–171 (Aug. 1991).
    DOI: 10.1007/3-540-46766-1_11
  206. E. Biham and A. Shamir. “Differential Cryptanalysis of the Full 16-Round DES,” Advances in Cryptology — CRYPTO ’92 (Lecture Notes in Computer Science 740) pp. 487–496 (Aug. 1992).
    DOI: 10.1007/3-540-48071-4_34
  207. E. Biham and A. Shamir. Differential Cryptanalysis of the Data Encryption Standard, Springer-Verlag, New York, NY, USA (1993).
    ISBN: 978-1-4613-9314-6
  208. L. Bilge, T. Strufe, D. Balzarotti, and E. Kirda. “All Your Contacts Are Belong to Us: Automated Identity Theft Attacks on Social Networks,” Proceedings of the 18th International World Wide Web Conference pp. 551–560 (2009).
    DOI: 10.1145/1526709.1526784
  209. E. Bina, R. McCool, V. Jones, and M. Winslett. “Secure Access to Data Over the Internet,” Proceedings of the Third International Conference on Parallel and Distributed Information Systems pp. 99–102 (Sep. 1994).
    DOI: 10.1109/PDIS.1994.331727
  210. R. Bisbey II and D. Hollingsworth. Protection Analysis: Final Report, Technical Report ISI/SR-78-13, University of Southern California Information Sciences Institute, Marina Del Rey, CA (May 1978)
    URL: https://www.hsdl.org/?view&did=440787
  211. R. Bisbey II, G. Popek, and J. Carlstedt. Protection Errors in Operating Systems: Inconsistency of a Single Value over Time, Technical Report ISI/SR-75-4, University of Southern California Information Sciences Institute, Marina Del Rey, CA (Dec. 1975).
  212. M. Bishop. “Reflections on UNIX Vulnerabilities,” Proceedings of the 25th Annual Computer Security Applications Conference pp. 161–184 (Dec. 2009).
    DOI: 10.1109/ACSAC.2009.25
  213. M. Bishop. “Hierarchical Take-Grant Protection Systems,” Proceedings of the Eighth ACM Symposium on Operating Systems Principles pp. 109–122 (Dec. 1981).
    DOI: 10.1145/800216.806598
  214. M. Bishop. “Analyzing the Security of an Existing Computer System,” Proceedings of the 1986 ACM Fall Joint Computer Conference pp. 1115–1119 (Nov. 1986)
    URL: https://dl.acm.org/citation.cfm?id=324493.325066
  215. M. Bishop. The RIACS Intelligent Auditing and Checking System, Technical Report 86.3, Research Institute for Advanced Computer Science, NASA Ames Research Center, Moffett Field, CA, USA (June 1986).
  216. M. Bishop. Sendmail Wizardry, Research Memo 86.3, Research Institute for Advanced Computer Science, NASA Ames Research Center, Moffett Field, CA, USA (Jan. 1986).
  217. M. Bishop. “Profiling Under UNIX by Patching,” Software: Practice and Experience 17(10) pp. 729–739 (Oct. 1987).
    DOI: 10.1002/spe.4380171006
  218. M. Bishop. “An Application of a Fast Data Encryption Standard Implementation,” Computing Systems 1(3) pp. 221–254 (Summer 1988)
    URL: http://static.usenix.org/legacy/publications/compsystems/1988/sum_bishop.pdf
  219. M. Bishop. “Collaboration Using Roles,” Software: Practice and Experience 20(5) pp. 485–497 (May 1990).
    DOI: 10.1002/spe.4380200504
  220. M. Bishop. “A Security Analysis of the NTP Protocol Version 2,” Proceedings of the Sixth Annual Computer Security Applications Conference pp. 20–29 (Dec. 1990).
    DOI: 10.1109/CSAC.1990.143746
  221. M. Bishop. “Password Management,” Proceedings of Compcon Spring ’91 pp. 167–169 (Feb. 1991).
    DOI: 10.1109/CMPCON.1991.128801
  222. M. Bishop. “A Proactive Password Checker,” Proceedings of the IFIP TC11 Seventh International Conference on Information Security: Creating Confidence in Information Processing pp. 169–180 (May 1991).
  223. M. Bishop. “Anatomy of a Proactive Password Changer,” Proceedings of the Third USENIX Security Symposium pp. 171–184 (Sep. 1992).
  224. M. Bishop and D. Bailey. A Critical Analysis of Vulnerability Taxonomies, Technical Report CSE-96-11, Dept. of Computer Science, University of California at Davis, Davis, CA, USA (Sep. 1996)
    URL: http://seclab.cs.ucdavis.edu/projects/vulnerabilities/scriv/ucd-ecs-96-11.ps
  225. M. Bishop, J. Cummins, S. Peisert, A. Singh, B. Bhumiratana, D. Agarwal, D. Frincke, and M. Hogarth. “Relationships and Data Sanitization: A Study in Scarlet,” Proceedings of the 2010 Workshop on New Security Paradigms pp. 151–164 (Sep. 2010).
    DOI: 10.1145/1900546.1900567
  226. M. Bishop and M. Dilger. “Checking for Race Conditions in File Accesses,” Computing Systems 9(2) pp. 131–152 (Mar. 1996)
    URL: https://www.usenix.org/legacy/publications/compsystems/1996/spr_bishop.pdf
  227. M. Bishop, M. Doroud, C. Gates, and J. Hunker. “Effects of Attribution Policies: The Second Summer of the Sisterhood,” Proceedings of the 11th European Conference on Information Warfare and Security pp. 63–69 (July 2012).
  228. M. Bishop, S. Engle, D. Howard, and S. Whalen. “A Taxonomy of Buffer Overflow Characteristics,” IEEE Transactions on Dependable and Secure Computing 9(3) pp. 305–317 (May 2012).
    DOI: 10.1109/TDSC.2012.10
  229. M. Bishop, C. Gates, and J. Hunker. “The Sisterhood of the Traveling Packets,” Proceedings of the 2009 Workshop on New Security Paradigms pp. 1–12 (Sep. 2009).
    DOI: 10.1145/1719030.1719039
  230. M. Bishop and E. Goldman. “The Strategy and Tactics of Information Warfare,” Contemporary Security Policy 24(1) pp. 113–139 (2003).
    DOI: 10.1080/13523260312331271839
  231. M. Bishop and D. V. Klein. “Improving System Security via Proactive Password Checking,” Computers & Security 14(3) pp. 233–249 (Apr. 1995).
    DOI: 10.1016/0167-4048(95)00003-Q
  232. M. Bishop, S. Peisert, C. Hoke, M. Graff, and D. Jefferson. “E-Voting and Forensics: Prying Open the Black Box,” Proceedings of the 2009 Electronic Voting Technology Workshop/Workshop on Trustworthy Elections pp. 3:1–3:20 (Aug. 2009)
    URL: https://www.usenix.org/legacy/events/evtwote09/tech/full_papers/bishop.pdf
  233. M. Bishop and L. Snyder. “The Transfer of Information and Authority in a Protection System,” Proceedings of the Seventh ACM Symposium on Operating Systems Principles pp. 45–54 (Dec. 1979).
    DOI: 10.1145/800215.806569
  234. J. Biskup. “Some Variants of the Take-Grant Protection Model,” Information Processing Letters 19(3) pp. 151–156 (Oct. 1984).
    DOI: 10.1016/0020-0190(84)90095-4
  235. J. Biskup and U. Flegel. “Transaction-Based Pseudonyms in Audit Data for Privacy Respecting Intrusion Detection,” Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection ( Lecture Notes in Computer Science 1907) pp. 28–48 (Oct. 2000).
    DOI: 10.1007/3-540-39945-3_3
  236. A. K. Biswas, D. Ghosal, and S. Nagaraja. “A Survey of Timing Channels and Countermeasures,” ACM Computing Surveys 50(1) pp. 6:1–6:39 (Apr. 2017).
    DOI: 10.1145/3023872
  237. A. Bittau, A. Belay, A. Mashtizdeh, D. Mazières, and D. Boneh. “Hacking Blind,” Proceedings of the 2014 IEEE Symposium on Security and Privacy pp. 227–242 (May 2014).
    DOI: 10.1109/SP.2014.22
  238. M. W. Blake, J. J. Lofe, and S. N. J.. “Using Fault Tree Methodologies in Availability Improvement Studies at Southern Company Services,” IEEE Transactions on Power Apparatus and Systems PAS-103(3) pp. 656–661 (Mar. 1984).
    DOI: 10.1109/TPAS.1984.318753
  239. G. R. Blakley. “Safeguarding Cryptographic Keys,” Proceedings of the AFIPS ’79 International Workshop on Managing Requirements Knowledge pp. 313–317 (June 1979).
    DOI: 10.1109/AFIPS.1979.98
  240. G. R. Blakley. “One-Time Pads are Key Safeguarding Schemes, Not Cryptosystems: Fast Key Safeguarding Schemes (Threshold Schemes) Exist,” Proceedings of the 1980 IEEE Symposium on Security and Privacy pp. 108–113 (Apr. 1980).
    DOI: 10.1109/SP.1980.10016
  241. J. Blasco, T. M. Chen, J. Tapiador, and P. Peris-Lopez. “A Survey of Wearable Biometric Recognition Systems,” ACM Computing Surveys 49(3) pp. 43:1–43:35 (Dec. 2016).
    DOI: 10.1145/2968215
  242. M. Blaze. “Protocol Failure in the Escrowed Encryption Standard,” Proceedings of the Second ACM Conference on Computer and Communications Security pp. 59–67 (Nov. 1994).
    DOI: 10.1145/191177.191193
  243. M. Blaze. “Taking Surveillance Out of the Shadows,” IEEE Security & Privacy 7(5) pp. 75–77 (Sep. 2009).
    DOI: 10.1109/MSP.2009.138
  244. M. Blaze, J. Feigenbaum, J. Ioannidis, and A. D. Keromytis. The KeyNote Trust-Management System Version 2, RFC 2704 (Sep. 1999).
    DOI: 10.17487/RFC2704
  245. M. Blaze, J. Feigenbaum, and A. D. Keromytis. “KeyNote: Trust Management for Public-Key Infrastructures,” Proceedings of the Ninth International Workshop on Services Computing (Lecture Notes in Computer Science 1550) pp. 59–63 (Apr. 1998).
    DOI: 10.1007/3-540-49135-X_9
  246. M. Blaze, J. Feigenbaum, and J. Lacy. “Decentralized Trust Management,” Proceedings of the 1996 IEEE Symposium on Security and Privacy pp. 164–173 (May 1996).
    DOI: 10.1109/SECPRI.1996.502679
  247. M. Blaze, J. Ioannidis, and A. D. Keromytis. “Trust Management for IPsec,” ACM Transactions on Information and System Security 5(2) pp. 95–118 (May 2002).
    DOI: 10.1145/505586.505587
  248. J. Blocki, N. Christin, A. Datta, and A. Sinha. “Audit Mechanisms for Privacy Protection in Healthcare Environments,” Proceedings of the Second USENIX Workshop on Health Security and Privacy (Aug. 2011)
    URL: http://www.andrew.cmu.edu/user/danupam/bcds-healthsec2011.pdf
  249. P. Bocij. The Dark Side of the Internet: Protecting Yourself and Your Family from Online Criminals, Praeger Publishers, Santa Barbara, CA, USA (2006)
    ISBN: 978-0-275-98575-2
  250. W. E. Boebert. “On the Inability of an Unmodified Capability Machine to Enforce the *-Property,” Proceedings of the Seventh National Computer Security Conference pp. 291–293 (Sep. 1984).
  251. W. E. Boebert and C. Ferguson. “A Partial Solution to the Discretionary Trojan Horse Problem,” Proceedings of the Eighth National Computer Security Conference pp. 245–253 (Sep. 1985).
  252. W. E. Boebert and R. Y. Kain. “A Practical Alternative to Hierarchical Integrity Policies,” Proceedings of the Eighth National Computer Security Conference pp. 18–27 (Sep. 1985).
  253. W. E. Boebert, R. Y. Kain, W. D. Young, and S. A. Hansohn. “Secure Ada Target: Issues, System Design, and Verification,” Proceedings of the 1985 IEEE Symposium on Security and Privacy pp. 176–183 (Apr. 1985).
    DOI: 10.1109/SP.1985.10022
  254. C. Boettiger. “An Introduction to Docker for Reproducible Research,” ACM SIGOPS Operating Systems Review 49(1) pp. 71–79 (Jan. 2015).
    DOI: 10.1145/2723872.2723882
  255. R. Böhme and M. Kirchner. “Counter-Forensics: Attacking Image Forensics,” in Digital Image Forensics: There Is More to a Picture Than Meets the Eye, edited by H. T. Sencar and N. Memon, Springer Science+Business Media, New York, NY, USA pp. 327–366 (2013).
    DOI: 10.1007/978-1-4614-0757-7_12
  256. D. Bolignano, D. Le Métayer, and C. Loiseaux. “Formal Methods in Context: Security and Java Card,” Proceedings of the First International Workshop on Java on Smart Cards: Programming and Security (Lecture Notes in Computer Science 2041) pp. 1–5 (Sep. 2000).
    DOI: 10.1007/3-540-45165-X_1
  257. T. Bolognesi and E. Brinksma. “Introduction to the ISO Specification Language LOTOS,” Computer Networks and ISDN Systems 14(1) pp. 25–59 (1987).
    DOI: 10.1016/0169-7552(87)90085-7
  258. J.-P. Boly, A. Bosselaers, R. Cramer, R. Michelsen, S. Mjølsnes, F. Muller, T. Pedersen, B. Pfitzmann, P. de Rooij, B. Schoenmakers, M. Schunter, L. Vallée, and M. Waidner. “The ESPRIT Project CAFE—High Security Digital Payment Systems,” Proceedings of the Third European Symposium on Research in Computer Security (Lecture Notes in Computer Science 875) pp. 217–230 (1994).
    DOI: 10.1007/3-540-58618-0_66
  259. A. C. Bomberger, W. S. Frantz, A. C. Hardy, N. Hardy, C. R. Landau, and J. S. Shapiro. “The KeyKOS Nanokernel Architecture,” Proceedings of the USENIX Workshop on Micro-Kernels and Other Kernel Architectures pp. 95–112 (Apr. 1992).
  260. D. Boneh and M. Franklin. “Identity-Based Encryption from the Weil Pairing,” Advances in Cryptology — CRYPTO 2001 (Lecture Notes in Computer Science 2139) pp. 213–229 (Aug. 2001).
    DOI: 10.1007/3-540-44647-8_13
  261. D. Boneh and M. Franklin. “Identity-Based Encryption from the Weil Pairing,” SIAM Journal on Computing 32(3) pp. 586–615 (2003).
    DOI: 10.1137/S0097539701398521
  262. D. Boneh, C. Gentry, S. Halevi, and D. J. Wang, Frankand Wu. “Private Database Queries Using Somewhat Homomorphic Encryption,” Proceedings of the 11th International Conference on Applied Cryptography and Network Security (Lecture Notes in Computer Science 7954) pp. 102–118 (2013).
    DOI: 10.1007/978-3-642-38980-1_7
  263. G. Bonfante, M. Kaczmarek, and J.-Y. Marion. “On Abstract Computer Virology from a Recursion Theoretic Perspective,” Journal of Computer Virology 1(3) pp. 45–54 (Mar. 2006).
    DOI: 10.1007/s11416-005-0007-4
  264. J. Bonneau. “The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords,” Proceedings of the 2012 IEEE Symposium on Security and Privacy pp. 538–552 (May 2012).
    DOI: 10.1109/SP.2012.49
  265. J. Bonneau, C. Herley, P. C. van Oorschot, and F. Stajano. “The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes,” Proceedings of the 2012 IEEE Symposium on Security and Privacy pp. 553–567 (May 2012).
    DOI: 10.1109/SP.2012.44
  266. J. Bonneau, C. Herley, P. C. van Oorschot, and F. Stajano. “Passwords and the Evolution of Imperfect Authentication,” Communications of the ACM 58(7) pp. 78–87 (June 2015).
    DOI: 10.1145/2699390
  267. D. Bonyun. “The Role of a Well Defined Auditing Process in the Enforcement of Privacy Policy and Data Security,” Proceedings of the 1981 IEEE Symposium on Security and Privacy pp. 19–25 (Apr. 1981).
    DOI: 10.1109/SP.1981.10002
  268. D. A. Bonyun. “The Use of Architectural Principles in the Design of Certifiably Secure Systems,” Computers & Security 2(2) pp. 153–162 (June 1983).
    DOI: 10.1016/0167-4048(83)90053-6
  269. N. Borisov, R. Johnson, N. Sastry, and D. Wagner. “Fixing Races for Fun and Profit: How to Abuse atime,” Proceedings of the 15th USENIX Security Symposium pp. 303–314 (July 2005).
  270. A. Borrett. “A Perspective of Evaluation in the UK Versus the US,” Proceedings of the 18th National Computer Security Conference pp. 322–334 (Oct. 1995).
  271. J. W. Bos, C. Costello, P. Longa, and M. Naehrig. “Selecting Elliptic Curves for Cryptography: An Efficiency and Security Analysis,” Journal of Cryptographic Engineering 6(4) pp. 259–286 (May 2016).
    DOI: 10.1007/s13389-015-0097-y
  272. C. Bösch, P. Hartel, W. Jonker, and A. Peter. “A Survey of Provably Secure Searchable Encryption,” ACM Computing Surveys 47(2) pp. 18:1–18:51 (Aug. 2015).
    DOI: 10.1145/2636328
  273. E. Bott, C. Siechert, and C. StinsonWindows 10 Inside Out, Microsoft Press, Redmond, WA, USA (Oct. 2016)
    ISBN: 978-1-5093-0485-1
  274. M. W. Bovee, D. L. Paul, and K. M. Nelson. “A Framework for Assessing the Use of Third-Party Software Quality Assurance Standards to Meet FDA Medical Device Software Process Control Guidelines,” IEEE Transactions on Engineering Management 48(4) pp. 465–478 (Nov. 2001).
    DOI: 10.1109/17.969424
  275. B. M. Bowen, M. Ben Salem, A. D. Keromytis, and S. J. Stolfo. “Monitoring Technologies for Mitigating Insider Threats,” in Insider Threats in Cyber Security, edited by C. W. Probst, J. Hunker, D. Gollmann, and M. Bishop (Advances in Information Security 49), Springer Science+Business Media, LLC, New York, NY, USA pp. 197–217 (Jan. 2010).
    DOI: 10.1007/978-1-4419-7133-3_9
  276. B. M. Bowen, S. Hershkop, A. D. Keromytis, and S. J. Stolfo. “Baiting Inside Attackers Using Decoy Documents,” Proceedings of the Fifth International Conference on Security and Privacy in Communication Networks (Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 19) pp. 51–70 (Sep. 2009).
    DOI: 10.1007/978-3-642-05284-2_4
  277. J. P. Bowen and M. G. Hinchey. “Seven More Myths of Formal Methods,” IEEE Software 12(4) pp. 34–41 (July 1995).
    DOI: 10.1109/52.391826
  278. J. P. Bowen and M. G. Hinchey. “Ten Commandments of Formal Methods,” IEEE Computer 28(4) pp. 56–63 (Apr. 1995).
    DOI: 10.1109/2.375178
  279. J. P. Bowen and M. G. Hinchey. “Ten Commandments of Formal Methods ... Ten Years Leter,” IEEE Computer 39(1) pp. 40–48 (Jan. 2006).
    DOI: 10.1109/MC.2006.35
  280. J. Boyar. “Inferring Sequences Produced by a Linear Congruential Generator Mission Low Order Bits,” Journal of Cryptology 1(3) pp. 177–184 (Oct. 1989).
    DOI: 10.1007/BF02252875
  281. J. Boyar. “Inferring Sequences Produced by Pseudo-Random Number Generators,” Journal of the ACM 36(1) pp. 129–141 (Jan. 1989).
    DOI: 10.1145/58562.59305
  282. C. Boyd. “Hidden Assumptions in Cryptographic Protocols,” IEE Proceedings E - Computers and Digital Techniques 137(6) pp. 433–436 (Nov. 1990)
    URL: https://ieeexplore.ieee.org/document/60351/
  283. R. S. Boyer and J. S. Moore. “Proving Theorems About LISP Functions,” Journal of the ACM 22(1) pp. 129–144 (Jan. 1975).
    DOI: 10.1145/321864.321875
  284. J. L. Boyles, A. Smith, and M. Madden. Privacy and Data Management on Mobile Devices, Technical Report, The Pew Research Center’s Internet & American Life Project, Washington, DC, USA (Sep. 2012)
    URL: http://pewinternet.org/Reports/2012/Mobile-Privacy.aspx
  285. S. Brackin, C. Meadows, and J. Millen. “CAPSL Interface for the NRL Protocol Analyzer,” Proceedings of the 1999 IEEE Symposium on Application-Specific Systems and Software Engineering and Technology pp. 64–73 (Mar. 1999).
    DOI: 10.1109/ASSET.1999.756753
  286. K. Brady. “Integrating B2 Security into a UNIX System,” Proceedings of the 14th National Computer Security Conference pp. 338–346 (Oct. 1991).
  287. J. Brainard, A. Juels, R. L. Rivest, M. Szydlo, and M. Yung. “Fourth-Factor Authentication: Somebody You Know,” Proceedings of the 13th ACM Conference on Computer and Communications Security pp. 168–178 (Oct. 2006).
    DOI: 10.1145/1180405.1180427
  288. L. J. Brandeis. Olmstead et al. v. United States, 277 US 438 (June 1927).
  289. S. Brands. “Electronic Cash on the Internet,” Proceedings of the 1995 Symposium on Network and Distributed System Security pp. 84–84 (Feb. 1995).
    DOI: 10.1109/NDSS.1995.390644
  290. G. Brassard, N. Lütkenhaus, T. Mor, and B. C. Sanders. “Security Aspects of Practical Quantum Cryptography,” Advances in Cryptology — EUROCRYPT 2000 (Lecture Notes in Computer Science 1807) pp. 289–299 (May 2000).
    DOI: 10.1007/3-540-45539-6_20
  291. D. M. Bressoud. Factorization and Primality Testing, Springer, New York, NY, USA (1989)
    ISBN: 978-1-4612-8871-8
  292. D. F. C. Brewer and M. J. Nash. “The Chinese Wall Security Policy,” Proceedings of the 1989 IEEE Symposium on Security and Privacy pp. 206–214 (May 1989).
    DOI: 10.1109/SECPRI.1989.36295
  293. E. F. Brickell. “Breaking Iterated Knapsacks,” Advances in Cryptology — CRYPTO ’84 (Lecture Notes in Computer Science 196) pp. 342–358 (Aug. 1984).
    DOI: 10.1007/3-540-39568-7_27
  294. E. F. Brickell and D. R. Stinson. “The Detection of Cheaters in Threshold Schemes,” Advances in Cryptology — CRYPTO ’88 (Lecture Notes in Computer Science 403) pp. 564–577 (Aug. 1988).
    DOI: 10.1007/0-387-34799-2_40
  295. L. Bridges. “The Changing Face of Malware,” Network Security 2008(1) pp. 17–20 (Jan. 2008).
    DOI: 10.1016/S1353-4858(08)70010-2
  296. S. S. Brilliant, J. C. Knight, and N. G. Leveson. “The Consistent Comparison Problem in -Version Software,” ACM SIGSOFT Software Engineering Notes 12(1) pp. 29–34 (Jan. 1987).
    DOI: 10.1145/24574.24575
  297. P. Brinch Hansen. Operating System Principles, Prentice-Hall, Inc., Englewood Cliffs, NJ, USA (1973)
    ISBN: 0-13-637843-9
  298. S. Brlek, S. Hamadou, and J. Mullins. “A Flaw in the Electronic Commerce Protocol SET,” Information Processing Letters 97(3) pp. 104–108 (Feb. 2006).
    DOI: 10.1016/j.ipl.2005.10.002
  299. W. J. Broad, J. Markoff, and D. E. Sanger. “Israeli Test on Worm Called Crucial in Iran Nuclear Delay,” The New York Times p. A1 (Jan. 16, 2011)
    URL: http://www.nytimes.com/2011/01/16/world/middleeast/16stuxnet.html
  300. F. P. Brooks. The Mythical Man-Month: Essays on Software Engineering, Addison-Wesley Publishing Company, Reading, MA, USA (1975).
    ISBN: 978-0-201-00650-6
  301. A. S. Brown, E. Bracken, S. Zoccoli, and K. Douglas. “Generating and Remembering Passwords,” Applied Cognitive Psychology 18(6) pp. 641–651 (June 2004).
    DOI: 10.1002/acp.1014
  302. L. Brown, M. Kwan, J. Pieprzyk, and J. Seberry. “Improving Resistance to Differential Cryptanalysis and the Redesign of LOKI,” Advances in Cryptology — ASIACRYPT ’91 (Lecture Notes in Computer Science 739) pp. 36–50 (Nov. 1991).
    DOI: 10.1007/3-540-57332-1_3
  303. L. Brown and J. Pieprzyk. “Introducing the New LOKI97 Block Cipher,” unpublished (NIST AES proposal) (1998).
    URL: http://lpb.canb.auug.org.au/adfa/research/loki97/
  304. L. Brown, J. Pieprzyk, and J. Seberry. “LOKI—A Cryptographic Primitive for Authentication and Secrecy Applications,” Advances in Cryptology—AUSCRYPT ’90 (Lecture Notes in Computer Science 453) (Jan. 1990).
    DOI: 10.1007/BFb0030364
  305. R. Browne. “Mode Security: An Infrastructure for Covert Channel Suppression,” Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy pp. 39–55 (May 1994).
    DOI: 10.1109/RISP.1994.296593
  306. N. Brownlee and E. Guttman. Expectations for Computer Security Inciudent Response, RFC 2350 (June 1998).
    DOI: 10.17487/RFC2350
  307. D. Brumley. “Invisible Intruders: Rootkits in Practice,” ;login: 24(9) pp. 69–71 (Sep. 1999)
    URL: https://www.usenix.org/system/files/login/articles/login_apr15_18_brumley.pdf
  308. K. Bryant and J. Campbell. “User Behaviours Associated with Password Security and Management,” Australasian Journal of Information Systems 14(1) (Nov. 2006).
    DOI: 10.3127/ajis.v14i1.9
  309. T. A. Budd. “Safety in Grammatical Protection Systems,” International Journal of Computer and Information Sciences 12(6) pp. 413–431 (Dec. 1983).
    DOI: 10.1007/BF00977968
  310. S. Budiansky. Battle of Wits: The Complete Story of Codebreaking in World War II, Free Press, New York, NY, USA (2002)
    ISBN: 978-0-7432-1734-7
  311. J. A. Bull, L. Gong, and K. R. Sollins. “Towards Security in an Open Systems Federation,” Proceedings of the Second European Symposium on Research in Computer Security (Lecture Notes in Computer Science 648) pp. 3–20 (Nov. 1992).
    DOI: 10.1007/BFb0013889
  312. G. Bullough, J. Loomis, and P. Weiss. “An Assertion Mapping Approach to Software Test Design,” Proceedings of the 13th National Computer Security Conference pp. 266–276 (Oct. 1990).
  313. J. Bunnell, J. Podd, R. Henderson, R. Napier, and J. Kennedy-Moffat. “Cognitive, Associative and Conventional Passwords: Recall and Guessing Rates,” Computers & Security 16(7) pp. 629–641 (1997).
    DOI: 10.1016/S0167-4048(97)00008-4
  314. A. Bunten. “UNIX and Linux Based Rootkits Techniques and Countermeasures,” Proceedings of the 16th Annual FIRST Conference on Computer Security Incident Handling (June 2004)
    URL: http://www.first.org/conference/2004/papers/c17.pdf
  315. J. Buolamwini and T. Gebru. “Gender Shades: Intersectional Accuracy Disparities in Commercial Gender Classification,” Proceedings of Machine Learning Research pp. 77–91 (Feb. 2018)
    URL: http://proceedings.mlr.press/v81/buolamwini18a/buolamwini18a.pdf
  316. J. R. Burch, E. M. Clarke, D. E. Long, K. L. McMillan, and D. L. Dill. “Symbolic Model Checking for Sequential Circuit Verification,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 13(4) pp. 401–424 (Apr. 1994).
    DOI: 10.1109/43.275352
  317. J. R. Burch, E. M. Clarke, and K. L. McMillan. “Symbolic Model Checking: 1020 States and Beyond,” Information and Computation 98(2) pp. 142–170 (June 1992).
    DOI: 10.1016/0890-5401(92)90017-A
  318. M. Burgess. “Cfengine: A Site Configuration Engine,” Computing Systems 8(3) pp. 309–337 (Summer 1995)
    URL: https://www.usenix.org/legacy/publications/compsystems/1995/sum_burgess.pdf
  319. M. Burgess. “On the Theory of System Administration,” Science of Computer Programming 49(1-3) pp. 1–46 (Dec. 2003).
    DOI: 10.1016/j.scico.2003.08.001
  320. M. Burkhart, D. Brauckhoff, and M. May. “On the Utility of Anonymized Flow Traces for Anomaly Detection,” Computing Research Repository (Oct. 2008).
    URL: http://arxiv.org/abs/0810.1655
  321. W. Burleson, S. S. Clark, B. Ransford, and K. Fu. “Design Challenges for Secure Implantable Medical Devices,” Proceedings of the 49th Annual Design Automation Conference pp. 12–17 (June 2012).
    DOI: 10.1145/2228360.2228364
  322. M. Burmester, Y. Desmedt, and J. Seberry. “Equitable Key Escrow with Limited Time Span (Or, How to Enforce Time Expiration Cryptographically),” Advances in Cryptology — ASIACRYPT ’98 (Lecture Notes in Computer Science 1514) pp. 380–391 (Oct. 1998).
    DOI: 10.1007/3-540-49649-1_30
  323. W. E. Burr. “Selecting the Advanced Encryption Standard,” IEEE Security & Privacy 1(2) pp. 43–52 (Mar. 2003).
    DOI: 10.1109/MSECP.2003.1193210
  324. W. E. Burr, D. F. Dodson, E. M. Newton, R. A. Perlner, W. T. Polk, S. Gupta, and E. A. Nabbus. Electronic Authentication Guideline, NIST Special Publication 800-63-2, National Institute of Standards and Technology, Gaithersburg, MD, USA (Aug. 2013).
    DOI: 10.6028/NIST.SP.800-63-2
  325. M. Burrows, M. Abadi, and R. Needham. “A Logic of Authentication,” ACM Transactions on Computer Systems pp. 18–36 (Feb. 1990).
    DOI: 10.1145/77648.77649
  326. E. Bursztein, S. Bethard, C. Fabry, J. C. Mitchell, and D. Jurafsky. “How Good Are Humans at Solving CAPTCHAs? A Large Scale Evaluation,” Proceedings of the 2010 IEEE Symposium on Security and Privacy pp. 399–413 (May 2010).
    DOI: 10.1109/SP.2010.31
  327. J. Burton. The Pentagon Wars: Reformers Challenge the Old Guard, Naval Institute Press, Annapolis, MD, USA (Sep. 1993).
    ISBN: 978-1-55750-081-6
  328. C. Burwick, D. Coppersmith, E. D’Avignon, R. Gennaro, S. Halevi, C. Jutla, S. M. Matyas Jr., L. O’Connor, M. Peyravian, D. Safford, and N. Zunic. “MARS—A Candidate Cipher for AES,” unpublished (NIST AES proposal) (June 1998).
    URL: http://cryptosoft.de/docs/Mars.pdf
  329. I. Butan, S. D. Morgera, and R. Sankar. “A Survey of Intrusion Detection Systems in Wireless Sensor Networks,” IEEE Communications Surveys & Tutorials 16(1) pp. 266–282 (First Quarter 2014).
    DOI: 10.1109/SURV.2013.050113.00191
  330. F. Butler, I. Cervesato, A. D. Jaggard, A. Scedrov, and C. Walstad. “Formal Analysis of Kerberos 5,” Theoretical Computer Science 367(1-2) pp. 57–87 (Nov. 2006).
    DOI: 10.1016/j.tcs.2006.08.040
  331. J.-W. Byun, E. Bertino, and N. Li. “Purpose Based Access Control of Complex Data for Privacy Protection,” Proceedings of the 10th ACM Symposium on Access Control Models and Technologies pp. 102–110 (2005).
    DOI: 10.1145/1063979.1063998
  332. J.-W. Byun and N. Li. “Purpose Based Access Control for Privacy Protection in Relational Database Systems,” The VLDB Journal 17(4) pp. 603–619 (July 2008).
    DOI: 10.1007/s00778-006-0023-0
  333. S. Cabuk, C. E. Brodley, and C. Shields. “IP Covert Channel Detection,” ACM Transactions on Information and System Security 12(4) pp. 22:1–22:29 (Apr. 2009).
    DOI: 10.1145/1513601.1513604
  334. W. J. Caelli, A. W. Rhodes, and N. C. Russell. “An Evaluation of HP-UX (UNIX) for Database Protection Using the European ITSEC,” Computers & Security 11(5) pp. 463–479 (Sep. 1992).
    DOI: 10.1016/0167-4048(92)90012-G
  335. N. Cai, J. Wang, and X. Yu. “SCADA System Security: Complexity, History, and New Developments,” Proceedings of the Sixth International Conference on Industrial Informatics pp. 569–574 (July 2008).
    DOI: 10.1109/INDIN.2008.4618165
  336. X. Cai, Y. Gui, and R. Johnson. “Exploiting Unix File-System Races via Algorithmic Complexity Attacks,” Proceedings of the 2009 IEEE Symposium on Security and Privacy pp. 27–41 (May 2009).
    DOI: 10.1109/SP.2009.10
  337. X. Cai, R. Lale, X. Zhang, and R. Johnson. “Fixing Races For Good: Portable and Reliable UNIX File-System Race Detection,” Proceedings of the Tenth ACM Symposium on Information, Computer and Communications Security pp. 357–368 (2015).
    DOI: 10.1145/2714576.2714581
  338. A. Caliskan-Islam, R. Harang, A. Liu, A. Narayanan, C. Voss, F. Yamaguchi, and R. Greenstadt. “De-Anonymizing Programmers via Code Stylometry,” Proceedings of the 24th USENIX Security Symposium pp. 255–270 (Aug. 2015)
    URL: https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/caliskan-islam
  339. J. Callas, Y. Desmedt, D. Nagy, A. Otsuka, J.-J. Quisquater, and M. Yung. “Real Electronic Cash Versus Academic Electronic Cash Versus Paper Cash (Panel Report),” Proceedings of the 2008 International Conference on Financial Cryptography and Data Security pp. 307–313 (Jan. 2008).
    DOI: 10.1007/978-3-540-85230-8_28
  340. J. Callas, L. Donnerhacke, H. Finney, D. Shaw, and R. Thayer. OpenPGP Message Format, RFC 4880 (Nov. 2007).
    DOI: 10.17487/RFC4880
  341. B. A. Calloni, M. V. DelPrincipe, T. F. Marz, and K. Littlejohn. “INSERT: A COTS-Based Solution for Building High-Assurance Applications,” Proceedings of the 18th Digital Avionics Systems Conference pp. 2.D.6–1-8 (Oct. 1999).
    DOI: 10.1109/DASC.1999.813691
  342. J. Camenisch, A. Lysyanskaya, and M. Meyervich. “Endorsed E-Cash,” Proceedings of the 2007 IEEE Symposium on Security and Privacy pp. 107–121 (May 2007).
    DOI: 10.1109/SP.2007.15
  343. J. P. Campbell Jr.. “Speaker Recognition: A Tutorial,” Proceedings of the IEEE 85(9) pp. 1437–1462 (Sep. 1997).
    DOI: 10.1109/5.628714
  344. S. Campos, E. M. Clarke, and M. Minea. “Symbolic Techniques for Formally Verifying Industrial Systems,” Science of Computer Programming 29(1-2) pp. 79–98 (July 1997).
    DOI: 10.1016/S0167-6423(96)00030-5
  345. S. Campos, E. Clarke, W. Marrero, and M. Minea. “Verus: A Tool for Quantitative Analysis of Finite-State Real-Time Systems,” Proceedings of the ACM SIGPLAN 1995 Workshop on Languages, Compilers, & Tools for Real-Time Systems pp. 70–78 (1995).
    DOI: 10.1145/216636.216661
  346. J. Canavan. The Evolution of Malicious IRC Bots, White paper, Symantec, Inc., Cupertino, CA, USA (2005)
    URL: http://www.symantec.com/avcenter/reference/the.evolution.of.malicious.irc.bots.pdf
  347. A. A. Cárdenas, J. S. Baras, and K. Seamon. “A Framework for the Evaluation of Intrusion Detection Systems,” Proceedings of the 2006 IEEE Symposium on Security and Privacy pp. 63–77 (May 2006).
    DOI: 10.1109/SP.2006.2
  348. X. D. C. D. Carnavalet and M. Mannan. “A Large-Scale Evaluation of High-Impact Password Strength Meters,” ACM Transactions on Information and System Security 18(1) pp. 1:1–1:32 (June 2015).
    DOI: 10.1145/2739044
  349. G. Caronni, S. Kumar, C. Schuba, and G. Scott. “Virtual Enterprise Networks: The Next Generation of Secure Enterprise Networking,” Proceedings of the 16th Annual Computer Security Applications Conference pp. 42–51 (Dec. 2000).
    DOI: 10.1109/ACSAC.2000.898856
  350. M. Carpenter, T. Liston, and E. Skoudis. “Hiding Virtualization from Attackers and Malware,” IEEE Security & Privacy 5(3) pp. 62–65 (May 2007).
    DOI: 10.1109/MSP.2007.63
  351. B. Carrara and C. Adams. “You Are the Key: Generating Cryptographic Keys from Voice Biometrics,” Proceedings of the Eighth Annual International Conference on Privacy, Security, and Trust pp. 213–222 (Aug. 2010).
    DOI: 10.1109/PST.2010.5593251
  352. B. Carrara and C. Adams. “Out-of-Band Covert Channels—A Survey,” ACM Computing Surveys 49(2) pp. 23:1–23:36 (Nov. 2016).
    DOI: 10.1145/2938370
  353. B. D. Carrier. “Risks of Live Digital Forensic Analysis,” Communications of the ACM 49(2) pp. 56–61 (Feb. 2006).
    DOI: 10.1145/1113034.1113069
  354. B. D. Carrier and J. Grand. “A Hardware-Based Memory Acquisition Procedure for Digital Investigations,” Digital Investigation 1(1) pp. 50–60 (Feb. 2004).
    DOI: 10.1016/j.diin.2003.12.001
  355. L. Carroll. Through the Looking-Glass, and What Alice Found There, Macmillan and Co., London, UK (1882)
  356. T. E. Carroll, M. Crouse, E. W. Fulp, and K. S. Berenhaut. “Analysis of Network Address Shuffling as a Moving Target Defense,” Proceedings of the 2014 IEEE International Conference on Communications pp. 701–706 (June 2014).
    DOI: 10.1109/ICC.2014.6883401
  357. T. E. Carroll and D. Grosu. “A Game Theoretic Investigation of Deception in Network Security,” Security and Communication Networks 4(10) pp. 1162–1172 (Oct. 2011).
    DOI: 10.1002/sec.242
  358. M. Carvalho and R. Ford. “Moving-Target Defenses for Computer Networks,” IEEE Security & Privacy 12(2) pp. 73–76 (Mar. 2014).
    DOI: 10.1109/MSP.2014.30
  359. J. Case and S. E. Moelius III. “Cautious Virus Detection in the Extreme,” Proceedings of the 2007 Workshop on Programming Languages and Analysis for Security pp. 47–52 (June 2007).
    DOI: 10.1145/1255329.1255338
  360. S. Cass. “Antipiracy Software Opens Door to Electronic Intruders,” IEEE Spectrum 43(1) pp. 12–13 (Jan. 2006).
    DOI: 10.1109/MSPEC.2006.1572337
  361. F. Castaneda, E. C. Sezer, and J. Xu. “WORM vs. WORM: Preliminary Study of an Active Counter-attack Mechanism,” Proceedings of the 2004 ACM Workshop on Rapid Malcode pp. 83–93 (Oct. 2004).
    DOI: 10.1145/1029618.1029631
  362. C. Castelfranchi and R. Falcone. “Trust Is Much More than Subjective Probability: Mental Components and Sources of Trust,” Proceedings of the 33rd Annual Hawaii International Conference on System Sciences (Jan. 2000).
    DOI: 10.1109/HICSS.2000.926815
  363. C. Castelluccia, M. Dürmuth, and D. Perito. “Adaptive Password-Strength Meters from Markov Models,” Proceedings of the 2012 Symposium on Network and Distributed System Security (Feb. 2012)
    URL: https://www.ndss-symposium.org/ndss2012/ndss-2012-programme/adaptive-password-strength-meters-markov-models/
  364. A. Castiglione, R. De Prisco, A. De Santis, U. Fiore, and F. Palmieri. “A Botnet-Based Command and Control Approach Relying on Swarm Intelligence,” Journal of Network and Computer Applications 38 pp. 22–33 (Feb. 2014).
    DOI: 10.1016/j.jnca.2013.05.002
  365. C. J. H. Castro, L. J. G. Villalba, J. C. H. Castro, and J. M. S. Cámara. “On MARS’s S-Boxes Strength Against Linear Cryptanalysis,” Proceedngs of the International Conference on Computational Science and Its Applications, Part III (Lecture Notes in Computer Science 2669) pp. 79–83 (May 2003).
    DOI: 10.1007/3-540-44842-X_9
  366. B. Caswell, J. Beale, and A. Baker. Snort IDS and IPS Toolkit, Syngress Press, Burlington, MA, USA (2007)
    ISBN: 978-1-59749-099-3
  367. A. Cavoukian. “Privacy by Design: The Definitive Workshop,” Identity in the Information Society 3(2) pp. 247–251 (May 2010).
    DOI: 10.1007/s12394-010-0062-y
  368. I. Cervesato, A. D. Jaggard, A. Scedrov, J.-K. Tsay, and C. Walstad. “Breaking and Fixing Public-Key Kerberos,” Revised Selected Papers from the 11th Asian Computing Science Conference on Secure Software and Related Issues (Lecture Notes in Computer Science 4435) pp. 167–181 (Dec. 2006).
    DOI: 10.1007/978-3-540-77505-8_13
  369. I. Cervesato, A. D. Jaggard, A. Scedrov, and C. Walstad. “Specifying Kerberos 5 Cross-Realm Authentication,” Proceedings of the 2005 Workshop on Issues in the Theory of Security pp. 12–26 (Jan. 2005).
    DOI: 10.1145/1045405.1045408
  370. D. W. Chadwick and G. Inman. “Attribute Aggregation in Federated Identity Management,” IEEE Computer 42(5) pp. 33–40 (May 2009).
    DOI: 10.1109/MC.2009.143
  371. A. Chakrabarti, A. Damodaran, and S. Sengupta. “Grid Computing Security: A Taxonomy,” IEEE Security & Privacy 6(1) pp. 44–51 (Jan. 2008).
    DOI: 10.1109/MSP.2008.12
  372. L. S. Chalmers. “An Analysis Of The Differences Between The Computer Security Practices In The Military And Private Sectors,” Proceedings of the 1984 IEEE Symposium on Security and Privacy pp. 71–74 (Apr. 1984).
    DOI: 10.1109/SP.1986.10006
  373. J. T. Chambers and J. W. Thompson. Vulnerability Disclosure Framework, Final Report and Recommendations by the Council, National Infrastructure Advisory Council (Jan. 2004)
    URL: https://www.dhs.gov/sites/default/files/publications/niac-vulnerability-framework-final-report-01-13-04-508.pdf
  374. E. Chan, S. Venkataraman, F. David, A. Chaugule, and R. Campbell. “Forenscope: A Framework for Live Forensics,” Proceedings of the 26th Annual Computer Security Applications Conference pp. 307–316 (Dec. 2010).
    DOI: 10.1145/1920261.1920307
  375. H. C. Chan, C. Ying, and C. B. Peh. “Strategies and Visualization Tools for Enhancing User Auditing of Spreadsheet Models,” Information and Software Technology 42(15) pp. 1037–1043 (Dec. 2000).
    DOI: 10.1016/S0950-5849(00)00130-0
  376. R. Chandia, J. Gonzalez, T. Kilpatrick, M. Papa, and S. Shenoi. “Security Strategies for SCADA Networks,” Chapter 9, in Critical Infrastructure Protection, edited by E. Goetz and S. Shenoi (IFIP Advances in Information and Communication Technology >253), Springer, Boston, MA, USA pp. 117–131 (2008).
  377. V. Chandola, A. Banerjee, and V. Kumar. “Anomaly Detection: A Survey,” ACM Computing Surveys 41(3) pp. 15:1–15:58 (July 2009).
    DOI: 10.1145/1541880.1541882
  378. D. Chandra and M. Franz. “Fine-Grained Information Flow Analysis and Enforcement in a Java Virtual Machine,” Proceedings of the 23rd Annual Computer Security Applications Conference pp. 463–474 (Dec. 2007).
    DOI: 10.1109/ACSAC.2007.37
  379. R. Chandramouli. “Implementation of Multiple Access Control Policies Within a CORBASEC Framework,” Proceedings of the 22nd National Information Systems Security Conference pp. 112–130 (Oct. 1999).
  380. K. M. Chandy and L. Lamport. “Distributed Snapshots: Determining Global States of Distributed Systems,” ACM Transactions on Computer Systems 3(1) pp. 63–75 (Feb. 1985).
    DOI: 10.1145/214451.214456
  381. D. Chang, S. Hines, P. West, G. Tyson, and D. Whalley. “Program Differentiation,” Proceedings of the 2010 Workshop on Interaction Between Compilers and Computer Architecture pp. 9:1–9:8 (2010).
    DOI: 10.1145/1739025.1739038
  382. R. K. C. Chang. “Defending Against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial,” IEEE Communications Magazine 40(10) pp. 42–51 (Oct. 2002).
    DOI: 10.1109/MCOM.2002.1039856
  383. K. Channakeshava, D. Chafekar, K. Bisset, V. S. A. Kumar, and M. Marathe. “EpiNet: A Simulation Framework to Study the Spread of Malware in Wireless Networks,” Proceedings of the Second International Conference on Simulation Tools and Techniques pp. 6:1–6:10 (Mar. 2009).
    DOI: 10.4108/ICST.SIMUTOOLS2009.5652
  384. P. C. Chapin, C. Skalka, and X. S. Wang. “Authorization in Trust Management: Features and Foundations,” ACM Computing Surveys 40(3) pp. 9:1–9:48 (Aug. 2008).
    DOI: 10.1145/1380584.1380587
  385. E. C. Charles, D. A. Diodati, and W. J. Mozdzierz. “Trusted Systems: Applying the Theory in a Commercial Firm,” Proceedings of the 16th National Computer Security Conference pp. 283–291 (Sep. 1993).
  386. D. Chaum. “Security Without Identification: Transaction Systems to Make Big Brother Obsolete,” Communications of the ACM 28(10) pp. 1030–1044 (Oct. 1985).
    DOI: 10.1145/4372.4373
  387. D. Chaum. “The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability,” Journal of Cryptology 1(1) pp. 65–75 (1988).
    DOI: 10.1007/BF00206326
  388. D. Chaum. “Online Cash Checks,” Advances in Cryptology — EUROCRYPT ’89 (Lecture Notes in Computer Science 434) pp. 288–293 (Apr. 1990).
    DOI: 10.1007/3-540-46885-4_30
  389. D. Chaum. “Secret-Ballot Receipts: True Voter-Verifiable Elections,” IEEE Security & Privacy 2(1) pp. 38–47 (Jan. 2004).
    DOI: 10.1109/MSECP.2004.1264852
  390. D. Chaum, R. T. Carback, J. Clark, A. Essex, S. Popoveniuc, R. L. Rivest, P. Y. Ryan, E. Shen, A. T. Sherman, and P. L. Vora. “Scantegrity II: End-to-End Verifiability by Voters of Optical Scan Elections Through Confirmation Codes,” IEEE Transactions on Information Forensics and Security 4(4) pp. 611–627 (Dec. 2009).
    DOI: 10.1109/TIFS.2009.2034919
  391. D. Chaum, R. T. Carback, J. Clark, A. Essex, S. Popoveniuc, R. L. Rivest, P. Y. Ryan, E. Shen, A. T. Sherman, and P. L. Vora. “Corrections to `Scantegrity II: End-to-End Verifiability by Voters of Optical Scan Elections Through Confirmation Codes’,” IEEE Transactions on Information Forensics and Security 5(1) p. 194 (Mar. 2010).
    DOI: 10.1109/TIFS.2010.2040672
  392. D. Chaum, B. den Boer, E. van Heyst, S. Mjølsnes, and A. Steenbeek. “Efficient Offline Electronic Checks (Extended Astract),” Advances in Cryptology — EUROCRYPT ’89 (Lecture Notes in Computer Science 434) pp. 294–301 (Apr. 1990).
    DOI: 10.1007/3-540-46885-4_31
  393. D. L. Chaum. “Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms,” Communications of the ACM 24(2) pp. 84–90 (Feb. 1981).
    DOI: 10.1145/358549.358563
  394. S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, S. Savage, K. Koscher, A. Czeskis, F. Roesner, and T. Kohno. “Comprehensive Experimental Analyses of Automotive Attack Surfaces,” Proceedings of the 20th USENIX Security Symposium (Aug. 2011)
    URL: https://www.usenix.org/conference/usenix-security-11/comprehensive-experimental-analyses-automotive-attack-surfaces
  395. M. H. Cheheyl, M. Gasser, G. A. Huff, and J. K. Millen. “Verifying Security,” ACM Computing Surveys 13(3) pp. 279–339 (Sep. 1981).
    DOI: 10.1145/356850.356853
  396. B. Chen and V. Chandran. “Biometric Based Cryptographic Key Generation from Faces,” Proceedings of the Ninth Biennial Conference of the Australian Pattern Recognition Society on Digital Image Computing Techniques and Applications pp. 394–401 (Dec. 2007).
    DOI: 10.1109/DICTA.2007.4426824
  397. F. Chen, A. X. Liu, J. Hwang, and T. Xie. “First Step Towards Automatic Correction of Firewall Policy Faults,” ACM Transactions on Autonomous and Adaptive Systems 7(2) pp. 27:1–27:24 (July 2012).
    DOI: 10.1145/2240166.2240177
  398. H. Chen, T. Kim, X. Wang, N. Zeldovich, and M. F. Kaashoek. “Identifying Information Disclosure in Web Applications with Retroactive Auditing,” Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (Oct. 2014)
    URL: https://www.usenix.org/conference/osdi14/technical-sessions/presentation/chen_haogang
  399. L.-C. Chen, T. A. Longstaff, and K. M. Carley. “Characterization of Defense Mechanisms Against Distributed Denial of Service Attacks,” Computers & Security 23(8) pp. 665–678 (Dec. 2004).
    DOI: 10.1016/j.cose.2004.06.008
  400. X. Chen, J. Andersen, Z. M. Mao, M. Bailey, and J. Nazario. “Towards an Understanding of Anti-Virtualization and Anti-debugging Behavior in Modern Malware,” Proceedings of the 2008 IEEE International Conference on Dependable Systems and Networks pp. 177–186 (June 2008).
    DOI: 10.1109/DSN.2008.4630086
  401. D. R. Cheriton and K. J. Duda. “A Caching Model of Operating System Kernel Functionality,” Proceedings of the First USENIX Symposium on Operating Systems Design and Implementation pp. 14:1–14:15 (Nov. 1994)
    URL: https://www.usenix.org/legacy/publications/library/proceedings/osdi/cheriton.html
  402. B. Cheswick. “An Evening with Berferd, in Which a Cracker Is Lured, Endured, and Studied,” Proceedings of the 1992 Winter USENIX Conference pp. 163–174 (Jan. 1992).
  403. W. R. Cheswick, S. M. Bellovin, and A. D. RubinFirewalls and Internet Security: Repelling the Wily Hacker, Addison-Wesley Professional, Boston, MA, USA (Mar. 2003)
    ISBN: 978-0-201-63466-2
  404. S. Chiasson and P. C. van Oorschot. “Quantifying the Security Advantage of Password Expiration Policies,” Designs, Codes and Cryptography 77(2) pp. 401–408 (Dec. 2015).
    DOI: 10.1007/s10623-015-0071-9
  405. E. Chien. Techniques of Adware and Spyware, White Paper, Symantec, Inc., Cupertino, CA, USA (2005)
    URL: http://www.symantec.com/avcenter/reference/techniques.of.adware.and.spyware.pdf
  406. T.-C. Chiueh and F.-H. Hsu. “RAD: A Compile-Time Solution to Buffer Overflow Attacks,” Proceedings of the 21st International Conference on Distributed Computing Systems (ICDCS ’01) pp. 409–417 (Apr. 2001).
    DOI: 10.1109/ICDSC.2001.918971
  407. T.-c. Chiueh, H. Sankaran, and A. Neogi. “Spout: A Transparent Proxy for Safe Execution of Java Applets,” IEEE Journal on Selected Areas in Communication 20(7) pp. 1426–1433 (Sep. 2002).
    DOI: 10.1109/JSAC.2002.802074
  408. S. Chokhani. “Trusted Products Evaluation,” Communications of the ACM 35(7) pp. 64–76 (July 1992).
    DOI: 10.1145/129902.129907
  409. L. Cholvy and F. Cuppens. “Analyzing Consistency of Security Policies,” Proceedings of the 1997 IEEE Symposium on Security and Privacy pp. 103–112 (May 1997).
    DOI: 10.1109/SECPRI.1997.601324
  410. S. Chong and A. C. Myers. “End-to-End Enforcement of Erasure and Declassification,” Proceedings of the 21st Computer Security Foundations Workshop pp. 98–111 (June 2008).
    DOI: 10.1109/CSF.2008.12
  411. N. Choucri. Cyberpolitics in International Relations, MIT Press, Cambridge, MA, USA (2012)
    ISBN: 987-0-262-01763-3
  412. N. Choucri and D. D. Clark. Integrating Cyberspace and International Relations: The Co-Evolution Dilemma, Research Paper 2012-29, Political Science Department, Massachusetts Institute of Technology, Cambridge, MA, USA (Nov. 2012).
    DOI: 10.2139/ssrn.2178586
  413. S. Choudhury. Public Key Infrastructure Implementation and Design, John Wiley & Sons, Inc., New York, NY, USA (2002).
    ISBN: 978-0-7645-4879-6
  414. S. Christey. 2011 CWE/SANS Top 25 Most Dangerous Software Errors (Sep. 13, 2011).
    URL: http://cwe.mitre.org/top25/
  415. T. Christiansen, B. D. Foy, L. Wall, and J. Orwant. Programming Perl, O’Reilly Media (Feb. 2012)
    ISBN: 978-0-596-00492-7
  416. Y.-H. Chu, J. Feigenbaum, B. LaMacchia, P. Resnick, and M. Strauss. “REFEREE: Trust Management for Web Applications,” Computer Networks and ISDN Systems 29(8-13) pp. 953–964 (Sep. 1997).
    DOI: 10.1016/S0169-7552(97)00009-3
  417. R. Chugh, J. A. Meister, R. Jhala, and S. Lerner. “Staged Information Flow for Javascript,” Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation pp. 50–62 (June 2009).
    DOI: 10.1145/1542476.1542483
  418. A. Chuvakin. An Overview of Unix Rootkits, iAlert White Paper, iDefense Labs, Chantilly, VA, USA (Feb. 2003)
    URL: http://www.megasecurity.org/papers/Rootkits.pdf
  419. P. Cichonski, T. Millar, T. Grance, and K. Scarfone. Computer Security Incident Handling Guide, Special Publication 800-61 Revision 2, National Institute of Standards and Technology, Gaithersburg, MD, USA (Aug. 2012).
    DOI: 10.6028/NIST.SP.800-61r2
  420. Cisco. Sendmail Nested MIME Message Denial of Service Vulnerability (June 2006)
    URL: https://tools.cisco.com/security/center/viewAlert.x?alertId=11128
  421. A. J. Clark. “Key Recovery—Why, How, Who?,” Computers & Security 16(8) pp. 669–674 (1997).
    DOI: 10.1016/S0167-4048(97)87581-5
  422. D. D. Clark and S. Landau. “Untangling Attribution,” Harvard National Security Journal 2(2) pp. 323–352 (2011)
    URL: http://harvardnsj.org/wp-content/uploads/2011/02/Vol-2-Clark-Landau.pdf
  423. D. D. Clark and D. R. Wilson. “A Comparison of Commercial and Military Computer Security Policies,” Proceedings of the 1987 IEEE Symposium on Security and Privacy pp. 184–194 (Apr. 1987).
    DOI: 10.1109/SP.1987.10001
  424. D. Clarke, J.-E. Elien, C. Ellison, M. Fredette, A. Morcos, and R. L. Rivest. “Certificate Chain Discovery in SPKI/SDSI,” Journal of Computer Security 9(4) pp. 285–322 (2001).
    DOI: 10.3233/JCS-2001-9402
  425. E. M. Clarke, E. A. Emerson, and A. P. Sistla. “Automatic Verification of Finite-State Concurrent Systems Using Temporal Logic Specifications,” ACM Transactions on Programming Languages and Systems 8(2) pp. 244–263 (Apr. 1986).
    DOI: 10.1145/5397.5399
  426. E. M. Clarke, S. Jha, and W. Marrero. “Using State Space Exploration and a Natural Deduction Style Message Derivation Engine to Verify Security Protocols,” Proceedings of the IFIP TC2 / WG2.2, 2.3 International Conference on Programming Concepts and Methods pp. 87–106 (June 1998).
    DOI: 10.1007/978-0-387-35358-6_10
  427. R. Clarke and T. Youngstein. “Cyberattack on Britain’s National Health Service — A Wake-up Call for Modern Medicine,” The New England Journal of Medicine 377 pp. 409–411 (June 2017).
    DOI: 10.1056/NEJMp1706754
  428. M. R. Clarkson and F. B. Schneider. “Hyperproperties,” Journal of Computer Security 18(6) pp. 1157–1210 (2010).
    DOI: 10.3233/JCS-2009-0393
  429. W. F. Clocksin and C. S. Mellish. Programming in Prolog, Springer-Verlag, Berlin, Germany (2003).
    ISBN: 978-3-540-00678-7
  430. C. Cocks. “An Identity Based Encryption Scheme Based on Quadratic Residues,” Proceedings of the Eighth IMA International Conference on Cryptography and Coding (Lecture Notes in Computer Science 2260) pp. 360–363 (Dec. 2001).
    DOI: 10.1007/3-540-45325-3_32
  431. T. Coe and P. T. P. Tang. “It Takes Six Ones to Reach a Flaw,” Proceedings of the 12th Symposium on Computer Arithmetic pp. 140–146 (July 1995).
    DOI: 10.1109/ARITH.1995.465365
  432. D. Cofer and S. P. Miller. Formal Methods Case Studies for DO-333, Technical Report NASA/CR-2014-218244, National Aeronautics and Space Administration Langley Research Center, Hampton, VA, USA (Apr. 2014)
    URL: https://shemesh.larc.nasa.gov/people/bld/ftp/NASA-CR-2014-218244.pdf
  433. E. Cohen and D. Jefferson. “Protection in the Hydra Operating System,” Proceedings of the Fifth ACM Symposium on Operating Systems Principles pp. 141–160 (Nov. 1975).
    DOI: 10.1145/800213.806532
  434. E. Cohen, R. K. Thomas, W. Winsborough, and D. Shands. “Models for Coalition-Based Access Control (CBAC),” Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies pp. 97–106 (June 2002).
    DOI: 10.1145/507711.507727
  435. F. Cohen. “Computer Viruses: Theory and Experiments,” Proceedings of the Seventh National Computer Security Conference pp. 240–255 (Sep. 1984).
  436. F. Cohen. “Computer Viruses: Theory and Experiments,” Computers & Security 6(1) pp. 22–35 (Feb. 1987).
    DOI: 10.1016/0167-4048(87)90122-2
  437. F. Cohen. “Computational Aspects of Computer Viruses,” Computers & Security 8(4) pp. 325–344 (June 1989).
    DOI: 10.1016/0167-4048(89)90089-8
  438. F. Cohen. “Models of Practical Defenses Against Computer Viruses,” Computers & Security 8(2) pp. 149–160 (Apr. 1989).
    DOI: 10.1016/0167-4048(89)90070-9
  439. F. Cohen. “A Note on the Role of Deception in Information Protection,” Computers & Security 17(6) pp. 483–506 (Nov. 1998).
    DOI: 10.1016/S0167-4048(98)80071-0
  440. H. Cohen, G. Frey, R. Avanzi, C. Doche, T. Lange, K. Nguyen, and F. Vercauteren. Handbook of Elliptic and Hyperelliptic Curve Cryptography, Chapman and Hall/CRC, Boca Raton, FL, USA (2005)
    ISBN: 978-1-58488-518-4
  441. K. Cohn-Gordon, C. Cremers, B. Dowling, L. Garratt, and D. Stebila. “A Formal Security Analysis of the Signal Messaging Protocol,” Proceedings of the 2017 IEEE European Symposium on Security and Privacy pp. 451–466 (Apr. 2017).
    DOI: 10.1109/EuroSP.2017.27
  442. E. Cole. Online Danger: How to Protect Yourself and Your Loved Ones From the Evil Side of the Internet, Morgan James Publishing, New York, NY, USA (2018)
    ISBN: 978-1-68350-533-4
  443. M. S. Collins. Network Security through Data Analysis: Building Situational Awareness, O’Reilly Media, Inc., Sebastopol, CA, USA (2014)
    ISBN: 978-1-4493-5790-0
  444. S. Collins and S. McCombie. “Stuxnet: The Emergence of a New Cyber Weapon and Its Implications,” Journal of Policing, Intelligence and Counter Terrorism 7(1) pp. 80–91 (Apr. 2012).
    DOI: 10.1145/501317.501328
  445. T. Combe, A. Martin, and R. Di Pietro. “To Docker or Not to Docker: A Security Perspective,” IEEE Cloud Computing 3(5) pp. 54–62 (Sep. 2016).
    DOI: 10.1109/MCC.2016.100
  446. Comodo Group, Inc.. Comodo Fraud Incident March 23, 2011 (Mar. 2011)
    URL: https://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
  447. K. Conlan, I. Baggili, and F. Breitinger. “Anti-Forensics: Furthering Digital Forensic Science Through a New Extended, Granular Taxonomy,” Digital Investigation 18S pp. S66–S75 (Aug. 2016).
    DOI: 10.1016/j.diin.2016.04.006
  448. J. R. Conrad, J. Alves-Foss, and S. S. Lee. “Analyzing Uncertainty in TG Protection Graphs with TG/MC,” Journal of Computer Security 18(5) pp. 667–699 (2010).
    DOI: 10.3233/JCS-2009-0378
  449. L. Constantin. “Attackers Hijack CCTV Cameras to Launch DDoS Attacks,” Computerworld (Oct. 22, 2015)
    URL: http://www.computerworld.com/article/2996079/internet-of-things/attackers-hijack-cctv-cameras-to-launch-ddos-attacks.html
  450. G. Conti, K. Abdullah, J. Grizzard, J. Stasko, J. A. Copeland, M. Ahamad, H. L. Owen, and C. Lee. “Countering Security Information Overload through Alert and Packet Visualization,” IEEE Computer Graphics and Applications 26(2) pp. 60–70 (Mar. 2006).
    DOI: 10.1109/MCG.2006.30
  451. S. Contini and Y. L. Yin. “Forgery and Partial Key-Recovery Attacks on HMAC and NMAC Using Hash Collisions,” Advances in Cryptology — ASIACRYPT 2006 (Lecture Notes in Computer Science 4284) pp. 37–53 (Dec. 2006).
    DOI: 10.1007/11935230_3
  452. S. Convery. Network Security Architectures, Cisco Press, Indianapolis, IN, USA (2004)
    ISBN: 978-1-58714-297-0
  453. R. W. Conway, W. L. Maxwell, and H. L. Morgan. “On the Implementation of Security Measures in Information Systems,” Communications of the ACM 15(4) pp. 211–220 (Apr. 1972).
    DOI: 10.1145/361284.361287
  454. E. Cooke, F. Jahanian, and D. McPherson. “The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets,” Proceedings of the Workshop on Steps to Reducing Unwanted Traffic on the Internet pp. 39–44 (July 2005)
    URL: https://www.usenix.org/legacy/publications/library/proceedings/sruti05/tech/full_papers/cooke/cooke.pdf
  455. C. H. Coombs, R. M. Dawes, and A. Tversky. rMathematical Psychology: An Elementary Introduction, Prentice Hall, Inc, Englewood Cliffs, NJ, USA (1970)
    ISBN: 978-0-13-562157-8
  456. D. A. Cooper. “A Model of Certificate Revocation,” Proceedings of the 15th Annual Computer Security Applications Conference pp. 256–264 (Dec. 1999).
    DOI: 10.1109/CSAC.1999.816035
  457. D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and T. Polk. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, RFC 5280 (May 2008).
    DOI: 10.17487/RFC5280
  458. B. Copos. “Modeling Systems Using Side Channel Information,” Ph.D. Dissertation, Department of Computer Science, University of California at Davis, Davis, CA, USA (2017)
    URL: https://escholarship.org/uc/item/1xb249zt
  459. D. Coppersmith. “The Data Encryption Standard (DES) And Its Strength Against Attacks,” IBM Journal of Research and Development 38(3) pp. 243–250 (May 1994).
    DOI: 10.1147/rd.383.0243
  460. D. Coppersmith, S. Halevi, and C. Jutla. “Cryptanalysis of Stream Ciphers with Linear Masking,” Advances in Cryptology — CRYPTO 2002 ( Lecture Notes in Computer Science 2442) pp. 117–128 (Aug. 2002).
    DOI: 10.1007/3-540-45708-9_33
  461. F. J. Corbató and V. A. Vyssotsky. “Introduction and Overview of the Multics System,” Proceedings of the AFIPS ’65 Fall Joint Computer Conference pp. 185–196 (Nov. 1965).
    DOI: 10.1145/1463891.1463912
  462. O. L. Costich and I. S. Moskowita. “Analysis of a Storage Channel in the Two Phase Commit Protocol,” Proceedings of the Fourth Computer Security Foundations Workshop pp. 201–208 (June 1991).
    DOI: 10.1109/CSFW.1991.151587
  463. D. Cotroneo, A. Lanzaro, R. Natella, and R. Barbosa. “Experimental Analysis of Binary-Level Software Fault Injection in Complex Software,” Proceedings of the Ninth European Dependable Computing Conference pp. 162–172 (May 2012).
    DOI: 10.1109/EDCC.2012.12
  464. D. Cotroneo and R. Natella. “Fault Injection for Software Certification,” IEEE Security & Privacy 11(4) pp. 38–45 (July 2013).
    DOI: 10.1109/MSP.2013.54
  465. S. E. Coull, C. V. Wright, A. D. Keromytis, F. Monrose, and M. K. Reiter. “Taming the Devil: Techniques for Evaluating Anonymized Network Data,” Proceedings of the 2008 Symposium on Network and Distributed System Security (Feb. 2008)
    URL: http://www.isoc.org/isoc/conferences/ndss/08/papers/08_taming_the_devil.pdf
  466. S. E. Coull, C. V. Wright, F. Monrose, M. P. Collins, and M. K. Reiter. “Playing Devil’s Advocate: Inferring Sensitive Information from Anonymized Network Traces,” Proceedings of the 2007 Symposium on Network and Distributed System Security (Feb. 2007)
    URL: http://www.isoc.org/isoc/conferences/ndss/07/papers/playing_devils_advocate.pdf
  467. C. Cowan, S. Beattie, J. Johansen, and P. Wagle. “PointGuardTM: Protecting Pointers from Buffer Overflow Vulnerabilities,” Proceedings of the 12th USENIX Security Symposium pp. 91–104 (Aug. 2003)
    URL: https://www.usenix.org/conference/12th-usenix-security-symposium/pointguard-protecting-pointers-buffer-overflow
  468. C. Cowan, S. Beattie, G. Kroah-Hartman, C. Pu, P. Wagle, and V. Gligor. “SubDomain: Parsimonious Server Security,” Proceedings of the 14th USENIX Systems Administration Conference pp. 341–354 (Dec. 2000)
    URL: https://www.usenix.org/legacy/publications/library/proceedings/lisa2000/cowan.html
  469. C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton. “StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks,” Proceedings of the Seventh USENIX UNIX Security Symposium pp. 63–77 (Jan. 1998)
    URL: https://www.usenix.org/conference/7th-usenix-security-symposium/stackguard-automatic-adaptive-detection-and-prevention
  470. C. Cowan, P. Wagle, C. Pu, S. Beattie, and J. Walpole. “Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade,” Proceedings of the Foundations of Intrusion Tolerant Systems (OASIS ’03) pp. 227–237 (Dec. 2003).
    DOI: 10.1109/FITS.2003.1264935
  471. K. J. Cox and C. Gerg. Managing Security with Snort and IDS Tools, O’Reilly Media, Inc., Sebastopol, CA, USA (2004)
    ISBN: 978-0-596-00661-7
  472. E. J. Coyne. “Role Engineering,” Proceedings of the First ACM Workshop on Role-Based Access Control pp. I:15–I:16 (Dec. 1996).
    DOI: 10.1145/270152.270159
  473. M. Crabb. “Password Security in a Large Distributed Environment,” Proceedings of the Second UNIX Security Workshop pp. 17–30 (Aug. 1990).
  474. J. Crampton. “Specifying and Enforcing Constraints in Role-based Access Control,” Proceedings of the Eighth ACM Symposium on Access Control Models and Technologies pp. 43–50 (2003).
    DOI: 10.1145/775412.775419
  475. R. Crawford, M. Bishop, B. Bhumiratana, L. Clark, and K. Levitt. “Sanitization Models and Their Limitations,” Proceedings of the 2006 Workshop on New Security Paradigms pp. 41–56 (Sep. 2006).
    DOI: 10.1145/1278940.1278948
  476. C. Cremers, M. Horvat, S. Scott, and T. van der Merwe. “Automated Analysis and Verification of TLS 1.3: 0-RTT, Resumption and Delayed Authentication,” Proceedings of the 2016 IEEE Symposium on Security and Privacy pp. 470–485 (May 2016).
    DOI: 10.1109/SP.2016.35
  477. D. H. Crocker. Standard for the Format of ARPA Internet Text Messages, RFC 822 (Aug. 1982).
    DOI: 10.17487/RFC0822
  478. S. Crocker and M. Pozzo. “A Proposal for a Verification-Based Virus Filter,” Proceedings of the 1989 IEEE Symposium on Security and Privacy pp. 319–324 (May 1989).
    DOI: 10.1109/SECPRI.1989.36306
  479. M. Crosbie and E. H. Spafford. “Defending a Computer System using Autonomous Agents,” Proceedings of the 18th National Computer Security Conference pp. 549–558 (Oct. 1995).
  480. S. A. Crosby and D. S. Wallach. “Efficient Data Structures for Tamper-Evident Logging,” Proceedings of the 18th USENIX Security Symposium (Aug. 2009)
    URL: https://www.usenix.org/legacy/events/sec09/tech/full_papers/crosby.pdf
  481. J. Crow, S. Owre, J. Rushby, N. Shankar, and M. Srivas. A Tutorial Introduction to PVS, Technical Report, SRI International, Menlo Park, CA, USA (June 1995)
    URL: http://csl.sri.com/papers/wift-tutorial/
  482. J. A. Cugini, R. W. Dobry, V. D. Gligor, and T. Mayfield. “Functional Security Criteria for Distributed Systems,” Proceedings of the 18th National Computer Security Conference pp. 310–321 (Oct. 1995).
  483. P. T. Cummings, D. A. Fullam, M. J. Goldstein, M. J. Gosselin, J. Picciotto, J. P. L. Woodward, and J. Wynn. “Compartmented Mode Workstation: Results through Prototyping,” Proceedings of the 1987 IEEE Symposium on Security and Privacy pp. 2–12 (Apr. 1987).
    DOI: 10.1109/SP.1987.10010
  484. C. Curtsinger, B. Livshits, B. Zorn, and C. Seifert. “ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection,” Proceedings of the 20th USENIX Security Symposium (Aug. 2011)
    URL: https://www.usenix.org/legacy/events/sec11/tech/full_papers/Curtsinger.pdf
  485. T. W. Cusick and M. C. Wood. “The Redoc-II Cryptosystem,” Advances in Cryptology — CRYPTO ’90 (Lecture Notes in Computer Science 537) pp. 546–563 (Aug. 1991).
    DOI: 10.1007/3-540-38424-3_38
  486. K. Cutler and F. Jones. Commercial International Security Requirements, Final Draft, American Express and Electronic Data Systems (Sep. 1991).
  487. CVE. Linux Kernel Stack Based Buffer Overflow Vulnerability, CVE Entry CVE-2017-17806, The MITRE Corporation, Bedford, MA, USA (Feb. 2017)
    URL: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14460
  488. M. Dacier and Y. Deswarte. “Privilege Graph: An Extension to the Typed Access Matrix Model,” Proceedings of the Third European Symposium on Research in Computer Security pp. 319–334 (Nov. 1994).
    DOI: 10.1007/3-540-58618-0_72
  489. M. Dacier, Y. Deswarte, and M. Kaâniche. Quantitative Assessment of Operational Security: Models and Tools, Research Report 96493, Laboratory for Analysis and Architecture of Systems, Toulouse, France (May 1996)
    URL: https://www.researchgate.net/profile/Yves_Deswarte/publication/2423767_Quantitative_Assessment_of_Operational_Security_Models_and_Tools/links/09e415080612cedbb3000000.pdf
  490. J. Daemen and V. RijmenThe Design of Rijndael: AES — The Advanced Encryption Standard, Springer-Verlag, Berlin, Germany (Mar. 2002)
    ISBN: 978-3-540-42580-9
  491. J. Daemen and G. Van Assche. “Differential Propagation Analysis of Keccak,” Proceedings of the 19th International Workshop on Fast Software Encryption (Lecture Notes in Computer Science 7549) pp. 422–441 (Mar. 2012).
    DOI: 10.1007/978-3-642-34047-5_24
  492. D. Dagon, G. Gu, C. P. Lee, and W. Lee. “A Taxonomy of Botnet Structures,” Proceedings of the 23rd Annual Computer Security Applications Conference pp. 325–338 (Dec. 2007).
    DOI: 0.1109/ACSAC.2007.44
  493. D. Dagon, N. Provos, C. P. Lee, and W. Lee. “Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority,” Proceedings of the 2008 Symposium on Network and Distributed System Security (Feb. 2008)
    URL: http://www.internetsociety.org/doc/corrupted-dns-resolution-paths-rise-malicious-resolution-authority-paper
  494. T. Dalenius. “Finding a Needle In a Haystack or Identifying Anonymous Census Records,” Journal of Official Statistics 2(3) pp. 329–336 (Sep. 1986)
    URL: http://www.jos.nu/Articles/abstract.asp?article=23329
  495. M. Dalton, H. Kannan, and C. Kozyrakis. “Raksha: A Flexible Information Flow Architecture for Software Security,” Proceedings of the 34th Annual International Symposium on Computer Architecture pp. 482–493 (June 2007).
    DOI: 10.1145/1250662.1250722
  496. N. Damianou, N. Dulay, E. Lupu, and M. Sloman. “The Ponder Policy Specification Language,” Proceedings of the 2001 International Workshop on Policies for Distributed Systems and Networks (Lecture Notes in Computer Science 1995) pp. 18–38 (Jan. 2001).
    DOI: 10.1007/3-540-44569-2_2
  497. G. Danezis, R. Dingledine, and N. Mathewson. “Mixminion: Design of a Type III Anonymous Remailer Protocol,” Proceedings of the 2003 IEEE Symposium on Security and Privacy pp. 2–15 (May 2003).
    DOI: 10.1109/SECPRI.2003.1199323
  498. T. E. Daniels and E. H. Spafford. “Identification of Host Audit Data to Detect Attacks on Low-Level IP Vulnerabilities,” Journal of Computer Security 7(1) pp. 3–35 (1999).
    DOI: 10.3233/JCS-1999-7102
  499. E. Dart, L. Rotman, B. Tierney, M. Hester, and J. Zurawski. “The Science DMZ: A Network Design Pattern for Data-intensive Science,” Proceedings of the 2013 International Conference on High Performance Computing, Networking, Storage and Analysis pp. 85:1–85:10 (Nov. 2013).
    DOI: 10.1145/2503210.2503245
  500. E. Dart, L. Rotman, B. Tierney, M. Hester, and J. Zurawski. “The Science DMZ: A Network Design Pattern for Data-Intensive Science,” Scientific Programming 22(2) pp. 173–185 (2014).
    DOI: 10.3233/SPR-140382
  501. S. Das, T. H.-J. Kim, L. A. Dabbish, and J. I. Hong. “The Effect of Social Influence on Security Sensitivity,” Proceedings of the Tenth Symposium on Usable Privacy and Security pp. 143–157 (July 2014)
    URL: https://www.usenix.org/conference/soups2014/proceedings/presentation/das
  502. S. Das, A. D. Kramer, L. A. Dabbish, and J. I. Hong. “Increasing Security Sensitivity With Social Proof: A Large-Scale Experimental Confirmation,” Proceedings of the 21st ACM SIGSAC Conference on Computer and Communications Security pp. 739–749 (Nov. 2014).
    DOI: 10.1145/2660267.2660271
  503. J. G. Daughman. “High Confidence Visual Recognition of Persons by a Test of Statistical Independence,” IEEE Transactions on Pattern Analysis and Machine Intelligence 15(11) pp. 1148–1161 (Nov. 1993).
    DOI: 10.1109/34.244676
  504. J. G. Daughman. “How Iris Recognition Works,” IEEE Transactions on Circuits and Systems for Video Technology 14(1) pp. 21–30 (Jan. 2004).
    DOI: 10.1109/TCSVT.2003.818350
  505. J. David. “Progress and Problems in Declassifying U. S. Government Records,” Journal of Government Information 30(4) pp. 443–450 (2004).
    DOI: 10.1016/j.jgi.2004.09.002
  506. J. David. “What Should Nations Reveal About Their Spying From Space? An Examination of the US Experience,” Space Policy 25(2) pp. 117–127 (May 2009).
    DOI: 10.1016/j.spacepol.2009.02.009
  507. G. I. Davida, Y. Frankel, and B. J. Matt. “On Enabling Secure Applications Through Off-line Biometric Identification,” Proceedings of the 1998 IEEE Symposium on Security and Privacy pp. 148–157 (May 1998).
    DOI: 10.1109/SECPRI.1998.674831
  508. G. Davida and B. J. Matt. “UNIX Guardians: Delegating Security to the User,” Proceedings of the UNIX Security Workshop pp. 14–23 (Aug. 1988).
  509. Y. G. Davida, George I. amd Desmedt and B. J. Matt. “Defending Systems Against Viruses Through Cryptographic Authentication,” Proceedings of the 1989 IEEE Symposium on Security and Privacy pp. 312–318 (May 1989).
    DOI: 10.1109/SECPRI.1989.36305
  510. D. Davies. “Defective Sign & Encrypt in S/MIME, PKCS#7, MOSS, PEM, PGP, and XML,” Proceedings of the 2001 USENIX Annual Technical Conference (June 2001)
    URL: https://www.usenix.org/legacy/event/usenix01/davis.html
  511. D. Davis, R. Ihaka, and P. Fenstermacher. “Cryptographic Randomness from Air Turbulence in Disk Drives,” Advances in Cryptology — CRYPTO ’94 (Lecture Notes in Computer Science 839) pp. 114–120 (Aug. 1994).
    DOI: 10.1007/3-540-48658-5_13
  512. J. Davis, J. MacLean, and D. Dampier. “Methods of Information Hiding and Detection in File Systems,” Proceedings of the Fifth International Workshop on Systematic Approaches to Digital Forensic Engineering pp. 66–69 (May 2010).
    DOI: 10.1109/SADFE.2010.17
  513. M. Davis and M. Suignard. Unicode Security Considerations, Technical Report 36, Unicode Consortium (Sep. 2014)
    URL: http://www.unicode.org/reports/tr36/
  514. A. M. de Alvaré and E. E. Schultz. “A Framework for Password Selection,” Proceedings of the UNIX Security Workshop pp. 8–9 (Aug. 1988).
  515. R. de Beer, A. Stander, and J.-P. Van Belle. “Anti-Forensics: A Practitioner Perspective,” International Journal of Cyber-Security and Digital Forensics 4(2) pp. 390–403 (Jan. 2015).
    DOI: 10.17781/P001593
  516. C. De Cannière, F. Mendel, and C. Rechberger. “Collisions for 70-Step SHA-1: On the Full Cost of Collision Search,” Proceedings of the 14th International Workshop on Selected Areas in Cryptography (Lecture Notes in Computer Science 4876) pp. 56–73 (Aug. 2007).
    DOI: 10.1007/978-3-540-77360-3_4
  517. W. De Groef, D. Devriese, N. Nikiforakis, and F. Piessens. “FlowFox: A Web Browser with Flexible and Precise Information Flow Control,” Proceedings of the 19th ACM SIGSAC Conference on Computer and Communications Security pp. 748–759 (Oct. 2012).
    DOI: 10.1145/2382196.2382275
  518. A. De Luca, M. Denzel, and H. Hussmann. “Look Into My Eyes! Can You Guess My Password?,” Proceedings of the Fifth Symposium on Usable Privacy and Security pp. 7:1–7:12 (July 2009).
    DOI: 10.1145/1572532.1572542
  519. A. De Luca, A. Hang, F. Brudy, C. Lindner, and H. Hussmann. “Touch Me Once and I Know It’s You!: Implicit Authentication Based on Touch Screen Patterns,” Proceedings of the 2012 SIGCHI Conference on Human Factors in Computing Systems pp. 987–996 (May 2012).
    DOI: 10.1145/2207676.2208544
  520. L. de Moura and N. Bjørner. “Z3: An Efficient SMT Solver,” Proceedings of the 14th Intenational Conference on Tools and Algorithms for the Construction and Analysis of Systems (Lecture Notes in Computer Science 4963) pp. 337–340 (Mar. 2008).
    DOI: 10.1007/978-3-540-78800-3_24
  521. L. de Moura, B. Dutertre, and N. Shankar. “A Tutorial on Satisfiability Modulo Theories,” Proceedings of the 2007 International Conference on Computer Aided Verification (Lecture Notes in Computer Science 4590) pp. 20–36 (2007).
    DOI: 10.1007/978-3-540-73368-3_5
  522. D. A. S. de Oliveira, J. R. Crandall, G. Wassermann, S. F. Wu, Z. Su, and F. T. Chong. “ExecRecorder: VM-Based Full-System Replay for Attack Analysis and System Recovery,” Proceedings of the First Workshop on Architectural and System Support for Improving Software Dependability pp. 66–71 (Oct. 2006).
    DOI: 10.1145/1181309.1181320
  523. D. Dean, E. W. Felten, and D. S. Wallach. “Java Security: From HotJava to Netscape and Beyond,” Proceedings of the 1996 IEEE Symposium on Security and Privacy pp. 190–200 (May 1996).
    DOI: 10.1109/SECPRI.1996.502681
  524. D. Dean, M. Franklin, and A. Stubblefield. “An Algebraic Approach to IP Traceback,” ACM Transactions on Information and System Security 5(2) pp. 119–127 (May 2002).
    DOI: 10.1145/505586.505588
  525. D. Dean and A. J. Hu. “Fixing Races for Fun and Profit: How to Use access(2),” Proceedings of the 13th USENIX Security Symposium (Aug. 2004)
    URL: https://www.usenix.org/legacy/events/sec04/tech/dean.html
  526. W. H. Debany. “Modeling the Spread of Internet Worms via Persistently Unpatched Hosts,” IEEE Network 22(2) pp. 26–32 (Mar. 2008).
    DOI: 0.1109/MNET.2008.4476068
  527. H. Debar, D. A. Curry, and B. S. Feinstein. The Intrusion Detection Message Exchange Format (IDMEF), RFC 4765 (Mar. 2007).
    DOI: 10.17487/RFC4765
  528. H. M. Deitel. An Introduction to Operating Systems, Addison-Wesley Longman Publishing Co., Inc., Reading, MA, USA (1983)
    ISBN: 0-201-14501-4
  529. M. Dell’ Amico, P. Michiardi, and Y. Roudier. “Password Strength: An Empirical Analysis,” Proceedings of 2010 IEEE INFOCOM pp. 1–9 (Mar. 2010).
    DOI: 10.1109/INFCOM.2010.5461951
  530. T. A. DeLong, D. T. Smit, and B. W. Johnson. “Dependability Metrics to Assess Safety-Critical Systems,” IEEE Transactions on Reliability 54(3) pp. 498–505 (Sep. 2005).
    DOI: 10.1109/TR.2005.853567
  531. R. A. DeMillo, D. P. Dobkin, A. K. Jones, and R. J. Lipton (eds.). Foundations of Secure Computation, Academic Press, New York, NY, USA (1978)
    ISBN: 978-0-12-210350-6
  532. H. Demirci. “Square-Like Attacks on Reduced Rounds of IDEA,” Proceedings of the Ninth International Workshop on Selected Areas in Cryptography (Lecture Notes in Computer Science 2595) pp. 147–159 (Aug. 2002).
    DOI: 10.1007/3-540-36492-7_11
  533. D. Denning. Cryptography and Data Security, Addison-Wesley Publishing Company, Reading, MA, USA (1982)
    ISBN: 978-0-201-10150-8
  534. D. E. Denning. “A Lattice Model of Secure Information Flow,” Communications of the ACM 19(5) pp. 236–243 (May 1976).
    DOI: 10.1145/360051.360056
  535. D. E. Denning. On the Derivation of Lattice Structured Information Flow Policies, CSD TR 180, Department of Computer Sciences, Purdue University, West Lafayette, IN, USA (Mar. 1976)
    URL: https://docs.lib.purdue.edu/cgi/viewcontent.cgi?article=1122&context=cstech
  536. D. E. Denning. “Secure Personal Computing in an Insecure Network,” Communications of the ACM 22(8) pp. 476–482 (Aug. 1979).
    DOI: 10.1145/359138.359143
  537. D. E. Denning. “An Intrusion-Detection Model,” IEEE Transactions on Software Engineering SE-3(2) pp. 222–232 (Feb. 1987).
    DOI: 10.1109/TSE.1987.232894
  538. D. E. Denning. “The US Key Escrow Encryption Technology,” Computer Communications 17(7) pp. 453–457 (July 1994).
    DOI: 10.1016/0140-3664(94)90099-X
  539. D. E. Denning. Information Warfare and Security, Addison-Wesley, Reading, MA, USA (1999).
    ISBN: 978-0-201-43303-6
  540. D. E. Denning, S. K. Akl, M. Heckman, T. F. Lunt, M. Morgenstern, P. G. Neumann, and R. R. Schell. “Views for Multilevel Database Security,” IEEE Transactions on Software Engineering SE-13(2) pp. 129–140 (Feb. 1987).
    DOI: 10.1109/TSE.1987.232889
  541. D. E. Denning and D. K. Branstad. “A Taxonomy for Key Escrow Encryption Systems,” Communications of the ACM 39(3) pp. 34–40 (Mar. 1996).
    DOI: 10.1145/227234.227239
  542. D. E. Denning and P. J. Denning. “Certification of Programs for Secure Information Flow,” Communications of the ACM 20(7) pp. 504–513 (July 1977).
    DOI: 10.1145/359636.359712
  543. D. E. Denning, T. F. Lunt, R. R. Schell, W. R. Shockley, and M. Heckman. “The SeaView Security Model,” Proceedings of the 1988 IEEE Symposium on Security and Privacy pp. 218–233 (Apr. 1988).
    DOI: 10.1109/SECPRI.1988.8114
  544. D. E. Denning and P. F. MacDoran. “Location-Based Authentication: Grounding Cyberspace fo Better Security,” Computer Fraud & Security 1996(2) pp. 12–16 (Feb. 1996).
    DOI: 10.1016/S1361-3723(97)82613-9
  545. D. E. Denning and G. M. Sacco. “Timestamps in Key Distribution Protocols,” Communications of the ACM 24(8) pp. 533–536 (Aug. 1981).
    DOI: 10.1145/358722.358740
  546. D. E. Denning and M. Smid. “Key Escrowing Today,” IEEE Communications Magazine 32(9) pp. 58–68 (Sep. 1994).
    DOI: 10.1109/35.312844
  547. P. J. Denning. “Third Generation Computer Systems,” ACM Computing Surveys 3(4) pp. 175–216 (Dec. 1971).
    DOI: 10.1145/356593.356595
  548. P. J. Denning. “Fault Tolerant Operating Systems,” ACM Computing Surveys 8(4) pp. 359–389 (Dec. 1976).
    DOI: 10.1145/356678.356680
  549. P. J. Denning. “The Science of Computing: Computer Viruses,” American Scientist 76(3) pp. 236–238 (May 1988)
    URL: http://www.jstor.org/stable/27855176
  550. P. J. Denning (ed).Computers Under Attack: Intruders, Worms, and Viruses, Addison-Wesley Professional, Reading, MA, USA (1990)
    ISBN: 978-0-201-53067-4
  551. T. Denning, K. Fu, and T. Kohno. “Absence Makes the Heart Grow Fonder: New Directions for Implantable Medical Device Security,” Proceedings of the Third USENIX Workshop on Hot Topics in Security (July 2008)
    URL: https://www.usenix.org/legacy/events/hotsec08/tech/full_papers/denning/denning.pdf
  552. J. B. Dennis and E. C. Van Horn. “Programming Semantics for Multiprogrammed Computations,” Communications of the ACM 9(3) pp. 143–155 (Mar. 1966).
    DOI: 10.1145/365230.365252
  553. A. W. Dent. “A Brief Introduction to Certificateless Encryption Schemes and Their Infrastructures,” Proceedings of the Sixth European Workshop on Public Key Infrastructures, Services and Applications (Lecture Notes in Computer Science 6391) pp. 1–16 (Sep. 2009).
    DOI: 10.1007/978-3-642-16441-5_1
  554. S. Designer. Getting Around Non-Executable Stack (and Fix) (Aug. 1997).
    URL: http://seclists.org/bugtraq/1997/Aug/63
  555. A. Dewald, T. Holz, and F. C. Freiling. “ADSandbox: Sandboxing JavaScript to Fight Malicious Websites,” Proceedings of the 2010 ACM Symposium on Applied Computing pp. 1859–1864 (Mar. 2010).
    DOI: 10.1145/1774088.1774482
  556. A. K. Dewdeny. “Computer Recreations: A Core War Bestiary of Viruses, Worms and Other Threats to Computer Memories,” Scientific American 252(3) pp. 14–23 (Oct. 1985)
    URL: http://www.jstor.org/stable/24967583
  557. P. A. DeWinstanley and E. L. Bjork. “Processing Strategies and the Generation Effect: Implications for Making a Better Reader,” Memory & Cognition 32(6) pp. 945–955 (Sep. 2004).
    DOI: 10.3758/BF03196872
  558. P. D’Haeseleer, S. Forrest, and P. Helman. “An Immunological Approach to Change Detection: Algorithms, Analysis and Implications,” Proceedings of the 1996 IEEE Symposium on Security and Privacy pp. 110–119 (May 1996).
    DOI: 10.1109/SECPRI.1996.502674
  559. N. Dhanjani, B. Rios, and B. Hardin. Hacking: The Next Generation, O’Reilly Media, Inc., Sebastopol, CA, USA (2009).
    ISBN: 978-0-596-15457-8
  560. M. Dhawan and V. Ganapathy. “Analyzing Information Flow in JavaScript-based Browser Extensions,” Proceedings of the 25th Annual Computer Security Applications Conference pp. 382–391 (Dec. 2009).
    DOI: 10.1109/ACSAC.2009.43
  561. B. L. Di Vito, P. H. Palmquist, E. A. Anderson, and M. L. Johnston. “Specification and Verification of the ASOS Kernel,” Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy pp. 61–74 (May 1990).
    DOI: 10.1109/RISP.1990.63839
  562. U. Dieckmann, P. Plankensteiner, and T. Wagner. “SESAM: A Biometric Person Identification System Using Sensor Fusion,” Pattern Recognition Letters 18(9) pp. 827–833 (Sep. 1997).
    DOI: 10.1016/S0167-8655(97)00063-9
  563. T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2, RFC 5246 (Aug. 2008).
    DOI: 10.17487/RFC5246
  564. W. Diffie and M. Hellman. “New Directions in Cryptography,” IEEE Transactions on Information Theory IT-22(6) pp. 644–654 (Nov. 1976).
    DOI: 10.1109/TIT.1976.1055638
  565. W. Diffie and M. E. Hellman. “Exhaustive Cryptanalysis of the NBS Data Encryption Standard,” IEEE Computer 10(6) pp. 74–84 (June 1977).
    DOI: 10.1109/C-M.1977.217750
  566. E. W. Dijkstra. “The Structure of the ‘THE’-multiprogramming System,” Communications of the ACM 11(5) pp. 341–346 (May 1968).
    DOI: 10.1145/363095.363143
  567. A. Diller. Z: An Introduction to Formal Methods, John Wiley & Sons, Inc., New York, NY, USA (1994)
    ISBN: 978-0-471-93973-3
  568. R. Dilmaghani, S. Geyik, K. Grueneberg, J. Lobo, S. Y. Shah, B. K. Szymanski, and P. Zerfos. “Policy-Aware Service Composition in Sensor Networks,” Proceedings of the Ninth International Workshop on Services Computing pp. 186–193 (June 2012).
    DOI: 10.1109/SCC.2012.90
  569. T. Dimkov, A. van Cleeff, W. Pieters, and P. Hartel. “Two Methodologies for Physical Penetration Testing Using Social Engineering,” Proceedings of the 26th Annual Computer Security Applications Conference pp. 399–408 (Dec. 2010).
    DOI: 10.1145/1920261.1920319
  570. R. Dingledine, N. Mathewson, and P. Syverson. “Tor: The Second-Generation Onion Router,” Proceedings of the 13th USENIX Security Symposium pp. 303–320 (Aug. 2004)
    URL: https://www.usenix.org/legacy/publications/library/proceedings/sec04/tech/dingledine.html
  571. I. Dinur, O. Dunkelman, and A. Shamir. “Collision Attacks on Up to 5 Rounds of SHA-3 Using Generalized Internal Differentials,” Proceedings of the 20th International Workshop on Fast Software Encryption (Lecture Notes in Computer Science 8424) pp. 219–240 (Mar. 2013).
    DOI: 10.1007/978-3-662-43933-3_12
  572. L. C. Dion. “A Complete Protection Model,” Proceedings of the 1981 IEEE Symposium on Security and Privacy pp. 49–55 (Apr. 1981).
    DOI: 10.1109/SP.1981.10006
  573. H. Dobbertin. “The Status of MD5 After a Recent Attack,” RSA Laboratories’ CryptoBytes 2(2) pp. 1–6 (Summer 1996)
    URL: http://www.networkdls.com/Articles/crypto2n2.pdf
  574. H. Dobbertin. “Cryptanalysis of MD4,” Journal of Cryptology 11(4) pp. 253–271 (Sep. 1998).
    DOI: 10.1007/s001459900047
  575. H. Dobbertin, A. Bosselaers, and B. Preneel. “RIPEMD-160: A Strengthened Version of RIPEMD,” Proceedings of the Fourth International Workshop on Fast Software Encryption (Lecture Notes in Computer Science 1039) pp. 71–82 (Feb. 1996).
    DOI: 10.1007/3-540-60865-6_44
  576. H. Dobbertin, L. Knudsen, and M. Robshaw. “The Cryptanalysis of the AES—A Brief Survey,” Fourth International Conference on the Advanced Encryption Standard: Revised Selected and Invited Papers (Lecture Notes in Computer Science 3373) pp. 1–10 (May 2004).
    DOI: 10.1007/11506447_1
  577. Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith. “Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data,” SIAM Journal on Computing 38(7) pp. 97–139 (2008).
    DOI: 10.1137/060651380
  578. T. W. Doeppner, P. N. Klein, and A. Koyfman. “Using Router Stamping to Identify the Source of IP Packets,” Proceedings of the Seventh ACM Conference on Computer and Communications Security pp. 184–189 (Nov. 2000).
    DOI: 10.1145/352600.352627
  579. B. Dole, S. Lodin, and E. Spafford. “Misplaced Trust: Kerberos 4 Session Keys,” Proceedings of the 1997 Symposium on Network and Distributed System Security pp. 60–70 (Feb. 1997).
    DOI: 10.1109/NDSS.1997.579221
  580. D. Dolev and A. C. Yao. “On the Security of Public Key Protocols,” IEEE Transactions on Information Theory 29(2) pp. 198–208 (Mar. 1983).
    DOI: 10.1109/TIT.1983.1056650
  581. C. Domas. “Breaking the x86 ISA,” Blackhat (Aug. 2017)
    URL: https://www.blackhat.com/docs/us-17/thursday/us-17-Domas-Breaking-The-x86-Instruction-Set-wp.pdf
  582. F. J. Donner. The Un-Americans, Ballantine Books, New York, NY, USA (1961).
  583. N. Doraswamy and D. HarkinsIPSec: The New Security Standard for the Internet, Intranets, and Vitrtual Private Networks, Prentice Hall, Inc, Upper Saddle River, NJ, USA (2003)
    ISBN: 978-0-13-046189-6
  584. B. Dowling, M. Fischlin, F. Günther, and D. Stebila. “A Cryptographic Analysis of the TLS 1.3 Handshake Protocol Candidates,” Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security pp. 1197–1210 (Oct. 2015).
    DOI: 10.1145/2810103.2813653
  585. I. Downnard. “Public-Key Cryptography Extensions into Kerberos,” IEEE Potentials 21(5) pp. 30–34 (Dec. 2002).
    DOI: 10.1109/MP.2002.1166623
  586. D. D. Downs, J. R. Rub, K. C. Kung, and C. S. Jordan. “Issues in Discretionary Access Control,” Proceedings of the 1985 IEEE Symposium on Security and Privacy pp. 208–218 (Apr. 1985).
    DOI: 10.1109/SP.1985.10014
  587. M. Dowty and J. Sugerman. “GPU Virtualization on VMware’s Hosted I/O Architecture,” ACM SIGOPS Operating Systems Review 43(3) pp. 73–82 (July 2009).
    DOI: 10.1145/1618525.1618534
  588. H. Dreger, C. Kreibich, V. Paxson, and R. Sommer. “Enhancing the Accuracy of Network-Based Intrusion Detection with Host-Based Context,” Proceedings of the Second International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (Lecture Notes in Computer Science 3548) pp. 206–221 (July 2005).
    DOI: 10.1007/11506881_13
  589. R. Droms. Dynamic Host Configuration Protocol, RFC 2131 (Mar. 1997).
    DOI: 10.17487/RFC2131
  590. R. Droms, J. Bound, B. Volz, T. Lemon, C. E. Perkins, and M. Carney. Dynamic Host Configuration Protocol for IPv6 (DHCPv6), RFC 3315 (July 2003).
    DOI: 10.17487/RFC3315
  591. R. Dua, A. R. Raja, and D. Kakadia. “Virtualization vs. Containerization to Support PaaS,” Proceedings of the 2014 IEEE International Conference on Cloud Engineering pp. 610–614 (Mar. 2014).
    DOI: 10.1109/IC2E.2014.41
  592. B. Duc, E. S. Biglün, J. Bigün, G. Maître, and S. Fischer. “Fusion of Audio and Video Information for Multi Modal Person Authentication,” Pattern Recognition Letters 18(9) pp. 835–843 (Sep. 1997).
    DOI: 10.1016/S0167-8655(97)00071-8
  593. T. Duff. “Experiences with Viruses on UNIX Systems,” Computing Systems 2(2) pp. 155–171 (Spring 1989)
    URL: https://www.usenix.org/legacy/publications/compsystems/1989/spr_duff.pdf
  594. E. Duffy, S. Nyemba, C. A. Gunter, D. Liebovitz, and B. Malin. “Requirements and Design for an Extensible Toolkit for Analyzing EMR Audit Logs,” Proceedings of the 2013 USENIX Workshop on Health Information Technologies (Aug. 2013)
    URL: https://www.usenix.org/conference/healthtech13/workshop-program/presentation/Duffy
  595. C. W. Dukes. Committee on National Security Systems (CNSS) Glossary, Technical Report CNSSI No. 4009, Committee on National Security Systems, National Security Agency, Ft. George G. Meade, MD, USA (Apr. 2015)
    URL: https://www.cnss.gov/CNSS/openDoc.cfm?asGwvyBqwTPLim+E4Lb53A==
  596. O. Dunkelman, N. Keller, and A. Shamir. “Improved Single-Key Attacks on 8-Round AES-192 and AES-256,” Advances in Cryptology — ASIACRYPT 2010 (Lecture Notes in Computer Science 6477) pp. 158–176 (Dec. 2010).
    DOI: 10.1007/978-3-642-17373-8_10
  597. G. W. Dunlap, S. T. King, S. Cinar, M. A. Basrai, and P. M. Chen. “ReVirt: Enabling Intrusion Analysis through Virtual-Machine Logging and Replay,” Proceedings of the Fifth Symposium on Operating Systems Design and Implementation pp. 211–224 (Dec. 2002).
    DOI: 10.1145/844128.844148
  598. M. Dunlop, S. Groat, W. Urbanski, R. Marchany, and J. Tront. “MT6D: A Moving Target IPv6 Defense,” Proceedings of the 2011 Military Communications Conference pp. 1321–1326 (Nov. 2011).
    DOI: 10.1109/MILCOM.2011.6127486
  599. R. Durst, T. Champion, B. Witten, E. Miller, and L. Spagnuolo. “Testing and Evaluating Computer Intrusion Detection Systems,” Communications of the ACM 42(7) pp. 53–61 (July 1999).
    DOI: 10.1145/306549.306571
  600. Z. Durumeric, J. Kasten, D. Adrian, J. A. Halderman, M. Bailey, F. Li, N. Weaver, J. Amann, J. Beekman, M. Payer, and V. Paxson. “The Matter of Heartbleed,” Proceedings of the 2014 Conference on Internet Measurement pp. 475–488 (Nov. 2014).
    DOI: 10.1145/2663716.2663755
  601. C. Dwork. “Differential Privacy,” Proceedings of the 33rd International Colloquium on Automata, Languages and Programming Part II (Lecture Notes in Computer Science 4052) pp. 1–12 (July 2006).
    DOI: 10.1007/11787006_1
  602. C. Dwork. “Differential Privacy in New Settings,” Proceedings of the 21st Annual ACM-SIAM Symposium on Discrete Algorithms pp. 174–183 (Jan. 2010).
    DOI: 10.1137/1.9781611973075.16
  603. M. Dworkin. Recommendation for Block Cipher Modes of Operation, Special Publication 800-38A, National Institute of Standards and Technology, Gaithersburg, MD, USA (Dec. 2001)
    URL: https://csrc.nist.gov/publications/detail/sp/800-38a/final
  604. M. Dworkin. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC, Special Publication 800-38D, National Institute of Standards and Technology, Gaithersburg, MD, USA (Nov. 2007).
    DOI: 10.6028/NIST.SP.800-38D
  605. K. P. Dyer, S. E. Coull, T. Ristenpart, and T. Shrimpton. “Protocol Misidentification Made Easy with Format-Transforming Encryption,” Proceedings of the 20th ACM SIGSAC Conference on Computer and Communications Security pp. 61–72 (Oct. 2013).
    DOI: 10.1145/2508859.2516657
  606. D. E. Eastlake, 3rd. Domain Name System Security Extensions, RFC 2535 (Mar. 1999).
    DOI: 10.17487/RFC2535
  607. D. E. Eastlake, 3rd. DSA Keys and SIGs in the Domain Name System (DNS), RFC 2536 (Mar. 1999).
    DOI: 10.17487/RFC2536
  608. D. E. Eastlake, 3rd. RSA/MD5 Keys and SIGs in the Domain Name System (DNS), RFC 2537 (Mar. 1999).
    DOI: 10.17487/RFC2537
  609. D. E. Eastlake, 3rd. Storage of Diffie-Hellman Keys in the Domain Name System (DNS), RFC 2539 (Mar. 1999).
    DOI: 10.17487/RFC2539
  610. D. E. Eastlake, 3rd and O. Gudmundsson. Storing Certificates in the Domain Name System (DNS), RFC 2538 (Mar. 1999).
    DOI: 10.17487/RFC2538
  611. D. E. Eastlake, 3rd, J. I. Schiller, and S. Crocker. Randomness Requirements for Security, RFC 4086 (June 2005).
    DOI: 10.17487/RFC4086
  612. S. Eberz, K. B. Rasmussen, V. Lenders, and I. Martinovic. “Preventing Lunchtime Attacks: Fighting Insider Threats With Eye Movement Biometrics,” Proceedings of the 2015 Symposium on Distributed and Network System Security (Feb. 2015).
    DOI: 10.14722/ndss.2015.23203
  613. S. T. Eckmann. “Eliminating Formal Flows in Automated Information Flow Analysis,” Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy pp. 30–38 (May 1994).
    DOI: 10.1109/RISP.1994.296594
  614. S. T. Eckmann, G. Vigna, and R. A. Kemmerer. “STATL: An Attack Language for State-Based Intrusion Detection,” Journal of Computer Security 10(1-2) pp. 71–103 (Jan. 2002).
    DOI: 10.3233/JCS-2002-101-204
  615. W. M. Eddy. TCP SYN Flooding Attacks and Common Mitigations, RFC 4987 (Aug. 2007).
    DOI: 10.17487/RFC4987
  616. S. Egelman, L. F. Cranor, and J. Hong. “You’ve Been Warned: An Empirical Study of the Effectiveness of Web Browser Phishing Warnings,” Proceedings of the 2008 SIGCHI Conference on Human Factors in Computing Systems pp. 1065–1074 (Apr. 2008).
    DOI: 10.1145/1357054.1357219
  617. S. Egelman, A. Sotirakopoulos, I. Muslukhov, K. Beznosov, and C. Herley. “Does My Password Go Up to Eleven?: The Impact of Password Meters on Password Selection,” Proceedings of the 2013 SIGCHI Conference on Human Factors in Computing Systems pp. 2379–2388 (Apr. 2013).
    DOI: 10.1145/2470654.2481329
  618. W. F. Ehrsam, S. M. Matyas, C. H. Meyer, and W. L. Tuchman. “A Cryptographic Key Management Scheme for Implementing the Data Encryption Standard,” IBM Systems Journal 17(2) pp. 106–125 (Apr. 1978).
    DOI: 10.1147/sj.172.0106
  619. M. W. Eichin and J. A. Rochlis. “With Microscope and Tweezers: An Analysis of the Internet Virus of November 1988,” Proceedings of the 1989 IEEE Symposium on Security and Privacy pp. 326–343 (May 1989).
    DOI: 10.1109/SECPRI.1989.36307
  620. T. Eisenbarth, T. Kasper, A. Moradi, C. Paar, M. Salmasizadeh, and M. T. Manzuri Shalmani. “On the Power of Power Analysis in the Real World: A Complete Break of the KEELOQ Code Hopping Scheme,” Advances in Cryptology — CRYPTO 2008 (Lecture Notes in Computer Science 5157) pp. 203–220 (Aug. 2008).
    DOI: 10.1007/978-3-540-85174-5_12
  621. T. Eisenberg, D. Gries, J. Hartmanis, D. Holcomb, M. S. Lynn, and T. Santoro. “The Cornell Commission: On Morris and the Worm,” Communications of the ACM 32(6) pp. 706–709 (June 1989).
    DOI: 10.1145/63526.63530
  622. A. A. El Kalam, R. El Baida, and P. Balbiani. “Organization Based Access Control,” Proceedings of the Fourth IEEE International Workshop on Policies for Distributed Systems and Networks pp. 120–131 (June 2003).
    DOI: 10.1109/POLICY.2003.1206966
  623. A. El-Sherbiny, M. Farah, I. Oueichek, and A. H. Al-Zoman. Linguistic Guidelines for the Use of the Arabic Language in Internet Domains, RFC 5564 (Feb. 2010).
    DOI: 10.17487/RFC5564
  624. A. J. Elbirt. “Accelerated AES Implementations Via Generalized Instruction Set Extensions,” Journal of Computer Security 16(3) pp. 265–288 (2008).
    DOI: 10.3233/JCS-2008-16302
  625. Electronic Frontier Foundation. Cracking DES: Secrets of Encryption Research, Wiretap Politics & Chip Design, O’Reilly Media, Sebastopol, CA, USA (May 1998)
    ISBN: 978-1-56592-520-5
  626. D. Elenius, G. Denker, M.-O. Stehr, R. Senanayake, C. Talcott, and D. Wilkins. “CoRaL — Policy Language and Reasoning Techniques for Spectrum Policies,” Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks pp. 261–265 (June 2007).
    DOI: 10.1109/POLICY.2007.13
  627. T. ElGamal. “A Public Key Cryptosystem and Signature Scheme Based on Discrete Logarithms,” IEEE Transactions on Information Theory IT-31(4) pp. 469–472 (July 1985).
    DOI: 10.1109/TIT.1985.1057074
  628. J. Eller, M. Mastrorocco, and B. C. Stauffer. “The Department of Defense Information Technology Security Certification and Accreditation process (DITSCAP),” Proceedings of the 19th National Information Systems Security Conference pp. 46–53 (Oct. 1996).
  629. J. H. Ellis. “The History of Non-Secret Encryption,” Cryptologia 23(3) pp. 267–273 (July 1999).
    DOI: 10.1080/0161-119991887919
  630. C. Ellison and S. Dohrmann. “Public-Key Support for Group Collaboration,” ACM Transactions on Information and System Security 6(4) pp. 547–565 (Nov. 2003).
    DOI: 10.1145/950191.950195
  631. C. M. Ellison. “Establishing Identity Without Certification Authorities,” Proceedings of the Sixth USENIX UNIX Security Symposium pp. 67–76 (July 1996)
    URL: http://www.usenix.org/publications/library/proceedings/sec96/ellison.html
  632. C. M. Ellison. “Naming and Certificates,” Proceedings of the Tenth Conference on Computers, Freedom and Privacy: Challenging the Assumptions pp. 213–217 (Apr. 2000).
    DOI: 10.1145/332186.332286
  633. C. Ellison and B. Schneier. “Ten Risks of PKI: What You’re Not Being Told about Public Key Infrastructure,” Computer Security Journal 16(1) pp. 1–7 (Winter 2000).
  634. W. Enck, P. Gilbert, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. “TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones,” Proceedings of the Ninth USENIX Symposium on Operating Systems Design and Implementation pp. 393–408 (Oct. 2010)
    URL: https://www.usenix.org/legacy/events/osdi10/tech/full_papers/Enck.pdf
  635. W. Enck, P. Gilbert, S. Han, V. Tendulkar, B.-G. Chun, L. P. Cox, J. Jung, P. McDaniel, and A. N. Sheth. “TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones,” ACM Transactions on Computer Systems 32(2) pp. 5:1–5:29 (June 2014).
    DOI: 10.1145/2619091
  636. C. Endorf, E. Schultz, and J. Mellander. Intrusion Detection and Prevention, McGraw-Hill/Osborne, Emeryville, CA, USA (2004)
    ISBN: 978-0-07-222954-7
  637. A. Ene, W. Horne, N. Milosavljevic, P. Rao, R. Schreiber, and R. E. Tarjan. “Fast Exact and Heuristic Methods for Role Minimization Problems,” Proceedings of the 13th ACM Symposium on Access Control Models and Technologies pp. 1–10 (June 2008).
    DOI: 10.1145/1377836.1377838
  638. E. Engeler. Introduction to the Theory of Computation, Academic Press, New York, NY, USA (1973)
    ISBN: 978-0-12-239250-4
  639. D. R. Engler, M. F. Kaashoek, and J. O’Toole Jr.. “Exokernel: An Operating System Architecture for Application-level Resource Management,” Proceedings of the 15th ACM Symposium on Operating Systems Principles pp. 251–266 (Dec. 1995).
    DOI: 10.1145/224056.224076
  640. R. G. Engoulou, M. Bellaïche, S. Pierre, and A. Quintero. “VANET Security Surveys,” Computer Communications 44 pp. 1–13 (May 2014).
    DOI: 10.1016/j.comcom.2014.02.020
  641. J. Epstein, J. McHugh, H. Orman, R. Pascale, A. Marmor-Squires, B. Danner, C. R. Martin, M. Branstad, G. Benson, and D. Rothnie. “A High Assurance Window System Prototype,” Journal of Computer Security 2(2-3) pp. 159–190 (Apr. 1993).
    DOI: 10.3233/JCS-1993-22-306
  642. M. Erwin, C. Scott, and P. Wolfe. Virtual Private Networks, O’Reilly Media, Sebastopol, CA, USA (Dec. 1998)
    ISBN: 978-1-56592-529-8
  643. K. R. Eschenfelder and A. C. Desai. “Software as Protest: The Unexpected Resiliency of U.S.-Based DeCSS Posting and Linking,” The Information Society 20(2) pp. 101–116 (Apr. 2004).
    DOI: 10.1080/01972240490422987
  644. T. Espiner. “Intel ‘Hacker’ Sentence Expunged,” CNET (Mar. 5, 2007)
    URL: https://www.cnet.com/news/intel-hacker-sentence-expunged/
  645. S. Evans, S. F. Bush, and J. Hershey. “Information Assurance through Kolmogorov Complexity,” Proceedings of the 2001 DARPA Information Survivability Conference and Exposition II pp. 322–331 (June 2001).
    DOI: 10.1109/DISCEX.2001.932183
  646. D. Evtyushkin and D. Ponomarev. “Covert Channels Through Random Number Generator: Mechanisms, Capacity Estimation and Mitigations,” Proceedings of the 23rd ACM SIGSAC Conference on Computer and Communications Security pp. 843–857 (Oct. 2016).
    DOI: 10.1145/2976749.2978374
  647. R. S. Fabry. “Capability-Based Addressing,” Communications of the ACM 17(7) pp. 403–412 (July 1974).
    DOI: 10.1145/361011.361070
  648. G. Faden. “RBAC in UNIX Administration,” Proceedings of the Fourth ACM Workshop on Role-Based Access Controls pp. 95–101 (Oct. 1999).
    DOI: 10.1145/319171.319180
  649. G. Faden. “Multilevel Filesystems in Solaris Trusted Extensions,” Proceedings of the 12th ACM Symposium on Access Control Models and Technologies pp. 121–126 (June 2007).
    DOI: 10.1145/1266840.1266859
  650. M. Fagan and M. M. Hasan Khan. “Why Do They Do What They Do?: A Study of What Motivates Users to (Not) Follow Computer Security Advice,” Proceedings of the Twelfth Symposium on Usable Privacy and Security pp. 59–75 (June 2016)
    URL: https://www.usenix.org/conference/soups2016/technical-sessions/presentation/fagan
  651. R. Fagin. “On an Authorization Mechanism,” ACM Transactions on Database Systems 3(3) pp. 310–319 (Sep. 1978).
    DOI: 10.1145/320263.320288
  652. R. C. Fairfield, R. L. Mortenson, and K. B. Coulthart. “An LSI Random Number Generator (RNG),” Advances in Cryptology — CRYPTO ’84 (Lecture Notes in Computer Science 196) pp. 203–230 (Aug. 1984).
    DOI: 10.1007/3-540-39568-7_18
  653. N. Falliere, L. O Murchu, and E. Chien. W32.Stuxnet Dossier Version 1.4, Technical Report, Symantec Corporation, Mountain View, CA, USA (Feb. 2011)
    URL: https://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf
  654. J. Fan, J. Xu, M. H. Ammar, and S. B. Moon. “Prefix-Preserving IP Address Anonymization: Measurement-Based Security Evaluation and a New Cryptography-Based Scheme,” Computer Networks 46(2) pp. 253–272 (Oct. 2004).
    DOI: 10.1016/j.comnet.2004.03.033
  655. R. J. Feiertag, K. N. Levitt, and L. Robinson. “Proving Multilevel Security of a System Design,” Proceedings of the Sixth ACM Symposium on Operating Systems Principles pp. 57–65 (Nov. 1977).
    DOI: 10.1145/800214.806547
  656. R. J. Feiertag and P. G. Neumann. “The Foundations of a Provably Secure Operating System (PSOS),” Proceedings of the AFIPS ’79 National Computer Conference (AFIPS Conference Proceedings 48) pp. 329–334 (June 1979).
    DOI: 10.1109/AFIPS.1979.116
  657. B. S. Feinstein and G. A. Matthews. The Intrusion Detection Exchange Protocol (IDXP), RFC 4767 (Mar. 2007).
    DOI: 10.17487/RFC4767
  658. H. Feistel. “Cryptography and Computer Privacy,” Scientific American 228(5) pp. 15–23 (May 1973).
    DOI: 10.1038/scientificamerican0573-15
  659. M. Feldhofer, J. Wolkerstorfer, and V. Rijmen. “AES Implementation on a Grain of Sand,” IEE Proceedings on Information Security 152(1) pp. 13–20 (Oct. 2005).
    DOI: 10.1049/ip-ifs:20055006
  660. D. C. Feldmeier and P. R. Kan. “UNIX Password Security—Ten Years Later,” Advances in Cryptology — CRYPTO ’89 (Lecture Notes in Computer Science 435) pp. 44–63 (Aug. 1989).
    DOI: 10.1007/0-387-34805-0_6
  661. A. P. Felt, E. Chin, D. Hanna, Steve amnd Song, and D. Wagner. “Android Permissions Demystified,” Proceedings of the 18th ACM Conference on Computer and Communications Security pp. 627–638 (Oct. 2011).
    DOI: 10.1145/2046707.2046779
  662. A. P. Felt, E. Ha, S. Egelman, A. Haney, E. Chin, and D. Wagner. “Android Permissions: User Attention, Comprehension, and Behavior,” Proceedings of the Eighth Symposium on Usable Privacy and Security pp. 3:1–3:14 (July 2012).
    DOI: 10.1145/2335356.2335360
  663. W.-c. Feng, E. Kaiser, W.-c. Feng, and A. Luu. “The Design and Implementation of Network Puzzles,” Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies pp. 2372–2382 (Mar. 2005).
    DOI: 10.1109/INFCOM.2005.1498523
  664. J. S. Fenton. “Memoryless Subsystems,” The Computer Journal 17(2) pp. 143–147 (Jan. 1974).
    DOI: 10.1093/comjnl/17.2.143
  665. D. Ferbrache. A Pathology of Computer Viruses, Springer-Verlag London, London, UK (1992)
    ISBN: 978-3-540-19610-5
  666. N. Ferguson. Authentication Weaknesses in GCM,” Comments on the Choice Between CWC or GCM, Gaithersburg, MD, USA (June 2005).
    URL: https://csrc.nist.gov/csrc/media/projects/block-cipher-techniques/documents/bcm/comments/cwc-gcm/ferguson2.pdf
  667. N. Ferguson, B. Schneier, and T. Kohno. Cryptography Engineering: Design Principles and Practical Applications, John Wiley & Sons, New York, NY, USA (2010)
    ISBN: 978-0-470-47424-2
  668. D. F. Ferraiolo and D. R. Kuhn. “Role-Based Access Controls,” Proceedings of the 15th National Computer Security Conference pp. 554–563 (Oct. 1992).
  669. K. Ferraiolo. “Tutorial: The Systems Security Engineering Capability Maturity Model,” Proceedings of the 21st National Information Systems Security Conference pp. 719–729 (Oct. 1998).
  670. K. Ferraiolo, L. Gallagher, and V. Thompson. “Building a Case for Assurance from Process,” Proceedings of the 21st National Information Systems Security Conference pp. 49–61 (Oct. 1998).
  671. A. Ferreira, R. Cruz-Correia, L. Antunes, P. Farinha, E. Oliveira-Palhares, D. W. Chadwick, and A. Costa-Pereira. “How to Break Access Control in a Controlled Manner,” Proceedings of the 19th IEEE International Symposium on Computer-Based Medical Systems pp. 847–854 (June 2006).
    DOI: 10.1109/CBMS.2006.95
  672. T. Ferrell and U. Derrell. “Assuring Avionics — Updating the Approach for the 21st Century,” Proceedings of the SAFECOMP 2014 Workshops: Next Generation of System Assurance Approaches for Safety-Critical Systems ( Lecture Notes in Computer Science 8696) pp. 375–383 (Sep. 2014).
    DOI: 10.1007/978-3-319-10557-4_41
  673. P. Ferrie. Attacks on Virtual Machine Emulators, Symantee Advanced Research Threat Paper, Symantec Corporation, Mountain View, CA, USA (Dec. 2006)
    URL: https://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf
  674. P. Ferrie. “Crimea River,” Virus Bulletin pp. 4–6 (Feb. 2008)
    URL: https://www.virusbulletin.com/uploads/pdf/magazine/2008/200802.pdf
  675. P. Ferrie and P. Szor. “Zmist Opportunities,” Virus Bulletin pp. 6–7 (Mar. 2001)
    URL: https://www.virusbulletin.com/uploads/pdf/magazine/2001/200103.pdf
  676. J. Fichera and S. Bolt. Network Intrusion Analysis: Methodologies, Tools, and Techniques for Incident Analysis and Response, Syngress Press, Waltham, MA, USA (2013)
    ISBN: 978-1-59749-962-0
  677. G. A. Fink, D. V. Zarzhitsky, T. E. Carroll, and E. D. Farquar. “Security and Privacy Grand Challenges for the Internet of Things,” Proceedings of the 2015 International Conference on Collaboration Technologies and Systems (June 2015).
    DOI: 10.1109/CTS.2015.7210391
  678. G. Fink and M. Bishop. “Property-Based Testing: A New Approach to Testing for Assurance,” ACM SIGSOFT Software Engineering Notes 22(4) pp. 74–80 (July 1997).
    DOI: 10.1145/263244.263267
  679. G. Fink and K. Levitt. “Property-Based Testing of Privileged Programs,” Proceedings of the Tenth Annual Computer Security Applications Conference pp. 154–163 (Dec. 1994).
    DOI: 10.1109/CSAC.1994.367311
  680. E. A. Fisch, G. B. White, and U. W. Pooch. “The Design of an Audit Trail Analysis Tool,” Proceedings of the Tenth Annual Computer Security Applications Conference pp. 126–132 (Dec. 1994).
    DOI: 10.1109/CSAC.1994.367314
  681. J. Fisch and L. J. Hoffman. “The Cascade Problem: Graph Theory Can Help,” Proceedings of the 14th National Computer Security Conference pp. 88–100 (Oct. 1991).
  682. A. Fischer and W. Kühnhauser. “Efficient Algorithmic Safety Analysis of HRU Security Models,” Proceedings of the 2010 International Conference on Security and Cryptography pp. 49–58 (July 2010).
    DOI: 10.5220/0002986600490058
  683. P. Fites, P. Jophnston, and M. Kratz. The Computer Virus Crisis, Van Nostrand Reinhold, New York, NY, USA (1989).
    ISBN: 978-0-442-28532-6
  684. C. Flack and M. J. Atallah. “Better Logging through Formality: Applying Formal Specification Techniques to Improve Audit Logs and Log Consumers,” Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection (Lecture Notes in Computer Science 1907) pp. 1–16 (Oct. 2000).
    DOI: 10.1007/3-540-39945-3_1
  685. E. Flahavin and R. Snouffer. “The Certification of the Interim Key Escrow System,” Proceedings of the 19th National Information Systems Security Conference pp. 26–33 (Oct. 1996).
  686. C. Fleizach, M. Liljenstam, P. Johansson, G. M. Voelker, and A. Mehes. “Can You Infect Me Now?: Malware Propagation in Mobile Phone Networks,” Proceedings of the 2007 ACM Workshop on Recurring Malcode pp. 61–68 (Nov. 2007).
    DOI: 10.1145/1314389.1314402
  687. C. W. Flink II and J. D. Weiss. “System V/MLS Labeling and Mandatory Policy Alternatives,” AT&T Technical Journal pp. 53–64 (May 1988).
    DOI: 10.1002/j.1538-7305.1988.tb00631.x
  688. D. Florêncio and C. Herley. “A Large-Scale Study of Web Password Habits,” Proceedings of the 16th International World Wide Web Conference pp. 657–666 (May 2007).
    DOI: 10.1145/1242572.1242661
  689. D. Florêncio and C. Herley. “Where Do Security Policies Come From?,” Proceedings of the Sixth Symposium on Usable Privacy and Security pp. 10:1–10:14 (July 2010).
    DOI: 10.1145/1837110.1837124
  690. D. Florêncio, C. Herley, and P. C. van Oorschot. “An Administrator’s Guide to Internet Password Research,” Proceedings of the Proceedings of the 28th Large Installation System Administration Conference pp. 35–52 (Nov. 2014)
    URL: https://www.usenix.org/system/files/conference/lisa14/lisa14-paper-florencio.pdf
  691. S. R. Fluhrer and D. A. McGrew. “Statistical Analysis of the Alleged RC4 Keystream Generator,” Proceedings of the Eighth International Workshop on Fast Software Encryption (Lecture Notes in Computer Science 1978) pp. 66–71 (Apr. 2001).
    DOI: 10.1007/3-540-44706-7_2
  692. R. Focardi and M. Centenaro. “Information Flow Security of Multi-threaded Distributed Programs,” Proceedings of the Third ACM SIGPLAN Workshop on Programming Languages and Analysis for Security pp. 113–124 (June 2008).
    DOI: 10.1145/1375696.1375711
  693. R. Focardi and R. Gorrieri. “A Classification of Security Properties for Process Algebras,” Journal of Computer Security 3(1) pp. 5–33 (1994/1995).
    DOI: 10.3233/JCS-1994/1995-3103
  694. S. N. Foley. “A Model for Secure Information Flow,” Proceedings of the 1989 IEEE Symposium on Security and Privacy pp. 248–258 (May 1989).
    DOI: 10.1109/SECPRI.1989.36299
  695. S. N. Foley. “A Nonfunctional Approach to System Integrity,” IEEE Journal on Selected Areas in Communication 21(1) pp. 36–43 (Jan. 2003).
    DOI: 10.1109/JSAC.2002.806124
  696. S. N. Foley and J. Jacob. “Specifying Security for CSCW Systems,” Proceedings of the Eighth Computer Security Foundations Workshop pp. 136–149 (June 1995).
    DOI: 10.1109/CSFW.1995.518559
  697. B. Ford and R. Cox. “Vx32: Lightweight User-level Sandboxing on the x86,” Proceedings of the 2008 USENIX Annual Technical Conference pp. 293–306 (June 2008).
  698. D. Ford, F. Labelle, I. Popovici, M. Stokely, V.-A. Truong, L. Barroso, C. Grimes, and S. Quinlan. “Availability in Globally Distributed Storage Systems,” Proceedings of the Ninth USENIX Symposium on Operating Systems Design and Implementation pp. 61–74 (Oct. 2010)
    URL: http://static.usenix.org/events/osdi10/tech/full_papers/Ford.pdf
  699. W. Ford and M. S. Baum. Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption, Prentice Hall, Inc, Upper Saddle River, NJ, USA (Dec. 2000)
    ISBN: 978-0-13-027276-8
  700. S. Forrest and C. Beauchemin. “Computer Immunology,” Immunological Reviews 216(1) pp. 176–197 (Apr. 2007).
    DOI: 10.1111/j.1600-065X.2007.00499.x
  701. S. Forrest, S. A. Hofmeyr, and A. Somayaji. “Computer Immunology,” Communications of the ACM 40(10) pp. 88–96 (Oct. 1997).
    DOI: 10.1145/262793.262811
  702. S. Forrest, S. A. Hofmeyr, and A. Somayaji. “The Evolution of System-Call Monitoring,” Proceedings of the 24th Annual Computer Security Applications Conference pp. 418–430 (Dec. 2008).
    DOI: 10.1109/ACSAC.2008.54
  703. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. “A Sense of Self for Unix Processes,” Proceedings of the 1996 IEEE Symposium on Security and Privacy pp. 120–128 (May 1996).
    DOI: 10.1109/SECPRI.1996.502675
  704. S. Forrest, A. S. Perelson, L. Allen, and R. Cherukluri. “Self-Nonself Discrimination in a Computer,” Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy pp. 202–212 (May 1994).
    DOI: 10.1109/RISP.1994.296580
  705. J. E. Forrester and B. P. Miller. “An Empirical Study of the Robustness of Windows NT Applications Using Random Testing,” Proceedings of the Fourth USENIX Windows Systems Symposium pp. 59–68 (Aug. 2000)
    URL: https://www.usenix.org/legacy/publications/library/proceedings/usenix-win2000/forrester.html
  706. J. C. Foster, V. Osipov, N. Bhalla, and N. HeinenBuffer Overflow Attacks: Detect, Exploit, Prevent, Syngress Publishing, Inc., Rockland, MA, USA (2005)
    ISBN: 978-1-932266-67-2
  707. M. Foster. The Secure CEO: How to Protect Your Computer Systems, Your Company, and Your Job, Prime Concepts Group Publishing, Witchita, KS, USA (2007)
    ISBN: 978-0-9715578-0-2
  708. D. Fotakis and S. Gritzalis. “Efficient Heuristic Algorithms for Correcting the Cascade Vulnerability Problem for Interconnected Networks,” Computer Communications 29(11) pp. 2109–2122 (July 2006).
    DOI: 10.1016/j.comcom.2006.01.007
  709. FreeBSD Foundation. FreeBSD 9.0 Library Functions Manual: crypt(3) — Trapdoor encryption, (Apr. 2011)
    URL: http://www.freebsd.org/cgi/man.cgi?query=crypt&sektion=3&apropos=0&manpath=FreeBSD+9-current
  710. P.-A. Fouque, G. Leurent, and P. Q. Nguyen. “Full Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5,” Advances in Cryptology — CRYPTO 2007 (Lecture Notes in Computer Science 4622) pp. 13–30 (Aug. 2007).
    DOI: 10.1007/978-3-540-74143-5_2
  711. P.-A. Fouque, G. Martinet, F. Valette, and S. Zimmer. “On the Security of the CCM Encryption Mode and of a Slight Variant,” Proceedings of the Sixth International Conference on Applied Cryptography and Network Security ( Lecture Notes in Computer Science 5037) pp. 411–428 (June 2008).
    DOI: 10.1007/978-3-540-68914-0_25
  712. A. P. Fournaris, L. Pocero Fraile, and O. Koufopavlou. “Exploiting Hardware Vulnerabilities to Attack Embedded System Devices: a Survey of Potent Microarchitectural Attacks,” Electronics 6(3) pp. 52:1–52:15 (Sep. 2017).
    DOI: 10.3390/electronics6030052
  713. J. Frank. “Artificial Intelligence and Intrusion Detection: Current and Future Directions,” Proceedings of the 17th National Computer Security Conference pp. 22–33 (Oct. 1994).
  714. M. Frank, D. Basin, and J. M. Buhmann. “A Class of Probabilistic Models for Role Engineering,” Proceedings of the 15th ACM Conference on Computer and Communications Security pp. 299–310 (Oct. 2008).
    DOI: 10.1145/1455770.1455809
  715. S. Frankel and S. Krishnan. IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap, RFC 6071 (Feb. 2011).
    DOI: 10.17487/RFC6071
  716. J. Franklin, M. Luk, J. M. McCune, A. Seshadri, A. Perrig, and L. van Doorn. “Remote Detection of Virtual Machine Monitors with Fuzzy Benchmarking,” ACM SIGOPS Operating Systems Review 42(3) pp. 83–92 (Apr. 2008).
    DOI: 10.1145/1368506.1368518
  717. G. Frantzeskou, S. MacDonell, E. Stamatatos, and S. Gritzalis. “Examining the Significance of High-Level Programming Features in Source Code Author Classification,” Journal of Systems and Software 81(3) pp. 447–460 (Mar. 2008).
    DOI: 10.1016/j.jss.2007.03.004
  718. G. Frantzeskou, E. Stamatatos, S. Gritzalis, and S. Katsikas. “Effective Identification of Source Code Authors Using Byte-Level Information,” Proceedings of the 28th International Conference on Software Engineering pp. 893–896 (May 2006).
    DOI: 10.1145/1134285.1134445
  719. T. Fraser and L. Badger. “Ensuring Continuity During Dynamic Security Policy Reconfiguration in DTE,” Proceedings of the 1998 IEEE Symposium on Security and Privacy pp. 15–26 (May 1998).
    DOI: 10.1109/SECPRI.1998.674820
  720. T. Fraser, L. Badger, and M. Feldman. “Hardening COTS Software with Generic Software Wrappers,” Proceedings of the 1999 IEEE Symposium on Security and Privacy pp. 2–16 (May 1999).
    DOI: 10.1109/SECPRI.1999.766713
  721. C. Fredenburgh. Judge Approves Settlement In SONY BMG Class Action. (May 2006)
    URL: http://www.law360.com/articles/6696/judge-approves-settlement-in-sony-bmg-class-action
  722. A. Freedman. How to Make BSD (SunOS) Kernels SYN-Attack Resistant (Sep. 1996)
    URL: http://avi.freedman.net/fromnetaxs/syn/syn.html
  723. D. H. Freedman and C. C. Mann. At Large: The Strange Case of the World’s Biggest Internet Invasion, Touchstone, New York, NY, USA (1998)
    ISBN: 978-0-684-83558-7
  724. A. O. Freier, P. Karlton, and P. C. Kocher. The Secure Sockers Layer (SSL) Protocol Version 3.0, RFC 6101 (Aug. 2011).
    DOI: 10.17487/RFC6101
  725. M. Freire-Santos, J. Fierrez-Aguilar, and J. Ortega-Garcia. “Cryptographic Key Generation Using Handwritten Signature,” Proceedings of SPIE 6202: Biometric Technology for Human Identification III pp. 62020N:1–7 (Apr. 2006).
    DOI: 10.1117/12.665875
  726. Æ. Frisch. Essential System Administration, O’Reilly Media, Inc., Sebastopol, CA, USA (Aug. 2002)
    ISBN: 978-0-596-00343-2
  727. A. M. Froomkin. “The Metaphor is the Key: Cryptography, the Clipper Chip, and the Constitution,” University of Pennsylvania Law Review 143(3) pp. 709–897 (1994-1995)
    URL: https://scholarship.law.upenn.edu/penn_law_review/vol143/iss3/3/
  728. K. Fu and J. Blum. “Controlling for Cybersecurity Risks of Medical Device Software,” Communications of the ACM 56(10) pp. 35–37 (Oct. 2013).
    DOI: 10.1145/2508701
  729. S. V. K. Gaddam and M. Lal. “Efficient Cancellable Biometric Key Generation Scheme for Cryptography,” International Journal of Network Security 11(2) pp. 61–69 (Sep. 2010)
    URL: http://ijns.jalaxy.com.tw/download_paper.jsp?PaperID=IJNS-2008-06-24-1&PaperName=ijns-v11-n2/ijns-2010-v11-n2-p61-69.pdf
  730. J. E. Gaffney Jr. and J. W. Ulvila. “Evaluation of Intrusion Detectors: A Decision Theory Approach,” Proceedings of the 2001 IEEE Symposium on Security and Privacy pp. 50–61 (May 2001).
    DOI: 10.1109/SECPRI.2001.924287
  731. H. F. Gaines. Cryptanalysis: A Study of Ciphers and Their Solution, Dover Publications, New York, NY, USA (1956)
    ISBN: 978-0-486-20097-2
  732. T. Gamage and B. McMillin. “Nondeducibility-Based Analysis of Cyber-Physical Systems,” Proceedings ot the Third Annual IFIP WG 11.10 International Conference on Critical Infrastructure Protection (IFIP Advances in Information and Communication Technology 311) pp. 169–183 (Mar. 2009).
    DOI: 10.1007/978-3-642-04798-5_12
  733. D. Gambel. “Security Modeling for Public Safety Communication Specifications,” Proceedings of the 20th National Information Systems Security Conference pp. 514–521 (Oct. 1997).
  734. D. Gambetta (ed.). Trust: Making and Breaking Cooperative Relations, Basil Blackwell Ltd., Oxford, UK (1988)
    ISBN: 978-0-631-17587-2
  735. R. Ganesan. “The Yaksha Security System,” Communications of the ACM 39(3) pp. 55–60 (Mar. 1996).
    DOI: 10.1145/227234.227242
  736. R. Ganesan and C. Davies. “A New Attack on Random Pronounceable Password Generators,” Proceedings of the 17th National Computer Security Conference pp. 184–187 (Oct. 1994).
  737. L. Garber. “Worm Targets Industrial-Plant Operations,” IEEE Computer 43(11) pp. 15–16 (Nov. 2010).
    DOI: 10.1109/MC.2010.333
  738. A. V. Garcia and J.-P. Seifert. “On the Implementation of the Advanced Encryption Standard on a Public-Key Crypto-Coprocessor,” Proceedings of the 5th Smart Card Research and Advanced Application Conference pp. 135–145 (Nov. 2002)
    URL: http://www.usenix.org/publications/library/proceedings/cardis02/valverde.html
  739. J. Gardner and L. Xiong. “An Integrated Framework for De-Identifying Unstructured Medical Data,” Data & Knowledge Engineering 68(12) pp. 1441–1451 (Dec. 2009).
    DOI: 10.1016/j.datak.2009.07.006
  740. M. Garetto, W. Ging, and D. Towsley. “Modeling Malware Spreading Dynamics,” Proceedings of the 22nd Annual Joint Conference of the IEEE Computer and Communications Societies pp. 1869–1879 (Mar. 2003).
    DOI: 10.1109/INFCOM.2003.1209209
  741. S. Garfinkel. PGP: Pretty Good Privacy, O’Reilly Media, Sebastopol, CA, USA (Dec. 1994)
    ISBN: 978-1-565-92098-9
  742. S. Garfinkel. Database Nation: The Death of Privacy in the 21st Century, O’Reilly Media, Inc., Sebastopol, CA, USA (2000).
    ISBN: 978-0-596-00105-6
  743. S. Garfinkel. “Anti-Forensics: Techniques, Detection and Countermeasures,” Proceedings of the Second International Conference on i-Warfare and Security pp. 77–84 (Mar. 2007)
    URL: http://hdl.handle.net/10945/44248
  744. S. L. Garfinkel, D. Margrave, J. I. Schiller, E. Nordlander, and R. C. Miller. “How to Make Secure Email Easier to Use,” Proceedings of the 2005 SIGCHI Conference on Human Factors in Computing Systems pp. 701–710 (Apr. 2005).
    DOI: 10.1145/1054972.1055069
  745. S. L. Garfinkel and R. C. Miller. “Johnny 2: A User Test of Key Continuity Management with S/MIME and Outlook Express,” Proceedings of the 2005 Symposium on Usable Privacy and Security pp. 13–24 (July 2005).
    DOI: 10.1145/1073001.1073003
  746. S. Garfinkel and G. Spafford. Web Security, Privacy & Commerce, O’Reilly Media, Sebastopol, CA, USA (Nov. 2001)
    ISBN: 978-0-596-00045-5
  747. S. Garfinkel, G. Spafford, and A. Schwartz. Practical UNIX and Internet Security, O’Reilly Media, Inc., Sebastopol, CA, USA (Feb. 2003)
    ISBN: 978-0-596-003230-4
  748. T. Garfinkel. “Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools,” Proceedings of the 2003 Symposium on Network and Distributed System Security (Feb. 2003)
    URL: http://www.isoc.org/isoc/conferences/ndss/03/proceedings/papers/11.pdf
  749. A. Gargantini, L. Liberati, A. Morzenti, and C. Zacchetti. “Specifying, Validating, and Testing a Traffic Management System in the TRIO Environment,” Proceedings of the 11th Annual Conference on Computer Assurance pp. 65–76 (June 1996).
    DOI: 10.1109/CMPASS.1996.507876
  750. P. D. Garnett. “Selective Disassembly: A First Step Towards Developing a Virus Filter,” Proceedings of the Fourth Annual Computer Security Applications Conference pp. 2–6 (Sep. 1988).
    DOI: 10.1109/ACSAC.1988.113408
  751. P. Garrett. The Mathematics of Coding Theory, Pearson Education, Englewood Cliffs, NJ, USA (2004)
    ISBN: 978-0-13-101967-6
  752. M. Gasser. A Random Word Generator for Pronounceable Passwords, Technical Report ESD-TR-75-97, Electronic System Division, Hanscom Air Force Base, Bedford, MA, USA (Nov. 1975)
    URL: http://www.dtic.mil/dtic/tr/fulltext/u2/a017676.pdf
  753. C. Gates and M. Bishop. “One of These Records Is Not Like the Others,” Proceedings of the Third USENIX Workshop on the Theory and Practice of Provenance (June 2011)
    URL: https://www.usenix.org/legacy/event/tapp11/tech/final_files/Gates.pdf
  754. X. Ge, F. Polack, and R. Laleau. “Secure Databases: An Analysis of Clark-Wilson Model in a Database Environment,” Proceedings of the 16th International Conference on Advanced Information Systems Engineering ( Lecture Notes in Computer Science 3084) pp. 234–247 (June 2004).
    DOI: 10.1007/978-3-540-25975-6_18
  755. D. Geer and J. Harthorne. “Penetration Testing: A Duet,” Proceedings of the 18th Annual Computer Security Applications Conference (Dec. 2002).
    DOI: 10.1109/CSAC.2002.1176290
  756. E. F. Gehringer. “Changing Passwords: Security and Human Factors,” Proceedings of the 2002 International Symposium on Technology and Society pp. 369–373 (June 2002).
    DOI: 10.1109/ISTAS.2002.1013839
  757. M. Geiger. “Evaluating Commercial Counter-Forensic Tools,” Proceedings of the Fifth Digital Forensic Research Conference pp. 1–12 (Aug. 2005)
    URL: https://www.dfrws.org/sites/default/files/session-files/paper-evaluating_commercial_counter-forensic_tools.pdf
  758. E. Gelenbe and G. Loukas. “A Self-Aware Approach to Denial of Service Defence,” Computer Networks 51(5) pp. 1299–1314 (Apr. 2007).
    DOI: 10.1016/j.comnet.2006.09.009
  759. S. Genaim and F. Spoto. “Information Flow Analysis for Java Bytecode,” Proceedings of the Sixth International Conference on Verification, Model Checking, and Abstract Interpretation (Lecture Notes in Computer Science) pp. 346–362 (Jan. 2005).
    DOI: 10.1007/978-3-540-30579-8_23
  760. D. Genkin, A. Shamir, and E. Tromer. “Acoustic Cryptanalysis,” Journal of Cryptology 30(2) pp. 392–443 (Apr. 2017).
    DOI: 10.1007/s00145-015-9224-2
  761. C. Gentry. “A Fully Homomorphic Encryption Scheme,” Ph.D. Dissertation, Stanford University, Stanford, CA, USA (Sep. 2009)
    URL: https://crypto.stanford.edu/craig/craig-thesis.pdf
  762. C. Gentry. “Computing Arbitrary Functions of Encrypted Data,” Communications of the ACM 53(3) pp. 97–105 (Mar. 2010).
    DOI: 10.1145/1666420.1666444
  763. A. K. Ghosh. E-Commerce Security: Weak Links, Best Defenses, John Wiley & Sons, Inc., New York, NY, USA (Jan. 1998)
    ISBN: 978-0-471-19223-7
  764. A. K. Ghosh, T. O’Connor, and G. McGraw. “An Automated Approach for Identifying Potential Vulnerabilities in Software,” Proceedings of the 1998 IEEE Symposium on Security and Privacy pp. 104–114 (May 1998).
    DOI: 10.1109/SECPRI.1998.674827
  765. S. Gianvecchio, H. Wang, D. Wijesekeran, and S. Jajodia. “Model-Based Covert Timing Channels: Automated Modeling and Evasion,” Proceedings of the 11th International Workshop on Recent Advances in Intrusion Detection ( Lecture Notes in Computer Science 5230) pp. 211–230 (Sep. 2008).
    DOI: 10.1007/978-3-540-87403-4_12
  766. C. Gibler, J. Crussell, J. Erickson, and H. Chen. “AndroidLeaks: Automatically Detecting Potential Privacy Leaks in Android Applications on a Large Scale,” Proceedings of the Fifth International Conference on Trust and Trustworthy Computing (Lecture Notes in Computer Science) pp. 291–307 (June 2012).
    DOI: 10.1007/978-3-642-30921-2_17
  767. D. Gibson. Microsoft Windows Security Essentials, Sybex, Indianapolis, IN, USA (2011)
    ISBN: 978-1-118-01684-8
  768. K. L. Gibson and J. M. Smith. “The Emperor’s New Masks: On Demographic Differences and Disguises,” Proceedings of the 2015 IEEE Conference on Computer Vision and Pattern Recognition Workshops pp. 57–64 (June 2015).
    DOI: 10.1109/CVPRW.2015.7301320
  769. D. K. Gifford. “Cryptographic Sealing for Information Secrecy and Authentication,” Communications of the ACM 25(4) pp. 274–286 (Apr. 1982).
    DOI: 10.1145/358468.358493
  770. H. Gilbert and G. Chassé. “A Statistical Attack of the FEAL-8 Cryptosystem,” Advances in Cryptology — CRYPTO ’90 (Lecture Notes in Computer Science 537) pp. 22–33 (Aug. 1990).
    DOI: 10.1007/3-540-38424-3_2
  771. D. Gilliam, J. Kelly, J. Powell, and M. Bishop. “Development of a Software Security Assessment Instrument to Reduce Software Security Risk,” Proceedings of the Tenth IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprise pp. 144–149 (June 2001).
    DOI: 10.1109/ENABL.2001.953404
  772. V. D. Gligor. “A Note on Denial-of-Service in Operating Systems,” IEEE Transactions on Software Engineering SE-10(3) pp. 320–324 (May 1984).
    DOI: 10.1109/TSE.1984.5010241
  773. V. D. Gligor. Guidelines for Trusted Facility Management and Audit, Technical Report, University of Maryland (1985).
  774. V. D. Gligor. “Guaranteeing Access in Spite of Distributed Service-Flooding Attacks,” Proceedings of the 11th International Workshop on Security Protocols (Lecture Notes in Computer Science 3364) pp. 80–96 (Apr. 2003).
    DOI: 10.1007/11542322_12
  775. V. D. Gligor, C. S. Chandersekaran, R. S. Chapman, L. J. Dotterer, M. S. Hecht, W.-D. Jiang, A. Johri, G. L. Luckenbaugh, and N. Vasudevan. “Design and Implementation of Secure Xenix,” IEEE Transactions on Software Engineering 13(2) pp. 208–221 (Feb. 1987).
    DOI: 10.1109/TSE.1987.232893
  776. V. Gligor and P. Donescu. “Integrity-Aware PCBC Encryption Schemes,” Proceedings of the Seventh International Workshop on Security Protocols (Lecture Notes in Computer Science 1796) pp. 153–168 (Apr. 1999).
    DOI: 10.1007/10720107_22
  777. V. D. Gligor and P. Donescu. “Fast Encryption and Authentication: XCBC Encryption and XECB Authentication Modes,” Proceedings of the Eighth International Workshop on Fast Software Encryption (Lecture Notes in Computer Science 2355) pp. 92–108 (Apr. 2001).
    DOI: 10.1007/3-540-45473-X_8
  778. V. D. Gligor, S. I. Gavrila, and D. Ferraiolo. “On the Formal Definition of Separation-of-Duty Policies and Their Composition,” Proceedings of the 1998 IEEE Symposium on Security and Privacy pp. 172–183 (May 1998).
    DOI: 10.1109/SECPRI.1998.674833
  779. V. Goel and N. Perlroth. “Yahoo Says 1 Billion User Accounts Were Hacked,” The New York Times p. A1 (Dec. 15 2016)
    URL: https://www.nytimes.com/2016/12/14/technology/yahoo-hack.html
  780. J. A. Goguen and J. Meseguer. “Security Policies and Security Models,” Proceedings of the 1982 IEEE Symposium on Security and Privacy pp. 11–20 (Apr. 1982).
    DOI: 10.1109/SP.1982.10014
  781. J. Golbeck and J. Hendler. “Accuracy of Metrics for Inferring Trust and Reputation in Semantic Web-Based Social Networks,” Proceedings of the 14th International Conference on Engineering Knowledge in the Age of the Semantic Web 3257 pp. 116–131 (Oct. 2004).
    DOI: 10.1007/978-3-540-30202-5_8
  782. J. Golbeck (ed). Computing with Social Trust, Springer, London, UK (2009)
    ISBN: 978-1-84800-355-2
  783. B. D. Gold, R. R. Linde, and P. F. Cudney. “KVM/370 in Retrospect,” Proceedings of the 1984 IEEE Symposium on Security and Privacy pp. 13–23 (Apr. 1984).
    DOI: 10.1109/SP.1984.10002
  784. B. Gold, R. Linde, R. Peeler, M. Schaefer, J. Scheid, and P. Ward. “A Security Retrofit of VM/370,” Proceedings of the AFIPS ’79 International Workshop on Managing Requirements Knowledge pp. 335–344 (June 1979).
    DOI: 10.1109/AFIPS.1979.15
  785. I. Goldberg, D. Wagner, and E. Brewer. “Privacy-Enhancing Technologies for the Internet,” Proceedings of IEEE Compcon ’97 pp. 103–109 (Feb. 1997).
    DOI: 10.1109/CMPCON.1997.584680
  786. I. Goldberg, D. Wagner, R. Thomas, and E. Brewer. “A Secure Environment for Untrusted Helper Applications (Confining the Wily Hacker),” Proceedings of the Sixth USENIX UNIX Security Symposium (July 1996)
    URL: https://www.usenix.org/legacy/publications/library/proceedings/sec96/goldberg.html
  787. O. Goldreich. Foundations of Cryptography: Volume 1, Basic Tools, Cambridge University Press, Cambridge, United Kingdom (2007).
    ISBN: 978-0-521-03536-1
  788. O. Goldreich. Foundations of Cryptography: Volume 2, Basic Applications, Cambridge University Press, Cambridge, United Kingdom (2009)
    ISBN: 978-0-521-11991-7
  789. D. M. Goldschlag, M. G. Reed, and P. F. Syverson. “Hiding Routing Information,” Proceedings of the First International Workshop on Information Hiding (Lecture Notes in Computer Science) pp. 137–150 (May 1996).
    DOI: 10.1007/3-540-61996-8_37
  790. Z. Gołębiewski, M. Kutyłowski, and F. Zagórski. “Stealing Secrets with SSL/TLS and SSH—Kleptographic Attacks,” Proceedings of the 5th International Conference on Cryptology and Network Security ( Lecture Notes in Computer Science 4301) pp. 191–202 (Dec. 2006).
    DOI: 10.1007/11935070_13
  791. J. D. Golić, V. Bagini, and G. Morgari. “Linear Cryptanalysis of Bluetooth Stream Cipher,” Advances in Cryptology — EUROCRYPT 2002 (Lecture Notes in Computer Science 2332) pp. 238–255 (Apr. 2002).
    DOI: 10.1007/3-540-46035-7_16
  792. P. Golle. “Revisiting the Uniqueness of Simple Demographics in the US Population,” Proceedings of the Fifth ACM Workshop on Privacy in Electronic Society pp. 77–80 (Oct. 2006).
    DOI: 10.1145/1179601.1179615
  793. P. Golle and A. Juels. “Dining Cryptographers Revisited,” Advances in Cryptology — EUROCRYPT 2004 (Lecture Notes in Computer Science 3027) pp. 456–473 (May 2004).
    DOI: 10.1007/978-3-540-24676-3_27
  794. L. Gong. “A Secure Identity-Based Capability System,” Proceedings of the 1989 IEEE Symposium on Security and Privacy pp. 56–63 (May 1989).
    DOI: 10.1109/SECPRI.1989.36277
  795. L. Gong. “A Security Risk of Depending on Synchronized Clocks,” ACM SIGOPS Operating Systems Review 26(1) pp. 49–53 (Jan. 1992).
    DOI: 10.1145/130704.130709
  796. L. Gong and S. Dodda. “Security Assurance Efforts in Engineering Java 2 SE (JDK 1.2),” Proceedings of the Fourth IEEE International Symposium on High-Assurance Systems Engineering pp. 89–93 (Nov. 1999).
    DOI: 10.1109/HASE.1999.809479
  797. L. Gong and X. Qian. “The Complexity and Composability of Secure Interoperation,” Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy pp. 190–200 (May 1994).
    DOI: 10.1109/RISP.1994.296581
  798. L. Gong and X. Qian. “Computational Issues in Secure Interoperation,” IEEE Transactions on Software Engineering 22(1) pp. 43–52 (Jan. 1996).
    DOI: 10.1109/32.481533
  799. D. Goodin. Failure to Patch Two-Month-Old Bug Led to Massive Equifax Breach (Sep. 2017).
    URL: https://arstechnica.com/information-technology/2017/09/massive-equifax-breach-caused-by-failure-to-patch-two-month-old-bug/
  800. S. K. Gorantia, S. Kadloor, T. P. Coleman, N. Kiyavash, I. S. Moskowitz, and M. H. Kang. “Directed Information and the NRL Network Pump,” Proceedings of the 2010 International Symposium on Information Theory and Its Applications pp. 343–348 (Oct. 2010).
    DOI: 10.1109/ISITA.2010.5649143
  801. S. K. Gorantia, S. Kadloor, N. Kiyavash, T. P. Coleman, I. S. Moskowitz, and M. H. Kang. “Characterizing the Efficacy of the NRL Network Pump in Mitigating Covert Timing Channels,” IEEE Transactions on Information Forensics and Security 7(1) pp. 64–75 (Feb. 2012).
    DOI: 10.1109/TIFS.2011.2163398
  802. M. J. C. Gordon and T. F. Melham (eds.). Introduction to HOL: A Theorem Proving Environment for Higher Order Logic, Cambridge University Press, New York, NY, USA (1993).
    ISBN: 978-0-521-44189-6
  803. M. Gorski and S. Lucks. “New Related-Key Boomerang Attacks on AES,” Proceedings of the Ninth International Conference on Cryptology in India: Progress in Cryptology — INDOCRYPT 2008 (Lecture Notes in Computer Science 5365) pp. 266–278 (Dec. 2008).
    DOI: 10.1007/978-3-540-89754-5_21
  804. M. G. Graff and K. R. van Wyk. Secure Coding: Principles and Practices, O’Reilly and Associates, Sebastopol, CA, USA (2003).
    ISBN: 978-0-596-00242-4
  805. G. S. Graham and P. J. Denning. “Protection: Principles and Practice,” AFIPS Conference Proceedings: 1971 Fall Joint Computer Conference pp. 417–429 (Nov. 1972).
    DOI: 10.1145/1478873.1478928
  806. J. Graham-Cumming. “Some Laws of Non-Interference,” Proceedings of the Fifth Computer Security Foundations Workshop pp. 22–33 (June 1992).
    DOI: 10.1109/CSFW.1992.236790
  807. F. T. Grampp and R. H. Morris. “UNIX Operating System Security,” AT&T Bell Laboratories Technical Journal 63(8) pp. 1649–1672 (Oct. 1984).
    DOI: 0.1002/j.1538-7305.1984.tb00058.x
  808. G. Gran. Understanding Digital Signatures: Establishing Trust Over the Internet and Other Networks, McGraw-Hill, New York, NY, USA (1997)
    ISBN: 978-0-07-012554-4
  809. T. Grandison and M. Sloman. “A Survey of Trust in Internet Applications,” IEEE Communications Surveys & Tutorials 3(4) pp. 2–16 (Fourth Quarter 2000).
    DOI: 10.1109/COMST.2000.5340804
  810. T. Grandison and M. Sloman. “Trust Management Tools for Internet Applications,” Proceedings of the First International Conference on Trust Management (Lecture Notes in Computer Science 2692) pp. 91–107 (May 2003).
    DOI: 10.1007/3-540-44875-6_7
  811. L. Grant. “DES Key Crunching for Safer Cypher Keys,” ACM SIGSAC Review 5(3) pp. 9–16 (Aug. 1987).
    DOI: 10.1145/36342.36344
  812. R. Graubart. “The Integrity-Lock Approach to Secure Database Management,” Proceedings of the 1984 IEEE Symposium on Security and Privacy pp. 62–74 (Apr. 1984).
    DOI: 10.1109/SP.1984.10017
  813. R. Graubart. “On the Need for a Third Form of Access Control,” Proceedings of the 12th National Computer Security Conference pp. 296–304 (Oct. 1989).
  814. A. Gray. “An Historical Perspective of Software Vulnerability Management,” Information Secuirty Technical Report 8(4) pp. 34–44 (Apr. 2003).
    DOI: 10.1016/S1363-4127(03)00005-0
  815. J. W. Gray III. “Toward a Mathematical Foundation for Information Flow Security,” Journal of Computer Security 1(3-4) pp. 255–294 (1992).
    DOI: 10.3233/JCS-1992-13-405
  816. J. W. Gray III. “On Introducing Noise Into the Bus-Contention Channel,” Proceedings of the 1993 IEEE Symposium on Research in Security and Privacy pp. 90–98 (May 1993).
    DOI: 10.1109/RISP.1993.287640
  817. J. L. Green and P. L. Sisson. “The “Father Christmas Worm”,” Proceedings of the 12th National Computer Security Conference pp. 359–368 (Oct. 1989).
  818. M. Green, D. C. MacFarland, D. R. Smestad, and C. A. Shue. “Characterizing Network-Based Moving Target Defenses,” Proceedings of the Second ACM Workshop on Moving Target Defense pp. 31–35 (Oct. 2015).
    DOI: 10.1145/2808475.2808484
  819. L. T. Greenberg, S. E. Goodman, and K. J. Soo Hoo. Information Warfare and International Law, National Defense University Press, Washington, DC, USA (1997)
    ISBN: 978-1-57906-001-5
  820. L. G. Greenwald and T. J. Thomas. “Toward Undetected Operating System Fingerprinting,” Proceedings of the First USENIX Workshop on Offensive Technologies (Aug. 2007)
    URL: http://static.usenix.org/legacy/events/woot07/tech/full_papers/greenwald/greenwald.pdf
  821. K. Griffin, S. Schneider, X. Hu, and T.-c. Chiueh. “Automatic Generation of String Signatures for Malware Detection,” Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection ( Lecture Notes in Computer Science) pp. 101–120 (Sep. 2009).
    DOI: 10.1007/978-3-642-04342-0_6
  822. P. P. Griffiths and B. W. Wade. “An Authorization Mechanism for a Relational Database System,” ACM Transactions on Database Systems 1(3) pp. 242–255 (Sep. 1976).
    DOI: 10.1145/320473.320482
  823. J. B. Grizzard, V. Sharma, C. Nunnery, B. B. Kang, and D. Dagon. “Peer-to-Peer Botnets: Overview and Case Study,” Proceedings of the First Workshop on Hot Topics in Understanding Botnets pp. 1–8 (Apr. 2007)
    URL: https://www.usenix.org/legacy/event/hotbots07/tech/full_papers/grizzard/grizzard.pdf
  824. S. Groat, M. Dunlop, W. Urbanski, R. Marchany, and J. Tront. “Using an IPv6 Moving Target Defense to Protect the Smart Grid,” Proceedings of the 2012 IEEE PES Innovative Smart Grid Technologies (Jan. 2012).
    DOI: 10.1109/ISGT.2012.6175633
  825. E. Grosse and M. Upadhyay. “Authentication at Scale,” IEEE Security & Privacy 11(1) pp. 15–22 (Jan. 2013).
    DOI: 10.1109/MSP.2012.162
  826. D. Gruss, C. Maurice, and S. Mangard. “Rowhammer.js: A Remote Software-Induced Fault Attack in Javascript,” Computing Research Repository (arXiv:1507.06955v5 [cs.CR]) (Apr. 2016)
    URL: http://arxiv.org/abs/1507.06955
  827. G. Gu, P. Fogla, D. Dagon, W. Lee, and B. Skorić. “Measuring Intrusion Detection Capability: An Information-Theoretic Approach,” Proceedings of the 13th ACM Conference on Computer and Communications Security pp. 90–101 (Mar. 2006).
    DOI: 10.1145/1128817.1128834
  828. Y. Gu, A. McCallum, and D. Towsley. “Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation,” Proceedings of the First ACM SIGCOMM Conference on Internet Measurement pp. 345–350 (Oct. 2005)
    URL: https://www.usenix.org/conference/imc-05/detecting-anomalies-network-traffic-using-maximum-entropy-estimation
  829. K. Gudka, R. N. M. Waton, S. Hand, B. Laurie, and A. Madhavapeddy. “Exploring Compartmentalisation Hypotheses with SOAAP,” Proceedings of the 6th IEEE International Conference on Self-Adaptive and Self-Organizing Systems Workshops pp. 23–30 (Sep. 2012).
    DOI: 10.1109/SASOW.2012.14
  830. K. Gudka, R. N. Watson, J. Anderson, D. Chisnall, B. Davis, B. Laurie, I. Marinos, P. G. Neumann, and A. Richardson. “Clean Application Compartmentalization with SOAAP,” Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security pp. 1016–1031 (Oct. 2015).
    DOI: 10.1145/2810103.2813611
  831. M. Guennoun, N. Abbad, J. Talom, S. M. M. Rahman, and K. El-Khatib. “Continuous Authentication by Electrocardiogram Data,” Proceedings of the 2009 IEEE Toronto International Conference on Science and Technology for Humanity pp. 40–42 (Sep. 2009).
    DOI: 10.1109/TIC-STH.2009.5444466
  832. S. Gueron. “Intel’s New AES Instructions for Enhanced Performance and Security,” Proceedings of the 16th International Workshop on Fast Software Encryption: Revised Selected Papers (Lecture Notes in Computer Science 5665) pp. 51–66 (Feb. 2009).
    DOI: 10.1007/978-3-642-03317-9_4
  833. S. Gueron. Intel Advanced Encryption Standard (AES) New Instructions Set, White Paper, Intel, Haifa, Israel (May 2010)
    URL: https://www.intel.com/content/dam/doc/white-paper/advanced-encryption-standard-new-instructions-set-paper.pdf
  834. C. Gülcü and G. Tsudik. “Mixing Email with Babel,” Proceedings of the 1996 Symposium on Network and Distributed System Security pp. 2–16 (Feb. 1996).
    DOI: 10.1109/NDSS.1996.492350
  835. D. Gunetti and C. Picardi. “Keystroke Analysis of Free Text,” ACM Transactions on Information and System Security 8(3) pp. 312–347 (Aug. 2005).
    DOI: 10.1145/1085126.1085129
  836. S. Gupta and V. D. Gligor. “Towards a Theory of Penetration-Resistant Systems and Its Applications,” Proceedings of the Fourth Computer Security Foundations Workshop pp. 62–78 (June 1991).
    DOI: 10.1109/CSFW.1991.151571
  837. S. Gupta and V. D. Gligor. “Experience with a Penetration Analysis Method and Tool,” Proceedings of the 15th National Computer Security Conference pp. 165–183 (Oct. 1992).
  838. P. Gutmann. Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS), RFC 7366 (Sep. 2014).
    DOI: 10.17487/RFC7366
  839. Z. Gutterman, B. Pinkas, and T. Reinman. “Analysis of the Linux Random Number Generator,” Proceedings of the 2006 IEEE Symposium on Security and Privacy pp. 371–385 (May 2006).
    DOI: 10.1109/SP.2006.5
  840. J. Guttman. “Information Flow and Invariance,” Proceedings of the 1987 IEEE Symposium on Security and Privacy pp. 67–73 (Apr. 1987).
    DOI: 10.1109/SP.1987.10022
  841. J. D. Guttman and M. E. Nadel. “What Needs Securing?,” Proceedings of the First Computer Security Foundations Workshop pp. 34–57 (June 1988).
  842. K. Hafner and J. Markoff. Cyberpunk: Outlaws and Hackers on the Computer Frontier, Simon & Schuster, New York, NY, USA (1991).
    ISBN: 978-0-684-81862-7
  843. S. Hai-Bo and H. Fan. “An Attribute-Based Access Control Model for Web Services,” Proceedings of the Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies pp. 74–79 (Dec. 2006).
    DOI: 10.1109/PDCAT.2006.28
  844. J. T. Haigh, R. A. Kemmerer, J. McHugh, and W. D. Young. “An Experience Using Two Covert Channel Analysis Techniques on a Real System Design,” Proceedings of the 1986 IEEE Symposium on Security and Privacy pp. 14–24 (Apr. 1986).
    DOI: 10.1109/SP.1986.10013
  845. J. T. Haigh, R. A. Kemmerer, J. McHugh, and W. D. Young. “An Experience Using Two Covert Channel Analysis Techniques on a Real System Design,” IEEE Transactions on Software Engineering 13(2) pp. 157–168 (Feb. 1987).
    DOI: 10.1109/TSE.1987.226479
  846. J. T. Haigh and W. D. Young. “Extending the Non-Interference Version of MLS for SAT,” Proceedings of the 1986 IEEE Symposium on Security and Privacy pp. 232–239 (Apr. 1986).
    DOI: 10.1109/SP.1986.10004
  847. J. W. Haines, L. M. Rossey, R. P. Lippmann, and R. K. Cunningham. “Extending the DARPA Off-Line Intrusion Detection Evaluations,” Proceedings of the 2001 DARPA Information Survivability Conference and Exposition II pp. 35–45 (June 2001).
    DOI: 10.1109/DISCEX.2001.932190
  848. V. Haldar, D. Chandra, and M. Franz. “Dynamic Taint Propagation for Java,” Proceedings of the 21st Annual Computer Security Applications Conference pp. 311–320 (Dec. 2005).
    DOI: 10.1109/CSAC.2005.21
  849. J. A. Halderman and E. W. Felten. “Lessons from the Sony CD ROM Episode,” Proceedings of the 15th USENIX Security Symposium pp. 77–92 (Aug. 2006)
    URL: https://www.usenix.org/legacy/event/sec06/tech/halderman.html
  850. J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, Appelbaum, and E. W. Felten. “Lest We Remember: Cold Boot Attacks on Encryption Keys,” Communications of the ACM 52(5) pp. 91–98 (May 2009).
    DOI: 10.1145/1506409.1506429
  851. P. Hallam-Baker. “Comodo SSL Affiliate: The Recent RA Compromise” Comodo Blog (Mar. 2011)
    URL: https://blog.comodo.com/other/the-recent-ra-compromise/
  852. N. Haller. “The S/Key One-Time Password System,” Proceedings of the 1994 Symposium on Network and Distributed System Security pp. 151–157 (Feb. 1994).
  853. N. Haller. The S/Key One-Time Password System, RFC 1760 (Feb. 1995).
    DOI: 10.17487/RFC1760
  854. S. E. Hallyn and A. G. Morgan. “Linux Capabilities: Making Them Work,” Proceedings of the Linux Symposium pp. 163–172 (July 2008)
    URL: https://landley.net/kdocs/mirror/ols2008v1.pdf#page=163
  855. D. Halperin, T. S. Heydt-Benjamin, K. Fu, T. Kohno, and W. H. Maisel. “Security and Privacy for Implantable Medical Devices,” IEEE Pervasive Computing 7(1) pp. 30–39 (Jan. 2008).
    DOI: 10.1109/MPRV.2008.16
  856. D. Halperin, T. S. Heydt-Benjamin, B. Ransford, S. S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W. H. Maisel. “Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses,” Proceedings of the 2008 IEEE Symposium on Security and Privacy pp. 129–142 (May 2008).
    DOI: 10.1109/SP.2008.31
  857. H. Hamed, E. Al-Shaer, and W. Marrero. “Modeling and Verification of IPSec and VPN Security Policies,” Proceedings of the 13th IEEE International Conference on Network Protocols pp. 259–278 (Nov. 2005).
    DOI: 10.1109/ICNP.2005.25
  858. A. Hamilton, J. Madison, and J. JayThe Federalist Papers, edited by C. Rossiter, Signet Classics, New York, NY, USA (1982).
    ISBN: 978-0-451-52881-0
  859. B. Hammond. Digital Signatures, McGraw-Hill Professional, New York, NY, USA (2002)
    ISBN: 978-0-07-219482-1
  860. J. Han and Y. Zheng. “Security Characterisation and Integrity Assurance for Component-Based Software,” Proceedings of the 2000 International Conference on Software Methods and Tools pp. 61–66 (Nov. 2000).
    DOI: 10.1109/SWMT.2000.890421
  861. H. Handschuh and B. Preneel. “Key-Recovery Attacks on Universal Hash Function Based MAC Algorithms,” Advances in Cryptology — CRYPTO 2008 ( Lecture Notes in Computer Science 5157) pp. 144–161 (Aug. 2008).
    DOI: 10.1007/978-3-540-85174-5_9
  862. K. S. Hanks, J. C. Knight, and E. A. Strunk. “Erroneous Requirements: A Linguistic Basis for Their Occurrence and an Approach to Their Reduction,” Proceedings of the 26th Annual NASA Goddard Software Engineering Workshop pp. 115–119 (Nov. 2001).
    DOI: 10.1109/SEW.2001.992664
  863. F. Hansen and V. Oleshchuk. “Spatial Role-Based Access Control Model for Wireless Networks,” Proceedings of the 58th IEEE Vehicular Technology Conference pp. 2093–2097 (Oct. 2003).
    DOI: 10.1109/VETECF.2003.1285394
  864. S. E. Hansen and E. T. Atkins. “Centralized System Monitoring With Swatch,” Proceedings of the Third USENIX UNIX Security Symposium pp. 105–117 (Sep. 1992)
    URL: https://www.usenix.org/legacy/publications/library/proceedings/sec92/full_papers/hansen.pdf
  865. S. E. Hansen and E. T. Atkins. “Automated System Monitoring and Notification With Swatch,” Proceedings of the USENIX Seventh System Administration Conference pp. 145–152 (Nov. 1993)
    URL: https://www.usenix.org/legacy/publications/library/proceedings/lisa93/hansen.html
  866. D. R. Hanson. “A Machine-Independent Debugger — Revisited,” Software: Practice and Experience 29(10) pp. 849–862 (Aug. 1999).
    DOI: 10.1002/(SICI)1097-024X(199908)29:10
  867. S. Hardcastle-Kille. X.500 and Domains, RFC 1279 (Nov. 1991).
    DOI: 10.17487/RFC1279
  868. N. Hardy. “KeyKOS Architecture,” ACM SIGOPS Operating Systems Review 19(4) pp. 8–25 (Oct. 1985).
    DOI: 10.1145/858336.858337
  869. A. Harmon. “Hackers May ‘Net’ Good PR for Studio,” Los Angeles Times p. D1 (Aug. 12 1995).
  870. T. Harmon and M. R. Lowry. “N-Version Programming in WCET Analysis: Revisiting a Discredited Idea,” Proceedings of the FSE/SDP Workshop on Future of Software Engineering Research pp. 157–160 (Nov. 2010).
    DOI: 10.1145/1882362.1882396
  871. B. Harris and R. Hunt. “Firewall Certification,” Computers & Security 18(2) pp. 165–177 (Mar. 1999).
    DOI: 10.1016/S0167-4048(99)80052-2
  872. R. Harris. “Arriving at an Anti-Forensics Consensus: Examining How to Define and Control the Anti-Forensics Problem,” Digital Investigation 3S pp. 44–49 (Sep. 2006).
    DOI: 10.1016/j.diin.2006.06.005
  873. M. A. Harrison and W. L. Ruzzo. “Monotonic Protection Systems,” in [533], pp. 337–363.
  874. M. A. Harrison, W. L. Ruzzo, and J. D. Ullman. “Protection in Operating Systems,” Communications of the ACM 19(8) pp. 461–471 (Aug. 1976).
    DOI: 10.1145/360303.360333
  875. R. Harrison. Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms, RFC 4513 (June 2006).
    DOI: 10.17487/RFC4513
  876. H. Härtig, O. Kowalski, and W. Kühnhauser. “The BirliX Security Architecture,” Journal of Computer Security 2(1) pp. 5–21 (1993).
  877. H. R. Hartson and D. K. Hsiao. “Full Protection Specifications in the Semantic Model for Database Protection Languages,” Proceedings of the 1976 ACM Annual Conference pp. 90–95 (Oct. 1976).
    DOI: 10.1145/800191.805538
  878. R. Hasan, R. Sion, and M. Winslett. “Introducing Secure Provenance: Problems and Challenges,” Proceedings of the 2007 ACM Workshop on Storage Security and Survivability pp. 13–18 (Oct. 2007).
    DOI: 10.1145/1314313.1314318
  879. J. A. Haskett. “Pass-algorithms: A User Validation Scheme Based on Knowledge of Secret Algorithms,” Communications of the ACM 27(8) pp. 777–781 (Aug. 1984).
    DOI: 10.1145/358198.358214
  880. E. Haugh and M. Bishop. “Testing C Programs for Buffer Overflow Vulnerabilities,” Proceedings of the 2003 Symposium on Network and Distributed System Security pp. 123–130 (Feb. 2003)
    URL: http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2017/09/Testing-C-Programs-for-Buffer-Overflow-Vulnerabilities-Eric-Haugh.pdf
  881. P. Hawkes and L. O’Connor. “On Applying Linear Cryptanalysis to IDEA,” Advances in Cryptology — ASIACRYPT ’96 (Lecture Notes in Computer Science 1163) pp. 105–115 (Nov. 1996).
    DOI: 10.1007/BFb0034839
  882. B. Hay and K. Nance. “Forensics Examination of Volatile System Data Using Virtual Introspection,” ACM SIGOPS Operating Systems Review pp. 74–82 (Apr. 2008).
    DOI: 10.1145/1368506.1368517
  883. T. Haynes and D. Noveck. Network File System (NFS) Version 4 Protocol, RFC 7530 (Mar. 2015).
    DOI: 10.17487/RFC7530
  884. J. Heather, G. Lowe, and S. Schneider. “How to Prevent Type Flaw Attacks on Security Protocols,” Proceedings of the 13th Computer Security Foundations Workshop pp. 255–268 (July 2000).
    DOI: 10.1109/CSFW.2000.856942
  885. B. Hebbard, P. Grosso, T. Baldridge, C. Chan, D. Fishman, P. Goshgarian, T. Hilton, J. Hoshen, K. Hoult, G. Huntley, M. Stolarchuk, and L. Warner. “A Penetration Analysis of the Michigan Terminal System,” ACM SIGOPS Operating Systems Review 14(1) pp. 7–20 (Jan. 1980).
    DOI: 10.1145/850693.850694
  886. L. T. Heberlein and M. Bishop. “Attack Class: Address Spoofing,” Proceedings of the 19th National Information Systems Security Conference pp. 371–377 (Oct. 1996).
  887. L. T. Heberlein, G. V. Dias, K. N. Levitt, B. Mukherjee, J. Wood, and D. Wolber. “A Network Security Monitor,” Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy pp. 296–304 (May 1990).
    DOI: 10.1109/RISP.1990.63859
  888. D. Hedin, A. Birgisson, L. Bello, and A. Sabelfeld. “JSFlow: Tracking Information Flow in JavaScript and Its APIs,” Proceedings of the 29th ACM Annual Symposium on Applied Computing pp. 1663–1671 (2014).
    DOI: 10.1145/2554850.2554909
  889. R. Hefner. “Lessons Learned with the Systems Security Engineering Capability Maturity Model,” Proceedings of the 19th International Conference on Software Engineering pp. 566–567 (May 1997).
    DOI: 10.1145/253228.253454
  890. R. Hefner. “A Process Standard for System Security Engineering: Development Experiences and Pilot Results,” Proceedings of the Third IEEE International Software Engineering Standards Symposium and Forum pp. 217–221 (June 1997).
    DOI: 10.1109/SESS.1997.595974
  891. J. S. Held and J. Bowers. Securing E-Business Applications and Communications, Auerbach Publications, New York, NY, USA (June 2001)
    ISBN: 0849309638
  892. H. Hellman. Great Feuds in Science: Ten of the Liveliest Disputes Ever, John H. Wiley & Sons, New York, NY, USA (1998).
    ISBN: 978-0-471-35066-8
  893. M. E. Hellman. “A Cryptanalytic Time-Memory Tradeoff,” IEEE Transactions on Information Theory 26(4) pp. 401–406 (July 1980).
    DOI: 10.1109/TIT.1980.1056220
  894. J. Helsingius. Johan Helsingius Closes His Internet Remailer (Aug. 1996)
    URL: https://w2.eff.org/Privacy/Anonymity/960830_penet_closure.announce
  895. C. Herley. “So Long, and No Thanks for the Externalities: The Rational Rejection of Security Advice by Users,” Proceedings of the 2009 Workshop on New Security Paradigms pp. 133–144 (Sep. 2009).
    DOI: 10.1145/1719030.1719050
  896. A. Herzberg and H. Leibowitz. “Can Johnny Finally Encrypt?: Evaluating E2E-encryption in Popular IM Applications,” Proceedings of the Sixth Workshop on Socio-Technical Aspects in Security and Trust pp. 17–28 (Dec. 2016).
    DOI: 10.1145/3046055.3046059
  897. A. Herzog and N. Shahmehri. “An Evaluation of Java Application Containers According to Security Requirements,” Proceedings of the 14th IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprise pp. 178–183 (June 2005).
    DOI: 10.1109/WETICE.2005.18
  898. P. Herzon. OSSTMM 3: Open Source Security Testing Methodology Manual, Technical Report, Institute for Security and Open Methodologies, New York, NY, USA (Dec. 2010)
    URL: http://www.isecom.org/mirror/OSSTMM.3.pdf
  899. P. M. Hesse and D. P. Lemire. “Managing Interoperability in Non-Hierarchical Public Key Infrastructures,” Proceedings of the 2002 Symposium on Network and Distributed System Security (Feb. 2002)
    URL: http://www.isoc.org/isoc/conferences/ndss/02/papers/hesse.pdf
  900. V. Heydari, S.-M. Yoo, and S.-i. Kim. “Secure VPN Using Mobile IPv6 Based Moving Target Defense,” Proceedings of the 2016 IEEE Global Communications Conference (Dec. 2016).
    DOI: 10.1109/GLOCOM.2016.7842255
  901. M. Hicks, M. Finnicum, S. T. King, M. M. K. Martin, and J. M. Smith. “Overcoming an Untrusted Computing Base: Detecting and Removing Malicious Hardware Automatically,” Proceedings of the 2010 IEEE Symposium on Security and Privacy pp. 159–172 (May 2010).
    DOI: 10.1109/SP.2010.18
  902. M. Hicks, C. Sturton, S. T. King, and J. M. Smith. “SPECS: A Lightweight Runtime Mechanism for Protecting Software from Security-Critical Processor Bugs,” ACM SIGARCH Computer Architecture News pp. 517–529 (Mar. 2015).
    DOI: 10.1145/2786763.2694366
  903. H. J. Highland. “Random Bits & Bytes: Case Histroy of a Virus Attack,” Computers & Security 7(1) pp. 3–5 (Feb. 1988).
    DOI: 10.1016/0167-4048(88)90488-9
  904. H. J. Highland. Computer VIrus Handbook, Elsevier Advanced Technology, Oxford, UK (1990)
    ISBN: 978-0-946395-46-0
  905. H. J. Highland. “Random Bits & Bytes: Testing a Password System,” Computers & Security 11(2) pp. 110–120 (Apr. 1992).
    DOI: 10.1016/0167-4048(92)90035-P
  906. J. Hizver and T.-C. Chiueh. “Real-Time Deep Virtual Machine Introspection and Its Applications,” Proceedings of the 10th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments pp. 3–14 (Mar. 2014).
    DOI: 10.1145/2576195.2576196
  907. T.-H. Ho, D. Dean, X. Gu, and W. Enck. “PREC: Practical Root Exploit Containment for Android Devices,” Proceedings of the 4th ACM Conference on Data and Application Security and Privacy pp. 187–198 (Mar. 2014).
    DOI: 10.1145/2557547.2557563
  908. J. A. Hoagland, C. Wee, and K. Levitt. Audit Log-Analysis Using the Visual Audit Browser Toolkit, Technical Report CSE-95-11, Dept. of Computer Science, University of California at Davis, Davis, CA, USA (Sep. 1995)
    URL: http://www.cs.ucdavis.edu/research/tech-reports/1995/CSE-95-11.pdf
  909. L. Hochstein. Ansible: Up and Running, O’Reilly Media, Sebastopol, CA, USA (20145)
    ISBN: 978-1-4919-1532-5
  910. L. J. Hoffman. “The Formulary Model for Flexible Privacy and Access Controls,” Proceedings of the AFIPS ’72 Spring Joint Computer Conference pp. 587–601 (May 1972).
    DOI: 10.1145/1479064.1479168
  911. L. J. Hoffman. Modern Methods for Computer Security and Privacy, Prentice-Hall, Englewood Cliffs, NJ, USA (1977).
    ISBN: 0-135-95207-7
  912. L. J. Hoffman and R. J. Davis. “Security Pipeline Interface (SPI),” Proceedings of the Sixth Annual Computer Security Applications Conference pp. 349–355 (Dec. 1990).
    DOI: 10.1109/CSAC.1990.143797
  913. L. J. Hoffman (ed.). Rogue Programs: Viruses, Worms and Trojan Horses, Van Nostrand Reinhold, New York, NY, USA (1990).
    ISBN: 978-0-442-00454-5
  914. J. Hoffstein, J. Pipher, and J. H. SilvermanAn Introduction to Mathematical Cryptography, Springer Science+Business Media, LLC, New York, NY, USA (2008)
    ISBN: 978-1-4419-2674-6
  915. S. A. Hofmeyr, S. Forrest, and A. Somayaji. “Intrusion Detection Using Sequences of System Calls,” Journal of Computer Security 6(3) pp. 151–180 (1998).
  916. C. Holz and P. Baudisch. “Fiberio: A Touchscreen That Senses Fingerprints,” Proceedings of the 26th Annual Symposium on User Interface Software and Technology pp. 41–50 (Oct. 2013).
    DOI: 10.1145/2501988.2502021
  917. T. Holz, C. Gorecki, K. Rieck, and F. C. Freiling. “Measuring and Detecting Fast-Flux Service Networks,” Proceedings of the 2008 Symposium on Network and Distributed System Security (Feb. 2008)
    URL: http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2017/09/Measuring-and-Detecting-Fast-Flux-Service-Networks-paper-Thorsten-Holz.pdf
  918. G. J. Holzmann. “The Model Checker SPIN,” IEEE Transactions on Software Engineering 23(5) pp. 279–295 (May 1997).
    DOI: 10.1109/32.588521
  919. Homer. The Odyssey, Penguin Classics, New York, NY, USA (Apr. 2003)
    ISBN: 978-0-14-044911-2
  920. M. Honan. “How Apple and Amazon Security Flaws Led to My Epic Hacking,” Wired (Aug. 2012)
    URL: https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/
  921. J. Hong. “The State of Phishing Attacks,” Communications of the ACM 55(1) pp. 74–81 (Jan. 2012).
    DOI: 10.1145/2063176.2063197
  922. J. Horswell and C. Fowler. “Associative Evidence — The Locard Exchange Principle,” in The Practice of Crime Scene Investigation, edited by J. Horswell, CRC Press, Boca Raton, FL, USA (2004)
    ISBN: 978-0-7484-0609-8
  923. J. D. Horton, R. H. Cooper, W. F. Hyslop, B. G. Nickerson, O. K. Ward, R. Harland, E. Ashby, and W. Stewart. “The Cascade Vulnerability Problem,” Journal of Computer Security 2(4) pp. 279–290 (1993).
    DOI: 10.3233/JCS-1993-2402
  924. A. D. Householder, G. Wassermann, A. Manion, and C. King. The CERT Guide to Coordinated Vulnerability Disclosure, Special Report CMU/SEI-2017-SR-022, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, USA (Aug. 2017)
    URL: https://resources.sei.cmu.edu/asset_files/SpecialReport/2017_003_001_503340.pdf
  925. R. Housley and T. Polk. Planning for PKI: Best Practices Guide for Deploying Public Key Infrastructures, John Wiley & Sons, Inc., New York, NY, USA (2001)
    ISBN: 978-0-471-39702-1
  926. M. Howard and D. LeBlanc. Writing Secure Code, Microsoft Press (2003)
    ISBN: 978-0-7356-1722-3
  927. M. Howard, D. LeBlanc, and J. Viega. 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them, McGraw-Hill, New York, NY, USA (2009)
    ISBN: 978-0-07-162675-0
  928. W. Hsieh, M. Fiuczynk, C. Garrett, S. Savage, D. Becker, and B. Bershad. “Language Support for Extensible Operating Systems,” Proceedings of the Workshop on Compiler Support for System Software pp. 127–133 (Feb. 1996).
  929. N. Htoo-Mosher, R. Nasser, N. Zunic, and J. Straw. “E4 ITSEC Evaluation of PR/SM on ES/9000 Processors,” Proceedings of the 19th National Information Systems Security Conference pp. 1–11 (Oct. 1996).
  930. W.-M. Hu. “Lattice Scheduling and Covert Channels,” Proceedings of the 1992 IEEE Symposium on Research in Security and Privacy pp. 52–61 (May 1992).
    DOI: 10.1109/RISP.1992.213271
  931. W.-M. Hu. “Reducing Timing Channels with Fuzzy Time,” Journal of Computer Security 1(3,4) pp. 233–254 (1992).
    DOI: 10.3233/JCS-1992-13-404
  932. M. Huber, B. Taubmann, S. Wessel, H. P. Reiser, and G. Sigl. “A Flexible Framework for Mobile Device Forensics Based on Cold Boot Attacks,” EURASIP Journal on Information Security 2016(1) (Aug. 2016).
    DOI: 10.1186/s13635-016-0041-4
  933. J. Hughes. “Certificate Inter-Operability — White Paper,” Computers & Security 18(3) pp. 221–230 (1999).
    DOI: 10.1016/S0167-4048(99)80067-4
  934. J. Hughes. “The Realities of PKI Inter-Operability,” Proceedings of the Secure Networking — CQRE [Secure] ’99 International Exhibition and Congress (Lecture Notes in Computer Science 1740) pp. 127–132 (Nov. 1999).
    DOI: 10.1007/3-540-46701-7_11
  935. C. Humphries, N. Prigent, C. Bidan, and F. Majorczyk. “ELVIS: Extensible Log VISualization,” Proceedings of the Tenth Workshop on Visualization for Cyber Security pp. 9–16 (Oct. 2013).
    DOI: 10.1145/2517957.2517959
  936. J. Hunker, C. Gates, and M. Bishop. “Attribution Requirements for Next Generation Internets,” Proceedings of the 2011 IEEE International Conference on Technologies for Homeland Security pp. 345–350 (Nov. 2011).
    DOI: 10.1109/THS.2011.6107894
  937. M. Huth and M. Ryan. Logic in Computer Science: Modeling and Reasoning about Systems, Cambridge University Press, Cambridge, UK (2004).
    ISBN: 978-0-521-54310-1
  938. G. Iachello and K. Rannenberg. “Protection Profiles for Remailer Mixes,” Proceedings of the International Workshop on Design Issues in Anonymity and Unobservability (Lecture Notes in Computer Science 2009) pp. 181–230 (July 2001).
    DOI: 10.1007/3-540-44702-4_11
  939. C. I’Anson and C. Mitchell. “Security Defects in CCITT Recommendation X.509—The Directory Authentication Framework,” ACM SIGCOMM Computer Communications Review 20(2) pp. 30–34 (Apr. 1990).
    DOI: 10.1145/378570.378623
  940. N. Idika and B. Bhargava. “Extending Attack Graph-Based Security Metrics and Aggregating Their Application,” IEEE Transactions on Dependable and Secure Computing 9(1) pp. 75–85 (Jan. 2012).
    DOI: 10.1109/TDSC.2010.61
  941. V. M. Igure and R. D. Williams. “Taxonomies of Attacks and Vulnerabilities in Computer Systems,” IEEE Communications Surveys & Tutorials 10(1) pp. 6–19 (Apr. 2008).
    DOI: 10.1109/COMST.2008.4483667
  942. K. Ilgun, R. A. Kemmerer, and P. Porras. “State Transition Analysis: A Rule-Based Intrusion Detection Approach,” IEEE Transactions on Software Engineering 21(3) pp. 181–199 (Mar. 1995).
    DOI: 10.1109/32.372146
  943. J. K. Iliffe and J. G. Jodeit. “A Dynamic Storage Allocation Scheme,” The Computer Journal 5(3) pp. 200–209 (1962).
    DOI: 10.1093/comjnl/5.3.200
  944. P. G. Inglestat and M. A. Sasse. “The True Cost of Unusable Password Policies: Password Use in the Wild,” Proceedings of the 2010 SIGCHI Conference on Human Factors in Computing Systems pp. 383–392 (Apr. 2010).
    DOI: 10.1145/1753326.1753384
  945. K. Ingols, R. Lippmann, and K. Piwowarski. “Practical Attack Graph Generation for Network Defense,” Proceedings of the 22nd Annual Computer Security Applications Conference pp. 121–130 (Dec. 2006).
    DOI: 10.1109/ACSAC.2006.39
  946. D. Irani, K. Webb, Steve amd Li, and C. Pu. “Modeling Unintended Personal-Information Leakage from Multiple Online Social Networks,” IEEE Internet Computing 15(3) pp. 13–19 (May 2011)
    URL: 10.1109/MIC.2011.25
  947. C. E. Irvine and D. Volpano. “A Practical Tool for Developing Trusted Applications,” Proceedings of the 11th Annual Computer Security Applications Conference pp. 190–195 (Dec. 1995)
    URL: http://hdl.handle.net/10945/7178
  948. H. R. Isa, W. R. Shockley, and C. E. Irvine. “A Multi-Threading Architecture for Multilevel Secure Transaction Processing,” Proceedings of the 1999 IEEE Symposium on Security and Privacy pp. 166–180 (May 1999).
    DOI: 10.1109/SECPRI.1999.766912
  949. D. K. Isenor and S. G. Zaky. “Fingerprint Identification Using Graph Matching,” Pattern Recognition 19(2) pp. 113–122 (1986).
    DOI: 10.1016/0031-3203(86)90017-8
  950. N. Isogai, T. Matsunaka, and A. Miyaji. “Optimized χ2-Attack Against RC6,” Proceedings of the First International Conference on Applied Cryptography and Network Security (Lecture Notes in Computer Science 2846) pp. 16–32 (Oct. 2003).
    DOI: 10.1007/978-3-540-45203-4_2
  951. H. Israel. “Computer Viruses: Myth or Reality?,” Proceedings of the Tenth National Computer Security Conference pp. 226–230 (Sep. 1987)
    URL: http://vxheaven.org/lib/ahi00.html
  952. T. Iwata, K. Ohashi, and K. Minematsu. “Breaking and Repairing GCM Security Proofs,” Advances in Cryptology — CRYPTO 2012 (Lecture Notes in Computer Science 7417) pp. 31–49 (Aug. 2012).
    DOI: 10.1007/978-3-642-32009-5_3
  953. T. Jaeger, A. Prakash, J. Liedtke, and N. Islam. “Flexible Control of Downloaded Executable Content,” ACM Transactions on Information and System Security 2(2) pp. 177–228 (May 1999).
    DOI: 10.1145/317087.317091
  954. T. Jaeger, R. Sailer, and X. Zhang. “Analyzing Integrity Protection in the SELinux Example Policy,” Proceedings of the 12th USENIX Security Symposium pp. 59–74 (Aug. 2003)
    URL: https://www.usenix.org/conference/12th-usenix-security-symposium/analyzing-integrity-protection-selinux-example-policy
  955. T. Jager, J. Schwenk, and J. Somorovsky. “On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 V1.5 Encryption,” Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security pp. 1185–1196 (Oct. 2015).
    DOI: 10.1145/2810103.2813657
  956. A. K. Jain, K. Nandakumar, and A. Ross. “50 Years of Biometric Research: Accomplishments, Challenges, and Opportunities,” Pattern Recognition Letters 79 pp. 80–105 (Aug. 2016).
    DOI: 10.1016/j.patrec.2015.12.013
  957. A. K. Jain, A. Ross, and S. Prabhakar. “An Introduction to Biometric Recognition,” IEEE Transactions on Circuits and Systems for Video Technology 14(1) pp. 4–20 (Jan. 2004).
    DOI: 10.1109/TCSVT.2003.818349
  958. S. Jajodia, P. Samarati, and V. S. Subrahmanian. “A Logical Language for Expressing Authorizations,” Proceedings of the 1997 IEEE Symposium on Security and Privacy pp. 31–42 (May 1997).
    DOI: 10.1109/SECPRI.1997.601312
  959. S. Jajodia and R. Sandhu. “Towards a Multilevel Secure Relational Data Model,” Proceedings of the 1991 ACM SIGMOD International Conference on Management of Data pp. 50–59 (May 1991).
    DOI: 10.1145/115790.115796
  960. M. Jakobsson, E. Shriver, B. K. Hillyer, and A. Juels. “A Practical Secure Physical Random Bit Generator,” Proceedings of the Fifth ACM Conference on Computer and Communications Security pp. 103–111 (Nov. 1998).
    DOI: 10.1145/288090.288114
  961. P. A. Jamkhedkar and G. L. Heileman. “Digital Rights Management Architectures,” Computers & Electrical Engineering 35(2) pp. 376–394 (Mar. 2009).
    DOI: 10.1016/j.compeleceng.2008.06.012
  962. S. Jana, D. E. Porter, and V. Shmatikov. “TxBox: Building Secure, Efficient Sandboxes with System Transactions,” Proceedings of the 2011 IEEE Symposium on Security and Privacy pp. 329–344 (May 2011).
    DOI: 10.1109/SP.2011.33
  963. R. Jansen, F. Tschorsch, A. Johnson, and B. Scheuermann. “The Sniper Attack: Anonymously Deanonymizing and Disabling the Tor Network,” Proceedings of the 2014 Symposium on Network and Distributed System Security pp. 24:1–24:15 (Feb. 2014)
    URL: http://www.internetsociety.org/doc/sniper-attack-anonymously-deanonymizing-and-disabling-tor-network
  964. B. Javadi, D. Kondo, J.-M. Vincent, and D. P. Anderson. “Discovering Statistical Models of Availability in Large Distributed Systems: An Empirical Study of SETI@home,” IEEE Transactions on Parallel and Distributed Systems 22(11) pp. 1896–1903 (Nov. 2011).
    DOI: 10.1109/TPDS.2011.50
  965. H. S. Javitz and A. Valdes. “The SRI IDES Statistical Anomaly Detector,” Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy pp. 316–326 (May 1991).
    DOI: 10.1109/RISP.1991.130799
  966. K. Jensen and N. Wirth. PASCAL User Manual and Report, Springer-Verlag Berlin Heidelberg, Berlin, Germany (1975).
    ISBN: 978-3-540-07167-9
  967. L. Jia, J. Aljuraidan, E. Fragkaki, L. Bauer, M. Stroucken, K. Fukushima, S. Kiyomoto, and Y. Miyake. “Run-Time Enforcement of Information-Flow Properties on Android,” Proceedings of the 18th European Symposium on Research in Computer Security (Lecture Notes in Computer Science) pp. 775–792 (Sep. 2013).
    DOI: 10.1007/978-3-642-40203-6_43
  968. A. Johnson and P. Syverson. “More Anonymous Onion Routing Through Trust,” Proceedings of the 22nd Computer Security Foundations Workshop pp. 3–12 (July 2009).
    DOI: 10.1109/CSF.2009.27
  969. D. M. Johnson and F. J. Thayer. “Security and the Composition of Machines,” Proceedings of the First Computer Security Foundations Workshop pp. 72–89 (June 1988).
  970. H. L. Johnson and M. L. De Vilbiss. “Use of the Trusted Computer System Evaluation Criteria (TCSEC) for Complex, Evolving, Multipolicy Systems,” Proceedings of the 16th National Computer Security Conference pp. 137–145 (Sep. 1993).
  971. A. K. Jones and R. J. Lipton. “The Enforcement of Security Policies for Computation,” Proceedings of the Fifth ACM Symposium on Operating Systems Principles pp. 197–206 (Nov. 1975).
    DOI: 10.1145/800213.806538
  972. A. K. Jones, R. J. Lipton, and L. Snyder. “A Linear Time Algorithm for Deciding Security,” Proceedings of the 17th Annual Symposium on Foundations of Computer Science pp. 33–41 (Oct. 1976).
    DOI: 10.1109/SFCS.1976.1
  973. D. W. Jones. “Auditing Elections,” Communications of the ACM 47(10) pp. 46–50 (Oct. 2004).
    DOI: 10.1145/1022594.1022622
  974. J. Jonsson. “On the Security of CTR + CBC-MAC,” Proceedings of the Ninth International Workshop on Selected Areas in Cryptography (Lecture Notes in Computer Science) pp. 76–93 (2002).
    DOI: 10.1007/3-540-36492-7_7
  975. A. Jøsang, R. Ismail, and C. Boyd. “A Survey of Trust and Reputation Systems for Online Service Provision,” Decision Support Systems 43(2) pp. 618–644 (Mar. 2007).
    DOI: 10.1016/j.dss.2005.05.019
  976. M. Joseph. “Towards the Elimination of the Effects of Malicious Logic: Fault Tolerance Approaches,” Proceedings of the Tenth National Computer Security Conference pp. 238–244 (Sep. 1987).
  977. M. K. Joseph and A. Avizienis. “A Fault Tolerant Approach to Computer Viruses,” Proceedings of the 1988 IEEE Symposium on Security and Privacy pp. 52–58 (Apr. 1988).
    DOI: 10.1109/SECPRI.1988.8097
  978. J. B. D. Joshi, E. Bertino, U. Latif, and A. Ghafoor. “A Generalized Temporal Role-Based Access Control Model,” IEEE Transactions on Knowledge and Data Engineering 17(1) pp. 4–23 (Jan. 2005).
    DOI: 10.1109/TKDE.2005.1
  979. J. Joshi, A. Ghafoor, W. Aref, and E. H. Spafford. “Digital Government Security Infrastructure Design Challenges,” IEEE Computer 34(2) pp. 66–72 (Feb. 2001).
    DOI: 10.1109/2.901169
  980. A. Joux. Authentication Failures in NIST version of GCM,” Comments on the Draft GCM Specification, Gaithersburg, MD, USA (Apr. 2006).
    URLhttps://csrc.nist.gov/CSRC/media/Projects/Block-Cipher-Techniques/documents/BCM/Comments/800-38-series-drafts/GCM/Joux_comments.pdf
  981. N. Jovanovic, C. Kruegel, and E. Kirda. “Static Analysis for Detecting Taint-Style Vulnerabilities in Web Applications,” Journal of Computer Security 18(5) pp. 861–907 (2010).
    DOI: 10.3233/JCS-2009-0385
  982. R. Joyce and G. Gupta. “Identity Authentication Based on Keystroke Latencies,” Communications of the ACM 33(2) pp. 168–176 (Feb. 1990).
    DOI: 10.1145/75577.75582
  983. R. Jung, J.-H. Jourdan, R. Kerbbers, and D. Dryer. “RustBelt: Securing the Foundations of the Rust Programming Language,” Proceedings of the ACM on Programming Languages 2(POPL) pp. 66:1–66:34 (Jan. 2018).
    DOI: 10.1145/3158154
  984. J. E. Juni and R. Ponto. “Computer-Virus Infection of a Medical Diagnostic Computer,” New England Journal of Medicine 320(12) pp. 811–812 (Mar. 1989).
    DOI: 10.1056/NEJM198903233201222
  985. F. Kafka. The Trial, edited by R. Robinson, Oxford University Press, New York, NY, USA (Oct. 2009)
    ISBN: 978-0-19-923829-3
  986. L. Kagal, T. Finin, and A. Joshi. “A Policy Language for a Pervasive Computing Environment,” Proceedings of the IEEE Fourth International Workshop on Policies for Distributed Systems and Networks pp. 63–74 (June 2003).
    DOI: 10.1109/POLICY.2003.1206958
  987. C. Kahn. “Incentives to Help Stop Floods,” Proceedings of the 2000 Workshop on New Security Paradigms pp. 127–132 (Sep. 2000).
    DOI: 10.1145/366173.366202
  988. D. Kahn. The Codebreakers: The Story of Secret Writing, The Macmillan Company, New York, NY, USA (1967)
    ISBN: 0-684-83130-9
  989. D. Kahn. Seizing the Enigma: The Race to Break the German U-Boats Codes, 1939-1943, Houghton Mifflin, New York, NY, USA (1991).
    ISBN: 978-0-395-42739-2
  990. D. KahnThe Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet, Scribner, New York, NY, USA (1996).
  991. K. C. Kahn, W. M. Corwin, T. D. Dennis, H. D’Hooge, D. E. Hubka, L. A. Hutchins, J. T. Montague, and F. J. Pollack. “iMAX: A Multiprocessor Operating System for an Object-Based Computer,” Proceedings of the Eighth ACM Symposium on Operating Systems Principles pp. 127–136 (Dec. 1981).
    DOI: 10.1145/800216.806601
  992. R. Y. Kain. Advanced Computer Architecture: A Systems Design Approach, Prentice-Hall, Upper Saddle River, NJ, USA (1995).
    ISBN: 987-0-130-07741-7
  993. R. Y. Kain and C. E. Landwehr. “On Access Checking in Capability-Based Systems,” Proceedings of the 1986 IEEE Symposium on Security and Privacy pp. 95–100 (Apr. 1986).
    DOI: 10.1109/SP.1986.10001
  994. T. Kalsi. Practical Linux Security Cookbook, Packt Publishing Ltd., Birmingham, UK (2016)
    ISBN: 978-1-78528-642-1
  995. S. Kamara, S. Fahmy, E. E. Schultz, F. Kerschbaum, and M. Frantzen. “Analysis of Vulnerabilities in Internet Firewalls,” Computers & Security 22(3) pp. 214–232 (Apr. 2003).
    DOI: 10.1016/S0167-4048(03)00310-9
  996. A. Kaminsky, M. Kurdziel, and S. Radziszowski. “An Overview of Cryptanalysis Research for the Advanced Encryption Standard,” Proceedings of the 2010 Military Communications Conference pp. 1310–1316 (Oct. 2010).
    DOI: 10.1109/MILCOM.2010.5680130
  997. S. D. Kamvar, M. T. Schlosser, and H. Garcia-Molina. “The Eigentrust Algorithm for Reputation Management in P2P Networks,” Proceedings of the 12th International World Wide Web Conference (WWW ’03) pp. 640–651 (May 2003).
    DOI: 10.1145/775152.775242
  998. M. H. Kang, A. P. Moore, and I. S. Moskowitz. “Design and Assurance Strategy for the NRL Pump,” IEEE Computer 31(4) pp. 56–64 (Apr. 1998).
    DOI: 10.1109/2.666843
  999. M. H. Kang and I. S. Moskowitz. “A Pump for Rapid, Reliable, Secure Communication,” Proceedings of the First ACM Conference on Computer and Communications Security pp. 119–129 (Nov. 1993).
    DOI: 10.1145/168588.168604
  1000. M. H. Kang, I. S. Moskowitz, and S. Chincheck. “The Pump: A Decade of Covert Fun,” Proceedings of the 21st Annual Computer Security Applications Conference pp. 360–366 (Dec. 2005).
    DOI: 10.1109/CSAC.2005.56
  1001. M. H. Kang, I. S. Moskowitz, and D. C. Lee. “A Network Version of the Pump,” Proceedings of the 1995 IEEE Symposium on Security and Privacy pp. 144–154 (May 1995).
    DOI: 10.1109/SECPRI.1995.398929
  1002. M. H. Kang, I. S. Moskowitz, and D. C. Lee. “A Network Pump,” IEEE Transactions on Software Engineering 22(5) pp. 329–338 (May 1996).
    DOI: 10.1109/32.502225
  1003. L. Kanies. “ISconf: Theory, Practice, and Beyond,” Proceedings of the 17th Large Installation Systems Administration Conference pp. 115–123 (Oct. 2003)
    URL: https://www.usenix.org/conference/lisa-03/isconf-theory-practice-and-beyond
  1004. H. Kannan, M. Dalton, and C. Kozyrakis. “Decoupling Dynamic Information Flow Tracking with a Dedicated Coprocessor,” Proceedings of the 2009 IEEE/IFIP International Conference on Dependable Systems and Networks pp. 105–114 (June 2009).
    DOI: 10.1109/DSN.2009.5270347
  1005. B. Kantor. BSD Rlogin, RFC 1282 (Dec. 1991).
    DOI: 10.17487/RFC1282
  1006. P. A. Karger. “Limiting the Damage Potential of Discretionary Trojan Horses,” Proceedings of the 1987 IEEE Symposium on Security and Privacy pp. 32–37 (Apr. 1987).
    DOI: 10.1109/SP.1987.10011
  1007. P. A. Karger and A. J. Herbert. “An Augmented Capability Architecture to Support Lattice Security and Traceability of Access,” Proceedings of the 1984 IEEE Symposium on Security and Privacy pp. 2–12 (Apr. 1984).
    DOI: 10.1109/SP.1984.10001
  1008. P. A. Karger and R. R. Schell. Multics Security Evaluation: Vulnerability Analysis, Technical Report ESD-TR-73-193, Vol. II, Electronic Systems Division, Hanscom Air Force Base, Hanscom Air Force Base, MA 01730 (June 1974)
    URL: https://csrc.nist.gov/csrc/media/publications/conference-paper/1998/10/08/proceedings-of-the-21st-nissc-1998/documents/early-cs-papers/karg74.pdf
  1009. P. A. Karger and J. C. Wray. “Storage Channels in Disk Arm Optimization,” Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy pp. 52–61 (May 1991).
    DOI: 10.1109/RISP.1991.130771
  1010. P. A. Karger, M. E. Zurko, D. W. Bonin, A. H. Mason, and C. E. Kahn. “A VMM Security Kernel for the VAX Architecture,” Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy pp. 2–19 (May 1990).
    DOI: 10.1109/RISP.1990.63834
  1011. M. Kassner. “Anatomy of the Target Breach: Missed Opportunities and Lessons Learned,” ZDNet (Feb. 2015)
    URL: http://www.zdnet.com/article/anatomy-of-the-target-data-breach-missed-opportunities-and-lessons-learned/
  1012. C. Kaufman, P. Hoffman, Y. Nir, and P. Eronen. Internet Key Exchange Protocol Version 2 (IKEv2), RFC 7296 (Oct. 2014).
    DOI: 10.17487/RFC7296
  1013. C. Kaufman, R. Perlman, and M. Speciner. Network Security: Private Communications in a Public World, Prentice Hall, Inc, Upper Saddle River, NJ, USA (2002)
    ISBN: 978-0-13-046019-6
  1014. M. Kaufmann and J. S. Moore. “An Industrial Strength Theorem Prover for a Logic Based on Common Lisp,” IEEE Transactions on Software Engineering 23(4) pp. 203–213 (Apr. 1997).
    DOI: 10.1109/32.588534
  1015. Y. Kawatsura. Secure Electronic Transaction (SET) Supplement for the V1.0 Internet Open Trading Protocol (IOTP), RFC 3538 (June 2003).
    DOI: 10.17487/RFC3538
  1016. K. Kaynar and F. Sivrijaya. “Distributed Attack Graph Generation,” IEEE Transactions on Dependable and Secure Computing 13(5) pp. 519–532 (Sep. 2015).
    DOI: 10.1109/TDSC.2015.2423682
  1017. G. Kedem and Y. Ishihara. “Brute Force Attack on UNIX Passwords with SIMD Computer,” Proceedings of the Eighth USENIX UNIX Security Symposium (Aug. 1999)
    URL: https://www.usenix.org/legacy/events/sec99/full_papers/kedem/kedem.pdf
  1018. M. Keith, B. Shao, and P. J. Steinbart. “The Usability of Passphrases for Authentication: An Empirical Field Study,” International Journal of Human-Computer Studies 65(1) pp. 17–28 (Jan. 2007).
    DOI: 10.1016/j.ijhcs.2006.08.005
  1019. M. Keith, B. Shao, and P. J. Steinbart. “A Behavioral Analysis of Passphrase Design and Effectiveness,” Journal of the Association for Information Systems 10(2) pp. 63–89 (Feb. 2009).
  1020. P. G. Kelley, S. Komanduri, M. L. Mazurek, R. Shay, T. Vidas, L. Bauer, N. Christin, L. F. Cranor, and J. López. “Guess Again (and Again and Again): Measuring Password Strength by Simulating Password-Cracking algorithms,” Proceedings of the 2012 IEEE Symposium on Security and Privacy pp. 523–537 (May 2012).
    DOI: 10.1109/SP.2012.38
  1021. J. Kelsey, T. Kohno, and B. Schneier. “Amplified Boomerang Attacks Against Reduced-Round MARS and Serpent,” Proceedings of the Seventh International Workshop on Fast Software Encryption (Lecture Notes in Computer Science 1978) pp. 13–23 (2000).
    DOI: 10.1007/3-540-44706-7_6
  1022. J. Kelsey and B. Schneier. “MARS Attacks! Preliminary Cryptanalysis of Reduced-Round MARS Variants,” Proceedings of the Third AES Candidate Conference pp. 169–185 (Apr. 2000).
  1023. J. Kelsey, B. Schneier, and D. Wagner. “Related-Key Cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X. NewDES, RC2, and TEA,” Proceedings of the First International Conference on Information and Communications Security ( Lecture Notes in Computer Science 1334) pp. 233–246 (1997).
    DOI: 10.1007/BFb0028479
  1024. R. A. Kemmerer. “A Practical Approach to identifying Storage and Timing Channels,” Proceedings of the 1982 IEEE Symposium on Security and Privacy pp. 66–73 (Apr. 1982).
    DOI: 10.1109/SP.1982.10007
  1025. R. A. Kemmerer. “Shared Resource Matrix Methodology: An Approach to Identifying Storage and Timing Channels,” ACM Transactions on Computer Systems 1(3) pp. 256–277 (Aug. 1983).
    DOI: 10.1145/357369.357374
  1026. R. A. Kemmerer. “Analyzing Encryption Protocols Using Formal Verification Techniques,” IEEE Journal on Selected Areas in Communication 7(4) pp. 448–457 (May 1989).
    DOI: 10.1109/49.17707
  1027. R. A. Kemmerer. “A Practical Approach to identifying Storage and Timing Channels: Twenty Years Later,” Proceedings of the 18th Annual Computer Security Applications Conference pp. 109–118 (Dec. 2002).
    DOI: 10.1109/CSAC.2002.1176284
  1028. R. A. Kemmerer and P. Porras. “Covert Flow Trees: A Visual Approach to Analyzing Covert Storage Channels,” IEEE Transactions on Software Engineering 17(11) pp. 1166–1185 (Nov. 1991).
    DOI: 10.1109/32.106972
  1029. R. A. Kemmerer and G. Vigna. “Intrusion Detection: A Brief History and Overview,” IEEE Computer 35(4) pp. supl27–supl30 (Apr. 2002).
    DOI: 10.1109/MC.2002.1012428
  1030. R. Kemmerer, C. Meadows, and J. Millen. “Three Systems for Cryptographic Protocol Analysis,” Journal of Cryptology 7(2) pp. 79–130 (June 1994).
    DOI: 10.1007/BF00197942
  1031. D. Kennedy, J. O’Gorman, D. Kearns, and M. Aharoni. Metasploit: The Penetration Tester’s Guide, No Starch Press, San Francisco, CA, USA (2011)
    ISBN: 978-1-59327-288-3
  1032. S. Kent. “Comments on ‘Security Problems in the TCP/IP Protocol Suite’,” ACM SIGCOMM Computer Communications Review 19(3) pp. 10–19 (July 1989).
    DOI: 10.1145/74674.74675
  1033. S. Kent. Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management, RFC 1422 (Feb. 1993).
    DOI: 10.17487/RFC1422
  1034. S. Kent. IP Authentication Header, RFC 4302 (Dec. 2005).
    DOI: 10.17487/RFC4302
  1035. S. Kent. IP Encapsulating Security Payload (ESP), RFC 4303 (Dec. 2005).
    DOI: 10.17487/RFC4303
  1036. S. Kent and K. Seo. Security Architecture for the Internet Protocol, RFC 4301 (Dec. 2005).
    DOI: 10.17487/RFC4301
  1037. S. T. Kent. “Encryption-Based Protection Protocols for Interactive User-Computer Communication over Physically Unsecured Channels,” Master’s Thesis, Dept. of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, Cambridge, MA, USA (1976)
    URL: http://hdl.handle.net/1721.1/27479
  1038. J. O. Kephart and W. C. Arnold. “Automatic Extraction of Computer Virus Signatures,” Proceedings of the 4th Virus Bulletin International Conference pp. 178–184 (1994)
    URL: https://pdfs.semanticscholar.org/f99e/50d7cdfddab8e4e10cbc31a097284b86dbab.pdf
  1039. B. Kernighan and P. J. Plauger. The Elements of Programming Style, McGraw-Hill, New York, NY USA (1978)
    ISBN: 978-0-07-034207-1
  1040. B. W. Kernighan and R. Pike. The Practice of Programming, Addison-Wesley, Boston, MA, USA (1999)
    ISBN: 978-0-201-61586-9
  1041. B. W. Kernighan and P. J. Plaugher. Software Tools, Addison-Wesley Professional (1976)
    ISBN: 0-201-03669-X
  1042. A. D. Keromytis and V. Prevelakis. “Designing Firewalls: A Survey,” Chapter 3 in Network Security: Current Status and Future Directions, edited by C. Douligeris and D. N. Serpanos, IEEE, Washington, DC, USA pp. 33–50 (2007).
    DOI: 10.1002/9780470099742.ch3
  1043. K. Keus, W. Kurth, and D. Loevenich. “Quality Assurance in the ITSEC-Evaluation Environment in Germany,” Proceedings of the 16th National Computer Security Conference pp. 324–333 (Sep. 1993).
  1044. K. Keus and K.-W. Schröder. “Measuring Correctness and Effectiveness: A New Approach Using Process Evaluation,” Proceedings of the 18th National Computer Security Conference pp. 366–373 (Oct. 1995).
  1045. D. Kewley, R. Fink, J. Lowry, and M. Dean. “Dynamic Approaches to Thwart Adversary Intelligence Gathering,” Proceedings of the 2001 DARPA Information Survivability Conference and Exposition II pp. 176–185 (June 2001).
    DOI: 10.1109/DISCEX.2001.932214
  1046. S. Khan, A. Gani, A. W. A. Wahab, M. A. Bagiwa, M. Shiraz, S. U. Khan, R. Buyya, and A. Y. Zomaya. “Cloud Log Forensics: Foundations, State of the Art, and Future Directions,” ACM Computing Surveys pp. 7:1–7:42 (July 2016).
    DOI: 10.1145/2906149
  1047. A. Kharraz, W. Robertson, D. Balzarotti, L. Bilge, and E. Kirda. “Cutting the Gordian Knot: A Look Under the Hood of Ransomware Attacks,” Proceedings of the 12th International Conference for Detection of Intrusion and Malware, and Vulnerability Assessment (Lecture Notes in Computer Science 9148) pp. 3–24 (July 2015).
    DOI: 10.1007/978-3-319-20550-2_1
  1048. S. Khazaei and W. Meier. “New Directions in Cryptanalysis of Self-Synchronizing Stream Ciphers,” Proceedings of the Ninth International Conference on Cryptology in India: Progress in Cryptology — INDOCRYPT 2008 (Lecture Notes in Computer Science 5365) pp. 15–26 (2008).
    DOI: 10.1007/978-3-540-89754-5_2
  1049. H. Khurana, R. Bobba, T. Yardley, P. Agarwal, and E. Heine. “Design Principles for Power Grid Cyber-Infrastructure Authentication Protocols,” Proceedings of the 43rd Hawaii International Conference on System Sciences pp. 1–10 (Jan. 2010).
    DOI: 10.1109/HICSS.2010.136
  1050. H. Khurana, M. Hadley, N. Lu, and D. A. Frincke. “Smart-Grid Security Issues,” IEEE Security & Privacy 8(1) pp. 81–85 (Jan. 2010).
    DOI: 10.1109/MSP.2010.49
  1051. C. Kil, J. Jun, C. Bookholt, J. Xu, and P. Ning. “Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Software,” Proceedings of the 22nd Annual Computer Security Applications Conference pp. 339–348 (Dec. 2006).
    DOI: 10.1109/ACSAC.2006.9
  1052. S. Kiljan, K. Simoens, D. D. Cock, M. V. Eekelen, and H. Vranken. “A Survey of Authentication and Communications Security in Online Banking,” ACM Computing Surveys 49(4) pp. 61:1–61:35 (Feb. 2017).
    DOI: 10.1145/3002170
  1053. G. H. Kim and E. H. Spafford. “The Design and Implementation of Tripwire: A File System Integrity Checker,” Proceedings of the Second ACM Conference on Computer and Communications Security pp. 18–29. (1994).
    DOI: 10.1145/191177.191183
  1054. J. Kim, A. Biryukov, B. Preneel, and S. Hong. “On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1 (Extended Abstract),” Proceedings of the 5th International Conference on Security and Cryptography for Networks (Lecture Notes in Computer Science 4116) pp. 242–256 (Sep. 2006).
    DOI: 10.1007/11832072_17
  1055. T. Kim and N. Zeldovich. “Practical and effective sandboxing for non-root users,” Proceedings of the 2008 USENIX Annual Technical Conference pp. 139–144 (June 2008).
  1056. Y. Kim, R. Daly, J. Kim, C. Fallin, J. H. Lee, D. Lee, C. Wilkerson, K. Lai, and O. Mutlu. “Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors,” ACM SIGARCH Computer Architecture News 42(3) pp. 361–372 (June 2014).
    DOI: 10.1145/2678373.2665726
  1057. Y. Kim, W. C. Lau, M. C. Chuah, and H. J. Chao. “PacketScore: A Statistics-Based Packet Filtering Scheme against Distributed Denial-of-Service Attacks,” IEEE Transactions on Dependable and Secure Computing 3(2) pp. 141–155 (Apr. 2006).
    DOI: 10.1109/TDSC.2006.25
  1058. S. T. King, J. Tucek, A. Cozzie, C. Grier, W. Jiang, and Y. Zhou. “Designing and Implementing Malicious Hardware,” Proceedings of the First USENIX Workshop on Large-Scale Exploits and Emergent Threats (Apr. 2008)
    URL: https://www.usenix.org/legacy/event/leet08/tech/full_papers/king/king.pdf
  1059. J. Kirby, Jr. and C. Archer, Myla an Heitmeyer. “SCR: A Practical Approach to Building a High Assurance COMSEC System,” Proceedings of the 15th Annual Computer Security Applications Conference pp. 109–118 (Dec. 1999).
    DOI: 10.1109/CSAC.1999.816018
  1060. J. Kissell. Mac Security Bible, Wiley Publishing, Inc., Indianapolis, IN, USA (2010)
    ISBN: 978-0-470-47419-8
  1061. A. Kleen. Syncookies Implementation for the Linux Kernel,” file linux/net/ipv4/syncookies.c (1997).
    URL: http://lxr.linux.no/linux+v4.10.1/net/ipv4/syncookies.c
  1062. D. Klein. “A Capability Based Protection Mechanism Under Unix,” Proceedings of the Winter 1985 USENIX Technical Conference pp. 152–159 (Jan. 1985).
  1063. D. Klein. “Foiling the Cracker: A Survey of, and Improvements to, Password Security,” Proceedings of the Second UNIX Security Workshop pp. 5–14 (Aug. 1990).
  1064. G. Klein, J. Andronick, K. Elphinstone, T. Murray, T. Sewell, R. Kolanski, and G. Heiser. “Comprehensive Formal Verification of an OS Microkernel,” ACM Transactions on Computer Systems 32(1) pp. 2:1–2:70 (Feb. 2014).
    DOI: 10.1145/2560537
  1065. G. Klein, K. Elphinstone, G. Heiser, J. Andronick, D. Cock, P. Derrin, D. Elkaduwe, K. Engelhardt, R. Kolanski, M. Norrish, T. Sewell, H. Tuch, and S. Winwood. “seL4: Formal Verification of an OS Kernel,” Proceedings of the 22nd Symposium on Operating Systems Principles pp. 207–220 (Oct. 2009).
    DOI: 10.1145/1629575.1629596
  1066. G. Klein, H. Rogge, F. Schneider, J. Toelle, M. Jahnke, and S. Karsch. “Response Initiation in Distributed Intrusion Response Systems for Tactical MANETs,” Proceedings of the 2010 European Conference on Computer Network Detection pp. 55–62 (Oct. 2010).
    DOI: 10.1109/EC2ND.2010.11
  1067. E. Kleiner and T. Newcomb. “On the Decidability of the Safety Problem for Access Control Policies,” Electronic Notes in Theoretical Computer Science 185 pp. 107–120 (July 2007).
    DOI: 10.1016/j.entcs.2007.05.032
  1068. J. C. Klensin. Simple Mail Transfer Protocol, RFC 2821 (Apr. 2001).
    DOI: 10.17487/RFC2821
  1069. J. C. Klensin. Role of the Domain Name System (DNS), RFC 3467 (Feb. 2003).
    DOI: 10.17487/RFC3467
  1070. J. C. Klensin, P. Faltstrom, and C. Karp. IAB - IDN Next Steps, RFC 4690 (Sep. 2006).
    DOI: 10.17487/RFC4960
  1071. J. C. Knight and N. G. Leveson. “An Experimental Evaluation of the Assumption of Independence in Multiversion Programming,” IEEE Transactions on Software Engineering SE-12(1) pp. 96–109 (Jan. 1986).
    DOI: 10.1109/TSE.1986.6312924
  1072. J. C. Knight and N. G. Leveson. “A Reply to the Criticisms of the Knight & Leveson Experiment,” ACM SIGSOFT Software Engineering Notes 15(1) pp. 24–35 (Jan. 1990).
  1073. P. Knight and C. Lewis. “Layer 2 and 3 Virtual Private Networks: Taxonomy, Technology, and Standardization Efforts,” IEEE Communications Magazine 42(6) pp. 121–131 (June 2004).
    DOI: 10.1109/MCOM.2004.1304248
  1074. L. R. Knudsen. “Truncated and Higher Order Differentials,” Proceedings of the Second International Workshop on Fast Software Encryption (Lecture Notes in Computer Science 1008) pp. 196–211 (Dec. 1994).
    DOI: 10.1007/3-540-60590-8_16
  1075. L. R. Knudsen and V. Rijmen. “Weaknesses in LOKI97,” Proceedings of the Second AES Candidate Conference (Mar. 1999)
    URL: http://csrc.nist.gov/archive/aes/round1/conf2/aes2conf.htm
  1076. D. E. Knuth. The Art of Computer Programming, Volume 2: Seminumerical Algorithms, Addison-Wesley Professiona, Boston, MA, USA (Nov. 1997)
    ISBN: 978-0-201-89684-8
  1077. C. Ko, G. Fink, and K. Levitt. “Automated Detection of Vulnerabilities in Privileged Programs by Execution Monitoring,” Proceedings of the Tenth Annual Computer Security Applications Conference pp. 134–144 (Dec. 1994).
    DOI: 10.1109/CSAC.1994.367313
  1078. C. Ko, T. Fraser, L. Badger, and D. Kilpatrick. “Detecting and Countering System Intrusions Using Software Wrappers,” Proceedings of the Ninth USENIX Security Symposium (Aug. 2000).
    DOI: https://www.usenix.org/legacy/events/sec2000/ko.html
  1079. C. Ko, M. Ruschitzka, and K. Levitt. “Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-Based Approach,” Proceedings of the 1997 IEEE Symposium on Security and Privacy pp. 175–187 (May 1997).
    DOI: 10.1109/SECPRI.1997.601332
  1080. H.-P. Ko. “Security Properties of Ring Brackets,” Proceedings of the Second Computer Security Foundations Workshop pp. 41–46 (June 1989).
    DOI: 10.1109/CSFW.1989.40585
  1081. A. H. Koblitz, N. Koblitz, and A. Menezes. “Elliptic Curve Cryptography: The Serpentine Course of a Paradigm Shift,” Journal of Number Theory 131(5) pp. 781–814 (May 2011).
    DOI: 10.1016/j.jnt.2009.01.006
  1082. N. Koblitz. “Elliptic Curve Cryptosystems,” Mathematics of Computation 48(117) pp. 203–209 (Jan. 1987).
    DOI: 10.1090/S0025-5718-1987-0866109-5
  1083. M. Koch, L. V. Mancini, and F. Parisi-Presicce. “Decidability of Safety in Graph-Based Models for Access Control,” Proceedings of the Seventh European Symposium on Research in Computer Security (Lecture Notes in Computer Science 2502) pp. 229–244 (Oct. 2002).
    DOI: 10.1007/3-540-45853-0_14
  1084. P. C. Kocher. “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems,” Advances in Cryptology — CRYPTO ’96 (Lecture Notes in Computer Science) pp. 104–113 (Aug. 1996).
    DOI: 10.1007/3-540-68697-5_9
  1085. K. Kochetkova. “Tricky Locky Ransomware Robs American Hospitals,” Kaspersky Lab Daily (Mar. 25, 2016).
    URL: https://blog.kaspersky.com/locky-ransomware/11667/
  1086. R. H. Koenen, J. Lacy, M. Mackay, and S. Mitchell. “The Long March to Interoperable Digital Rights Management,” Proceedings of the IEEE 92(6) pp. 883–897 (June 2004).
    DOI: 10.1109/JPROC.2004.827357
  1087. L. M. Kohnfelder. Towards a Practical Public-Key Cryptosystem, Bachelor’s Thesis, Massachusetts Institute of Technology, Cambridge, MA, USA (May 1978)
    URL: http://groups.csail.mit.edu/cis/theses/kohnfelder-bs.pdf
  1088. T. Kohno, A. Stubblefield, A. D. Rubin, and D. S. Wallach. “Analysis of an Electronic Voting System,” Proceedings of the 2004 IEEE Symposium on Security and Privacy pp. 27–40 (May 2004).
    DOI: 10.1109/SECPRI.2004.1301313
  1089. H. Koike and K. Ohno. “SnortView: Visualization System of Snort Logs,” Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security pp. 143–147 (Oct. 2004).
    DOI: 10.1145/1029208.1029232
  1090. C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas. “DDoS in the IoT: Mirai and Other Botnets,” IEEE Computer 50(7) pp. 80–84 (July 2017).
    DOI: 10.1109/MC.2017.201
  1091. S. Kondakci. “Epidemic State Analysis of Computers Under Malware Attacks,” Simulation Modeling Practice and Theory 16(5) pp. 571–584 (May 2008).
    DOI: 10.1016/j.simpat.2008.02.011
  1092. A. G. Konheim. Cryptography: A Primer, John Wiley & Sons, Inc., New York, NY, USA (1981)
    ISBN: 978-0-471-08132-6
  1093. A. G. Konheim. Computer Security and Cryptography, Wiley Interscience, New York, NY, USA (2007)
    ISBN: 978-0-471-94783-7
  1094. B. Kordy, S. Mauw, S. Radomirović, and P. Schweitzer. “Attack-Defense Trees,” Journal of Logic and Computation 24(1) pp. 55–87 (Feb. 2014).
    DOI: 10.1093/logcom/exs029
  1095. Y. Korff, P. Hope, and B. Potter. Mastering FreeBSD and OpenBSD Security, O’Reilly Media, Inc., Sebastopol, CA, USA (2005).
    ISBN: 978-0-596-00626-6
  1096. K. Koscher, Czeskis, F. Roesner, S. Patel, T. Kohno, S. Checkoway, D. McCoy, B. Kantor, D. Anderson, H. Shacham, and S. Savage. “Experimental Security Analysis of a Modern Automobile,” Proceedings of the 2010 IEEE Symposium on Security and Privacy pp. 447–462 (May 2010).
    DOI: 10.1109/SP.2010.34
  1097. K. Kothari and M. Wright. “Mimic: An Active Covert Channel That Evades Regularity-Based Detection,” Computer Networks 57(3) pp. 647–657 (Feb. 2013).
    DOI: 10.1016/j.comnet.2012.10.008
  1098. S. M. Kramer. “On Incorporating Access Control Lists into the UNIX Operating System,” Proceedings of the UNIX Security Workshop pp. 38–48 (Aug. 1988).
  1099. K. Kratkiewicz and R. Lippmann. “A Taxonomy of Buffer Overflows for Evaluating Static and Dynamic Software Testing Tools,” Proceedings of the 2005 NIST Workshop on Software Security Assurance Tools, Techniques, and Metrics (Nov. 2005).
    URL: https://samate.nist.gov/SSATTM_Content/papers/Taxonomy
  1100. H. Krawczyk. “How to Predict Congruential Generators,” Journal of Algorithms 13(4) pp. 527–545 (Dec. 1992).
    DOI: 10.1016/0196-6774(92)90054-G
  1101. H. Krawczyk. “The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?),” Advances in Cryptology — CRYPTO 2001 (Lecture Notes in Computer Science 2139) pp. 310–331 (Aug. 2001).
    DOI: 10.1007/3-540-44647-8_19
  1102. H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-Hashing for Message Authentication, RFC 2104 (Feb. 1997).
    DOI: 10.17487/RFC2104
  1103. H. Krawczyk and P. Eronen. HMAC-based Extract-and-Expand Key Derivation Function (HKDF), RFC 5869 (June 2010).
    DOI: 10.17487/RFC5869
  1104. K. Krombholz, H. Hobel, M. Huber, and E. Weippl. “Advanced Social Engineering Attacks,” Journal of Information Security and Applications 22 pp. 113–122 (June 2015).
    DOI: 10.1016/j.jisa.2014.09.005
  1105. I. V. Krsul. Software Vulnerability Analysis, Technical Report 98-09, COAST, Purdue University, West Lafayette, IN, USA (May 1998)
    URL: https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/98-09.pdf
  1106. I. V. Krsul and E. H. Spafford. “Authorship Analysis: Identifying the Author of a Program,” Proceedings of the 18th National Computer Security Conference pp. 514–524 (Oct. 1995).
  1107. C. Kruegel, E. Kirda, D. Mutz, W. Robertson, and G. Vigna. “Automating Mimicry Attacks Using Static Binary Analysis,” Proceedings of the 15th USENIX Security Symposium pp. 161–176 (July 2005)
    URL: https://www.usenix.org/legacy/events/sec05/tech/kruegel.html
  1108. C. Kruegel, D. Mutz, W. Robertson, and F. Valeur. “Bayesian Event Classification for Intrusion Detection,” Proceedings of the 19th Annual Computer Security Applications Conference pp. 14–23 (Dec. 2003).
    DOI: 10.1109/CSAC.2003.1254306
  1109. C. Kruegel, W. Robertson, and G. Vigna. “Detecting Kernel-Level Rootkits through Binary Analysis,” Proceedings of the 20th Annual Computer Security Applications Conference pp. 91–100 (Dec. 2004).
    DOI: 10.1109/CSAC.2004.19
  1110. A. S. Kubesch and S. Wicker. “Digital Rights Management: The Cost to Consumers,” Proceedings of the IEEE 103(5) pp. 726–733 (May 2015).
    DOI: 10.1109/JPROC.2015.2418457
  1111. D. R. Kuhn. “Mutual Exclusion of Roles as a Means of Implementing Separation of Duty in Role-Based Access Control Systems,” Proceedings of the Second ACM Workshop on Role-Based Access Control pp. 23–30 (Nov. 1997).
    DOI: 10.1145/266741.266749
  1112. R. Kumar, P. Jovanovic, W. Burleson, and I. Polian. “Parametric Trojans for Fault-Injection Attacks on Cryptographic Hardware,” Proceedings of the 2014 Workshop on Fault Diagnosis and Tolerance in Cryptography pp. 18–28 (Sep. 2014).
    DOI: 10.1109/FDTC.2014.12
  1113. S. Kumar and E. H. Spafford. “A Pattern Matching Model for Misuse intrusion Detection,” Proceedings of the 17th National Computer Security Conference pp. 11–21 (Oct. 1994).
  1114. C. Kuo, S. Romanosky, and L. F. Cranor. “Human Selection of Mnemonic Phrase-Based Passwords,” Proceedings of the Second Symposium on Usable Privacy and Security pp. 67–78 (July 2006).
    DOI: 10.1145/1143120.1143129
  1115. J. A. Kupsch and B. P. Miller. “Manual vs. Automated Vulnerability Assessment: A Case Study,” Proceedings of the First International Workshop on Managing Insider Security Threats pp. 83–97 (June 2009)
    URL: http://pages.cs.wisc.edu/~kupsch/va/ManVsAutoVulnAssessment.pdf
  1116. D. Kushner. “The Real Story of Stuxnet,” IEEE Spectrum 50(3) pp. 48–53 (Mar. 2013).
    DOI: 10.1109/MSPEC.2013.6471059
  1117. R. Küsters, T. Truderung, B. Beckert, D. Bruns, M. Kirsten, and M. Mohr. “A Hybrid Approach for Proving Noninterference of Java Programs,” Proceedings of the 28th Computer Security Foundations Symposium pp. 305–319 (July 2015).
    DOI: 10.1109/CSF.2015.28
  1118. U. Kuter and J. Golbeck. “Using Probabilistic Confidence Models for Trust Inference in Web-Based Social Networks,” ACM Transactions on Internet Technologies 10(2) pp. 8:1–8:23 (May 2010).
    DOI: 10.1145/1754393.1754397
  1119. A. Kwon, M. AlSabah, D. Lazar, M. Dacier, and S. Devadas. “Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services,” Proceedings of the 24th USENIX Security Symposium pp. 287–302 (Aug. 2015)
    URL: https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/kwon
  1120. U. Lah and J. R. Lewis. “How Expertise Affects a Digital-Rights-Management-Sharing Application’s Usability,” IEEE Software 33(3) pp. 76–82 (May 2016).
    DOI: 10.1109/MS.2015.104
  1121. H. Lai, F. Ganjeizadeh, P. K. Jayachandran, and P. Ozcan. “A Statistical Analysis of the Effects of Scrum and Kanban on Software Development Projects,” Robotics and Computer-Integrated Manufacturing 43 pp. 59–67 (Feb. 2017).
    DOI: 10.1016/j.rcim.2015.12.001
  1122. J. Lai and W. Kou. “Self-Generated-Certificate Public Key Encryption Without Pairing,” Proceedings of the 10th International Conference on Practice and Theory in Public-Key Cryptography (Lecture Notes in Computer Science 4450) pp. 476–489 (Apr. 2007).
    DOI: 10.1007/978-3-540-71677-8_31
  1123. N. Lai and T. Grey. “Strengthening Discretionary Access Controls to Inhibit Trojan Horses and Computer Viruses,” Proceedings of the 1988 Summer USENIX Conference pp. 275–286 (June 1988).
  1124. X. Lai and J. L. Massey. “A Proposal for a New Block Encryption Standard,” Advances in Cryptology — EUROCRYPT ’90 (Lecture Notes in Computer Science 473) pp. 389–404 (1991).
    DOI: 10.1007/3-540-46877-3_35
  1125. X. Lai, J. L. Massey, and S. Murphy. “Markov Ciphers and Differential Cryptanalysis,” Advances in Cryptology — EUROCRYPT ’91 (Lecture Notes in Computer Science 547) pp. 17–38 (Apr. 1991).
    DOI: 10.1007/3-540-46416-6_2
  1126. K. Lakkaraju and A. Slagell. “Evaluating the Utility of Anonymized Network Traces for Intrusion Detection,” Proceedings of the Fourth International Conference on Security and Privacy in Communication Networks pp. 17:1–17:8 (Sep. 2008).
    DOI: 10.1145/1460877.1460899
  1127. K. Lakshminarayanan, D. Adkins, A. Perrig, and I. Stoica. “Securing User-Controlled Routing Infrastructures,” IEEE/ACM Transactions on Networking 16(3) pp. 549–561 (June 2008).
    DOI: 10.1109/TNET.2007.903980
  1128. B. A. LaMacchia and A. M. Odlyzko. “Computation of Discrete Logarithms in Prime Fields,” Designs, Codes and Cryptography 1(1) pp. 47–62 (1991).
    DOI: 10.1007/BF00123958
  1129. L. Lamport. “Time, Clocks, and the Ordering of Events in a Distributed System,” Communications of the ACM 21(7) pp. 558–565 (July 1978).
    DOI: 10.1145/359545.359563
  1130. L. Lamport. “Password Authentication with Insecure Communication,” Communications of the ACM 24(11) pp. 770–772 (Nov. 1981).
    DOI: 10.1145/358790.358797
  1131. B. W. Lampson. “A Note on the Confinement Problem,” Communications of the ACM 16(10) pp. 613–615 (Oct. 1973).
    DOI: 10.1145/362375.362389
  1132. B. W. Lampson. “Protection,” ACM SIGOPS Operating Systems Review 8(1) pp. 18–24 (Jan. 1974).
    DOI: 10.1145/775265.775268
  1133. C. E. Landwehr. “Formal Models for Computer Security,” ACM Computing Surveys 13(3) pp. 247–278 (Sep. 1981).
    DOI: 10.1145/356850.356852
  1134. C. E. Landwehr, A. R. Bull, J. P. McDermott, and W. S. Choi. “A Taxonomy of Computer Program Security Flaws,” ACM Computing Surveys 26(3) pp. 211–254 (Sep. 1994).
    DOI: 10.1145/185403.185412
  1135. C. E. Landwehr and D. M. Goldschlag. “Security Issues in Networks with Internet Access,” Proceedings of the IEEE 85(12) pp. 2034–2051 (Dec. 1997).
    DOI: 10.1109/5.650183
  1136. C. E. Landwehr, C. L. Heitmeyer, and J. McLean. “A Security Model for Military Message Systems,” ACM Transactions on Computer Systems 2(3) pp. 198–222 (Aug. 1984).
    DOI: 10.1145/989.991
  1137. R. Langner. “Stuxnet: Dissecting a Cyberwarfare Weapon,” IEEE Security & Privacy 9(3) pp. 49–51 (May 2011).
    DOI: 10.1109/MSP.2011.67
  1138. L. J. LaPadula. “The ‘Basic Security Theorem’ of Bell and LaPadula Revisited,” unpublished (Apr. 1988); handout from the First Computer Security Foundations Workshop.
  1139. M. V. Larsen and F. Gont. Port Randomization Recommendations, RFC 6056 (Jan. 2011).
    DOI: 10.17487/RFC6056
  1140. B. Lau and V. Svajcer. “Measuring Virtual Machine Detection in Malware Using DSD Tracer,” Journal in Computer Virology 6(3) pp. 181–195 (Aug. 2010).
    DOI: 10.1007/s11416-008-0096-y
  1141. L. Laudan. The Book of Risks: Fascinating Facts About the Chances We Take Every Day, John Wiley and Sons, New York, NY, USA (1994).
    ISBN: 978-0-471-31034-1
  1142. B. Laurie, G. Sisson, R. Arends, and D. Blacka. DNS Security (DNSSEC) Hashed Authenticated Denial of Existence, RFC 5155 (Mar. 2008).
    DOI: 10.17487/RFC5155
  1143. G. Lawton. “Biometrics: A New Era in Security,” IEEE Computer 31(8) pp. 16–18 (Aug. 1998).
    DOI: 10.1109/MC.1998.707612
  1144. G. Lawton. “On the Trail of the Conficker Worm,” IEEE Computer 42(6) pp. 19–22 (June 2009).
    DOI: 10.1109/MC.2009.198
  1145. F. Leder and T. Werner. Know Your Enemy: Containing Conficker To Take A Malware, Technical Report, The Honeynet Project (Apr. 2009)
    URL: http://www.honeynet.org/papers/conficker
  1146. H. C. J. Lee and V. L. L. Thing. “Port Hopping for Resilient Networks,” Proceedings of the 60th IEEE Vehicular Technology Conference pp. 3291–3295 (Sep. 2004).
    DOI: 10.1109/VETECF.2004.1404672
  1147. J. K. Lee and Y. M. Kim. “Lessons Learned from Practical Independent Verification and Validation Based on IEEE 1012,” Journal of Software Engineering and Applications 5 pp. 810–815 (Oct. 2012).
    DOI: 10.4236/jsea.2012.510093
  1148. T. M. P. Lee. “Using Mandatory Integrity to Enforce `Commercial’ Security,” Proceedings of the 1988 IEEE Symposium on Security and Privacy pp. 140–146 (Apr. 1988).
    DOI: 10.1109/SECPRI.1988.8106
  1149. X. Lee, W. Mao, E. Chen, N.-W. Hsu, and J. C. Klensin. Registration and Administration Recommendations for Chinese Domain Names, RFC 4713 (Oct. 2006).
    DOI: 10.17487/RFC4713
  1150. J. Lemon. “Resisting SYN Flood DoS Attacks with a SYN Cache,” Proceedings of the BSDCon 2002 Conference (Feb. 2002)
    URL: https://www.usenix.org/legacy/events/bsdcon02/lemon.html
  1151. A. K. Lenstra, J. P. Hughes, M. Augier, J. W. Bos, T. Kleinjung, and C. Wachter. “Public Keys,” Advances in Cryptology — CRYPTO 2012 (Lecture Notes in Computer Science 7417) pp. 626–642 (Aug. 2012).
    DOI: 0.1007/978-3-642-32009-5_37
  1152. A. K. Lenstra, J. P. Hughes, M. Augier, J. W. Bos, T. Kleinjung, and C. Wachter. Ron Was Wrong, Whit Is Right, Cryptology ePrint Archive Report 2012/064, International Association for Cryptologic Research (Feb. 2012).
    URL: http://ia.cr/2012/064
  1153. P. Leong and C. Tham. “UNIX Password Encryption Considered Insecure,” Proceedings of the 1991 Winter USENIX Conference pp. 269–279 (Jan. 1991)
    URL: http://www.ee.usyd.edu.au/people/philip.leong/UserFiles/File/papers/crypt_usenix91.pdf
  1154. M. Lepinski and S. Kent. An Infrastructure to Support Secure Internet Routing, RFC 6480 (Feb. 2012).
    DOI: 10.17487/RFC6480
  1155. N. G. Leveson. Safeware: System Safety and Computers, ACM Press, New York, NY, USA (1995)
    ISBN: 978-0-201-11972-5
  1156. N. G. Leveson. “Software Challenges in Achieving Space Safety,” Journal of the British Interplanetary Society 62 pp. 265–272 (July 2009)
    URL: http://hdl.handle.net/1721.1/58930
  1157. A. Levi, M. U. Caglayan, and C. K. Koc. “Use of Nested Certificates for Efficient, Dynamic, and Trust Preserving Public Key Infrastructure,” ACM Transactions on Information and System Security 7(1) pp. 21–59 (Feb. 2004).
    DOI: 10.1145/984334.984336
  1158. J. G. Levine, J. B. Grizzard, and H. L. Owen. “Detecting and Categorizing Kernel-Level Rootkits to Aid Future Detection,” IEEE Security & Privacy 4(1) pp. 24–32 (Jan. 2006).
    DOI: 10.1109/MSP.2006.11
  1159. P. H. Lewis. “TECHNOLOGY: ON THE NET; An Intel Computer Security Expert Runs Afoul of the Law. So Much for the ‘Hacker Ethic’?,” The New York Times p. D5 (Nov. 27, 1995)
    URL: https://www.nytimes.com/1995/11/27/business/technology-net-intel-computer-security-expert-runs-afoul-law-so-much-for-hacker.html
  1160. W. Ley. Watchers of the Skies: An Informal History of Astronomy from Babylon to the Space Age, Viking Press, New York, NY, USA (1966).
  1161. J. Leyden. “First Trojan Using the Sony DRM Spotted,” The Register (Nov. 2005)
    URL: http://www.theregister.co.uk/2005/11/10/sony_drm_trojan/
  1162. K.-S. Lhee and C. S. J.. “Detection of File-Based Race Conditions,” International Journal of Information Security 4(1/2) pp. 105–119 (2005).
    DOI: 10.1007/s10207-004-0068-2
  1163. H. Li and M. Singhal. “Trust Management in Distributed Systems,” IEEE Computer 40(2) pp. 45–53 (Feb. 2007).
    DOI: 10.1109/MC.2007.76
  1164. N. Li. “Local Names in SPKI/SDSI,” Proceedings of the 13th Computer Security Foundations Workshop pp. 2–15 (July 2000).
    DOI: 10.1109/CSFW.2000.856921
  1165. N. Li, T. Li, and S. Venkatasubramanian. “t-Closeness: Privacy Beyond k-Anonymity and ℓ-Diversity,” Proceedings of the IEEE 23rd International Conference on Data Engineering pp. 106–115 (Apr. 2007).
    DOI: 10.1109/ICDE.2007.367856
  1166. N. Li and M. V. Tripunitara. “On Safety in Discretionary Access Control,” Proceedings of the 2005 IEEE Symposium on Security and Privacy pp. 96–109 (May 2005).
    DOI: 10.1109/SP.2005.14
  1167. N. Li, M. V. Tripunitara, and Z. Bizri. “On Mutually Exclusive Roles and Separation-of-Duty,” ACM Transactions on Information and System Security 10(2) pp. 5:1–5:36 (May 2007).
    DOI: 10.1145/1237500.1237501
  1168. P. Li, D. Gao, and M. K. Reiter. “Mitigating Access-Driven Timing Channels in Clouds using StopWatch,” Proceedings of the 43rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks pp. 1–12 (June 2013).
    DOI: 10.1109/DSN.2013.6575299
  1169. P. Li and S. Zdancewic. “Encoding Information Flow in Haskell,” Proceedings of the 19th Computer Security Foundations Workshop pp. 16–27 (July 2006).
    DOI: 10.1109/CSFW.2006.13
  1170. Q. Li and B.-H. Juang. “Speaker Verification Using Verbal Information Verification for Automatic Enrolment,” Proceedings of the 1998 IEEE International Conference on Acoustics, Speech and Signal Processing pp. 133–136 (May 1998).
    DOI: 10.1109/ICASSP.1998.674385
  1171. Q. Li, B.-H. Juang, Q. Zhou, and C.-H. Lee. “Automatic Verbal Information Verification for User Authentication,” IEEE Transactions on Speech an Audio Processing 8(5) pp. 585–596 (Sep. 2000).
    DOI: 10.1109/89.861378
  1172. Q. Li, B.-H. Juang, Q. Zhou, and F. K. Soong. “Recent Advancements in Automatic Speaker Authentication,” IEEE Robotics & Automation Magazine 6(1) pp. 24–34 (Mar. 1999).
    DOI: 10.1109/100.755812
  1173. Y. Li, J. M. McCune, J. Newsome, A. Perrig, B. Baker, and W. Drewry. “MiniBox: A Two-Way Sandbox for x86 Native Code,” Proceedings of the 2014 USENIX Annual Technical Conference pp. 409–420 (June 2014)
    URL: https://www.usenix.org/system/files/conference/atc14/atc14-paper-li_yanlin.pdf
  1174. Z. Li and W. Wang. “Rethinking About Type-Flaw Attacks,” Proceedings of the 2010 IEEE Global Communications Conference pp. 1–5 (Dec. 2010).
    DOI: 10.1109/GLOCOM.2010.5683314
  1175. V. R. Liao, Yihua amd Vemuri. “Use of K-Nearest Neighbor Classifier for Intrusion Detection,” Computers & Security 21(5) pp. 439–448 (Oct. 2002).
    DOI: 10.1016/S0167-4048(02)00514-X
  1176. H. Lin, A. Slagell, C. Di Martino, Z. Kalbarczyk, and R. K. Iyer. “Adapting Bro into SCADA: Building a Specification-based Intrusion Detection System for the DNP3 Protocol,” Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop pp. 5:1–5:4 (Jan. 2013).
    DOI: 10.1145/2459976.2459982
  1177. H.-Y. Lin and L. Harn. “A Generalized Secret Sharing Scheme with Cheater Detection,” Advances in Cryptology — ASIACRYPT ’91 (Lecture Notes in Computer Science 739) pp. 149–158 (Nov. 1991).
    DOI: 10.1007/3-540-57332-1_12
  1178. S.-H. Lin, S.-Y. Kung, and L.-J. Lin. “Face Recognition/Detection by Probabilistic Decision-Based Neural Network,” IEEE Transactions on Neural Networks 8(1) pp. 114–132 (Jan. 1997).
    DOI: 10.1109/72.554196
  1179. T. Y. Lin. “Chinese Wall Security Policy—An Aggressive Model,” Proceedings of the Fifth Annual Computer Security Applications Conference pp. 282–289 (Dec. 1989).
    DOI: 10.1109/CSAC.1989.81064
  1180. T. Y. Lin. “Chinese Wall Security Policy Models: Information Flows and Confining Trojan Horses,” Proceedings of the IFIP TC11/WG11.3 17th Annual Working Conference on Data and Applications Security (IFIP International Federation for Information Processing 142) pp. 275–287 (Aug. 2003).
    DOI: 10.1007/1-4020-8070-0_20
  1181. T. Y. Lin. “Chinese Wall Security Policy—Revisited A Short Proof,” Proceedings of the 2007 IEEE International Conference on Systems, Man and Cybernetics pp. 3027–3028 (Oct. 2007).
    DOI: 10.1109/ICSMC.2007.4414179
  1182. O. Linda, T. Vollmer, and M. Manic. “Neural Network Based Intrusion Detection System for Critical Infrastructures,” Proceedings of the 2009 International Joint Conference on Neural Networks pp. 1827–1834 (June 2009).
    DOI: 10.1109/IJCNN.2009.5178592
  1183. R. R. Linde. “Operating System Penetration,” Proceedings of the AFIPS ’75 National Computer Conference pp. 361–268 (May 1975).
    DOI: 10.1145/1499949.1500018
  1184. R. R. Linde, C. Weissman, and C. E. Fox. “The ADEPT-50 Time Sharing System,” Proceedings of the AFIPS ’69 Fall Joint Computer Conference pp. 39–50 (Nov. 1969).
    DOI: 10.1145/1478559.1478564
  1185. T. Lindholm, F. Yellin, G. Bracha, and A. BuckleyThe Java Virtual Machine Specification, Addison-Wesley Professional, Boston, MA, USA (May 2014)
    ISBN: 978-0-13-390590-8
  1186. U. Lindqvist and E. Jonsson. “How to Systematically Classify Computer Security Intrusions,” Proceedings of the 1997 IEEE Symposium on Security and Privacy pp. 154–163 (May 1997).
    DOI: 10.1109/SECPRI.1997.601330
  1187. U. Lindqvist, T. Olovsson, and E. Jonsson. “An Analysis of a Secure System Based on Trusted Components,” Proceedings of the 11th Annual Conference on Computer Assurance pp. 213–223 (Aug. 1996).
    DOI: 10.1109/CMPASS.1996.507889
  1188. Z. Ling, J. Luo, W. Yu, X. Fu, W. Jia, and W. Zhao. “Protocol-Level Attacks Against Tor,” Computer Networks 57(4) pp. 869–886 (Mar. 2013).
    DOI: 10.1016/j.comnet.2012.11.005
  1189. J. Linn. Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures, RFC 1421 (Feb. 1993).
    DOI: 10.17487/RFC1421
  1190. J. Linn and M. Nyström. “Attribute Certification: an Enabling Technology for Delegation and Role-Based Controls in Distributed Environments,” Proceedings of the Fourth ACM Workshop on Role-Based Access Controls pp. 121–130 (Oct. 1999).
    DOI: 10.1145/319171.319183
  1191. S. Lipner. “Twenty Years of Evaluation Criteria and Commercial Technology,” Proceedings of the 1999 IEEE Symposium on Security and Privacy pp. 111–112 (May 1999).
    DOI: 10.1109/SECPRI.1999.766905
  1192. S. B. Lipner. “A Comment on the Confinement Problem,” Proceedings of the Fifth ACM Symposium on Operating Systems Principles (SOSP ’75) pp. 192–196 (Dec. 1975).
    DOI: 10.1145/800213.806537
  1193. S. B. Lipner. “Non-Discretionary Controls for Commercial Applications,” Proceedings of the 1982 IEEE Symposium on Security and Privacy pp. 2–10 (Apr. 1982).
    DOI: 10.1109/SP.1982.10022
  1194. R. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das. “The 1999 DARPA Off-Line Intrusion Detection Evaluation,” Computer Networks 34(4) pp. 579–595 (Oct. 2000).
    DOI: 10.1016/S1389-1286(00)00139-0
  1195. R. P. Lippmann, D. J. Fried, I. Graf, J. W. Haines, K. R. Kendall, D. McClung, D. Weber, S. E. Webster, D. Wyschogrod, R. K. Cunningham, and M. A. Zissman. “Evaluating Intrusion Detection Systems: The 1998 DARPA Off-line Intrusion Detection Evaluation,” Proceedings of the 2000 DARPA Information Survivability Conference and Exposition 2 pp. 12–26 (Jan. 2000).
    DOI: 10.1109/DISCEX.2000.821506
  1196. R. J. Lipton and T. A. Budd. “On Classes of Protection Systems,” in [533], pp. 281–291.
  1197. R. J. Lipton and L. Snyder. “A Linear Time Algorithm for Deciding Subject Security,” Journal of the ACM 24(3) pp. 455–464 (July 1977).
    DOI: 10.1145/322017.322025
  1198. A. Liska and T. Gallo. Ransomware: Defending Against Digital Extortion, O’Reilly Media, Sebastopol, CA, USA (2016).
    ISBN: 978-1-4919-6788-1
  1199. J. Littman. The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen, Little, Brown and Company, Boston, MA, USA (1997).
    ISBN: 978-0-316-52857-3
  1200. A. X. Liu. “Firewall Policy Verification and Troubleshooting,” Computer Networks 53(16) pp. 2800–2809 (Nov. 2009).
    DOI: 10.1016/j.comnet.2009.07.003
  1201. V. B. Livshits and M. S. Lam. “Finding Security Vulnerabilities in Java Applications with Static Analysis,” Proceedings of the 15th USENIX Security Symposium pp. 271–286 (July 2005)
    URL: https://www.usenix.org/legacy/events/sec05/tech/livshits.html
  1202. J. Lobo, R. Bhatia, and S. Naqvi. “A Policy Description Language,” Proceedings of the 16th National Conference on Artificial Intelligence pp. 291–298 (July 1999).
  1203. M. Lochter and J. Merkle. Elliptic Curve Cryptography (ECC) Brainpool Standard: Curves and Curve Generation, RFC 5639 (Mar. 2010)
    URL: http://www.rfc-editor.org/rfc/rfc5639.txt
  1204. S. W. Lodin and C. L. Schuba. “Firewalls Fend Off Invasions from the Net,” IEEE Spectrum 35(2) pp. 26–34 (Feb. 1998).
    DOI: 10.1109/6.648669
  1205. B. W. Long. “Formal Verification of Type Flaw Attacks in Security Protocols,” Proceedings of the Tenth Asia-Pacific Software Engineering Conference pp. 415–424 (Dec. 2003).
    DOI: 10.1109/APSEC.2003.1254397
  1206. J. Long and J. Wiles. No-Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing, Syngress Publishing, Inc., Burlington, MA, USA (2008)
    ISBN: 978-1-59749-215-7
  1207. D. Longley and S. Rigby. “An Automatic Search for Security Flaws in Key Management Schemes,” Computers & Security 11(1) pp. 75–89 (Mar. 1992).
    DOI: 10.1016/0167-4048(92)90222-D
  1208. L. López and J. Carracedo. “Hierarchical Organization of Certification Authorities for Secure Environments,” Proceedings of the 1997 Symposium on Network and Distributed System Security pp. 112–121 (Feb. 1997).
    DOI: 10.1109/NDSS.1997.579229
  1209. H. Lu, J. Rose, Y. Liu, A. Awad, and L. Hou. “Combining Mouse and Eye Movement Biometrics for User Authentication,” in Information Security Practices, edited by I. Traoré, A. Awad, and I. Woungang, Springer, Berlin, Germany pp. 55–71 (2017). pp. 55–71.
    DOI: 10.1007/978-3-319-48947-6_5
  1210. H. Lu, J. Vaidya, and V. Atluri. “An Optimization Framework for Role Mining,” Journal of Computer Security 22(1) pp. 1–31 (Jan. 2014).
    DOI: 10.3233/JCS-130484
  1211. J. Lu, O. Dunkelman, N. Keller, and J. Kim. “New Impossible Differential Attacks on AES,” Proceedings of the Ninth International Conference on Cryptology in India: Progress in Cryptology — INDOCRYPT 2008 (Lecture Notes in Computer Science 5365) pp. 279–293 (Dec. 2008).
    DOI: 10.1007/978-3-540-89754-5_22
  1212. L. Lu, Z. Li, Z. Wu, W. Lee, and G. Jiang. “CHEX: Statically Vetting Android Apps for Component Hijacking Vulnerabilities,” Proceedings of the 19th ACM SIGSAC Conference on Computer and Communications Security pp. 229–240 (Nov. 2012).
    DOI: 10.1145/2382196.2382223
  1213. M. W. Lucas. PGP & GPG: Email for the Practical Paranoid, No Starch Press, San Francisco, CA, USA (Apr. 2006)
    ISBN: 978-1-59327-071-2
  1214. M. W. Lucas. Sudo Mastery: User Access Control for Real People, CreateSpace Independent Publishing Platform, Scotts Valley, CA, USA (2013)
    ISBN: 978-1-4936-2620-5
  1215. S. Lucks. “Attacking Triple Encryption,” Proceedings of the Fifth International Workshop on Fast Software Encryption (Lecture Notes in Computer Science) pp. 239–253 (Mar. 1998).
    DOI: 10.1007/3-540-69710-1_16
  1216. M. A. Ludwig. The Giant Black Book of Computer Viruses, American Eagle Publishers, Phoenix, AZ, USA (2009)
    ISBN: 978-1-4414-0712-2
  1217. A. Lumini and L. Nanni. “Overview of the Combination of Biometric Matchers,” Information Fusion 33 pp. 71–85 (Jan. 2017).
    DOI: 10.1016/j.inffus.2016.05.003
  1218. E. Lundin and E. Jonsson. “Anomaly-Based Intrusion Detection: Privacy Concerns and Other Problems,” Computer Networks 34(4) pp. 623–640 (Oct. 2000).
    DOI: 10.1016/S1389-1286(00)00134-1
  1219. T. F. Lunt and R. Jagannathan. “A Prototype Real-Time Intrusion-Detection Expert System,” Proceedings of the 1988 IEEE Symposium on Security and Privacy pp. 59–66 (Apr. 1988).
    DOI: 10.1109/SECPRI.1988.8098
  1220. X. Luo, E. W. W. Chan, and R. K. C. Chang. “Detecting Pulsing Denial-of-Service Attacks with Nondeterministic Attack Intervals,” EURASIP Journal on Advances in Signal Processing 2009 (Mar. 2009).
    DOI: 10.1155/2009/256821
  1221. X. Luo and R. K. C. Chang. “On a New Class of Pulsing Denial-of-Service Attacks and the Defense,” Proceedings of the 2005 Symposium on Network and Distributed System Security (Feb. 2005)
    URL: https://www.ndss-symposium.org/ndss2005/new-class-pulsing-denial-service-attacks-and-defense/
  1222. E. Lupu, N. Sloman, N. Dulay, and N. Damianou. “Ponder: Realizing Enterprise Viewpoint Concepts,” Proceedings of the Fourth International Enterprise Distributed Object Computing Conference pp. 66–75 (Sep. 2000).
    DOI: 10.1109/EDOC.2000.882345
  1223. R. R. Lutz. “Analyzing Software Requirements Errors in Safety-Critical, Embedded Systems,” Proceedings of the 1993 IEEEE International Symposium on Requirements Engineering pp. 126–133 (Jan. 1993).
    DOI: 10.1109/ISRE.1993.324825
  1224. R. R. Lutz and I. C. Mikulski. “Requirements Discovery During the Testing of Safety-Critical Software,” Proceedings of the 25th International Conference on Software Engineering pp. 578–583 (May 2003).
    DOI: 10.1109/ICSE.2003.1201240
  1225. L. Lymberopoulos, E. Lupu, and M. Sloman. “PONDER Policy Implementation and Validation in a CIM and Differentiated Services Framework,” Proceedings of the 2004 IEEE/IFIP Network Operations and Management Symposium pp. 31–44 (Apr. 2004).
    DOI: 10.1109/NOMS.2004.1317639
  1226. G. F. Lyon. Nmap Network Scanning, Insecure.Com, Sunnyvale, CA, USA (2008)
    ISBN: 978-0-9799587-1-7
  1227. D. Ma and G. Tsudik. “A New Approach to Secure Logging,” ACM Transactions on Storage p. 1 (Mar. 2009).
    DOI: 10.1145/1502777.1502779
  1228. A. Machanavajjhala, D. Kifer, J. Gehrke, and M. Venkitasubramaniam. “ℓ-Diversity: Privacy Beyond k-Anonymity,” ACM Transactions on Knowledge Discovery from Data 1(1) pp. 3:1–3:52 (Mar. 2007).
    DOI: 10.1145/1217299.1217302
  1229. P. MacKenzie, S. Patel, and R. Swaminathan. “Password-Authenticated Key Exchange Based on RSA,” International Journal of Information Security 9(6) pp. 387–410 (Dec. 2010).
    DOI: 10.1007/s10207-010-0120-3
  1230. A. Mackie, J. Roculan, R. Russell, and M. Van Velzen. NIMDA Worm Analysis, Version 2, Incident Analysis Report, SecurityFocus, San Mateo, CA, USA (Sep. 2001)
    URL: http://dpnm.postech.ac.kr/research/04/nsri/papers/010919-Analysis-Nimda.pdf
  1231. J. Madden, B. McMillin, and A. Sinha. “Environmental Obfuscation of a Cyber Physical System — Vehicle Example,” Proceedings of the 34th Annual IEEE Computer Software and Application Conference Workshops pp. 176–181 (July 2010).
    DOI: 10.1109/COMPSACW.2010.39
  1232. A. Madhavapeddy and D. J. Scott. “Unikernels: The Rise of the Virtual Library Operating System,” Communications of the ACM p. 1 (Jan. 2014).
    DOI: 10.1145/2541883.2541895
  1233. F. Maggi, S. Zanero, and V. Iozzo. “Seeing the Invisible: Forensic Uses of Anomaly Detection and Machine Learning,” ACM SIGOPS Operating Systems Review 42(3) pp. 51–58 (Apr. 2008).
    DOI: 10.1145/1368506.1368514
  1234. S. Maguire. Writing Solid Code, Braughler Books, Dayton, OH, USA (2013).
    ISBN: 978-1-57074-055-8
  1235. A. Mahimkar and V. Shmatikov. “Game-Based Analysis of Denial-of-Service Prevention Protocols,” Proceedings of the 18th Computer Security Foundations Workshop pp. 287–301 (June 2005).
    DOI: 10.1109/CSFW.2005.18
  1236. P. K. Mahoney, Matthew V. abd Chan. “An Analysis of the 1999 DARPA/Lincoln Laboratory Evaluation Data for Network Anomaly Detection,” Proceedings of the Sixth International Workshop on Recent Advances in Intrusion Detection (Lecture Notes in Computer Science 2820) pp. 220–237 (2003).
    DOI: 10.1007/978-3-540-45248-5_13
  1237. W. H. Maisel and T. Kohno. “Improving the Security and Privacy of Implantable Medical Devices,” New England Journal of Medicine 362 pp. 1164–1166 (Apr. 2010).
    DOI: 10.1056/NEJMp1000745
  1238. D. Malkhi and M. K. Reiter. “Secure Execution of Java Applets Using a Remote Playground,” IEEE Transactions on Software Engineering 26(12) pp. 1197–1209 (Dec. 2000).
    DOI: 10.1109/32.888632
  1239. P. K. Manadhata and J. M. Wing. “An Attack Surface Metric,” IEEE Transactions on Software Engineering 37(3) pp. 371–386 (May 2011).
    DOI: 10.1109/TSE.2010.60
  1240. S. Mangard. “Hardware Countermeasures against DPA — A Statistical Analysis of Their Effectiveness,” Topics in Cryptology — The Cryptographers’ Track at the RSA Conference 2004 (Lecture Notes in Computer Science 2964) pp. 222–235 (Feb. 2004).
    DOI: 10.1007/978-3-540-24660-2_18
  1241. J. Manico and A. Detlefsen. Iron-Clad Java: Building Secure Web Applications, McGraw-Hill Education, New York, NY, USA (2014)
    ISBN: 978-0-07-1835886
  1242. R. Manley, P. Magrath, and D. Gregg. “Code Generation for Hardware Accelerated AES,” Proceedings of the 21st International Conference on Application-Specific Systems Architectures and Processors pp. 345–348 (July 2010).
    DOI: 10.1109/ASAP.2010.5540955
  1243. D. E. Mann and S. M. Christey. “Towards a Common Enumeration of Vulnerabilities,” Proceedings of the Second Workshop on Research with Vulnerability Databases (Jan. 1999)
    URL: http://www.cve.mitre.org/docs/docs-2000/towards.ps
  1244. I. Mann. Hacking the Human: Social Engineering Techniques and Security Countermeasures, Gower Publishing Co., Burlington, VT, USA (2008)
    ISBN: 978-0-566-08773-8
  1245. F. Mansmann, T. Göbel, and W. Cheswick. “Visual Analysis of Complex Firewall Configurations,” Proceedings of the Ninth International Symposium on Visualization for Cyber Security pp. 1–8 (Oct. 2012).
    DOI: 10.1145/2379690.2379691
  1246. H. Mantel. “On the Composition of Secure Systems,” Proceedings of the 2002 IEEE Symposium on Security and Privacy pp. 88–101 (May 2002).
    DOI: 10.1109/SECPRI.2002.1004364
  1247. H. Mantel and H. Sudbrock. “Comparing Countermeasures against Interrupt-Related Covert Channels in an Information-Theoretic Framework,” Proceedings of the 20th Computer Security Foundations Workshop pp. 326–340 (July 2007).
    DOI: 10.1109/CSF.2007.14
  1248. W. Mao. Modern Cryptography: Theory and Practice, Pearson Education, Upper Saddle River, NJ, USA (2004)
    ISBN: 978-0-132-88741-0
  1249. E. Marasco and A. Ross. “A Survey on Antispoofing Schemes for Fingerprint Recognition Systems,” ACM Computing Surveys 47(2) pp. 28:1–28:36 (Jan. 2015).
    DOI: 10.1145/2617756
  1250. N. B. Margolin, B. N. Levine, J. D. Miller, and M. Wright. “Economic Incentives for Protecting Digital Rights Online,” Electronic Commerce Research and Applications 10(5) pp. 553–564 (Sep. 2011).
    DOI: 10.1016/j.elerap.2010.12.006
  1251. C. Mariño, M. G. Penedo, M. Penas, M. J. Carreira, and F. Gonzalez. “A Novel Method for Person Authentication using Retinal Images,” Pattern Analysis and Applications 9(1) p. 21 (May 2006).
    DOI: 10.1007/s10044-005-0022-6
  1252. S. Marinovic, N. Dulay, and M. Sloman. “Rumpole: An Introspective Break-Glass Access Control Language,” ACM Transactions on Information and System Security 17(1) pp. 2:1–2:32 (Aug. 2014).
    DOI: 10.1145/2629502
  1253. T. Markham and C. Williams. “Key Recovery Header for IPSEC,” Computers & Security 19(1) pp. 86–90 (Jan. 2000).
    DOI: 10.1016/S0167-4048(00)86367-1
  1254. M. Marlinspike and T. Perrin. The X3DH Key Agreement Protocol (Nov. 2016)
    URL: https://signal.org/docs/specifications/x3dh/
  1255. K. Martin and I. S. Moskowitz. “Noisy Timing Channels with Binary Inputs and Outputs,” Proceedings of the Eighth International Workshop on Information Hiding (Lecture Notes in Computer Science 4437) pp. 124–144 (July 2006).
    DOI: 10.1007/978-3-540-74124-4_9
  1256. R. A. Martin, S. M. Christey, and J. Jarzombek. “The Case for Common Flaw Enumeration,” Proceedings of the 2006 NIST Workshop on Software Security Assurance Tools, Techniques, and Metrics (NIST Special Publication 500-265) pp. 29–35 (Feb. 2006).
    URL: https://hissa.nist.gov/ black/Papers/NIST
  1257. R. C. Martin. Clean Code: A Handbook of Agile Software Craftsmanship, Prentice-Hall, Inc., Upper Saddle River, NJ, USA (2009).
    ISBN: 978-0-13-235088-4
  1258. D. M. Martin Jr., S. Rajagopalan, and A. D. Rubin. “Blocking Java Applets at the Firewall,” Proceedings of the 1997 Symposium on Network and Distributed System Security pp. 16–26 (Feb. 1997).
    DOI: 10.1109/NDSS.1997.579215
  1259. N. Matloff and P. J. Salzman. The Art of Debugging with GDB, DDD, and Eclipse, No Starch Press, San Francisco, CA, USA (Sep. 2008)
    ISBN: 978-1-59327-174-9
  1260. A. A. Matos. “Non-Disclosure for Distributed Mobile Code,” Proceedings of the 25th International Conference on Foundations of Software Technology and Theoretical Computer Science (Lecture Notes in Computer Science 3821) pp. 177–188 (Dec. 2005).
    DOI: 10.1007/11590156_14
  1261. M. Matsui. “Linear Cryptanalysis Method for DES Cipher,” Advances in Cryptology — EUROCRYPT ’93 (Lecture Notes in Computer Science 765) pp. 386–397 (May 1993).
    DOI: 10.1007/3-540-48285-7_33
  1262. M. Matsui. “The First Experimental Cryptanalysis of the Data Encryption Standard,” Advances in Cryptology — CRYPTO ’94 (Lecture Notes in Computer Science 839) pp. 1–11 (1994).
    DOI: 10.1007/3-540-48658-5_1
  1263. M. Matsumoto, S. Kitamura, and M. Sato. “High Assurance Technologies for Autonomous Decentralized Train Control System,” Proceedings of the Sixth IEEE International Symposium on High Assurance Systems Engineering pp. 220–227 (Oct. 2001).
    DOI: 10.1109/HASE.2001.966822
  1264. J. Mattsson and M. Westerlund. “Authentication Key Recovery on Galois/Counter Mode (GCM),” Progress in Cryptology — AFRICACRYPT 2016 (Lecture Notes in Computer Science 9646) pp. 127–143 (Apr. 2016).
    DOI: 10.1007/978-3-319-31517-1_7
  1265. S. M. Matyas and C. H. Meyer. “Generation, Distribution, and Installaton of Cryptographic Keys,” IBM Systems Journal 17(2) pp. 126–137 (Aug. 1978).
    DOI: 10.1147/sj.172.0126
  1266. S. Mauw and M. Oostdijk. “Foundations of Attack Trees,” Proceedings of the Eighth International Conference on Information Security and Cryptology (Lecture Notes in Computer Science 3935) pp. 186–198 (Dec. 2005).
    DOI: 10.1007/11734727_17
  1267. A. Maximov. “Two Linear Distinguishing Attacks on VMPC and RC4A and Weakness of RC4 Family of Stream Ciphers,” Proceedings of the 12th International Workshop on Fast Software Encryption (Lecture Notes in Computer Science 3557) pp. 329–345 (Feb. 2005).
    DOI: 10.1007/11502760_23
  1268. A. Maximov and A. Biryukov. “Two Trivial Attacks on Trivium,” Proceedings of the 14th International Workshop on Selected Areas in Cryptography (Lecture Notes in Computer Science 4876) pp. 36–55 (Aug. 2007).
    DOI: 10.1007/978-3-540-77360-3_3
  1269. A. Maximov and D. Khovratovich. “New State Recovery Attack on RC4,” Advances in Cryptology — CRYPTO 2008 (Lecture Notes in Computer Science 5157) pp. 297–316 (Aug. 2008).
    DOI: 10.1007/978-3-540-85174-5_17
  1270. R. A. Maxion and K. M. C. Tan. “Benchmarking Anomaly-Based Detection Systems,” Proceedings of the 2000 International Conference on Dependable Systems and Networks pp. 623–630 (June 2000).
    DOI: 10.1109/ICDSN.2000.857599
  1271. A. Mayer, A. Wool, and E. Ziskind. “Fang: A Firewall Analysis Engine,” Proceedings of the 2000 IEEE Symposium on Security and Privacy pp. 177–187 (May 2000).
    DOI: 10.1109/SECPRI.2000.848455
  1272. P. Maymounkov and D. Mazières. “Kademlia: A Peer-to-Peer Information System Based on the XOR Metric,” Proceedings of the First International Workshop on Peer-to-Peer Systems (Lecture Notes in Computer Science 2429) pp. 53–65 (Mar. 2002).
    DOI: 10.1007/3-540-45748-8_5
  1273. D. Mazières and M. F. Kaashoek. “The Design, Implementation and Operation of an Email Pseudonym Server,” Proceedings of the Fifth ACM Conference on Computer and Communications Security pp. 27–36 (Oct. 1998).
    DOI: 10.1145/288090.288098
  1274. P. Mazzoleni, B. Crispo, S. Sivasubramanian, and E. Bertino. “XACML Policy Integration Algorithms,” ACM Transactions on Information and System Security 11(1) pp. 4:1–4:29 (Feb. 2008).
    DOI: 10.1145/1330295.1330299
  1275. S. McCanne and V. Jacobson. “The BSD Packet Filter: A New Architecture for User-Level Packet Capture,” Proceedings of the 1993 Winter USENIX Conference pp. 259–270 (Jan. 1993)
    URL: https://www.usenix.org/conference/usenix-winter-1993-conference/bsd-packet-filter-new-architecture-user-level-packet
  1276. C. J. McCollum, J. R. Messing, and L. Notargiacomo. “Beyond the Pale of MAC and DAC - Defining New Forms of Access Control,” Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy pp. 190–200 (May 1990).
    DOI: 10.1109/RISP.1990.63850
  1277. S. McConnell. Code Complete: A Practical Handbook of Software Construction, Microsoft Press, Redmond, WA, USA (2004)
    ISBN: 987-0-7356-1967-8
  1278. D. McCullagh. DVD Lawyers Make Secret Public (Jan. 2000)
    URL: http://www.wired.com/politics/law/news/2000/01/33922
  1279. D. McCullough. “Specifications for Multi-Level Security and a Hook-Up Property,” Proceedings of the 1987 IEEE Symposium on Security and Privacy pp. 161–166 (Apr. 1987).
    DOI: 10.1109/SP.1987.10009
  1280. D. McCullough. “Noninterference and the Composability of Security Properties,” Proceedings of the 1988 IEEE Symposium on Security and Privacy pp. 177–186 (Apr. 1988).
    DOI: 10.1109/SECPRI.1988.8110
  1281. P. McDaniel and A. Prakash. “Methods and Limitations of Security Policy Reconciliation,” ACM Transactions on Information and System Security 9(3) pp. 259–291 (Aug. 2006).
    DOI: 10.1145/1178618.1178620
  1282. J. A. McDermid and Q. Shi. “Secure Composition of Systems,” Proceedings of the Eighth Annual Computer Security Applications Conference pp. 112–122 (Nov. 1992).
    DOI: 10.1109/CSAC.1992.228228
  1283. J. McDermott and C. Fox. “Using Abuse Case Models for Security Requirements Analysis,” Proceedings of the 15th Annual Computer Security Applications Conference pp. 55–64 (Dec. 1999).
    DOI: 10.1109/CSAC.1999.816013
  1284. J. P. McDermott. “Attack Net Penetration Testing,” Proceedings of the 2000 Workshop on New Security Paradigms pp. 15–21 (2000).
    DOI: 10.1145/366173.366183
  1285. D. L. McDonald, R. J. Atkinson, and C. Metz. “One Time Passwords In Everything (OPIE): Experiences with Building and Using Stronger Authentication,” Proceedings of the Fifth USENIX UNIX Security Symposium (June 1995)
    URL: https://www.usenix.org/legacy/publications/library/proceedings/security95/mcdonald.html
  1286. G. McGraw. “Software Assurance for Security,” IEEE Computer 32(4) pp. 103–105 (Apr. 1999).
    DOI: 10.1109/2.755011
  1287. G. McGraw. Software Security: Building Security In, Addison-Wesley, Upper Saddle River, NJ, USA (2006)
    ISBN: 978-0-201-72152-2
  1288. S. E. McGregor, E. A. Watkins, M. N. Al-Ameen, K. Caine, and F. Roesner. “When the Weakest Link is Strong: Secure Collaboration in the Case of the Panama Papers,” Proceedings of the 26th USENIX Security Symposium pp. 505–522 (Aug. 2017)
    URL: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/mcgregor
  1289. D. A. McGrew and J. Viega. The Galois/Counter Mode of Operation (GCM),” submission to NIST (Jan. 2004).
    URL: http://csrc.nist.gov/CryptoToolkit/modes/proposedmodes/gcm/gcm-spec.pdf
  1290. D. A. McGrew and J. Viega. “The Security and Performance of the Galois/Counter Mode (GCM) of Operation,” Proceedings of the Fifth International Conference on Cryptology in India: Progress in Cryptology — INDOCRYPT 2004 (Lecture Notes in Computer Science 3348) pp. 343–355 (Dec. 2004).
    DOI: 10.1007/978-3-540-30556-9_27
  1291. J. McHugh. “Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Intrusion Detection System Evaluations as Performed by Lincoln Laboratory,” ACM Transactions on Information and System Security 3(4) pp. 262–294 (Nov. 2000).
    DOI: 10.1145/382912.382923
  1292. J. McHugh. “An Information Flow Tool for Gypsy,” Proceedings of the 17th Annual Computer Security Applications Conference pp. 191–201 (Dec. 2001).
    DOI: 10.1109/ACSAC.2001.991536
  1293. M. D. McIlroy. “Virology 101,” Computing Systems 2(2) pp. 173–181 (Spring 1989).
  1294. M. K. McKusick, K. Bostic, M. J. Marels, and J. S. Quarterman. The Design and Implementation of the 4.4BSD Operating System, Addison-Wesley Professional, Reading, MA, USA (May 1996)
    ISBN: 978-0-132-31792-4
  1295. S. McLaughlin, D. Podkuiko, S. Miadzvezhanka, A. Delozier, and P. McDaniel. “Multi-Vendor Penetration Testing in the Advanced Metering Infrastructure,” Proceedings of the 26th Annual Computer Security Applications Conference pp. 107–116 (Dec. 2010).
    DOI: 10.1145/1920261.1920277
  1296. J. McLean. “A Comment on the ‘Basic Security Theorem’ of Bell and LaPadula,” Information Processing Letters 20(2) pp. 67–70 (Feb. 1985).
    DOI: 10.1016/0020-0190(85)90065-1
  1297. J. McLean. “Reasoning about Security Models,” Proceedings of the 1987 IEEE Symposium on Security and Privacy pp. 123–131 (Apr. 1987).
    DOI: 10.1109/SP.1987.10020
  1298. J. McLean. “Proving Noninterference and Functional Correctness Using Traces,” Journal of Computer Security 1(1) pp. 37–57 (1992).
    DOI: 10.3233/JCS-1992-1103
  1299. J. McLean. “A General Theory of Composition for a Class of ‘Possibilistic’ Properties,” IEEE Transactions on Software Engineering 22(1) pp. 53–67 (Jan. 1996).
    DOI: 10.1109/32.481534
  1300. J. McLean. “Is the Trusted Computing Base Concept Fundamentally Flawed?,” Proceedings of the 1997 IEEE Symposium on Security and Privacy p. 2 (May 1997).
    DOI: 10.1109/SECPRI.1997.601304
  1301. J. McLean. “Twenty Years of Formal Methods,” Proceedings of the 1999 IEEE Symposium on Security and Privacy pp. 113–114 (May 1999).
    DOI: 10.1109/SECPRI.1999.766907
  1302. D. McNutt. “Role-Based System Administration or Who, What, Where, and How,” Proceedings of the Seventh USENIX Systems Administration Conference pp. 107–112 (Nov. 1993)
    URL: http://www.usenix.org/publications/library/proceedings/lisa93/full_papers/mcnutt.pdf
  1303. W. S. McPhee. “Operating System Integrity in OS/VS2,” IBM Systems Journal 13(3) pp. 230–252 (1974).
    DOI: 10.1147/sj.133.0230
  1304. F. McSherry and R. Mahajan. “Differentially-Private Network Trace Analysis,” ACM SIGCOMM Computer Communications Review 40(4) pp. 123–134 (Aug. 2010).
    DOI: 10.1145/1851275.1851199
  1305. C. Meadows. “The Integrity Lock Architecture and Its Application to Message Systems: Reducing Covert Channels,” Proceedings of the 1987 IEEE Symposium on Security and Privacy pp. 212–218 (Apr. 1987).
    DOI: 10.1109/SP.1987.10008
  1306. C. Meadows. “Extending the Brewer-Nash Model to a Multilevel Context,” Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy pp. 95–102 (May 1990).
    DOI: 10.1109/RISP.1990.63842
  1307. C. Meadows. “The NRL Protocol Analyzer: An Overview,” Journal of Logic Programming 26(2) pp. 113–131 (Feb. 1996).
    DOI: 10.1016/0743-1066(95)00095-X
  1308. C. Meadows. “A Representation of Protocol Attacks for Risk Assessment,” in [2039], pp. 1–10.
  1309. C. Meadows. “Analysis of the Internet Key Exchange Protocol Using the NRL Protocol Analyzer,” Proceedings of the 1999 IEEE Symposium on Security and Privacy pp. 216–231 (May 1999).
    DOI: 10.1109/SECPRI.1999.766916
  1310. C. Meadows. “A Formal Framework and Evaluation Method for Network Denial of Service,” Proceedings of the 12th Computer Security Foundations Workshop pp. 4–13 (June 1999).
    DOI: 10.1109/CSFW.1999.779758
  1311. C. Meadows. “A Procedure for Verifying Security Against Type Confusion Attacks,” Proceedings of the 16th Computer Security Foundations Workshop pp. 62–72 (June 2003).
    DOI: 10.1109/CSFW.2003.1212705
  1312. C. A. Meadows. “Analyzing the Needham-Schroeder Public Key Protocol: A Comparison of Two Approaches,” Proceedings of the Fourth European Symposium on Research in Computer Security (Lecture Notes in Computer Science 1146) pp. 351–364 (Sep. 1996).
    DOI: 10.1007/3-540-61770-1_46
  1313. B. D. Medlin, K. Corley, and B. A. Romaniello. “Passwords Selected by Hospital Employees: An Investigative Study,” International Journal of Advanced Computer Science and Applications 2(11) pp. 77–81 (Nov. 2011).
  1314. G. Medvinsky and B. C. Neuman. “NetCash: A Design for Practical Electronic Currency on the Internet,” Proceedings of the First ACM Conference on Computer and Communications Security pp. 102–106 (1993).
    DOI: 10.1145/168588.168601
  1315. T. Melham. “Integrating Model Checking and Theorem Proving in a Reflective Functional Language,” Proceedings of the 2004 International Conference on Integrated Formal Methods (Lecture Notes in Computer Science 2999) pp. 36–39 (2004).
    DOI: 10.1007/978-3-540-24756-2_3
  1316. P. Mell and T. Grance. The NIST Definition of Cloud Computing, Special Publication 800-145, National Institute of Standards and Technology, Gaithersburg, MD, USA (Sep. 2011).
    DOI: 10.6028/NIST.SP.800-145
  1317. F. Mendel, T. Nad, and M. Schläffer. “Improving Local Collisions: New Attacks on Reduced SHA-256,” Advances in Cryptology — EUROCRYPT 2013 (Lecture Notes in Computer Science 7881) pp. 262–278 (May 2013).
    DOI: 10.1007/978-3-642-38348-9_16
  1318. A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography, CRC Press, Boca Raton, FL, USA (1996).
    ISBN: 978-0-849-38523-0
  1319. W. Meng, D. S. Wong, S. Furnell, and J. Zhou. “Surveying the Development of Biometric User Authentication on Mobile Phones,” IEEE Communications Surveys & Tutorials 17(3) pp. 1268–1293 (Third Quarter 2015).
    DOI: 10.1109/COMST.2014.2386915
  1320. C. G. Menk III. “System Security Engineering Capability Maturity Model and Evaluations: Partners Within the Assurance Framework,” Proceedings of the 19th National Information Systems Security Conference pp. 76–88 (Oct. 1996).
  1321. R. Mercuri. “A Better Ballot Box?,” IEEE Spectrum 39(10) pp. 46–50 (Oct. 2002).
    DOI: 10.1109/MSPEC.2002.1038569
  1322. R. C. Merkle. “Protocols for Public Key Cryptosystems,” Proceedings of the 1980 IEEE Symposium on Security and Privacy pp. 122–134 (Apr. 1980).
    DOI: 10.1109/SP.1980.10006
  1323. R. C. Merkle. “Fast Software Encryption Functions,” Advances in Cryptology — CRYPTO ’90 (Lecture Notes in Computer Science 537) pp. 477–501 (1991).
    DOI: 10.1007/3-540-38424-3_34
  1324. R. C. Merkle and M. E. Hellman. “Hiding Information and Signatures in Trapdoor Knapsacks,” IEEE Transactions on Information Theory 24(5) pp. 525–530 (Sep. 1978).
    DOI: 10.1109/TIT.1978.1055927
  1325. R. C. Merkle and M. E. Hellman. “On the Security of Multiple Encryption,” Communications of the ACM 24(7) pp. 465–467 (July 1981).
    DOI: 10.1145/358699.358718
  1326. T. S. Messerges, E. A. Dabbish, and R. H. Sloan. “Investigations of Power Analysis Attacks on Smartcards,” Proceedings of the First USENIX Workshop on Smartcard Technology pp. 151–161 (May 1999)
    URL: https://www.usenix.org/legacy/publications/library/proceedings/smartcard99/messerges.html
  1327. C. H. Meyer. “Cipherext/Plaintext and Ciphertext/Key Dependence vs. Number of Rounds for the Data Encryption Standard,” Proceedings of the AFIPS ’78 National Computer Conference pp. 1119–1126 (June 1978).
  1328. G. Meyer. The PPP Encryption Control Protocol (ECP), RFC 1968 (June 1996).
    DOI: 10.17487/RFC1968
  1329. S. L. Mhlaba. “The Efficacy of International Regulation of Transborder Data Flows: The Case for the Clipper Chip,” Government Information Quarterly 12(4) pp. 353–366 (1995).
    DOI: 10.1016/0740-624X(95)90075-6
  1330. G. G. Michaelson and M. R. Prior. Naming Guidelines for the AARNet X.500, RFC 1562 (Dec. 1993).
    DOI: 10.17487/RFC1562
  1331. C. Michel and L. Mé. “ADeLe: An Attack Description Language for Knowledge-Based Intrusion Detection,” Proceedings of the 16th IFIP International Information Security Conference (IFIP Advances in Information and Communication Technology 65) pp. 353–368 (June 2001).
    DOI: 10.1007/0-306-46998-7_25
  1332. Microsoft. Vulnerability in Server Service Could Allow Remote Code Execution (958644), Microsoft Security Bulletin MS08-67, Microsoft Corp., Redmond, WA, USA (Oct. 2008)
    URL: https://technet.microsoft.com/en-us/library/security/ms08-067.aspx
  1333. G. L. Milán, M. G. Pérez, G. M. Pérez, and A. F. G. Skarmeta. “PKI-Based Trust Management in Inter-Domain Scenarios,” Computers & Security 29(2) pp. 278–290 (Mar. 2010).
    DOI: 10.1016/j.cose.2009.08.004
  1334. A. Milenkoski, M. Vieira, S. Kounev, A. Avritzer, and B. D. Payne. “Evaluating Computer Intrusion Detection Systems: A Survey of Common Practices,” ACM Computing Surveys 48(1) pp. 12:1–12:41 (Sep. 2015).
    DOI: 10.1145/2808691
  1335. J. Millen. “20 Years of Covert Channel Modeling and Analysis,” Proceedings of the 1999 IEEE Symposium on Security and Privacy pp. 113–114 (May 1999).
    DOI: 10.1109/SECPRI.1999.766906
  1336. J. K. Millen. “The Interrogator: A Tool for Cryptographic Protocol Security,” Proceedings of the 1984 IEEE Symposium on Security and Privacy pp. 134–141 (Apr. 1984).
    DOI: 10.1109/SP.1984.10003
  1337. J. K. Millen. “Covert Channel Capacity,” Proceedings of the 1987 IEEE Symposium on Security and Privacy pp. 60–66 (Apr. 1987).
    DOI: 10.1109/SP.1987.10013
  1338. J. K. Millen. “A Resource Allocation Model for Denial of Service,” Proceedings of the 1992 IEEE Symposium on Research in Security and Privacy pp. 137–147 (May 1992).
    DOI: 10.1109/RISP.1992.213265
  1339. J. K. Millen. “Unwinding Forward Correctability,” Journal of Computer Security 3(1) pp. 35–54 (1994/1995).
    DOI: 10.3233/JCS-1994/1995-3104
  1340. J. K. Millen. “The Interrogator Model,” Proceedings of the 1995 IEEE Symposium on Security and Privacy pp. 251–260 (May 1995).
    DOI: 10.1109/SECPRI.1995.398937
  1341. J. K. Millen, S. C. Clark, and S. B. Freedman. “The Interrogator: Protocol Security Analysis,” IEEE Transactions on Software Engineering 13(2) pp. 274–288 (Feb. 1987).
    DOI: 10.1109/TSE.1987.233151
  1342. J. K. Millen and M. W. Schwartz. “The Cascading Problem for Interconnected Networks,” Proceedings of the Fourth Annual Computer Security Applications Conference pp. 269–274 (Dec. 1988).
    DOI: 10.1109/ACSAC.1988.113347
  1343. B. Miller. “Vital Signs of Identity,” IEEE Spectrum 31(2) pp. 22–30 (Feb. 1994).
    DOI: 10.1109/6.259484
  1344. B. P. Miller, G. Cooksey, and F. Moore. “An Empirical Study of the Robustness of MacOS Applications Using Random Testing,” ACM SIGOPS Operating Systems Review 41(1) pp. 78–86 (Jan. 2007).
    DOI: 10.1145/1228291.1228308
  1345. B. P. Miller, L. Fredriksen, and B. So. “An Empirical Study of the Reliability of UNIX Utilities,” Communications of the ACM 33(12) pp. 32–44 (Dec. 1990).
    DOI: 10.1145/96267.96279
  1346. B. P. Miller, D. Koski, C. P. Lee, V. Maganty, R. Murthy, A. Natarajan, and J. Steidl. Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services, Technical Report, Computer Sciences Department, University of Wisconsin, Madison, WI, USA (Oct. 1995)
    URL: ftp://ftp.cs.wisc.edu/paradyn/technical_papers/fuzz-revisited.pdf
  1347. D. V. Miller and R. W. Baldwin. “Access Control by Boolean Expression Evaluation,” Proceedings of the Fifth Annual Computer Security Applications Conference pp. 131–139 (Dec. 1989).
    DOI: 10.1109/CSAC.1989.81042
  1348. G. A. Miller. “The Magical Number Seven, Plus or Minus Two: Some Limits on Our Capacity for Processing Information,” Psychological Review 63(2) pp. 81–97 (Mar. 1956).
    DOI: 10.1037/h0043158
  1349. M. S. Miller and J. S. Shapiro. “Paradigm Regained: Abstraction Mechanisms for Access Control,” Proceedings of the 8th Asian Computer Science Conference (Lecture Notes in Computer Science 2896) pp. 224–242 (Dec. 2003).
    DOI: 10.1007/978-3-540-40965-6_15
  1350. T. Miller. Analysis of the KNARK Rootkit. (Mar. 2001)
    URL: http://www.ouah.org/tobyknark.html
  1351. V. S. Miller. “Use of Elliptic Curves in Cryptography,” Advances in Cryptology — CRYPTO ’85 (Lecture Notes in Computer Science 218) pp. 417–426 (Aug. 1985).
    DOI: 10.1007/3-540-39799-X_31
  1352. M. Minsky. Computation: Finite and Infinite Machines, Prentice Hall, Inc., Englewood Cliffs, NJ, USA (June 1967)
    ISBN: 978-0-131-65563-8
  1353. N. Minsky. “The Principle of Attenuation of Privileges and its Ramifications,” in [531], pp. 255–277.
  1354. N. H. Minsky. “Selective and Locally Controlled Transport of Privileges,” ACM Transactions on Programming Languages and Systems 6(4) pp. 573–602 (Oct. 1984).
    DOI: 10.1145/1780.1786
  1355. J. Mirkovic and P. Reiher. “D-WARD: A Source-End Defense against Flooding Denial-of-Service Attacks,” IEEE Transactions on Dependable and Secure Computing 2(3) pp. 216–232 (July 2005).
    DOI: 10.1109/TDSC.2005.35
  1356. J. Mirkovic, P. Reiher, S. Fahmy, R. Thomas, A. Hussain, S. Schwab, and C. Ko. “Measuring Denial Of Service,” Proceedings of the Second ACM Workshop on Quality of Protection pp. 53–58 (Oct. 2006).
    DOI: 10.1145/1179494.1179506
  1357. J. Mišić and V. B. Mišić. “Implementation of Security Policy for Clinical Information Systems ver Wireless Sensor Networks,” Ad Hoc Networks 5(1) pp. 134–144 (Jan. 2007).
    DOI: 10.1016/j.adhoc.2006.05.008
  1358. S. Mister and S. E. Tavares. “Cryptanalysis of RC4-like Ciphers,” Proceedings of the Fifth International Workshop on Selected Areas in Cryptography (Lecture Notes in Computer Science 1556) pp. 131–143 (Aug. 1998).
    DOI: 10.1007/3-540-48892-8_11
  1359. MIT Kerberos Team. Kerberos Version 4 End of Life Announcement. (Oct. 2006)
    URL: http://web.mit.edu/kerberos/krb4-end-of-life.html
  1360. J. C. Mitchell, V. Shmatikov, and U. Stern. “Finite-State Analysis of SSL 3.0,” Proceedings of the Seventh USENIX UNIX Security Symposium pp. 201–216 (Jan. 1998)
    URL: http://www.usenix.org/publications/library/proceedings/sec98/mitchell.html
  1361. R. Mitchell and I.-R. Chen. “A Survey of Intrusion Detection in Wireless Network Applications,” Computer Communications 42 pp. 1–23 (Apr. 2014).
    DOI: 10.1016/j.comcom.2014.01.012
  1362. R. Mitchell and I.-R. Chen. “A Survey of Intrusion Detection Techniques for Cyber-Physical Systems,” ACM Computing Surveys 46(4) pp. 55:1–55:29 (Apr. 2014).
    DOI: 10.1145/2542049
  1363. K. D. Mitnick and W. L. Simon. The Art of Deception: Controlling the Human Element of Security, Wiley Publishing, Inc., Indianapolis, IN, USA (2002)
    ISBN: 978-0-764-54280-0
  1364. S. Miyaguchi. “The FEAL Cipher Family,” Advances in Cryptology — CRYPTO ’90 (Lecture Notes in Computer Science 537) pp. 628–638 (1990).
    DOI: 10.1007/3-540-38424-3_46
  1365. P. Mockapetris. Domain Names — Concepts and Facilities, RFC 1034 (Nov. 1987).
    DOI: 10.17487/RFC1034
  1366. P. Mockapetris. Domain Names — Implementation and Specification, RFC 1035 (Nov. 1987).
    DOI: 10.17487/RFC1035
  1367. J. C. Mogul, R. F. Rashid, and M. J. Accetta. “The Packet Filter: An Efficient Mechanism for User-Level Network Code,” Proceedings of the Eleventh ACM Symposium on Operating Systems Principles pp. 39–51 (Dec. 1987).
    DOI: 10.1145/41457.37505
  1368. S. P. Mohanty. “A Secure Digital Camera Architecture for Integrated Real-Time Digital Rights Management,” Journal of Systems Architecture 55(10-12) pp. 468–480 (Oct. 2009).
    DOI: 10.1016/j.sysarc.2009.09.005
  1369. V. Molak (ed.). Fundamentals of Risk Analysis and Risk Management, CRC Press, Boca Raton, FL, USA (1996)
    ISBN: 978-1-566-70130-3
  1370. B. Möller, T. Duong, and K. Kotowicz. This POODLE Bites: Exploiting the SSL 3.0 Fallback, Technical Report, Google, Mountain View, CA, USA (Sep. 2014)
    URL: https://www.openssl.org/~bodo/ssl-poodle.pdf
  1371. I. Monga, E. Pouyoul, and C. Guok. “Software-Defined Networking for Big-Data Science - Architectural Models from Campus to the WAN,” Proceedings of the 2012 SC Companion: High Performance Computing, Networking Storage and Analysis pp. 1629–1635 (Nov. 2012).
    DOI: 10.1109/SC.Companion.2012.341
  1372. F. Monrose, M. K. Reiter, Q. Li, and S. Wetzel. “Cryptographic Key Generation from Voice,” Proceedings of the 2001 IEEE Symposium on Security and Privacy pp. 202–213 (May 2001).
    DOI: 10.1109/SECPRI.2001.924299
  1373. F. Monrose and A. Rubin. “Authentication via Keystroke Dynamics,” Proceedings of the Fourth ACM Conference on Computer and Communications Security pp. 48–56 (Oct. 1997).
    DOI: 10.1145/266420.266434
  1374. R. Montanari, C. Stefanelli, and N. Dulay. “Flexible Security Policies for Mobile Agent Systems,” Microprocessors and Microsystems 25(2) pp. 93–99 (Apr. 2001).
    DOI: 10.1016/S0141-9331(01)00102-8
  1375. A. P. Moore and C. N. Payne, Jr.. “Increasing Assurance with Literate Programming Techniques,” Proceedings of the 11th Annual Conference on Computer Assurance pp. 187–198 (June 1996).
    DOI: 10.1109/CMPASS.1996.507887
  1376. D. Moore, C. Shannon, and k. claffy. “Code-Red: A Case Study on the Spread and Victims of an Internet Worm,” Proceedings of the 2Nd ACM SIGCOMM Workshop on Internet Measurment pp. 273–284 (2002).
    DOI: 10.1145/637201.637244
  1377. J. H. Moore. “Protocol Failures in Cryptosystems,” Proceedings of the IEEE 76(5) pp. 594–602 (May 1988).
    DOI: 10.1109/5.4444
  1378. A. Moradi, O. Mischke, and T. Eisenbarth. “Correlation-Enhanced Power Analysis Collision Attack,” Proceedings of the 12th International Workshop on Crptographic Hardware and Embedded Systems (Lecture Notes in Computer Science 6225) pp. 125–139 (Aug. 2010).
    DOI: 10.1007/978-3-642-15031-9_9
  1379. M. Moriconi, X. Qian, R. A. Riemenschneider, and L. Gong. “Secure Software Architectures,” Proceedings of the 1997 IEEE Symposium on Security and Privacy pp. 84–93 (May 1997).
    DOI: 10.1109/SECPRI.1997.601320
  1380. R. Morris and K. Thompson. “Password Security: A Case History,” Communications of the ACM 22(11) pp. 594–597 (Nov. 1979).
    DOI: 10.1145/359168.359172
  1381. P. Morrissey, N. P. Smart, and B. Warinschi. “A Modular Security Analysis of the TLS Handshake Protocol,” Advances in Cryptology — ASIACRYPT 2008 (Lecture Notes in Computer Science 5350) pp. 55–73 (Dec. 2008).
    DOI: 10.1007/978-3-540-89255-7_5
  1382. S. I. Moses. “Measuring The Robustness of Forensic Tools’ Ability to Detect Data Hiding Techniques,” Master’s Thesis, Brigham Young University, Provo, UT (June 2017)
    URL: http://hdl.lib.byu.edu/1877/etd9370
  1383. I. S. Moskowitz. “Variable Noise Effects Upon a Simple Timing Channel,” Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy pp. 362–372 (May 1991).
    DOI: 10.1109/RISP.1991.130803
  1384. I. S. Moskowitz, S. J. Greenwald, and M. H. Kang. “An Analysis of the Timed Z-Channel,” IEEE Transactions on Information Theory 44(7) pp. 3162–3168 (Nov. 1998).
    DOI: 10.1109/18.737549
  1385. I. S. Moskowitz and M. H. Kang. “An Insecurity Flow Model,” Proceedings of the 1997 Workshop on New Security Paradigms pp. 61–74 (Sep. 1997).
    DOI: 10.1145/283699.283741
  1386. I. S. Moskowitz and A. R. Miller. “Simple Timing Channels,” Proceedings of the 1984 IEEE Symposium on Security and Privacy pp. 56–64 (May 1984).
    DOI: 10.1109/RISP.1994.296592
  1387. S. Motiee, K. Hawkey, and K. Beznosov. “Do Windows Users Follow the Principle of Least Privilege? Investigating User Account Control Practices,” Proceedings of the Sixth Symposium on Usable Privacy and Security pp. 1:1–1:13 (July 2010).
    DOI: 10.1145/1837110.1837112
  1388. M. Motoyama, K. Levchenko, C. Kanich, D. McCoy, G. M. Voelker, and S. Savage. “Re: CAPTCHAs - Understanding CAPTCHA-Solving Services in an Economic Context,” Proceedings of the 19th USENIX Security Symposium (Aug. 2010).
    DOI: https://www.usenix.org/legacy/events/sec10/tech/full_papers/Motoyama.pdf
  1389. R. Motwani, R. Panigrahy, V. Saraswat, and S. Ventkatasubramanian. “On the Decidability of Accessibility Problems (Extended Abstract),” Proceedings of the 32nd Annual ACM Symposium on Theory of Computing pp. 306–315 (May 2000).
    DOI: 10.1145/335305.335341
  1390. D. M’Raihi, M. Bellare, F. Hoornaert, D. Naccache, and O. Ranen. HOTP: An HMAC-Based One-Time Password Algorithm, RFC 4226 (Dec. 2005).
    DOI: 10.17487/RFC4226
  1391. D. M’Raihi, S. Machani, M. Pei, and J. Rydell. TOTP: Time-Based One-Time Password Algorithm, RFC 6238 (May 2011).
    DOI: 10.17487/RFC6238
  1392. L. Muñoz González, D. Sgandurra, A. Paudice, and E. C. Lupu. “Efficient Attack Graph Analysis Through Approximate Inference,” ACM Transactions on Privacy and Security 20(3) pp. 10:1–10:30 (Aug. 2017).
    DOI: 10.1145/3105760
  1393. J. P. Mueller. Security for Web Developers Using Javascript, HTML, and CSS, O’Reilly Media, Inc., Sebastopol, CA, USA (2016).
    ISBN: 978-1-491-92864-6
  1394. L. Mui and E. Pearce. X Windows System Administrator’s Guide 8, O’Reilly Media, Inc., Sebastopol, CA, USA (1992).
    ISBN: 978-0-937175-83-5
  1395. S. Mukkamala, G. Janoski, and A. Sung. “Intrusion Detection Using Neural Networks and Support Vector Machines,” Proceedings of the 2002 International Joint Conference on Neural Networks pp. 1702–1707 (May 2002).
    DOI: 10.1109/IJCNN.2002.1007774
  1396. D. K. Mulligan and A. K. Perzanowski. “The Magnificence of the Disaster: Reconstructing the Sony BMG Rootkit Incident,” Berkeley Technology Law Journal 22(3) pp. 1157–1232 (Summer 2007).
    DOI: 10.15779/Z38P41V
  1397. C. Mulliner. “Privacy Leaks in Mobile Phone Internet Access,” Proceedings of the 14th International Conference on Intelligence in Next Generation Networks pp. 1–6 (Oct. 2010).
    DOI: 10.1109/ICIN.2010.5640939
  1398. C. S. Mullins. DB2 Developer’s Guide: A Solutions-Oriented Approach to Learning the Foundation and Capabilities of DB2 for z/OS, edited by Sixth, IBM Press, Boston, MA, USA (2012)
    ISBN: 978-0-13-283642-5
  1399. D. Mulyono and H. S. Jinn. “A Study of Finger Vein Biometric for Personal Identification,” Proceedings of the IEEE International Symposium on Biometrics and Security Technologies pp. 1–8 (Apr. 2008).
    DOI: 10.1109/ISBAST.2008.4547655
  1400. C. Muñoz. “Formal Methods in Air Traffic Management: The Case of Unmanned Aircraft Systems (Invited Lecture),” Proceedings of the 12th International Colloquium on Theoretical Aspects of Computing (Lecture Notes in Computer Science 9399) pp. 58–62 (2015).
    DOI: 10.1007/978-3-319-25150-9_4
  1401. R. Munroe. “Password Strength,” xkcd 936 (Aug. 2011)
    URL: https://xkcd.com/936
  1402. S. J. Murdoch and R. Anderson. “Verified by Visa and MasterCard SecureCode: Or, How Not to Design Authentication,” Proceedings of the Fourteenth International Conference on Financial Cryptography and Data Security (Lecture Notes in Computer Science 6052) pp. 336–342 (Jan. 2010).
    DOI: 10.1007/978-3-642-14577-3_27
  1403. S. J. Murdoch, S. Drimer, R. Anderson, and M. Bond. “Chip and PIN is Broken,” Proceedings of the 2000 IEEE Symposium on Security and Privacy pp. 443–446 (May 2010).
    DOI: 10.1109/SP.2010.33
  1404. S. Murphy. “The Cryptanalysis of FEAL-4 with 20 Chosen Plaintexts,” Journal of Cryptology 2(3) pp. 145–154 (Jan. 1990).
    DOI: 10.1007/BF00190801
  1405. W. H. Murray. “The Application of Epidemiology to Computer Viruses,” Computers & Security 7(2) pp. 139–145 (Apr. 1988).
    DOI: 10.1016/0167-4048(88)90327-6
  1406. D. Mutz, G. Vigna, and R. Kemmerer. “An Experience Developing an IDS Stimulator for the Black-Box Testing of Network Intrusion Detection Systems,” Proceedings of the 19th Annual Computer Security Applications Conference pp. 1–10 (Dec. 2003).
    DOI: 10.1109/CSAC.2003.1254342
  1407. A. C. Myers. “JFlow: Practical Mostly-Static Information Flow Control,” Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages pp. 228–241 (1999).
    DOI: 10.1145/292540.292561
  1408. A. C. Myers. “Programming with Explicit Security Policies,” Proceedings of the 14th European Symposium on Programming (Lecture Notes in Computer Science 3444) pp. 1–4 (Apr. 2005).
    DOI: 10.1007/978-3-540-31987-0_1
  1409. A. C. Myers and B. Liskov. “A Decentralized Model for Information Flow Control,” Proceedings of the 16th ACM Symposium on Operating Systems Principles pp. 129–142 (Oct. 1997).
    DOI: 10.1145/268998.266669
  1410. A. C. Myers and B. Liskov. “Complete, Safe Information Flow with Decentralized Labels,” Proceedings of the 1998 IEEE Symposium on Security and Privacy pp. 186–197 (May 1998).
    DOI: 10.1109/SECPRI.1998.674834
  1411. A. C. Myers and B. Liskov. “Protecting Privacy Using the Decentralized Label Model,” ACM Transactions on Software Engineering and Methodology 9(4) pp. 410–442 (Oct. 2000).
    DOI: 10.1145/363516.363526
  1412. A. C. Myers, A. Sabelfeld, and S. Zdancewic. “Enforcing Robust Declassification and Qualified Robustness,” Journal of Computer Security 14(2) pp. 157–196 (2006).
    DOI: 10.3233/JCS-2006-14203
  1413. C. Nachenberg. “Computer Virus-Antivirus Coevolution,” Communications of the ACM 40(1) pp. 46–51 (Jan. 1997).
    DOI: 10.1145/242857.242869
  1414. A. Nadeem and M. P. Howarth. “A Survey of MANET Intrusion Detection and Prevention Approaches for Network Layer Attacks,” IEEE Communications Surveys & Tutorials 15(4) pp. 2027–2045 (Fourth Quarter 2013).
    DOI: 10.1109/SURV.2013.030713.00201
  1415. M. Naehrig, K. Lauter, and V. Vaikuntanathan. “Can Homomorphic Encryption Be Practical?,” Proceedings of the Third ACM Workshop on Cloud Computing Security pp. 113–124 (Oct. 2011).
    DOI: 10.1145/2046660.2046682
  1416. V. Naessens, B. De Decker, and L. Demuynck. “Accountable Anonymous E-Mail,” Proceedings of the IFIP TC11 20th International Information Security Conference: Security and Privacy in the Age of Ubiquitous Computing pp. 3–18 (May 2005).
    DOI: 10.1007/0-387-25660-1_1
  1417. H. Nahari and R. L. Krutz. Web Commerce Security: Design and Development, John Wiley & Sons, Inc., New York, NY, USA (2011).
    ISBN: 978-0-470-62446-3
  1418. J. Nakahara Jr.. “A Linear Analysis of Blowfish and Khufu,” Proceedings of the Third International Conference on Information Security Practice and Experience (Lecture Notes in Computer Science 4464) pp. 20–32 (May 2007).
    DOI: 10.1007/978-3-540-72163-5_3
  1419. S. Nakamoto. “Bitcoin: A Peer-to-Peer Electronic Cash System,” unpublished (2008).
    URL: https://bitcoin.org/bitcoin.pdf
  1420. A. Narayanan and J. Clark. “Bitcoin’s Academic Pedigree,” Communications of the ACM 60(12) pp. 36–45 (Dec. 2017).
    DOI: 10.1145/3132259
  1421. A. Narayanan and V. Shmatikov. “Fast Dictionary Attacks on Passwords Using Time-Space Tradeoff,” Proceedings of the 12th ACM Conference on Computer and Communications Security pp. 364–372 (Nov. 2005).
    DOI: 10.1145/1102120.1102168
  1422. A. Narayanan and V. Shmatikov. “Robust De-anonymization of Large Sparse Datasets,” Proceedings of the 2008 IEEE Symposium on Security and Privacy pp. 111–125 (May 2008).
    DOI: 10.1109/SP.2008.33
  1423. A. Narayanan and V. Shmatikov. “De-Anonymizing Social Networks,” Proceedings of the 2009 IEEE Symposium on Security and Privacy pp. 173–187 (May 2009).
    DOI: 10.1109/SP.2009.22
  1424. M. J. Nash and R. J. Kennett. “Security Policy in a Complex Logistics Procurement,” Proceedings of the Ninth Annual Computer Security Applications Conference pp. 46–53 (Dec. 1993).
    DOI: 10.1109/CSAC.1993.315454
  1425. M. J. Nash and K. R. Poland. “Some Conundrums Concerning Separation of Duty,” Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy pp. 201–207 (May 1990).
    DOI: 10.1109/RISP.1990.63851
  1426. R. Natella, D. Cotroneo, and H. S. Madeira. “Assessing Dependability with Software Fault Injection: A Survey,” ACM Computing Surveys 48(3) pp. 44:1–44:55 (Feb. 2016).
    DOI: 10.1145/2841425
  1427. D. Naylor, A. Finamore, I. Leontiadis, Y. Grunenberger, M. Mellia, M. Munafò, K. Papagiannaki, and P. Steenkiste. “The Cost of the “S” in HTTPS,” Proceedings of the 10th ACM International on Conference on Emerging Networking Experiments and Technologies pp. 133–140 (Dec. 2014).
    DOI: 10.1145/2674005.2674991
  1428. NCA. “Mass Ransomware Spamming Event Targeting UK Computer Users,” UK National Crime Agency Alert (Nov. 2013).
    URL: http://nationalcrimeagency.gov.uk/news/256-alert-mass-spamming-event-targeting-uk-computer-users
  1429. V. Neagoe and M. Bishop. “Inconsistency in Deception for Defense,” Proceedings of the 2006 Workshop on New Security Paradigms pp. 31–38 (Sep. 2006).
    DOI: 10.1145/1278940.1278946
  1430. R. W. Neal. “CryptoLocker Virus: New Malware Holds Computers For Ransom, Demands $300 Within 100 Hours And Threatens To Encrypt Hard Drive,” International Business Times (Oct. 21, 2013)
    URL: http://www.ibtimes.com/cryptolocker-virus-new-malware-holds-computers-ransom-demands-300-within-100-hours-threatens-encrypt
  1431. G. C. Necula. “Proof-Carrying Code,” Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages pp. 106–119 (Jan. 1997).
    DOI: 10.1145/263699.263712
  1432. G. C. Necula and P. Lee. “Safe Kernel Extensions Without Run-Time Checking,” Proceedings of the Second USENIX Symposium on Operating Systems Design and Implementation (Oct. 1996)
    URL: https://www.usenix.org/legacy/publications/library/proceedings/osdi96/necula.html
  1433. G. C. Necula and P. Lee. “The Design and Implementation of a Certifying Compiler,” Proceedings of the 1998 ACM SIGPLAN Conference on Programming Language Design and Implementation pp. 333–344 (Jan. 1998).
    DOI: 10.1145/277650.277752
  1434. G. C. Necula, S. McPeak, and W. Weimer. “CCured: Type-Safe Retrofitting of Legacy Code,” Proceedings of the 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages pp. 128–139 (Jan. 2002).
    DOI: 10.1145/503272.503286
  1435. R. M. Needham and M. D. Schroeder. “Using Encryption for Authentication in Large Networks of Computers,” Communications of the ACM 21(12) pp. 993–999 (Dec. 1978).
    DOI: 10.1145/359657.359659
  1436. R. M. Needham and M. D. Schroeder. “Authentication Revisited,” ACM SIGOPS Operating Systems Review 21(1) p. 7 (Jan. 1987).
    DOI: 10.1145/24592.24593
  1437. R. M. Needham and R. D. H. Walker. “The Cambridge CAP Computer and Its Protection System,” Proceedings of the Fifth ACM Symposium on Operating Systems Principles pp. 1–10 (Nov. 1977).
    DOI: 10.1145/800214.806541
  1438. E. Nemeth, G. Snyder, H. T. R., and B. Whaley. Unix and Linux System Administration Handbook, Prentice Hall, Inc., Upper Saddle River, NJ, USA (2011)
    ISBN: 978-0-13-148005-6
  1439. S. Nepal, W. Sherchan, and C. Paris. “STrust: A Trust Model for Social Networks,” Proceedings of the 10th IEEE International Conference on Trust, Security and Privacy in Computing and Communications pp. 841–846 (Nov. 2011).
    DOI: 10.1109/TrustCom.2011.112
  1440. B. C. Neuman and S. G. Stubblebine. “A Note on the Use of Timestamps as Nonces,” ACM SIGOPS Operating Systems Review 27(2) pp. 10–14 (Apr. 1993).
    DOI: 10.1145/155848.155852
  1441. B. C. Neuman and T. Ts’o. “Kerberos: An Authentication Service for Open Network Systems,” IEEE Communications Magazine 32(9) pp. 191–202 (Sep. 1994).
    DOI: 10.1109/35.312841
  1442. B. C. Neuman, T. Yu, S. Hartman, and K. Raeburn. The Kerberos Network Authentication Service (V5), RFC 4120 (July 2005).
    DOI: 10.17487/RFC4120
  1443. P. Neumann. “Computer System Security Evaluation,” Proceedings of the AFIPS ’78 National Computer Conference pp. 1087–1095 (June 1978)
    URL: https://www.computer.org/csdl/proceedings/afips/1978/5086/00/508600fm.pdf
  1444. P. Neumann. Computer-Related Risks, ACM Press, New York, NY, USA (1994)
    ISBN: 978-0-201-55805-0
  1445. P. G. Neumann. “Rainbows and Arrows: How the Security Criteria Address Computer Misuse,” Proceedings of the 13th National Computer Security Conference pp. 414–422 (Oct. 1990).
  1446. P. G. Neumann. “Security Criteria for Electronic Voting,” Proceedings of the 16th National Computer Security Conference pp. 478–482 (Sep. 1993).
  1447. P. G. Neumann, R. S. Boyer, R. J. Feiertag, K. N. Levitt, and L. Robinson. A Provably Secure Operating System: The System, Its Applications, and Proofs, Report CSL-116, Computer Science Laboratory, SRI International, Menlo Park, CA, USA (May 1980)
    URL: http://www.csl.sri.com/users/neumann/psos/psos80.pdf
  1448. P. G. Neumann and R. J. Feiertag. “PSOS Revisited,” Proceedings of the 19th Annual Computer Security Applications Conference pp. 1–9 (Dec. 2003).
    DOI: 10.1109/CSAC.2003.1254326
  1449. P. G. Neumann, R. J. Feiertag, K. N. Levitt, and L. Robinson. “Software Development and Proofs of Multi-Level Security,” Proceedings of the Second International Conference on Software Engineering pp. 421–428 (Oct. 1976).
  1450. P. G. Neumann, L. Robinson, K. N. Levitt, R. S. Boyer, and A. R. Saxena. A Provably Secure Operating System, Technical Report, Stanford Research Institute, Menlo Park, CA, USA (June 1975)
    URL: http://seclab.cs.ucdavis.edu/projects/history/CD/neum75.pdf
  1451. J. Newman. The World of Mathematics: A Small Library of the Literature of Mathematics from A’h-mosé the Scribe to Albert Einstein, Simon and Schuster, New York, NY, USA (1956)
    ISBN: 0-671-82940-8
  1452. J. S. Newman and S. M. Wander. “The Knowledge Path to Mission Success: Overview of the NSAS PBMA-KMS,” Proceedings of the 2002 Annual Reliability and Maintainability Symposium pp. 601–606 (Jan. 2002).
    DOI: 10.1109/RAMS.2002.981708
  1453. J. Newsome, B. Karp, and D. Song. “Polygraph: Automatically Generating Signatures for Polymorphic Worms,” Proceedings of the 2005 IEEE Symposium on Security and Privacy pp. 226–241 (May 2005).
    DOI: 10.1109/SP.2005.15
  1454. J. Nieh and O. C. Leonard. “Examining VMware,” Dr. Dobb’s Journal 25(8) pp. 70–76 (Aug. 2000)
    URL: https://www.cs.columbia.edu/~nieh/pubs/drdobbs2000.pdf
  1455. E. Nikolaropoulos. “Testing Safety-Critical Software,” Hewlett-Packard Journal 48(3) pp. 89–94 (June 1997)
    URL: ftp://ftp.mrynet.com/os/DEC/www.hpl.hp.com/hpjournal/97jun/jun97a12.pdf
  1456. E. Nissim. Fortinet Single Sign On Stack Overflow, Advisory CORE-2015-0006, Core Security, Roswell, GA, USA (Mar. 2015)
    URL: https://www.coresecurity.com/advisories/fortinet-single-sign-on-stack-overflow
  1457. L. Nizer. The Jury Returns, Pocket Books, New York, NY, USA (Mar. 1968)
    ISBN: 978-0-671-12505-9
  1458. P. Noce. “Notes on Computer Security: Art and Science,” private communication (Dec. 2012).
  1459. N. A. Nordbotten. “XML and Web Services Security Standards,” IEEE Communications Surveys and Tutorials 11(3) pp. 4–21 (Third Quarter 2009).
    DOI: 10.1109/SURV.2009.090302
  1460. S. Northcutt. Computer Security Incident Handling: Step-by-Step (Version 2.3.1), SANS Institute, Bethesda, MD, USA (Mar. 2003).
    ISBN: 978-0-9724273-7-1
  1461. L. Notargiacomo, B. T. Blaustein, and C. T. McCollum. “Merging Models: Integrity, Dynamic Separation of Duty and Trusted Data Management,” Journal of Computer Security 3(2-3) pp. 207–230 (1995).
    DOI: 10.3233/JCS-1994/1995-32-306
  1462. B. Nowicki. NFS: Network File System, RFC 1094 (Mar. 1989).
    DOI: 10.17487/RFC1094
  1463. M. Nyanchama and S. Osborn. “Role-based Security, Object Oriented Databases and Separation of Duty,” SIGMOD Record 22(4) pp. 45–51 (Dec. 1993).
    DOI: 10.1145/166635.166652
  1464. G. Nychis, V. Sekar, D. G. Andersen, H. Kim, and H. Zhang. “An Empirical Evaluation of Entropy-based Traffic Anomaly Detection,” Proceedings of the Eighth ACM SIGCOMM Conference on Internet Measurement pp. 151–156 (Oct. 2008).
    DOI: 10.1145/1452520.1452539
  1465. C. Oakes. “DVD Hackers Hit With Lawsuit,” Wired (Dec. 1999)
    URL: http://www.wired.com/techbiz/media/news/1999/12/33303
  1466. D. O’Brien. “Recognizing and Recovering from Rootkit Attacks,” SysAdmin 5(11) pp. 8–20 (Nov. 1996).
  1467. R. O’Brien and C. Rogers. “Developing Applications on LOCK,” Proceedings of the 14th National Computer Security Conference pp. 147–156 (Oct. 1991).
  1468. D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein, and Y. Le Traon. “Effective Inter-Component Communication Mapping in Android with Epicc: An Essential Step Towards Holistic Security Analysis,” Proceedings of the 22nd USENIX Security Symposium pp. 543–558 (Aug. 2013).
  1469. P. Oechslin. “Making a Faster Cryptanalytic Time-Memory Trade-Off,” Advances in Cryptology — CRYPTO 2003 (Lecture Notes in Computer Science 2729) pp. 617–630 (August 2003).
    DOI: 10.1007/978-3-540-45146-4_36
  1470. S. Oh and S. Park. “Task-Role-Based Access Control Model,” Information Systems 28(6) pp. 533–562 (Sep. 2003).
    DOI: 10.1016/S0306-4379(02)00029-7
  1471. S. Oh and R. Sandhu. “A Model for Role Administration Using Organization Structure,” Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies pp. 155–162 (June 2002).
    DOI: 10.1145/507711.507737
  1472. T. Okamoto and K. Ohta. “Universal Electronic Cash,” Advances in Cryptology — CRYPTO ’91 (Lecture Notes in Computer Science 576) pp. 324–337 (Aug. 1992).
    DOI: 10.1007/3-540-46766-1_27
  1473. M. Oliva and F. Saltor. “Integrating Multilevel Security Policies in Multilevel Federated Database Systems,” Proceedings of the IFIP TC11 / WG11.3 Fourteenth Annual Working Conference on Database Security (IFIP Advances in Information and Communication Technology 73) pp. 135–147 (Aug. 2002).
    DOI: 10.1007/0-306-47008-X_13
  1474. S. O’Melia and A. J. Elbirt. “Instruction Set Extensions for Enhancing the Performance of Symmetric-Key Cryptography,” Proceedings of the 24th Annual Computer Security Applications Conference pp. 465–474 (Dec. 2008).
    DOI: 10.1109/ACSAC.2008.10
  1475. R. Oppliger. “Security at the Internet Layer,” IEEE Computer 31(9) pp. 43–47 (Sep. 1998).
    DOI: 10.1109/2.708449
  1476. Oracle. Oracle VM VirtualBox User Manual, Technical Report, Oracle Corp., Redwood Shores, CA, USA (2016)
    URL: http://download.virtualbox.org/virtualbox/5.1.12/UserManual.pdf
  1477. E. Organick. The Multics System: An Examination of Its Structure, MIT Press, Boston, MA, USA (1972)
    ISBN: 978-0-262-15012-5
  1478. E. Organick. Computer System Organization: the B5700/B6700 Series, Academic Press, Orlando, FL, USA (1973)
    ISBN: 0-12-528250-8
  1479. H. Orman. The OAKLEY Key Determination Protocol, RFC 2412 (Nov. 1998).
    DOI: 10.17487/RFC2412
  1480. E. Osterweil, D. Massey, and L. Zhang. “Deploying and Monitoring DNS Security (DNSSEC),” Proceedings of the 25th Annual Computer Security Applications Conference pp. 429–438 (Dec. 2009).
    DOI: 10.1109/ACSAC.2009.47
  1481. D. Otway and O. Rees. “Efficient and Timely Mutual Authentication,” ACM SIGOPS Operating Systems Review 21(1) pp. 8–10 (Jan. 1987).
    DOI: 10.1145/24592.24594
  1482. X. Ou, W. F. Boyer, and M. A. McQueen. “A Scalable Approach to Attack Graph Generation,” Proceedings of the 13th ACM Conference on Computer and Communications Security pp. 336–345 (Oct. 2006).
    DOI: 10.1145/1180405.1180446
  1483. OWASP. OWASP Top 10 - 2017: The Ten Most Critical Web Application Security Risks, Report, The Open Web Application Security Project (2017).
    URL: https://www.owasp.org/images/7/72/OWASP_Top_10-2017__(en).pdf.pdf
  1484. W. A. Owens, K. W. Dam, and H. S. Lin (eds.). Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities, The National Academies Press, Washington, DC, USA (2009)
    ISBN: 978-0-309-13850-5
  1485. S. Owre, J. M. Rushby, and N. Shankar. “PVS: A Prototype Verification System,” Proceedings of the 11th International Conference on Automated Deduction (Lecture Notes in Computer Science 607) pp. 748–752 (June 1992).
    DOI: 10.1007/3-540-55602-8_217
  1486. C. Paar and J. Pelzl. Understanding Cryptography: A Textbook for Students and Practitioners, Springer, Heidelberg, Germany (2010).
    ISBN: 978-3-642-04100-6
  1487. J. Page. “An Assured Pipeline Integrity Scheme for Virus Protection,” Proceedings of the 12th National Computer Security Conference pp. 378–388 (Oct. 1989).
  1488. P. Paillier. “Public-Key Cryptosystems Based on Composite Degree Residuosity Classes,” Advances in Cryptology — EUROCRYPT ’99 (Lecture Notes in Computer Science) pp. 223–238 (May 1999).
    DOI: 10.1007/3-540-48910-X_16
  1489. M. Pala and S. W. Smith. “Finding the PKI Needles in the Internet Haystack,” Journal of Computer Security 18(3) pp. 397–420 (2010).
    DOI: 10.3233/JCS-2010-0401
  1490. R. Pang, M. Allman, V. Paxson, and J. Lee. “The Devil and Packet Trace Anonymization,” ACM SIGCOMM Computer Communications Review 36(1) pp. 29–38 (2006).
    DOI: 10.1145/1111322.1111330
  1491. R. Pang, V. Paxson, R. Sommer, and L. Peterson. “Binpac: A Yacc for Writing Application Protocol Parsers,” Proceedings of the Sixth ACM SIGCOMM Conference on Internet Measurement pp. 289–300 (Oct. 2006).
    DOI: 10.1145/1177080.1177119
  1492. J. S. Park, B. Montrose, and J. N. Froscher. “Tools for Information Security Assurance Arguments,” Proceedings of the 2001 DARPA Information Survivability Conference and Exposition II pp. 287–296 (June 2001).
    DOI: 10.1109/DISCEX.2001.932223
  1493. J. S. Park and R. Sandhu. “Binding Identities and Attributes Using Digitally Signed Certificates,” Proceedings of the 16th Annual Computer Security Applications Conference pp. 120–127 (Dec. 2000).
    DOI: 10.1109/ACSAC.2000.898865
  1494. S. K. Park and K. W. Miller. “Random Number Generatrs: Good Ones Are Hard to Find,” Communications of the ACM 31(10) pp. 1192–1201 (Oct. 1988).
    DOI: 10.1145/63039.63042
  1495. S. Park, H. Park, Y. Won, J. Lee, and S. Kent. Traceable Anonymous Certificate, RFC 5636 (Aug. 2009).
    DOI: 10.17487/RFC5636
  1496. D. Parker. Crime by Computer, Charles Scribner’s Sons, New York, NY, USA (1976)
    ISBN: 978-0-684-15576-0
  1497. M. Parks. “Target Offers $10 Million Settlement in Data Breach Lawsuit,” NPR (Mar. 19 2015)
    URL: http://www.npr.org/sections/thetwo-way/2015/03/19/394039055/target-offers-10-million-settlement-in-data-breach-lawsuit
  1498. S. Parsons, K. Atkinson, Z. Li, P. McBurney, E. Sklar, M. Singh, K. Haigh, K. Levitt, and J. Rowe. “Argument Schemes for Reasoning about Trust,” Argumentation & Computation 5(2-3) pp. 160–190 (May 2014).
    DOI: 10.1080/19462166.2014.913075
  1499. E. Pasalic. “On Guess and Determine Cryptanalysis of LSFR-Based Stream Ciphers,” IEEE Transactions on Information Theory 55(7) pp. 3398–3406 (July 2009).
    DOI: 10.1109/TIT.2009.2021316
  1500. B. Pawlowski, S. Shepler, C. Beame, B. Callaghan, M. Eisler, D. Noveck, D. Robinson, and R. Thurlow. “The NFS Version 4 Protocol,” Proceedings of the Second International Conference on System Administration and Networking (May 2000)
    URL: http://www.sane.nl/events/sane2000/papers/pawlowski.pdf
  1501. V. Paxson. “Bro: A System for Detecting Network Intruders in Real-Time,” Computer Networks 31(23-24) pp. 2435–2463 (Dec. 1999).
    DOI: 10.1016/S1389-1286(99)00112-7
  1502. A. Peacock, X. Ke, and M. Wilkerson. “Typing Patterns: A Key to User Identification,” IEEE Security & Privacy 2(5) pp. 40–47 (Sep. 2004).
    DOI: 10.1109/MSP.2004.89
  1503. M. Pearce, S. Zeadally, and R. Hunt. “Virtualization: Issues, Security Threats, and Solutions,” ACM Computing Surveys 45(2) pp. 17:1–17:39 (Feb. 2013).
    DOI: 10.1145/2431211.2431216
  1504. S. Peisert. “A Model of Forensic Analysis Using Goal-Oriented Logging,” Ph.D. Dissertation, Department of Computer Science and Engineering, University of California at San Diego, La Jolla, CA, USA (Mar. 2007)
    URL: https://escholarship.org/uc/item/4p5550kn
  1505. S. Peisert, W. Barnett, E. Dart, J. Cuff, R. L. Grossman, E. Balas, A. Berman, A. Shankar, and B. Tierney. “The Medical Science DMZ,” Journal of the American Medical Informatics Association (May 2016).
    DOI: 10.1093/jamia/ocw032
  1506. S. Peisert, M. Bishop, S. Karin, and K. Marzullo. “Principles-Driven Forensic Analysis,” Proceedings of the 2005 Workshop on New Security Paradigms pp. 85–93 (Oct. 2005).
    DOI: 10.1145/1146269.1146291
  1507. S. Peisert, M. Bishop, S. Karin, and K. Marzullo. “Analysis of Computer Intrusions Using Sequences of Function Calls,” IEEE Transactions on Dependable and Secure Computing 4(2) pp. 137–150 (Apr. 2007).
    DOI: 10.1109/TDSC.2007.1003
  1508. S. Peisert, M. Bishop, and K. Marzullo. “Computer Forensics in Forensis,” SIGOPS Operating Systems Review 42(3) pp. 112–122 (Apr. 2008).
    DOI: 10.1145/1368506.1368521
  1509. S. Peisert, M. Bishop, and A. Yasinsac. “Vote Selling, Voter Anonymity, and Forensic Logging of Electronic Voting Machines,” Proceedings of the 42nd Annual Hawaii International Conference on System Sciences pp. 1–10 (Jan. 2009).
    DOI: 10.1109/HICSS.2009.1019
  1510. S. Peisert, E. Talbot, and T. Kroeger. “Principles of Authentication,” Proceedings of the 2013 Workshop on New Security Paradigms pp. 47–56 (Sep. 2013).
    DOI: 10.1145/2535813.2535819
  1511. T. Peng, C. Leckie, and K. Ramamohanarao. “Survey of Network-based Defense Mechanisms Countering the DoS and DDoS Problems,” ACM Computing Surveys 39(1) pp. 3:1–3:42 (Apr. 2007).
    DOI: 10.1145/1216370.1216373
  1512. D. Penn. Identity Theft Secrets: Exposing the Tricks of the Trade!, iUniverse Publishing, Bloomington, IN, USA (2011).
    ISBN: 978-1-4620-0859-9
  1513. H. Perl, S. Dechand, M. Smith, D. Arp, F. Yamaguchi, K. Rieck, S. Fahl, and Y. Acar. “VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits,” Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security pp. 426–437 (Oct. 2015).
    DOI: 10.1145/2810103.2813604
  1514. R. Perlman. “An Overview of PKI Trust Models,” IEEE Network 13(6) pp. 38–43 (Nov. 1999).
    DOI: 10.1109/65.806987
  1515. N. Perlroth. “Apple Updates iOS to Patch a Security Hole Used to Spy on Dissidents,” The New York Times p. B2 (Aug. 25, 2016)
    URL: http://www.nytimes.com/2016/08/26/technology/apple-software-vulnerability-ios-patch.html
  1516. T. Perrin and M. Marlinspike. The Double Ratchet Algorithm (Nov. 2016)
    URL: https://signal.org/docs/specifications/doubleratchet/
  1517. D. S. Peterson, M. Bishop, and R. Pandey. “A Flexible Containment Mechanism for Executing Untrusted Code,” Proceedings of the 11th USENIX Security Symposium pp. 207–225 (Aug. 2002)
    URL: https://www.usenix.org/conference/11th-usenix-security-symposium/flexible-containment-mechanism-executing-untrusted-code
  1518. I. Peterson. Fatal Defects: Chasing Killer Computer Bugs, Vintage Books, New York, NY, USA (Apr. 1996)
    ISBN: 978-0-679-74027-8
  1519. Z. N. J. Peterson, R. Burns, G. Ateniese, and S. Bono. “Design and Implementation of Verifiable Audit Trails for a Versioning File System,” Procedings of the Fifth USENIX Conference on File and Storage Technologies pp. 93–106 (Feb. 2007)
    URL: https://www.usenix.org/conference/fast-07/design-and-implementation-verifiable-audit-trails-versioning-file-system
  1520. S. Petrović and A. Fúster-Sabater. “An Improved Cryptanalysis of the A5/2 Algorithm for Mobile Communications,” Proceedings of the 2002 IASTED International Conference Communication Systems and Networks pp. 437–442 (Sep. 2002)
    URL: http://www.actapress.com/Abstract.aspx?paperId=24841
  1521. C. P. Pfleeger. “Comparison of Trusted Systems Evaluation Criteria,” Proceedings of the Fifth Annual Conference on Computer Assurance, Systems Integrity, Software Safety and Process Security pp. 135–143 (June 1990).
    DOI: 10.1109/CMPASS.1990.175410
  1522. V.-H. Pham and M. Dacier. “Honeypot Traces Forensics: The Observation Viewpoint Matters,” Proceedings of the Third International Conference on Network and System Security pp. 365–372 (Oct. 2009).
    DOI: 10.1109/NSS.2009.46
  1523. R. C.-W. Phan. “Cryptanalysis of Full Skipjack Block Cipher,” Electronics Letters 38(2) pp. 69–71 (Jan. 2002).
    DOI: 10.1049/el:20020051
  1524. C. Phillips and L. P. Swiler. “A Graph-Based System for Network-Vulnerability Analysis,” Proceedings of the 1998 Workshop on New Security Paradigms pp. 71–79 (1998).
    DOI: 10.1145/310889.310919
  1525. J. Picciotto. “The Design of an Effective Auditing Subsystem,” Proceedings of the 1987 IEEE Symposium on Security and Privacy pp. 13–22 (Apr. 1987).
    DOI: 10.1109/SP.1987.10015
  1526. E. Pinheiro, W.-D. Weber, and L. A. Barroso. “Failure Trends in a Large Disk Drive Population,” Procedings of the Fifth USENIX Conference on File and Storage Technologies pp. 17–28 (Feb. 2007)
    URL: https://www.usenix.org/legacy/events/fast07/tech/pinheiro.html
  1527. D. Pogue. Windows 10: The Missing Manual, O’Reilly Media, Sebastopol, CA, USA (2015)
    ISBN: 978-1-491-94717-3
  1528. G. S. Poh, J.-J. Chin, W.-C. Yau, K.-K. R. Choo, and M. S. Mohamad. “Searchable Symmetric Encryption: Designs and Challenges,” ACM Computing Surveys 50(3) pp. 40:1–40:37 (Oct. 2017).
    DOI: 10.1145/3064005
  1529. W. T. Polk. “Approximating Clark-Wilson Access Triples with Basic UNIX Commands,” Proceedings of the Fourth USENIX UNIX Security Symposium pp. 145–154 (Oct. 1993).
  1530. W. T. Polk, N. E. Hastings, and A. Malpani. “Public Key Infrastructures that Satisfy Security Goals,” IEEE Internet Computing 7(4) pp. 60–67 (July 2003).
    DOI: 10.1109/MIC.2003.1215661
  1531. M. Pomonis, T. Petsios, K. Jee, M. Polychronakis, and A. D. Keromytis. “IntFlow: Improving the Accuracy of Arithmetic Error Detection Using Information Flow Tracking,” Proceedings of the 30th Annual Computer Security Applications Conference pp. 416–425 (Dec. 2014).
    DOI: 10.1145/2664243.2664282
  1532. G. J. Popek and R. P. Goldberg. “Formal Requirements for Virtualizable Third Generation Architectures,” Communications of the ACM 17(7) pp. 412–421 (July 1974).
    DOI: 10.1145/361011.361073
  1533. G. J. Popek and B. J. Walker. The LOCUS Distributed System Architecture, The MIT Press, Cambridge, MA, USA (1985)
    ISBN: 978-0-262-16102-82
  1534. A. Popov. Prohibiting RC4 Cipher Suites, RFC 7465 (Feb. 2015).
    DOI: 10.17487/RFC7465
  1535. P. Porras, H. Saïdi, and V. Yegneswaran. “A Foray into Conficker’s Logic and Rendezvous Points,” Proceedings of the Second USENIX Workshop on Large-Scale Exploits and Emergent Threats pp. 7:1–7:9 (Apr. 2009)
    URL: https://www.usenix.org/legacy/event/leet09/tech/full_papers/porras/porras.pdf
  1536. D. E. Porter, S. Boyd-Wickizer, J. Howell, R. Olinsky, and G. C. Hunt. “Rethinking the Library OS from the Top Down,” Proceedings of the 16th International Conference on Architectural Support for Programming Languages and Operating Systems pp. 291–304 (Mar. 2011).
    DOI: 10.1145/1950365.1950399
  1537. J. Postel. Transmission Control Protocol, RFC 793 (Sep. 1981).
    DOI: 10.17487/RFC0793
  1538. J. B. Postel. Simple Mail Transfer Protocol, RFC 821 (Aug. 1982).
    DOI: 10.17487/RFC0821
  1539. J. B. Postel and J. Reynolds. File Transfer Protocol (FTP), RFC 959 (Oct. 1985).
    DOI: 10.17487/RFC0959
  1540. D. Povey. “Optimistic Security: A New Access Control Paradigm,” Proceedings of the 1999 Workshop on New Security Paradigms pp. 40–45 (Sep. 1999).
    DOI: 10.1145/335169.335188
  1541. E. J. Powanda and J. W. Genovese. “Configuring a Trusted System Using the TNI,” Proceedings of the Fourth Annual Computer Security Applications Conference pp. 256–261 (Sep. 1988).
    DOI: 10.1109/ACSAC.1988.113345
  1542. S. Pozo, A. J. Varela-Vaca, and R. M. Gasca. “AFPL2, An Abstract Language for Firewall ACLs with NAT Support,” Proceedings of the Second International Conference on Dependability pp. 52–59 (June 2009).
    DOI: 10.1109/DEPEND.2009.14
  1543. M. M. Pozzo and T. E. Gray. “A Model for the Containment of Computer Viruses,” Proceedings of the AIAA/ASIS/DODCI Second Aerospace Computer Security Conference pp. 11–18 (Dec. 1986).
    DOI: 10.2514/6.1986-2759
  1544. M. M. Pozzo and T. E. Gray. “An Approach to Containing Computer Viruses,” Computers & Security 6(4) pp. 321–331 (Aug. 1987).
    DOI: 10.1016/0167-4048(87)90067-8
  1545. D. Price. “Pentium FDIV Flaw—Lessons Learned,” IEEE Micro 15(2) pp. 86–88 (Apr. 1995).
    DOI: 10.1109/40.372360
  1546. G. Proctor and C. Cid. “On Weak Keys and Forgery Attacks Against Polynomial-based MAC Schemes,” Journal of Cryptology 28(4) pp. 769–795 (Oct. 2015).
    DOI: 10.1007/s00145-014-9178-9
  1547. N. Proctor. “The Restricted Access Processor: An Example of Formal Verification,” Proceedings of the 1985 IEEE Symposium on Security and Privacy pp. 49–53 (Apr. 1985).
    DOI: 10.1109/SP.1985.10000
  1548. P. E. Proctor. The Practical Intrusion Detection Handbook, Prentice Hall, Englewood Cliffs, NJ, USA (2000)
    ISBN: 978-01-3025960-8
  1549. E. Prouff, M. Rivain, and R. Bevan. “Statistical Analysis of Second Order Differential Power Analysis,” IEEE Transactions on Computers 58(6) pp. 799–811 (June 2009).
    DOI: 10.1109/TC.2009.15
  1550. T. H. Ptacek and T. N. Newsham. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, Technical Report, Secure Networks, Inc. (Jan. 1998)
    URL: http://www.dtic.mil/dtic/tr/fulltext/u2/a391565.pdf
  1551. N. J. Puketza, K. Zhang, M. Chung, B. Mukherjee, and R. A. Olsson. “A Methodology for Testing Intrusion Detection Systems,” IEEE Transactions on Software Engineering 22(10) pp. 719–729 (Oct. 1996).
    DOI: 10.1109/32.544350
  1552. E. Rader, R. Wash, and B. Brooks. “Stories As Informal Lessons About Security,” Proceedings of the 11th Symposium on Usable Privacy and Security pp. 6:1–6:17 (July 2012).
    DOI: 10.1145/2335356.2335364
  1553. T. Raffetseder, C. Kruegel, and E. Kirda. “Detecting System Emulators,” Proceedings of the 10th International Conference on Information Security (Lecture Notes in Computer Science 4779) pp. 1–18 (Oct. 2007).
    DOI: 10.1007/978-3-540-75496-1_1
  1554. M. Raihan and M. Zulkernine. “AsmLSec: An Extension of Abstract State Machine Language for Attack Scenario Specification,” Proceedings of the 2007 International Conference on Availability, Reliability and Security pp. 775–782 (Apr. 2007).
    DOI: 10.1109/ARES.2007.45
  1555. F. Raja, K. Hawkey, S. Hsu, K.-L. C. Wang, and K. Beznosov. “A Brick Wall, a Locked Door, and a Bandit: A Physical Security Metaphor for Firewall Warnings,” Proceedings of the Seventh Symposium on Usable Privacy and Security pp. 1:1–1:20 (July 2011).
    DOI: 10.1145/2078827.2078829
  1556. S. A. Rajunas, N. Hardy, A. C. Bomberger, W. S. Frantz, and C. R. Landau. “Security in KeyKOS,” Proceedings of the 1986 IEEE Symposium on Security and Privacy pp. 78–85 (Apr. 1986).
    DOI: 10.1109/SP.1986.10000
  1557. R. Ramachandra and C. Busch. “Presentation Attack Detection Methods for Face Recognition Systems: A Comprehensive Survey,” ACM Computing Surveys 50(1) pp. 8:1–8:37 (Mar. 2017).
    DOI: 10.1145/3038924
  1558. K. Ramachandran and B. Sikdar. “Modeling Malware Propagation in Gnutella Type Peer-to-Peer Networks,” Proceedings of the 20th International Parallel and Distributed Processing System (Apr. 2006).
    DOI: 10.1109/IPDPS.2006.1639704
  1559. K. Ramachandran and B. Sikdar. “Modeling Malware Propagation in Networks of Smart Cell Phones with Spatial Dynamics,” Proceedings of the 26th IEEE International Conference on Computer Communications pp. 2516–2520 (May 2007).
    DOI: 10.1109/INFCOM.2007.312
  1560. M. Ramadas, S. Ostermann, and B. Tjaden. “Detecting Anomalous Network Traffic with Self-Organizing Maps,” Proceedings of the Sixth International Workshop on Recent Advances in Intrusion Detection (Lecture Notes in Computer Science 2820) pp. 36–54 (2003).
    DOI: 10.1007/978-3-540-45248-5_3
  1561. K. Raman, S. Baumes, K. Beets, and C. Ness. “Social Engineering and Low-Tech Attacks,” Chapter 19 in Computer Security Handbook, edited by S. Bosworth, M. E. Kabay, and E. Whyte, John Wiley & Sons, Inc., Hoboken, NJ, USA pp. 19:1–19:22 (2009).
    URL: https://onlinelibrary.wiley.com/doi/pdf/10.1002/9781118851678.ch19
  1562. R. Ramaswamy and T. Wolf. “High-Speed Prefix-Preserving IP Address Anonymization for Passive Measurement Systems,” IEEE/ACM Transactions on Networking 15(1) pp. 26–39 (Feb. 2007).
    DOI: 10.1109/TNET.2006.890128
  1563. S. Ramaswamy, R. Rastogi, and K. Shim. “Efficient Algorithms for Mining Outliers from Large Data Sets,” Proceedings of the 2000 ACM SIGMOD International Conference on Management of Data pp. 427–438 (May 2000).
    DOI: 10.1145/342009.335437
  1564. B. Ramsdell and S. Turner. Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Certificate Handlig, RFC 5750 (Jan. 2010).
    DOI: 10.17487/RFC5750
  1565. B. Ramsdell and S. Turner. Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.2 Message Specification, RFC 5751 (Jan. 2010).
    DOI: 10.17487/RFC5751
  1566. K. N. Rao. “Security Audit for Embedded Avionics Systems,” Proceedings of the Fifth Annual Computer Security Applications Conference pp. 78–84 (Dec. 1989).
    DOI: 10.1109/CSAC.1989.81031
  1567. N. K. Ratha, J. H. Connell, and R. M. Bolle. “Enhancing Security and Privacy in Biometrics-Based Authentication Systems,” IBM Systems Journal 40(3) pp. 614–634 (2001).
    DOI: 10.1147/sj.403.0614
  1568. N. K. Ratha, J. H. Connell, and R. M. Bolle. “Biometrics Break-Ins and Band-Aids,” Pattern Recognition Letters 24(13) pp. 2105–2113 (Sep. 2003).
    DOI: 10.1016/S0167-8655(03)00080-1
  1569. C. Rathgeb and A. Uhl. “A Survey on Biometric Cryptosystems and Cancelable Biometrics,” EURASIP Journal on Information Security 2011(1) pp. 1–25 (Sep. 2011).
    DOI: 10.1186/1687-417X-2011-3
  1570. B. Rathore, M. Brunner, M. Dilaj, O. Herrera, P. Brunati, R. K. Subramaniam, S. Raman, and U. Chavan. Information Systems Security Assessment Framework (ISSAF), Draft 0.2.1A, Open Information Systems Security Group, London, UK (May 2006)
    URL: http://www.oissg.org/files/issaf0.2.1.pdf
  1571. M. Raya and J.-P. Hubaux. “Securing Vehicular Ad Hoc Networks,” Journal of Computer Security 15(1) pp. 39–68 (2007).
    DOI: 10.3233/JCS-2007-15103
  1572. F. Raynal, Y. Berthier, P. Biondi, and D. Kaminsky. “Honeypot Forensics Part I: Analyzing the Network,” IEEE Security & Privacy 2(4) pp. 72–78 (July 2004).
    DOI: 10.1109/MSP.2004.47
  1573. F. Raynal, Y. Berthier, P. Biondi, and D. Kaminsky. “Honeypot Forensics Part II: Analyzing the Compromised Host,” IEEE Security & Privacy 2(5) pp. 77–80 (Sep. 2004).
    DOI: 10.1109/MSP.2004.70
  1574. D. R. Redell and R. S. Fabry. “Selective Revocation and Capabilities,” Proceedings of the International Workshop on Protection in Operating Systems pp. 197–209 (Aug. 1974).
  1575. J. Reeds. “‘Cracking’ a Random Number Generator,” Cryptologia 1(1) pp. 20–26 (Jan. 1977).
    DOI: 10.1080/0161-117791832760
  1576. B. Reid. “Viewpoint: Reflections on Some Recent Widespread Computer Break-Ins,” Communications of the ACM 30(2) pp. 103–105 (Feb. 1987).
    DOI: 10.1145/12527.315716
  1577. K. Reinholtz and K. Patel. “Testing Autonomous Systems for Deep Space Exploration,” IEEE Aerospace and Electronic Systems Magazine 23(9) pp. 22–27 (Sep. 2008).
    DOI: 10.1109/MAES.2008.4635067
  1578. R. P. Reitman. “A Mechanism for Information Control in Parallel Systems,” Proceedings of the Seventh ACM Symposium on Operating Systems Principles pp. 55–63 (Dec. 1979).
    DOI: 10.1145/800215.806570
  1579. S. Rekhis and N. Boudriga. “A System for Formal Digital Forensic Investigation Aware of Anti-Forensic Attacks,” IEEE Transactions on Information Forensics and Security 7(2) pp. 635–650 (Apr. 2012).
    DOI: 10.1109/TIFS.2011.2176117
  1580. Y. Rekhter, R. G. Moskowitz, D. Karrenberg, G. J. de Groot, and E. Lear. Address Allocation for Private Internets, RFC 1918 (Feb. 1996).
    DOI: 10.17487/RFC1918
  1581. E. Rescorla. SSL and TLS: Designing and Building Secure Systems, Addison-Wesley Professional, Boston, MA, USA (Oct. 2000).
    ISBN: 978-0-201-61598-2
  1582. S. S. Response. Regin: Top-Tier Espionage Tool Enables Stealthy Surveillance, Version 1.1, Technical Report, Symantec, Mountain View, CA, USA (Aug. 2015)
    URL: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf
  1583. K. Revett, H. Jahankhani, S. T. de Magalhãães, and H. M. D. Santos. “A Survey of User Authentication Based on Mouse Dynamics,” Proceedings of the Fourth International Conference on Global E-Security pp. 210–219 (June 2008).
    DOI: 10.1007/978-3-540-69403-8_25
  1584. Y.-J. Rhee and T.-Y. Kim. “Practical Solutions to Key Recovery Based on PKI in IP Security,” Proceedings of the 21st International Conference on Computer Safety, Reliability and Security (Lecture Notes in Computer Science 2434) pp. 103–114 (Sep. 2002).
    DOI: 10.1007/3-540-45732-1_6
  1585. C. Ribeiro, A. Zúquete, P. Ferreira, and P. Guedes. “SPL: An Access Control Language for Security Policies with Complex Constraints,” Proceedings of the 2001 Symposium on Network and Distributed System Security (Feb. 2001)
    URL: https://www.ndss-symposium.org/ndss2001/spl-access-control-language-security-policies-and-complex-constraints/
  1586. T. Rid and B. Buchanan. “Attributing Cyber Attacks,” The Journal of Strategic Studies 38(1-2) pp. 4–37 (2015).
    DOI: 10.1080/01402390.2014.977382
  1587. T. Riechmann and F. J. Hauck. “Meta Objects for Access Control: Extending Capability-Based Security,” Proceedings of the 1997 Workshop on New Security Paradigms pp. 17–22 (Sep. 1997).
    DOI: 10.1145/283699.283735
  1588. R. Riley, X. Jiang, and D. Xu. “Multi-Aspect Profiling of Kernel Rootkit Behavior,” Proceedings of the Fourth ACM European Conference on Computer Systems pp. 47–60 (Mar. 2009).
    DOI: 10.1145/1519065.1519072
  1589. E. Rissanen. eXtensible Access Control Markup Language (XACML) Version 3.0 Plus Errata 01, OASIS Standard, OASIS (July 2017)
    URL: http://docs.oasis-open.org/xacml/3.0/errata01/os/xacml-3.0-core-spec-errata01-os-complete.pdf
  1590. T. C. Ristenpart. “Time Stamp Synchronization of Distributed Sensor Logs: Impossibility Results and Approximation Algorithms,” Master’s Thesis, Dept. of Computer Science, University of California at Davis, Davis, CA, USA (2005)
    URL: https://rist.tech.cornell.edu/papers/masters.pdf
  1591. D. M. Ritchie. “On the Security of UNIX,” in On the Security of UNIX, USENIX Association, Berkeley, CA, USA pp. 17:1–17:3 (1979)
    URL: ftp://coast.cs.purdue.edu/pub/doc/misc/d.ritchie-on.security.of.unix.ps.Z
  1592. D. M. Ritchie. “Joy of Reproduction,” USENET net.lang.c, message bnews.research.314 (Nov. 1982).
  1593. R. Rivest. The MD4 Message-Digest Algorithm, RFC 1320 (Apr. 1992).
    DOI: 10.17487/RFC1320
  1594. R. Rivest. The MD5 Message-Digest Algorithm, RFC 1321 (Apr. 1992).
    DOI: 10.17487/RFC1321
  1595. R. L. Rivest. “On the Notion of ‘Software Independence’ in Voting Systems,” Philosophical Transactions of the Royal Society A 366(1881) pp. 3759–3767 (Oct. 2008).
    DOI: 10.1098/rsta.2008.0149
  1596. R. L. Rivest and B. Lampson. SDSI — A Simple Distributed Security Infrastructure (Oct. 1996)
    URL: https://www.microsoft.com/en-us/research/publication/sdsi-a-simple-distributed-security-infrastructure/
  1597. R. L. Rivest, M. J. B. Robshaw, R. Sidney, and Y. L. Yin. “The RC6TM Block Cipher,” unpublished (NIST AES proposal) (Aug. 1998).
    URL: http://people.csail.mit.edu/rivest/Rc6.pdf
  1598. R. L. Rivest, A. Shamir, and L. Adleman. “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Communications of the ACM 21(2) pp. 120–126 (Feb. 1978).
    DOI: 10.1145/359340.359342
  1599. A. Roberts. “ORCON Creep: Information Sharing and the Threat to Government Accountability,” Government Information Quarterly 21(3) pp. 249–267 (2004).
    DOI: 10.1016/j.giq.2004.04.002
  1600. J. Rochlis and M. Eichin. “With Microscope and Tweezers: the Worm from MIT’s Perspective,” Communications of the ACM 32(6) pp. 689–698 (June 1989).
    DOI: 10.1145/63526.63528
  1601. M. Roesch. “Snort—Lightweight Intrusion Detection for Networks,” Proceedings of the 13th Systems Administration Conference pp. 229–238 (Nov. 1999)
    URL: https://www.usenix.org/legacy/publications/library/proceedings/lisa99/roesch.html
  1602. P. Rogaway. “Authenticated-Encryption with Associated-Data,” Proceedings of the Ninth ACM Conference on Computer and Communications Security pp. 98–107 (Nov. 2002).
    DOI: 10.1145/586110.586125
  1603. R. Roman, P. Najera, and X. Lopez. “Securing the Internet of Things,” IEEE Computer 44(9) pp. 51–58 (Sep. 2011).
    DOI: 10.1109/MC.2011.291
  1604. L. Romano, A. Mazzeo, and N. Mazzocca. “SECURE: A Simulation Tool for PKI Design,” Proceedings of the Secure Networking — CQRE [Secure] ’99 International Exhibition and Congress (Lecture Notes in Computer Science 1740) pp. 17–29 (Nov. 1999).
    DOI: 10.1007/3-540-46701-7_2
  1605. A. W. Roscoe. “Modelling and Verifying Key-Exchange Protocols Using CSP and FDR,” Proceedings of the Eighth Computer Security Foundations Workshop pp. 98–107 (June 1995).
    DOI: 10.1109/CSFW.1995.518556
  1606. A. W. Roscoe, J. C. P. Woodcock, and L. Wulf. “Non-Interference Through Determinism,” Journal of Computer Security 4(1) pp. 27–53 (1996).
    DOI: 10.3233/JCS-1996-4103
  1607. K. H. Rosen. Number Theory and Its Applications, Addison-Wesley, Boston, MA, USA (2011).
    ISBN: 978-0-321-50031-1
  1608. J. Rosenberg. Name Assumptions, RFC 4367 (Feb. 2006).
    DOI: 10.17487/RFC4367
  1609. T. Rosenblum and T. Garfinkel. “Virtual Machine Monitors: Current Technology and Future Trends,” IEEE Computer 38(5) pp. 39–47 (May 2005).
    DOI: 10.1109/MC.2005.176
  1610. G. Rosenzweig. The Practical Guide To Mac Security, CreateSpace Independent Publishing Platform, Scotts Valley, CA, USA (2017).
    ISBN: 978-1-5121-7445-8
  1611. N. C. Rowe. “Designing Good Deceptions in Defense of Information Systems,” Proceedings of the 20th Annual Computer Security Applications Conference pp. 418–427 (Dec. 2004).
    DOI: 10.1109/CSAC.2004.16
  1612. N. C. Rowe. “A Model of Deception During Cyber-Attacks on Information Systems,” Proceedings of the First IEEE Symposium on Multi-Agent Security and Survivability pp. 21–30 (Aug. 2004).
    DOI: 10.1109/MASSUR.2004.1368414
  1613. F. B. Rowlett. The Story of Magic: Memoirs of an American Cryptologic Pioneer, Aegean Park Press, Walnut Creek, CA, USA (1998).
    ISBN: 978-0-894-12273-6
  1614. H. A. Rowley, S. Baluja, and T. Kanade. “Neural Network-Based Face Detection,” IEEE Transactions on Pattern Analysis and Machine Intelligence 20(1) pp. 23–38 (Jan. 1998).
    DOI: 10.1109/34.655647
  1615. A. Roy, D. S. Kim, and K. S. Trivedi. “Attack Countermeasure Trees (CT: Towards Unifying the Constructs of Attack and Defense Trees,” Security and Communication Networks 5(8) pp. 929–943 (Aug. 2012).
    DOI: 10.1002/sec.299
  1616. W. W. Royce. “Managing the Development of Large Software Systens,” 1970 WESTCON Technical Papers pp. 1–9 (Aug. 1970).
  1617. M. Rubia, J. C. Cruellas, and M. Medina. “The DEDICA Project: The Solution to the Interoperability Problems between the X.509 and EDIFACT Public Key Infrastructures,” Proceedings of the Secure Networking — CQRE [Secure] ’99 International Exhibition and Congress (Lecture Notes in Computer Science 1740) pp. 17–29 (Nov. 1999).
    DOI: 10.1007/3-540-46701-7_21
  1618. C. Rubin. “UNIX System V with B2 Security,” Proceedings of the 13th National Computer Security Conference pp. 1–9 (Oct. 1990).
  1619. R. A. Rueppel. “Stream Ciphers,” in Contemporary Cryptology: The Science of Information Integrity, edited by G. J. Simmons, IEEE Press, Piscataway, NJ, USA pp. 65–134 (1992).
  1620. M. C. Ruiz, D. Cazorla, F. Cuartero, and J. J. Pardo. “A Formal Specification and Performance Evaluation of the Purchase Phase in the SET Protocol,” Proceedings of the Seventh International Symposium on Symbolic and Numerical Algorithms for Scientific Computing pp. 239–244 (Sep. 2005).
    DOI: 10.1109/SYNASC.2005.4
  1621. N. Rump. “Can Digital Rights Management Be Standardized,” IEEE Signal Processing Magazine 21(2) pp. 63–70 (Mar. 2004).
    DOI: 10.1109/MSP.2004.1276114
  1622. S. Ruoti, J. Andersen, S. Heidbrink, M. O’Neill, E. Vaziripour, J. Wu, D. Zappala, and K. Seamons. “We’re on the Same Page: A Usability Study of Secure Email Using Pairs of Novice Users,” Proceedings of the 2016 SIGCHI Conference on Human Factors in Computing Systems pp. 4298–4308 (May 2016).
    DOI: 10.1145/2858036.2858400
  1623. S. Ruoti, J. Andersen, T. Hendershot, D. Zappala, and K. Seamons. “Private Webmail 2.0: Simple and Easy-to-Use Secure Email,” Proceedings of the 29th Annual Symposium on User Interface Software and Technology pp. 461–472 (Oct. 2016).
    DOI: 10.1145/2984511.2984580
  1624. S. Ruoti, J. Andersen, D. Zappala, and K. Seamons. “Why Johnny Still, Still Can’t Encrypt: Evaluating the Usability of a Modern PGP Client,” Computing Research Repository (abs/1510.08555v2 [cs.CR]) (Mar. 2016).
    URL: http://arxiv.org/abs/1510.08555
  1625. J. Rushby. Noninterference, Transitivity, and Channel-Control Security Policies, Technical Report CSL-92-2, SRI International, Menlo Park, CA, USA (May 2005)
    URL: http://csl.sri.com/papers/csl-92-2/csl-92-2.pdf
  1626. M. Russinovich. More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home,” Microsoft Technet Blog (Nov. 2005).
    URL: https://blogs.technet.microsoft.com/markrussinovich/2005/11/04/more-on-sony-dangerous-decloaking-patch-eulas-and-phoning-home/
  1627. M. Russinovich. Sony, Rootkits and Digital Rights Management Gone Too Far,” Microsoft Technet Blog (Oct. 2005).
    URL: https://blogs.technet.microsoft.com/markrussinovich/2005/10/31/sony-rootkits-and-digital-rights-management-gone-too-far/
  1628. M. Russinovich and A. Margosis. Troubleshooting with the Windows Sysinternals Tools, Microsoft Press, Redmond, WA, USA (2016)
    ISBN: 978-0-7356-8444-7
  1629. A. Russo and A. Sabelfeld. “Dynamic vs. Static Flow-Sensitive Security Analysis,” Proceedings of the 23rd Computer Security Foundations Symposium pp. 186–199 (July 2010).
    DOI: 10.1109/CSF.2010.20
  1630. O. Ruwase and M. S. Lam. “A Practical Dynamic Buffer Overflow Detector,” Proceedings of the 2004 Symposium on Network and Distributed System Security pp. 159–169 (Feb. 2004)
    URL: http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2017/09/A-Practical-Dynamic-Buffer-Overflow-Detector-Olatunji-Ruwase.pdf
  1631. M.-J. O. Saarinen. “Cycling Attacks on GCM, GHASH and Other Polynomial MACs and Hashes,” Proceedings of the 19th International Workshop on Fast Software Encryption (Lecture Notes in Computer Science 7549) pp. 216–225 (Mar. 2012).
    DOI: 10.1007/978-3-642-34047-5_13
  1632. A. Sabelfeld and A. C. Myers. “Language-Based Information-Flow Security,” IEEE Journal on Selected Areas in Communication 21(1) pp. 5–19 (Jan. 2003).
    DOI: 10.1109/JSAC.2002.806121
  1633. A. Sabelfeld and A. C. Myers. “A Model for Delimited Information Release,” Proceedings of the Second Mext-NSF-JSPS International Symposium on Software Security (Lecture Notes in Computer Science 3233) pp. 174–191 (Nov. 2004).
    DOI: 10.1007/978-3-540-37621-7_9
  1634. A. Sabelfeld and D. Sands. “Probabilistic Noninterference for Multi-Threaded Programs,” Proceedings of the 13th Computer Security Foundations Workshop pp. 200–214 (July 2000).
    DOI: 10.1109/CSFW.2000.856937
  1635. A. Sabelfeld and D. Sands. “Declassification: Dimensions and Principles,” Journal of Computer Security 17(5) pp. 517–548 (2009).
    DOI: 10.3233/JCS-2009-0352
  1636. M. Sabhnani and G. Serpen. “Why Machine Learning Algorithms Fail in Misuse Detection on KDD Intrusion Detection Data Set,” Intelligent Data Analysis 8(4) pp. 403–415 (2004)
    URL: http://content.iospress.com/articles/intelligent-data-analysis/ida00177
  1637. T. L. Sadler. Cybersecurity for Everyone: Securing Your Home or Small Business Network, Signalman Publishing, Kissimmee, FL, USA (2015)
    ISBN: 978-1-940145-36-5
  1638. J. Sajaniemi. “Modeling Spreadsheet Audit: A Rigorous Approach to Automatic Visualization,” Journal of Visual Languages & Computing 11(1) pp. 49–82 (Feb. 2000).
    DOI: 10.1006/jvlc.1999.0142
  1639. S. Sakane, K. Kamada, S. Zrelli, and M. Ishiyama. Problem Statement on the Cross-Realm Operation of Kerberos, RFC 5868 (May 2010).
    DOI: 10.17487/RFC5868
  1640. R. G. Saltman. “Accuracy, Integrity and Security in Computerized Vote-Tallying,” Communications of the ACM 31(10) pp. 1184–1191 (Oct. 1988).
    DOI: 10.1145/63039.63041
  1641. J. Saltzer. “Protection and the Control of Information Sharing in Multics,” Communications of the ACM 17(7) pp. 388–402 (July 1974).
    DOI: 10.1145/361011.361067
  1642. J. H. Saltzer. On the Naming and Binding of Network Destinations, RFC 1498 (Aug. 1993).
    DOI: 10.17487/RFC1498
  1643. J. H. Saltzer and M. F. Kaashoek. Principles of Computer System Design, Morgan Kaufmann Publishers, Burlington, MA, USA (2009).
    ISBN: 978-0-12-374957-4
  1644. J. H. Saltzer and M. D. Schroeder. “The Protection of Information in Computer Systems,” Proceedings of the IEEE 63(9) pp. 1278–1308 (Sep. 1975).
    DOI: 10.1109/PROC.1975.9939
  1645. A. Samal and P. A. Iyengar. “Automatic Recognition and Analysis of Human Faces and Facial Expressions: A Survey,” Pattern Recognition 25(1) pp. 65–77 (Jan. 1992).
    DOI: 10.1016/0031-3203(92)90007-6
  1646. V. Samar. “Unified Login with Pluggable Authentication Modules (PAM),” Proceedings of the Third ACM Conference on Computer and Communications Security pp. 1–10 (Mar. 1996).
    DOI: 10.1145/238168.238177
  1647. M.-B. Samekh. “Lessons Learned from Flame, Three Years Later,” Securelist, Kaspersky Labs, Moscow, Russian Federation (May 29, 2015)
    URL: https://securelist.com/blog/opinions/70149/lessons-learned-from-flame-three-years-later/
  1648. P. Samuelson. “DRM {and, or, vs.} the Law,” Communications of the ACM 46(4) pp. 41–45 (Apr. 2003).
    DOI: 10.1145/641205.641229
  1649. S. K. Sanadhya and P. Sarkar. “New Collision Attacks against Up to 24-Step SHA-2,” Proceedings of the Ninth International Conference on Cryptology in India: Progress in Cryptology — INDOCRYPT 2008 (Lecture Notes in Computer Science 5365) pp. 91–103 (Dec. 2008).
    DOI: 10.1007/978-3-540-89754-5_8
  1650. C. Sanders and J. Smith. Applied Network Security Monitoring: Collection, Detection, and Analysis, Syngress Press, Waltham, MA, USA (2014)
    ISBN: 978-01-2417208-1
  1651. R. Sandhu. “Expressive Power of the Schematic Protection Model (Extended Abstract),” Proceedings of the First Computer Security Foundations Workshop pp. 188–193 (June 1988).
  1652. R. Sandhu. “Transformation of Access Rights,” Proceedings of the 1989 IEEE Symposium on Security and Privacy pp. 259–268 (May 1989).
    DOI: 10.1109/SECPRI.1989.36300
  1653. R. Sandhu and G.-J. Ahn. “Decentralized Group Hierarchies in UNIX: An Experiment and Lessons Learned,” Proceedings of the 21st National Information Systems Security Conference pp. 486–502 (Oct. 1998).
  1654. R. Sandhu, V. Bhamidipati, and Q. Munawer. “The ARBAC97 Model for Role-based Administration of Roles,” ACM Transactions on Information and System Security 2(1) pp. 105–135 (Feb. 1999).
    DOI: 10.1145/300830.300839
  1655. R. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. “Role-Based Access Control Models,” IEEE Computer 29(2) pp. 38–47 (Feb. 1996).
    DOI: 10.1109/2.485845
  1656. R. S. Sandhu. “Analysis of Acyclic Attenuating Systems for the SSR Protection Model,” Proceedings of the 1985 IEEE Symposium on Security and Privacy pp. 197–206 (Apr. 1985).
    DOI: 10.1109/SP.1985.10021
  1657. R. S. Sandhu. “The Schematic Protection Model: Its Definitions and Analysis for Acyclic Attenuating Schemes,” Journal of the ACM 35(2) pp. 404–432 (Apr. 1988).
    DOI: 10.1145/42282.42286
  1658. R. S. Sandhu. “The Demand Operation in the Schematic Protection Model,” Information Processing Letters 32(4) pp. 213–219 (Sep. 1989).
    DOI: 10.1016/0020-0190(89)90046-X
  1659. R. S. Sandhu. “Expressive Power of the Schematic Protection Model,” Journal of Computer Security 1(1) pp. 59–98 (1992).
    DOI: 10.3233/JCS-1992-1104
  1660. R. S. Sandhu. “The Typed Access Matrix Model,” Proceedings of the 1992 IEEE Symposium on Research in Security and Privacy pp. 122–136 (May 1992).
    DOI: 10.1109/RISP.1992.213266
  1661. R. S. Sandhu. “Undecidability of Safety for the Schematic Protection Model with Cyclic Creates,” Journal of Computer and System Sciences 44(1) pp. 141–159 (Feb. 1992).
    DOI: 10.1016/0022-0000(92)90008-7
  1662. R. S. Sandhu and S. Ganta. “On Testing for Absence of Rights in Access Control Models,” Proceedings of the Sixth Computer Security Foundations Workshop pp. 109–118 (June 1993).
    DOI: 10.1109/CSFW.1993.246635
  1663. R. S. Sandhu and S. Ganta. “On the Minimality of Testing for Rights in Transformation Models,” Proceedings of the 1994 IEEE Symposium on Research in Security and Privacy pp. 230–241 (May 1994).
    DOI: 10.1109/RISP.1994.296578
  1664. R. S. Sandhu and G. S. Suri. “Non-Monotonic Transformation of Access Rights,” Proceedings of the 1992 IEEE Symposium on Research in Security and Privacy pp. 148–161 (May 1992).
    DOI: 10.1109/RISP.1992.213264
  1665. S. Santesson, A. Malpani, S. Galperin, and C. Adams. X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP, RFC 6960 (June 2013).
    DOI: 10.17487/RFC6960
  1666. S. T. Sarasamma, Q. A. Zhu, and J. Huff. “Hierarchical Kohonenen Net for Anomaly Detection in Network Security,” IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics) 35(2) pp. 302–312 (Apr. 2005).
    DOI: 10.1109/TSMCB.2005.843274
  1667. A. Sarkar, S. Köhler, B. Ludäscher, and M. Bishop. “Insider Attack Identification and Prevention Using a Declarative Approach,” IEEE Systems Journal 11(2) pp. 1–12 (Oct. 2015).
    DOI: 10.1109/JSYST.2015.2477472
  1668. C. Satizábal, R. Páez, and J. Forné. “PKI Trust Relationships: From a Hybrid Architecture to a Hierarchical Model,” Proceedings of the First International Conference on Availability, Reliability and Security pp. 563–570 (Apr. 2006).
    DOI: 10.1109/ARES.2006.93
  1669. S. Savage, D. Wetherall, A. Karlin, and T. Anderson. “Practical Network Support for IP Traceback,” ACM SIGCOMM Computer Communications Review 30(4) pp. 295–306 (Oct. 2000).
    DOI: 10.1145/347057.347560
  1670. O. S. Saydjari, J. M. Beckman, and J. R. Leaman. “LOCK Trek: Navigating Uncharted Space,” Proceedings of the 1989 IEEE Symposium on Security and Privacy pp. 167–175 (May 1989).
    DOI: 10.1109/SECPRI.1989.36291
  1671. O. S. Saydjari, J. M. Beckman, and J. R. Leamon. “Locking Computers Securely,” Proceedings of the Tenth National Computer Security Conference pp. 129–141 (Sep. 1987).
  1672. K. Scarfone and P. Mell. Guide to Intrusion Detection and Prevention System (IDPS), Special Publication 800-94, National Institute of Standards and Technology, Gaithersburg, MD, USA (Feb. 2007).
    DOI: 10.6028/NIST.SP.800-94
  1673. K. Scarfone, S. Murugiah, A. Cody, and A. Orebaugh. Technical Guide to Information Security Testing and Assessment, Special Publication 800-115, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, MD, USA (Sep. 2008).
    DOI: 10.6028/NIST.SP.800-115
  1674. A. Schaad, J. Moffett, and J. Jacob. “The Role-Based Access Control System of a European Bank: A Case Study and Discussion,” Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies pp. 3–9 (May 2001).
    DOI: 10.1145/373256.373257
  1675. M. Schaefer, B. Gold, R. Linde, and J. Scheid. “Program Confinement in KVM/370,” Proceedings of the 1977 ACM Annual Conference pp. 404–410 (1977).
    DOI: 10.1145/800179.1124633
  1676. B. Schatz. “BodySnatcher: Towards Reliable Volatile Memory Acquisition by Software,” Digital Investigation 4(S) pp. 126–134 (Sep. 2007).
    DOI: 0.1016/j.diin.2007.06.009
  1677. R. R. Schell, T. F. Tao, and M. Heckman. “Designing the GEMSOS Security Kernel for Security and Performance,” Proceedings of the Eighth National Computer Security Conference pp. 108–119 (Oct. 1985).
  1678. K. Scheurer. “The Clipper Chip: Cryptography Technology and the Constitution—The Government’s Answer to Encryption “Chips” Away at Constitutional Rights,” Rutgers Computer and Technology Law Journal 21(1) pp. 263–292 (1995)
    URL: https://heinonline.org/HOL/Page?collection=journals&handle=hein.journals/rutcomt21&id=269
  1679. M. Schmid, F. Hill, and A. K. Ghosh. “Protecting Data from Malicious Software,” Proceedings of the 18th Annual Computer Security Applications Conference pp. 199–208 (Dec. 2002).
    DOI: 10.1109/CSAC.2002.1176291
  1680. D. Schnackenberg, K. Djahandari, and D. Sterne. “Infrastructure for Intrusion Detection and Response,” Proceedings of the 2000 DARPA Information Survivability Conference and Exposition pp. 3–11 (Jan. 2000).
    DOI: 10.1109/DISCEX.2000.821505
  1681. F. B. Schneider. “Implementing Fault-Tolerant Services Using the State Machine Approach: A Tutorial,” ACM Computing Surveys 22(4) pp. 299–319 (Dec. 1990).
    DOI: 10.1145/98163.98167
  1682. F. B. Schneider. “Enforceable Security Policies,” ACM Transactions on Information and System Security 3(1) pp. 30–50 (Feb. 2000).
    DOI: 10.1145/353323.353382
  1683. B. Schneier. “Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish),” Proceedings of the Cambridge Security Workshop on Fast Software Encryption (Lecture Notes in Computer Science 809) pp. 191–204 (Dec. 1993).
    DOI: 10.1007/3-540-58108-1_24
  1684. B. Schneier. Applied Cryptography: Protocols, Algorithms, and Source Code in C, John Wiley & Sons, New York, NY, USA (1996).
    ISBN: 978-0-471-11709-4
  1685. B. Schneier. “Attack Trees,” Dr. Dobb’s Journal pp. 21–29 (Dec. 1999).
  1686. B. Schneier. “Inside Risks: The Uses and Abuses of Biometrics,” Communications of the ACM 42(8) p. 136 (Aug. 1999).
    DOI: 10.1145/310930.310988
  1687. B. Schneier. Secrets and Lies: Digital Security in a Networked World, Wiley Publishing, Inc., Indianapolis, IN, USA (2004).
    ISBN: 978-0-471-45380-2
  1688. B. Schneier. “Sony’s DRM Rootkit: The Real Story,” Schneier on Security (Nov. 2005)
    URL: https://www.schneier.com/blog/archives/2005/11/sonys_drm_rootk.html
  1689. B. Schneier and J. Kelsey. “Secure Audit Logs to Support Computer Forensics,” ACM Transactions on Information and System Security 2(2) pp. 159–176 (May 1999).
    DOI: 10.1145/317087.317089
  1690. B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, and N. Ferguson. “Twofish: A 128-Bit Block Cipher,” unpublished (June 1998).
    URL: http://www.schneier.com/paper-twofish-paper.pdf
  1691. B. Schneier, J. Kelsey, D. Whiting, D. Wagner, C. Hall, and N. Ferguson. The Twofish Encryption Algorithm: A 128-Bit Block Cipher, John Wiley & Sons, New York, NY, USA (1999)
    ISBN: 978-0-471-35381-2
  1692. E. Schreck and W. Ertel. “Disk Drive Generates High Speed Real Random Numbers,” Microsystem Technologies 11(8-10) pp. 616–622 (Aug. 2005).
    DOI: 10.1007/s00542-005-0532-6
  1693. B. Schroeder and G. A. Gibson. “Understanding Disk Failure Rates: What Does an MTTF of 1,000,000 Hours Mean to You?,” ACM Transactions on Storage 3(3) pp. 8:1–8:31 (Oct. 2007).
    DOI: 10.1145/1288783.1288785
  1694. C. L. Schuba. Addressing Weaknesses in the Domain Name System Protocol, COAST TR 95-04, COAST Laboratory, Department of Computer Sciences, Purdue University, West Lafayette, IN 47907 (Aug. 1993)
    URL: https://www.cerias.purdue.edu/apps/reports_and_papers/view/2248
  1695. C. L. Schuba, I. V. Krsul, M. G. Kuhn, E. H. Spafford, A. Sundara, and D. Zamboni. “Analysis of a Denial of Service Attack on TCP,” Proceedings of the 1997 IEEE Symposium on Security and Privacy pp. 208–223 (May 1997).
    DOI: 10.1109/SECPRI.1997.601338
  1696. C. L. Schuba and E. H. Spafford. “A Reference Model for Firewall Technology,” Proceedings of the 13th Annual Computer Security Applications Conference pp. 133–145 (Dec. 1997).
    DOI: 10.1109/CSAC.1997.646183
  1697. A. Schulter, K. Vieira, C. Westphall, C. Westphall, and S. Abderrahim. “Intrusion Detection for Computational Grids,” Proceedings of the 2008 New Technologies, Mobility and Security Conference and Workshops pp. 1–5 (Nov. 2008).
    DOI: 10.1109/NTMS.2008.ECP.54
  1698. M. G. Schultz, E. Eskin, E. Zadok, and S. J. Stolfo. “Data Mining Methods for Detection of New Malicious Executables,” Proceedings of the 2001 IEEE Symposium on Security and Privacy pp. 38–49 (May 2001).
    DOI: 10.1109/SECPRI.2001.924286
  1699. T. Schürmann and P. Grassberger. “Entropy Estimation of Symbol Sequences,” Chaos 6(3) pp. 414–427 (Sep. 1996).
    DOI: 10.1063/1.166191
  1700. K. Schwaber and J. Sutherland. The Scrum Guide: The Definitive Guide to Scrum: The Rules of the Game, Technical Report, Scrum, Inc. (July 2013)
    URL: http://www.scrumguides.org/docs/scrumguide/v1/Scrum-Guide-US.pdf
  1701. E. J. Schwartz, T. Avgerinos, and D. Brumley. “All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (But Might Have Been Afraid to Ask),” Proceedings of the 2010 IEEE Symposium on Security and Privacy pp. 317–331 (May 2010).
    DOI: 10.1109/SP.2010.26
  1702. K. L. Scott. Overview of the Privacy Act of 1974,” U. S. Department of Justice Office of Privacy and Civil Liberties (2015).
    URL: https://www.justice.gov/opcl/overview-privacy-act-1974-2015-edition
  1703. R. Scott. “Wide-Open Encryption Design Offers Flexible Implementations,” Cryptologia 9(1) pp. 75–91 (1985).
    DOI: 10.1080/0161-118591859799
  1704. R. C. Seacord. Secure Coding in C and C++, Addison-Wesley, Upper Saddle River, NJ, USA (2013)
    ISBN: 978-0-321-82213-0
  1705. J. Seberry and J. Pieprzyk. Cryptography: An Introduction to Computer Security, Prentice Hall, Inc, Englewood Cliffs, NJ, USA (1989)
    ISBN: 978-0-13-194986-7
  1706. D. Seeley. “Password Cracking: A Game of Wits,” Communications of the ACM 32(6) pp. 700–703 (June 1989).
    DOI: 10.1145/63526.63529
  1707. D. Seeley. “A Tour of the Worm,” Proceedings of the 1989 Winter USENIX Conference pp. 287–304 (Jan. 1989).
  1708. R. Seggelman, M. Tuexen, and M. G. Williams. Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) Heartbeat Extension, RFC 6520 (Feb. 2012).
    DOI: 10.17487/RFC6520
  1709. D. Sehr, R. Muth, C. Biffle, V. Khimenko, E. Pasko, K. Schimpf, B. Yee, and B. Chen. “Adapting Software Fault Isolation to Contemporary CPU Architectures,” Proceedings of the 19th USENIX Security Symposium pp. 1–12 (Aug. 2010)
    URL: https://www.usenix.org/legacy/events/sec10/tech/full_papers/Sehr.pdf
  1710. K. F. Seiden and J. P. Melanson. “The Auditing Facility for a VMM Security Kernel,” Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy pp. 262–277 (May 1990).
    DOI: 10.1109/RISP.1990.63856
  1711. R. Sekar, A. Gupta, J. Frullo, T. Shanbhag, A. Tiwari, H. Yang, and S. Zhou. “Specification-based Anomaly Detection: A New Approach for Detecting Network Intrusions,” Proceedings of the Ninth ACM Conference on Computer and Communications Security pp. 265–274 (Nov. 2002).
    DOI: 10.1145/586110.586146
  1712. A. Serjantov, R. Dingledine, and P. Syverson. “From a Trickle to a Flood: Active Attacks on Several Mix Types,” Proceedings of the Fifth International Workshop on Information Hiding (Lecture Notes in Computer Science 2578) pp. 36–52 (Oct. 2002).
    DOI: 10.1007/3-540-36415-3_3
  1713. J. Sermersheim. Lightweight Directory Access Protocol (LDAP): The Protocol, RFC 4511 (June 2006).
    DOI: 10.17487/RFC4511
  1714. G. Serrao. “Rating Network Components,” Proceedings of the 18th National Computer Security Conference pp. 344–355 (Oct. 1995).
  1715. C. Servin and M. Ceberio. “Cascade Vulnerability Problem Simulator Tool,” Proceedings of the 2008 International Conference on Modeling, Simulation and Visualization Methods pp. 227–231 (July 2008).
  1716. C. Servin, M. Ceberio, E. Freudenthal, and S. Bistarelli. “An Optimization Approach Using Soft Constraints for the Cascade Vulnerability Problem,” Proceedngs of the 2007 Annual Meeting of the North American Fuzzy Information Processing Society pp. 372–377 (June 2007).
    DOI: 10.1109/NAFIPS.2007.383867
  1717. H. Shacham. “The Geometry of Innocent Flesh on the Bone: Return-Into-Libc Without Function Calls (On the x86),” Proceedings of the 14th ACM Conference on Computer and Communications Security pp. 552–561 (2007).
    DOI: 10.1145/1315245.1315313
  1718. H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh. “On the Effectiveness of Address-Space Randomizaton,” Proceedings of the 11th ACM Conference on Computer and Communications Security pp. 298–307 (Oct. 2004).
    DOI: 10.1145/1030083.1030124
  1719. G. Shah, A. Molina, and M. Blaze. “Keyboards and Covert Channels,” Proceedings of the 15th USENIX Security Symposium pp. 59–75 (July 2006)
    URL: https://www.usenix.org/legacy/events/sec06/tech/shah/shah.pdf
  1720. N. Shahmehri, A. Mammar, E. Montes de Oca, D. Byers, A. Cavalli, S. Ardi, and W. Jimenez. “An Advanced Approach for Modeling and Detecting Software Vulnerabilities,” Information and Security Technology 54(9) pp. 997–1013 (Sep. 2012).
    DOI: 10.1016/j.infsof.2012.03.004
  1721. H. R. Shahriari and R. Jalili. “Vulnerability Take Grant (VTG): An Efficient Approach to Analyze Network Vulnerabilities,” Computers & Security 26(5) pp. 349–360 (Aug. 2007).
    DOI: 10.1016/j.cose.2007.03.002
  1722. A. Shamir. “How to Share a Secret,” Communications of the ACM 22(11) pp. 612–613 (Nov. 1979).
    DOI: 10.1145/359168.359176
  1723. A. Shamir. “A Polynomial Time Algorithm for Breaking the Basic Merkle-Hellman Cryptosystem,” Proceedings of the 23rd Annual Symposium on Foundations of Computer Science pp. 145–152 (Nov. 1982).
    DOI: 10.1109/SFCS.1982.5
  1724. A. Shamir. “Identity-Based Cryptosystems and Signature Schemes,” Advances in Cryptology — CRYPTO ’84 (Lecture Notes in Computer Science 196) pp. 47–53 (Aug. 1984).
    DOI: 10.1007/3-540-39568-7_5
  1725. C. E. Shannon. “A Mathematical Theory of Communication,” Bell System Technical Journal 27(3) pp. 379–423 (July 1948).
    DOI: 10.1002/j.1538-7305.1948.tb01338.x
  1726. C. E. Shannon. “A Mathematical Theory of Communication,” Bell System Technical Journal 27(4) pp. 623–656 (Oct. 1948).
    DOI: 10.1002/j.1538-7305.1948.tb00917.x
  1727. C. E. Shannon. “Communication Theory of Secrecy Systems,” Bell System Technical Journal 28(4) pp. 656–715 (Oct. 1949).
    DOI: 10.1002/j.1538-7305.1949.tb00928.x
  1728. C. E. Shannon. “Prediction and Entropy of Printed English,” Bell System Technical Journal 30(1) pp. 50–64 (Jan. 1951).
    DOI: 10.1002/j.1538-7305.1951.tb01366.x
  1729. J. S. Shapiro and N. Hardy. “EROS: A Principle-Driven Operating System from the Ground Up,” IEEE Software 19(1) pp. 26–33 (Jan. 2002).
    DOI: 10.1109/52.976938
  1730. J. S. Shapiro, J. M. Smith, and D. J. Farber. “EROS: A Fast Capability System,” Proceedings of the 17th ACM Symposium on Operating Systems Principles pp. 170–185 (Dec. 1999).
    DOI: 10.1145/319151.319163
  1731. C. Shen, Z. Cai, X. Guan, Y. Du, and R. A. Maxion. “User Authentication Through Mouse Dynamics,” IEEE Transactions on Information Forensics and Security 8(1) pp. 16–30 (Jan. 2013).
    DOI: 10.1109/TIFS.2012.2223677
  1732. O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing. “Automated Generation and Analysis of Attack Graphs,” Proceedings of the 2002 IEEE Symposium on Security and Privacy pp. 273–284 (May 2002).
    DOI: 10.1109/SECPRI.2002.1004377
  1733. S.-P. Shieh and V. D. Gligor. “Detecting Illicit Leakage of Information in Operating Systems,” Journal of Computer Security 4(2/3) pp. 123–148 (1996).
    DOI: 10.3233/JCS-1996-42-302
  1734. C. Shiflett. Essential PHP Security, O’Reilly Media, Sebastopol, CA, USA (2005)
    ISBN: 978-0-596-00656-3
  1735. A. Shimizu and S. Miyaguchi. “Fast Data Encipherment Algorithm FEAL,” Advances in Cryptology — CRYPTO ’87 (Lecture Notes in Computer Science 304) pp. 267–278 (1987).
    DOI: 10.1007/3-540-39118-5_24
  1736. T. Shimomura and J. Markoff. Takedown: The Pursuit and Capture of Kevin Mitnick, America’s Most Wanted Computer Outlaw—By the Man Who Did It, Hyperion, New York, NY, USA (1996)
    ISBN: 978-0-786-86210-8
  1737. T. Shimoyama, M. Takenaka, and T. Koshiba. “Multiple Linear Cryptanalysis of a Reduced Round RC6,” Proceedings of the Ninth International Workshop on Fast Software Encryption (Lecture Notes in Computer Science 2365) pp. 76–88 (Feb. 2002).
    DOI: 10.1007/3-540-45661-9_6
  1738. H. Shiravi, Ali amd Shiravi, M. Tavallaee, and A. A. Ghorbani. “Toward Developing a Systematic Approach to Generate Benchmark Datasets for Intrusion Detection,” Computers & Security 31(3) pp. 357–374 (May 2012).
    DOI: 10.1016/j.cose.2011.12.012
  1739. R. Shirey. Internet Security Glossary, Version 2, RFC 4949 (Aug. 2007).
    DOI: 10.17487/RFC4949
  1740. J. F. Shoch. “Inter-Network Naming, Addressing, and Routing,” Proceedings of Compcon Fall ’78, Computer Communications Networks pp. 72–79 (Sep. 1978).
  1741. J. F. Shoch and J. A. Hupp. “The “Worm” Programs—Early Experience with a Distributed Computation,” Communications of the ACM 25(3) pp. 172–180 (Mar. 1982).
    DOI: 10.1145/358453.358455
  1742. T. G. Shoriak. “SSL/TLS Protocol Enablement for Key Recovery,” Computers & Security 19(1) pp. 100–104 (Jan. 2000).
    DOI: 10.1016/S0167-4048(00)86369-5
  1743. A. Shostack and A. Stewart. The New School of Information Security, Addison-Wesley, Boston, MA, USA (2008)
    ISBN: 978-0-321-50278-0
  1744. R. Shu, P. Wang, S. A. Gorski III, B. Andow, A. Nadkarni, L. Deshotels, J. Gionta, W. Enck, and X. Gu. “A Study of Security Isolation Techniques,” ACM Computing Surveys 49(3) pp. 50:1–50:37 (Oct. 2016).
    DOI: 10.1145/2988545
  1745. X. Shu, K. Tan, A. Ciambrone, and D. D. Yao. “Breaking the Target: An Analysis of Target Data Breach and Lessons Learned,” Computing Research Repository (arXiv:1701.04940 [cs.CR]) (Jan. 2017)
    URL: http://arxiv.org/abs/1701.04940
  1746. W. O. Sibert. “Auditing in a Distributed System: SunOS MLS Audit Trails,” Proceedings of the 11th National Computer Security Conference pp. 82–90 (Oct. 1988).
  1747. D. P. Sidhu and M. Gasser. “A Multilevel Secure Local Area Network,” Proceedings of the 1982 IEEE Symposium on Security and Privacy pp. 137–143 (Apr. 1982).
    DOI: 10.1109/SP.1982.10015
  1748. A. Silberschatz, P. S. Galvin, and G. Gagne. Operating System Concepts, John H. Wiley & Sons, Inc., Hoboken, NJ, USA (2013).
    ISBN: 978-1-118-06333-0
  1749. G. J. Simmons. “How to (Really) Share a Secret,” Advances in Cryptology — CRYPTO ’88 (Lecture Notes in Computer Science 403) pp. 390–448 (Aug. 1988).
    DOI: 10.1007/0-387-34799-2_30
  1750. G. J. Simmons. “Prepositioned Shared Secret And/Or Shared Control Schemes,” Advances in Cryptology — EUROCRYPT ’89 (Lecture Notes in Computer Science 434) pp. 436–467 (Apr. 1989).
    DOI: 10.1007/3-540-46885-4_44
  1751. G. J. Simmons. “Geometric Shared Secret And/Or Shared Control Schemes,” Advances in Cryptology — CRYPTO ’90 (Lecture Notes in Computer Science 537) pp. 216–241 (Aug. 1990).
    DOI: 10.1007/3-540-38424-3_16
  1752. G. J. Simmons and D. Holdridge. “Forward Search as a Cryptanalytic Tool Against a Public Key Privacy Channel,” Proceedings of the 1982 IEEE Symposium on Security and Privacy pp. 117–128 (Apr. 1982).
    DOI: 10.1109/SP.1982.10011
  1753. G. J. Simmons and C. Meadows. “The Role of Trust in Information Integrity Protocols,” Journal of Computer Security 3(1) pp. 71–84 (1995).
    DOI: 10.3233/JCS-1994/1995-3106
  1754. R. T. Simon and M. E. Zurko. “Separation of Duty in Role-Based Environments,” Proceedings of the Tenth Computer Security Foundations Workshop pp. 183–194 (June 1997).
    DOI: 10.1109/CSFW.1997.596811
  1755. L. Simpson, M. Hendricksen, and W.-S. Yap. “Improved Cryptanalysis of the Common Scrambling Algorithm Stream Cipher,” Proceedings of the 14th Australasian Conference on Information Security and Privacy (Lecture Notes in Computer Science 5594) pp. 108–121 (July 2009).
    DOI: 10.1007/978-3-642-02620-1_8
  1756. G. Sindre and A. L. Opdahl. “Eliciting Security Requirements with Misuse Cases,” Requirements Engineering 10(1) pp. 34–44 (Jan. 2005).
    DOI: 10.1007/s00766-004-0194-4
  1757. L. Singaravelu, C. Pu, H. Härtig, and C. Helmuth. “Reducing TCB Complexity for Security-Sensitive Applications: Three Case Studies,” Proceedings of the First ACM SIGOPS/EuroSys European Conference on Computer Systems pp. 161–174 (Apr. 2006).
    DOI: 10.1145/1217935.1217951
  1758. S. Singh, C. Estan, G. Varghese, and S. Savage. “Automated Worm Fingerprinting,” Proceedings of the Sixth Symposium on Operating System Design and Implementation pp. 45–60 (Dec. 2004)
    URL: https://www.usenix.org/legacy/publications/library/proceedings/osdi04/tech/full_papers/singh/singh.pdf
  1759. A. Sinkov. Elementary Cryptanalysis: A Mathematical Approach, Mathematical Association of America, Washington, DC, USA (2009).
    ISBN: 978-0-883-85622-2
  1760. S. Sivarajan. Getting Started with Windows Server Security, Packt Publishing Ltd., Birmingham, UK (2015)
    ISBN: 978-1-78439-872-9
  1761. sKyWIper Analysis Team. sKyWIper a.k.a. Flame a.k.a. Flamer: A Complex Malware for Targeted Attacks, Technical Report v1.05 (May 31, 2012), Laboratory of Cryptography and System Security (CrySyS Lab), Budapest University of Technology and Economics, Budapest, Hungary (May 2012)
    URL: http://www.crysys.hu/skywiper/skywiper.pdf
  1762. N. J. Slamecka and P. Graf. “The Generation Effect: Delineation of a Phenomenon,” Journal of Experimental Psychology: Human Learning and Memory 4(6) pp. 592–604 (Nov. 1978).
    DOI: 10.1037/0278-7393.4.6.592
  1763. M. Slatalla and J. Quittner. Masters of Deception: The Gang That Ruled Cyberspace, HarperPerennial, New York, NY, USA (1995).
    ISBN: 978-0-060-17030-1
  1764. S. E. Smaha. “Haystack: An Intrusion Detection System,” Proceedings of the Fourth Annual Computer Security Applications Conference pp. 37–44 (Sep. 1988).
    DOI: 10.1109/ACSAC.1988.113412
  1765. M. Smart, G. R. Malan, and F. Jahanian. “Defeating TCP/IP Stack Fingerprinting,” Proceedings of the Ninth USENIX Security Symposium (Aug. 2000)
    URL: https://www.usenix.org/legacy/publications/library/proceedings/sec2000/full_papers/smart/smart.pdf
  1766. G. Smith and D. Volpano. “Secure Information Flow in a Multi-Threaded Imperative Language,” Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages pp. 355–364 (Jan. 1998).
    DOI: 10.1145/268946.268975
  1767. K. Smith and M. Winslett. “Entity Modeling in the MLS Relational Model,” Proceedings of the 18th International Conference on Very Large Data Bases pp. 199–210 (Aug. 1992).
  1768. R. E. Smith. “Constructing a High Assurance Mail Guard,” Proceedings of the 17th National Computer Security Conference pp. 247–253 (Oct. 1994).
  1769. R. E. Smith. “Cost Profile of a Highly Assured, Secure Operating System,” ACM Transactions on Information and System Security 4(1) pp. 72–101 (Feb. 2001).
    DOI: 10.1145/383775.383778
  1770. S. L. Smith. “Authenticating Users by Word Association,” Computers & Security 6(6) pp. 464–470 (Dec. 1987).
    DOI: 10.1016/0167-4048(87)90027-7
  1771. T. Smith. “User Definable Domains as a Mechanism for Implementing the Least Privilege Principle,” Proceedings of the Ninth National Computer Security Conference pp. 143–148 (Sep. 1986).
  1772. J. C. Snader. VPNs Illustrated: Tunnels, VPNs, and IPsec: Tunnels, VPNs, and IPsec, Addison-Wesley Professional, Boston, MA, USA (2005).
    ISBN: 978-0-321-24544-1
  1773. S. R. Snapp, J. Brentano, G. V. Dias, T. L. Goan, T. Grance, L. T. Heberlein, C.-L. Ho, K. N. Levitt, B. Mukherjee, D. L. Mansur, K. L. Pon, and S. E. Smaha. “A System for Distributed Intrusion Detection,” Proceedings of Compcon Spring ’91 pp. 170–176 (Feb. 1991).
    DOI: 10.1109/CMPCON.1991.128802
  1774. S. R. Snapp. J. Brentano, G. V. Dias, T. L. Goan, L. T. Heberlein, C.–L. Ho, K. N. Levitt, B. Mukherjee, S. E. Smaha, T. Grance, D. M. Teal, and D. L. Mansur. “DIDS (Distributed Intrusion Detection System)—Motivation, Architecture, and An Early Prototype,” Proceedings of the 14th National Computer Security Conference pp. 167–176 (Oct. 1991).
  1775. B. Snow. “We Need Assurance!,” Proceedings of the 21st Annual Computer Security Applications Conference pp. 7–17 (Dec. 2005).
    DOI: 10.1109/CSAC.2005.63
  1776. B. D. Snow. “The Future Is Not Assured - But It Should Be,” Proceedings of the 1999 IEEE Symposium on Security and Privacy pp. 240–241 (May 1999).
    DOI: 10.1109/SECPRI.1999.766921
  1777. L. Snyder. “Theft and Conspiracy in the Take-Grant Protection Model,” Journal of Computer and System Sciences 23(3) pp. 333–347 (Dec. 1981).
    DOI: 10.1016/0022-0000(81)90069-6
  1778. M. Sobirey, S. Fischer-Hübner, and K. Rannenberg. “Pseudonymous Audit for Privacy Enhanced Intrusion Detection,” Proceedings of the IFIP TC11 13th International Conference on Information Security pp. 151–163 (May 1997).
    DOI: 10.1007/978-0-387-35259-6_13
  1779. K. Sohr, M. Droiuneaud, G.-J. Ahn, and M. Gogolla. “Analyzing and Managing Role-Based Access Control Policies,” IEEE Transactions on Knowledge and Data Engineering 20(7) pp. 924–939 (July 2008).
    DOI: 10.1109/TKDE.2008.28
  1780. H. Soleimany, A. Sharifi, and M. Aref. “Improved Related-Key Boomerang Cryptanalysis of AES-256,” Proceedings of the 2010 International Conference on Information Science and Applications pp. 1–7 (Apr. 2010).
    DOI: 10.1109/ICISA.2010.5480302
  1781. M. G. Solomon. Security Strategies In Windows Platforms And Applications, Jones and Bartlett Learning, Burlington, MA. USA (2014).
    ISBN: 978-1-284-03165-2
  1782. D. J. Solove. The Future of Reputation: Gossip, Rumor, and Privacy on the Internet, Yale University Press, New Haven, CT, USA (2008).
    ISBN: 978-0-300-12498-9
  1783. A. Somayaji and S. Forrest. “Automated Response Using System-Call Delays,” Proceedings of the Ninth USENIX Security Symposium (Aug. 2000)
    URL: https://www.usenix.org/legacy/events/sec2000/somayaji.html
  1784. R. Sommer. The Bro Network Intrusion Detection System (Dec. 2007)
    URL: http://www.icir.org/robin/rwth/bro-intro.pdf
  1785. R. Sommer and V. Paxson. “Outside the Closed World: On Using Machine Learning for Network Intrusion Detection,” Proceedings of the 2010 IEEE Symposium on Security and Privacy pp. 305–316 (May 2010).
    DOI: 10.1109/SP.2010.25
  1786. J. Sommers, V. Yegneswaran, and P. Barford. Toward Comprehensive Traffic Generation for Online IDS Evaluation, Technical Report 1525, Department of Computer Sciences, University of Wisconsin-Madison, Madison, WI, USA (Feb. 2006)
    URL: https://minds.wisconsin.edu/handle/1793/60436
  1787. I. Sommerville. Software Engineering, Addison-Wesley Publishing Company (2001)
    ISBN: 978-0-201-39815-1
  1788. S. H. Son, C. Chaney, and N. P. Thomlinson. “Partial Security Policies to Support Timeliness in Secure Real-Time Databases,” Proceedings of the 1998 IEEE Symposium on Security and Privacy pp. 136–147 (May 1998).
    DOI: 10.1109/SECPRI.1998.674830
  1789. W. Song, T. Kim, H. C. Kim, J. H. Choi, H.-J. Kong, and S.-R. Lee. “A Finger-Vein Verification System Using Mean Curvature,” Pattern Recognition Letters 32(11) pp. 1541–1547 (Aug. 2011).
    DOI: 10.1016/j.patrec.2011.04.021
  1790. Sophos. Troj/Arhiveus-A, Sophos Threat Center: Threat Analysis: Viruses and Spyware (May 2006)
    URL: https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Arhiveus-A/detailed-analysis.aspx
  1791. A. Sorkin. “Lucifer, A Cryptographic Algorithm,” Cryptologia 8(1) pp. 22–42 (1984).
    DOI: 10.1080/0161-118491858746
  1792. M. Soshi, M. Maekawa, and E. Okamoto. “The Dynamic-Typed Access Matrix Model and Decidability of the Safety Problem,” IEICE Transations on Fundamentals of Electronics, Communications and Computer Sciences E87-A(1) pp. 190–203 (Jan. 2004).
  1793. M. Soucarros, C. Canovas-Dumas, J. Clédière, P. Elbaz-Vincent, and D. Réal. “Influence of the Temperature on True Random Number Generators,” Proceedings of the 2011 IEEE International Symposium on Hardware-Oriented Security and Trust pp. 24–27 (June 2011).
    DOI: 10.1109/HST.2011.5954990
  1794. M. Souppaya and K. Scarfone. Guide to Malware Incident Prevention and Handling for Desktops and Laptops, Special Publication 800-145 Revision 1x, National Institute of Standards and Technology, Gaithersburg, MD, USA (July 2013).
    DOI: 10.6028/NIST.SP.800-83r1
  1795. W. Soyinka. Linux Administration: A Beginner’s Guide, Seventh Edition, McGraw-Hill Education (2015)
    ISBN: 978-0-07-184536-6
  1796. E. H. Spafford. “Crisis and Aftermath,” Communications of the ACM 32(6) pp. 678–687 (June 1989).
    DOI: 10.1145/63526.63527
  1797. E. H. Spafford. “The Internet Worm Program: An Analysis,” ACM SIGCOMM Computer Communications Review 19(1) pp. 17–57 (Jan. 1989).
    DOI: 10.1145/66093.66095
  1798. E. H. Spafford. “Observations on Reusable Password Choices,” Proceedings of the Third USENIX Security Symposium pp. 299–312 (Sep. 1992).
  1799. E. H. Spafford. “OPUS: Preventing Weak Password Choices,” Computers & Security 11(3) pp. 273–278 (May 1992).
    DOI: 10.1016/0167-4048(92)90207-8
  1800. E. H. Spafford, K. A. Heaphy, and D. J. Ferbrache. A Computer Virus Primer, Technical Report CSD-TR-935, Dept. of Computer Science, Purdue University, West Lafayette, IN, USA (Nov. 1989)
    URL: https://docs.lib.purdue.edu/cgi/viewcontent.cgi?article=1794&context=cstech
  1801. E. H. Spafford and S. Weeber. “Software Forensics: Can We Track Code to Its Authors?,” Proceedings of the 15th National Computer Security Conference pp. 641–650 (Oct. 1992).
  1802. S. M. Specht and R. B. Lee. “Distributed Denial of Service: Taxonomies of Attacks, Tools and Countermeasures,” Proceedings of the ISCA 17th International Conference on Parallel and Distributed Computing Systems pp. 543–550 (Sep. 2004).
    URL: http://palms.ee.princeton.edu/PALMSopen/DDoS
  1803. R. J. Spillman. Classical and Contemporary Cryptology, Pearson Education, Upper Saddle River, NJ, USA (2005)
    ISBN: 978-0-13-182831-5
  1804. L. Spitzner. “The Honeynet Project: Trapping the Hackers,” IEEE Security & Privacy 1(2) pp. 15–23 (Mar. 2003).
    DOI: 10.1109/MSECP.2003.1193207
  1805. L. Spitzner. “Honeypots: Catching the Insider Threat,” Proceedings of the 19th Annual Computer Security Applications Conference pp. 170–179 (Dec. 2003).
    DOI: 10.1109/CSAC.2003.1254322
  1806. P. Srisuresh and K. B. Egevang. Traditional IP Network Address Translator (Traditional NAT), RFC 3022 (Jan. 2001).
    DOI: 10.17487/RFC3022
  1807. M. C. St. Johns. Identification Protocol, RFC 1413 (Feb. 1993).
    DOI: 10.17487/RFC1413
  1808. F. Stajano and P. Wilson. “Understanding Scam Victims: Seven Principles for Systems Security,” Communications of the ACM 54(3) pp. 70–75 (Mar. 2011).
    DOI: 10.1145/1897852.1897872
  1809. W. Stallings. Network Security Essentials: Applications and Standards, Prentice Hall, Inc, Upper Saddle River, NJ, USA (2010).
    ISBN: 978-0-13-337043-0
  1810. R. Stallman. “The Right to Read,” Communications of the ACM 40(2) pp. 85–87 (Feb. 1997).
    DOI: 10.1145/253671.253726
  1811. R. M. Stallman, R. Pesch, and S. ShebsDebugging with GDB — Reference Manual 1, Samurai Media Limited, Wickford, UK (Oct. 2015)
    ISBN: 978-988-8381-11-1
  1812. R. M. Stallman, R. Pesch, and S. ShebsDebugging with GDB — Reference Manual 2, Samurai Media Limited, Wickford, UK (Oct. 2015)
    ISBN: 978-988-8381-12-8
  1813. M. C. Stamm and K. J. Ray Liu. “Anti-Forensics of Digital Image Compression,” IEEE Transactions on Information Forensics and Security 6(3) pp. 1050–1065 (Sep. 2011).
    DOI: 10.1109/TIFS.2011.2119314
  1814. F.-X. Standaert, T. G. Malkin, and M. Yung. “A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks,” Advances in Cryptology — EUROCRYPT 2009 (Lecture Notes in Computer Science 5479) pp. 443–461 (Apr. 2009).
    DOI: 10.1007/978-3-642-01001-9_26
  1815. F.-X. Standaert, G. Rouvroy, J.-J. Quisquater, and J.-D. Legat. “Efficient Implementation of Rijndael Encryption in Reconfigurable Hardware: Improvements and Design Tradeoffs,” Proceedings of the 5th International Workshop on Cryptographic Hardware and Embedded Systems ( Lecture Notes in Computer Science 2779) pp. 334–350 (2003).
    DOI: 10.1007/978-3-540-45238-6_27
  1816. S. Staniford-Chen, S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, C. Wee, R. Yip, and D. Zerkle. “GrIDS—A Graph Based Intrusion Detection System for Large Networks,” Proceedings of the 19th National Information Systems Security Conference pp. 361–370 (Oct. 1996)
    URL: http://csrc.nist.gov/nissc/1996/papers/NISSC96/paper065/GRIDS.PDF
  1817. S. Staniford-Chen and L. T. Heberlein. “Holding Intruders Accountable on the Internet,” Proceedings of the 1995 IEEE Symposium on Security and Privacy pp. 39–49 (May 1995).
    DOI: 10.1109/SECPRI.1995.398921
  1818. M. Starr. “Fridge Caught Sending Spam Emails in Botnet Attack,” CNET (Jan. 19, 2014)
    URL: https://www.cnet.com/news/fridge-caught-sending-spam-emails-in-botnet-attack/
  1819. A. M. Stavely. Toward Zero Defect Programming, Addison-Wesley Professional, Reading, MA, USA (1998)
    ISBN: 978-0-201-38595-3
  1820. stealth. “Kernel Rootkit Experiences,” Phrack 11(61) p. article 14 (Aug. 2003)
    URL: http://www.phrack.org/issues/61/14.html
  1821. J. G. Steiner, B. C. Neuman, and J. I. Schiller. “Kerberos: An Authentication Service for Open Network Systems,” Proceedings of the 1988 Winter USENIX Conference pp. 191–202 (Winter 1988).
  1822. B. Sterling. The Hacker Crackdown: Law And Disorder On The Electronic Frontier, Bantam Books, New York, NY, USA (1993).
    ISBN: 978-0-553-56370-2
  1823. D. F. Sterne. “On the Buzzword “Security Policy”,” Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy pp. 219–230 (May 1991).
    DOI: 10.1109/RISP.1991.130789
  1824. F. A. Stevenson. “Cryptanalysis of Contents Scrambling System,” unpublished (Nov. 1999)
    URL: http://www.lemuria.org/DeCSS/crypto.gq.nu/
  1825. H. G. Stiegler. “A Structure for Access Control Lists,” Software: Practice and Experience 9(10) pp. 813–819 (Oct. 1979).
    DOI: 10.1002/spe.4380091003
  1826. D. R. Stinson. Cryptography: Theory and Practice, Chapman and Hall/CRC, Boca Raton, FL, USA (2006)
    ISBN: 978-1-58488-508-5
  1827. E. Stobert and R. Biddle. “Memory Retrieval and Graphical Passwords,” Proceedings of the Ninth Symposium on Usable Privacy and Security pp. 15:1–15:14 (July 2013).
    DOI: 10.1145/2501604.2501619
  1828. S. J. Stolfo, M. Ben Salem, and A. D. Keromytis. “Fog Computing: Mitigating Insider Data Theft Attacks in the Cloud,” Proceedings of the 2012 IEEE Symposium on Security and Privacy Workshops pp. 125–128 (May 2012).
    DOI: 10.1109/SPW.2012.19
  1829. C. Stoll. “Stalking the Wily Hacker,” Communications of the ACM 31(5) pp. 484–497 (May 1988).
    DOI: 10.1145/42411.42412
  1830. C. Stoll. “An Epidemiology of Viruses and Network Worms,” Proceedings of the 12th National Computer Security Conference pp. 369–377 (Oct. 1989).
  1831. C. Stoll. The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage, Pocket Books, New York, NY, USA (2005).
    ISBN: 978-1-4165-0778-9
  1832. G. N. Stone, B. Lundy, and G. G. Xie. “Network Policy Languages: A Survey and a New Approach,” IEEE Network 15(1) pp. 10–21 (Jan. 2001).
    DOI: 10.1109/65.898818
  1833. B. Stone-Gross, M. Cova, L. Cavallaro, B. Gilbert, M. Szydlowski, R. Kemmerer, C. Kruegel, and G. Vigna. “Your Botnet is My Botnet: Analysis of a Botnet Takeover,” Proceedings of the 16th ACM Conference on Computer and Communications Security pp. 635–647 (Nov. 2009).
    DOI: 10.1145/1653662.1653738
  1834. B. Stone-Gross, M. Cova, B. Gilbert, R. Kemmerer, C. Kruegel, and G. Vigna. “Analysis of a Botnet Takeover,” IEEE Security & Privacy 9(1) pp. 64–72 (Jan. 2011).
    DOI: 10.1109/MSP.2010.144
  1835. J. Straw. “The Draft Federal Criteria and the ITSEC: Progress Towards Alignment,” Proceedings of the 16th National Computer Security Conference pp. 311–323 (Sep. 1993).
  1836. T. Strazzere and T. Wyatt. Geinimi Trojan Technical Teardown, Technical Report, Lookout Mobile Security, San Francisco, CA, USA (Jan. 2011)
    URL: https://blog.lookout.com/_media/Geinimi_Trojan_Teardown.pdf
  1837. G. Stringhini, C. Kruegel, and G. Vigna. “Detecting Spammers on Social Networks,” Proceedings of the 26th Annual Computer Security Applications Conference pp. 1–9 (Dec. 2010).
    DOI: 10.1145/1920261.1920263
  1838. E. Strother. “Denial of Service Protection — The Nozzle,” Proceedings of the 16th Annual Computer Security Applications Conference pp. 32–41 (Dec. 2000).
    DOI: 10.1109/ACSAC.2000.898855
  1839. J. D. Strunk, G. R. Goodson, M. L. Scheinholtz, C. A. N. Soules, and G. R. Ganger. “Self-Securing Storage: Protecting Data in Compromised System,” Proceedings of the Fourth Symposium on Operating System Design & Implementation pp. 165–180 (Oct. 2000)
    URL: https://www.usenix.org/legacy/publications/library/proceedings/osdi2000/strunk.html
  1840. P. Su and M. Bishop. How to Encrypt /usr/dict/words in About a Second, Technical Report PCS-TR92-182, Dept. of Mathematics and Computer Science, Dartmouth College, Hanover, NH, USA (1992)
    URL: http://www.cs.dartmouth.edu/reports/TR92-182.pdf
  1841. L. Sun, T. Ebringer, and S. Boztas. “An Automatic Anti-Anti-VMware Technique Applicable for Multi-Stage Packed Malware,” Proceedings of the Third International Conference on Malicious and Unwanted Software pp. 17–23 (Oct. 2008).
    DOI: 10.1109/MALWARE.2008.4690853
  1842. D. Sutherland. “A Model of Information,” Proceedings of the Ninth National Computer Security Conference pp. 175–183 (Sep. 1986).
  1843. H. Sutter and A. Alexandrescu. C++ Coding Standards, Addison-Wesley, Boston, MA, USA (2005)
    ISBN: 978-0-321-11358-0
  1844. L. Sweeney. Uniqueness of Simple Demographics in the U.S. Population, Technical Report Data Privacy Working Paper 3, Laboratory for International Data Privacy, Carnegie Mellon University, Pittsburgh, PA, USA (2000)
    URL: https://dataprivacylab.org/projects/identifiability/paper1.pdf
  1845. L. Sweeney. “k-Anonymity: A Model for Protecting Privacy,” International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10(5) pp. 557–570 (Oct. 2002).
    DOI: 10.1142/S0218488502001648
  1846. Symantec. Ransomware and Businesses 2016, ISTR Special Report, Symantec, Mountain View, CA, USA (Aug. 2016)
    URL: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/ISTR2016_Ransomware_and_Businesses.pdf
  1847. P. Syverson. “Limitations on Design Principles for Public Key Protocols,” Proceedings of the 1996 IEEE Symposium on Security and Privacy pp. 62–72 (May 1996).
    DOI: 10.1109/SECPRI.1996.502670
  1848. P. F. Syverson, M. G. Reed, and D. M. Goldschlag. “Private Web Browsing,” Journal of Computer Security 5(3) pp. 237–248 (Sep. 1997).
    DOI: 10.3233/JCS-1997-5305
  1849. J. Szczepanski, E. Wajnryb, J. M. Amigó, M. V. Sanchez-Vives, and M. Slater. “Biometric Random Number Generators,” Computers & Security 23(1) pp. 77–84 (Feb. 2004).
    DOI: 10.1016/S0167-4048(04)00064-1
  1850. P. Szor. The Art of Computer Virus Research and Defense, Addison-Wesley Professional, Boston, MA, USA (Feb. 2005)
    ISBN: 978-0-321-30454-4
  1851. H. Takabi, J. B. D. Joshi, and G.-J. Ahn. “Security and Privacy Challenges in Cloud Computing Environments,” IEEE Security & Privacy 8(6) pp. 24–31 (Nov. 2010).
    DOI: 10.1109/MSP.2010.186
  1852. T. Takada and H. Koike. “MieLog: A Highly Interactive Visual Log Browser Using Information Visualization and Statistical Analysis,” Proceedings of the 16th Systems Administration Conference pp. 133–144 (Nov. 2002)
    URL: https://www.usenix.org/legacy/event/lisa02/tech/takada.html
  1853. T. Takada and H. Koike. “Tudumi: Information Visualization System for Monitoring and Auditing Computer Logs,” Proceedings of the Sixth International Conference on Information Visualisation pp. 570–576 (July 2002).
    DOI: 10.1109/IV.2002.1028831
  1854. L. Tam, M. Glassman, and M. Vandenwauver. “The Psychology of Password Management: A Tradeoff between Security and Convenience,” Behaviour & Information Technology 29(3) pp. 233–244 (May 2010).
    DOI: 10.1080/01449290903121386
  1855. K. M. C. Tan and R. A. Maxion. “‘Why 6?’ Defining the Operational Limits of stide, an Anomaly-Based Intrusion Detector,” Proceedings of the 2002 IEEE Symposium on Security and Privacy pp. 181–201 (May 2002).
    DOI: 10.1109/SECPRI.2002.1004371
  1856. A. S. Tanenbaum. Modern Operating Systems, Prentice Hall, Inc, Englewood Cliffs, NJ, USA (1992)
    ISBN: 978-0-13-031358-4
  1857. A. S. Tanenbaum and H. Bos. Modern Operating Systems, Pearson Education, Inc., Upper Saddle River, NJ, USA (2014)
    ISBN: 978-0-13-359162-0
  1858. A. S. Tanenbaum, R. van Renesse, H. van Staveren, G. J. Sharp, and S. J. Mullender. “Experiences with the Amoeba Distributed Operating System,” Communications of the ACM 33(12) pp. 46–63 (Dec. 1990).
    DOI: 10.1145/96267.96281
  1859. A. S. Tanenbaum and D. J. Wetherall. Computer Networks, Prentice Hall, Inc, Upper Saddle River, NJ, USA (Oct. 2010)
    ISBN: 978-0-13-212695-3
  1860. J. J. Tardo and K. Alagappan. “SPX: Global Authentication Using Public Key Certificates,” Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy pp. 232–244 (May 1991).
    DOI: 10.1109/RISP.1991.130791
  1861. M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani. “A Detailed Analysis of the KDD CUP 99 Data Set,” Proceedings of the 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications pp. 1–6 (July 2009).
    DOI: 10.1109/CISDA.2009.5356528
  1862. T. Taylor. “Comparison Paper Between the Bell and LaPadula Model and the SRI Model,” Proceedings of the 1984 IEEE Symposium on Security and Privacy pp. 195–202 (Apr. 1984).
    DOI: 10.1109/SP.1984.10021
  1863. PaX Team. Address Space Layout Randomization (July 2001)
    URL: https://pax.grsecurity.net/docs/aslr.txt
  1864. V. Teja, P. Banerjee, N. N. Sharma, and R. K. Mittal. “Quantum Cryptography: State-of-Art, Challenges and Future Perspectives,” Proceedings of the Seventh International Conference on Nanotechnology pp. 1296–1301 (Aug. 2007).
    DOI: 10.1109/NANO.2007.4601420
  1865. S. J. Templeton and K. Levitt. “A Requires/Provides Model for Computer Attacks,” Proceedings of the 2000 Workshop on New Security Paradigms pp. 31–38 (Sep. 2000).
    DOI: 10.1145/366173.366187
  1866. H. S. Teng, K. Chen, and S. C.-Y. Lu. “Adaptive Real-Time Anomaly Detection Using Inductively Generated Sequential Patterns,” Proceedings of the 1990 IEEE Symposium on Research in Security and Privacy pp. 278–284 (May 1990).
    DOI: 10.1109/RISP.1990.63857
  1867. A. B. Teoh, D. C. Ngo, and A. Goh. “Personalised Cryptographic Key Generation Based on FaceHashing,” Computers & Security 23(7) pp. 606–614 (Oct. 2004).
    DOI: 10.1016/j.cose.2004.06.002
  1868. C. J. Testa, B. D. Wilner, and V. D. Gligor. “Trusted RUBIX Architecture and Policy Model Interpretation,” Proceedings of the Eighth Annual Computer Security Applications Conference pp. 97–110 (Nov. 1992).
    DOI: 10.1109/CSAC.1992.228229
  1869. The RAND Corporation. A Million Random Digits with 100,000 Normal Deviates, Free Press Publishers, Glencoe, IL, USA (1955).
  1870. H. Thimbleby, S. Anderson, and P. Cairns. “A Framework for Modelling Trojans and Computer Virus Infection,” The Computer Journal 41(7) pp. 444–458 (Jan. 1998).
    DOI: 10.1093/comjnl/41.7.444
  1871. C. Thomas, V. Sharma, and N. Balakrishnan. “Usefulness of DARPA Dataset for Intrusion Detection SystemEvaluation,” Proceedings of the 2008 Conference on Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security pp. 69730G:1–69730G:8 (Mar. 2008).
    DOI: 10.1117/12.777341
  1872. R. K. Thomas and R. Sandhu. “Towards a Task-Based Paradigm for Flexible and Adaptable Access Control in Distributed Applications,” Proceedings of the 1992-1993 Workshop on New Security Paradigms pp. 138–142 (1993).
    DOI: 10.1145/283751.283810
  1873. V. Thomas and N. Jyoti. “Combating File Infectors on Corporate Networks,” Proceedings of the Third International Conference on Malicious and Unwanted Software pp. 85–91 (Oct. 2008).
    DOI: 10.1109/MALWARE.2008.4690862
  1874. H. H. Thompson. “Application Penetration Testing,” IEEE Security & Privacy 3(1) pp. 66–69 (Feb. 2005).
    DOI: 10.1109/MSP.2005.3
  1875. K. Thompson. “Reflections on Trusting Trust,” Communications of the ACM 27(8) pp. 761–763 (Aug. 1984).
    DOI: 10.1145/358198.358210
  1876. M. Thompson, N. Evans, and V. Kisekka. “Multiple OS Rotational Environment: An Implemented Moving Target Defense,” Proceedings of the Seventh International Symposium on Resilient Control Systems (Aug. 2014).
    DOI: 10.1109/ISRCS.2014.6900086
  1877. D. Thomsen. “Sidewinder: Combining Type Enforcement and Unix,” Proceedings of the 11th Annual Computer Security Applications Conference pp. 14–20 (Dec. 1995).
  1878. O. Thonnard and M. Dacier. “A Strategic Analysis of Spam Botnets Operations,” Proceedings of the Eighth Annual Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference pp. 162–171 (Sep. 2011).
    DOI: 10.1145/2030376.2030395
  1879. J. Thorpe, M. Al-Badawi, B. MacRae, and A. Salehi-Abari. “The Presentation Effect on Graphical Passwords,” Proceedings of the 2014 SIGCHI Conference on Human Factors in Computing Systems pp. 2947–2950 (Apr. 2014).
    DOI: 10.1145/2556288.2557212
  1880. B. Thurasingham. “Security Issues for Federated Database Systems,” Computers & Security 13(6) pp. 509–525 (Dec. 1994).
    DOI: 10.1016/0167-4048(91)90139-5
  1881. C. Timberg, G. Witte, and E. Nakashima. “Malware, Described in Leaked NSA Documents, Cripples Computers Worldwide,” The Washington Post (May 12 2017)
    URL: https://www.washingtonpost.com/world/hospitals-across-england-report-it-failure-amid-suspected-major-cyber-attack/2017/05/12/84e3dc5e-3723-11e7-b373-418f6849a004
  1882. A. H. Toderici and M. Stamp. “Chi-Square Distance and Metamorphic Virus Detection,” Journal of Computer Virology and Hacking Techniques 9(1) pp. 1–14 (Feb. 2013).
    DOI: 10.1007/s11416-012-0171-2
  1883. T. Tokita, T. Sorimachi, and M. Matsui. “Linear Cryptanalysis of LOKI and s2DES,” Advances in Cryptology—Proceedings of ASIACRYPT ’94 ( Lecture Notes in Computer Science 917) pp. 293–303 (1995).
    DOI: 10.1007/BFb0000442
  1884. M. Tompa and H. Woll. “How to Share a Secret With Cheaters,” Journal of Cryptology 1(3) pp. 133–138 (Oct. 1989).
    DOI: 10.1007/BF02252871
  1885. G. Tonti, J. M. Bradshaw, R. Jeffers, R. Montanari, N. Suri, and A. Uszok. “Semantic Web Languages for Policy Representation and Reasoning: A Comparison of KAoS, Rei, and Ponder,” Proceedings of the Second International Semantic Web Conference (Lecture Notes in Computer Science 2870) pp. 419–437 (Oct. 2003).
    DOI: 10.1007/978-3-540-39718-2_27
  1886. T. Tran, R. Pelizzi, and R. Sekar. “JaTE: Transparent and Efficient JavaScript Confinement,” Proceedings of the 31st Annual Computer Security Applications Conference pp. 151–160 (Dec. 2015).
    DOI: 10.1145/2818000.2818019
  1887. W. Trappe and L. C. Washington. Introduction to Cryptography with Coding Theory, Prentice Hall, Inc, Upper Saddle River, NJ, USA (2002)
    ISBN: 978-0-131-86239-5
  1888. M. V. Tripunitara and N. Li. The Foundational Work of Harrison-Ruzzo-Ullman Revisited, Technical Report 2006-33, CERIAS, Purdue University, West Lafayette, IN, USA (Sep. 2006)
    URL: https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2006-33.pdf
  1889. M. V. Tripunitara and N. Li. “A Theory for Comparing the Expressive Power of Access Control Models,” Journal of Computer Security 15(2) pp. 231–272 (2007).
    DOI: 10.3233/JCS-2007-15202
  1890. M. V. Tripunitara and N. Li. “The Foundational Work of Harrison-Ruzzo-Ullman Revisited,” IEEE Transactions on Dependable and Secure Computing 10(1) pp. 28–39 (Jan. 2013).
    DOI: 10.1109/TDSC.2012.77
  1891. K. Trivedi, G. Ciardo, B. Dasarathy, M. Grottke, A. Rindos, and B. Varshaw. “Achieving and Assuring High Availability,” Proceedings of the 2008 International Symposium on Parallel and Distributed Processing (Apr. 2008).
    DOI: 10.1109/IPDPS.2008.4536147
  1892. E. Tromer and R. Schuster. “DroidDisintegrator: Intra-Application Information Flow Control in Android Apps,” Proceedings of the 11th ACM Asia Conference on Computer and Communications Security pp. 401–412 (May 2016).
    DOI: 10.1145/2897845.2897888
  1893. J. T. Trostle. “Modelling a Fuzzy Time System,” Proceedings of the 1993 IEEE Symposium on Research in Security and Privacy pp. 82–89 (May 1993).
    DOI: 10.1109/RISP.1993.287641
  1894. D. Tsafrir, T. Hertz, D. Wagner, and D. Da Silva. “Portably Solving File Races with Hardness Amplification,” ACM Transactions on Storage 4(3) pp. 9:1–9:30 (Nov. 2008).
    DOI: 10.1145/1416944.1416948
  1895. C.-F. Tsai and C.-Y. Lin. “A Triangle Area Based Nearest Neighbors Approach to Intrusion Detection,” Pattern Recognition 43(1) pp. 222–229 (Jan. 2010).
    DOI: 10.1016/j.patcog.2009.05.017
  1896. C.-R. Tsai and V. D. Gligor. “A Bandwidth Computation Model for Covert Storage Channels and its Applications,” Proceedings of the 1988 IEEE Symposium on Security and Privacy pp. 108–121 (Apr. 1988).
    DOI: 10.1109/SECPRI.1988.8103
  1897. C.-R. Tsai, V. D. Gligor, and C. S. Chandersekaran. “A Formal Method for the Identification of Covert Storage Channels in Source Code,” Proceedings of the 1987 IEEE Symposium on Security and Privacy (Apr. 1987).
    DOI: 10.1109/SP.1987.10014
  1898. J. J. O. Tsai, A. Liu, E. Juan, and A. Sahay. “Knowledge-Based Software Architectures: Acquisition, Specification, and Verification,” IEEE Transactions on Knowledge and Data Engineering 11(1) pp. 187–201 (Jan. 1999).
    DOI: 10.1109/69.755628
  1899. T.-C. Tsai, A. Russo, and J. Hughes. “A Library for Secure Multi-threaded Information Flow in Haskell,” Proceedings of the 20th Computer Security Foundations Workshop pp. 187–202 (July 2007).
    DOI: 10.1109/CSF.2007.6
  1900. C.-Y. Tseng, P. Balasubramanyam, C. Ko, R. Limprasittiporn, J. Rowe, and K. Levitt. “A Specification-based Intrusion Detection System for AODV,” Proceedings of the First ACM Workshop on Security of Ad Hoc and Sensor Networks pp. 125–134 (2003).
    DOI: 10.1145/986858.986876
  1901. K. Tsipenyuk, B. Chess, and G. McGraw. “Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors,” IEEE Security & Privacy 3(6) pp. 81–84 (Nov. 2005).
    DOI: 10.1109/MSP.2005.159
  1902. W. Tuchman. “Hellman Presents No Shortcut Solutions to DES,” IEEE Spectrum 16(7) pp. 40–41 (July 1979).
    DOI: 10.1109/MSPEC.1979.6368160
  1903. W. Tuchman. “A Brief History of the Data Encryption Standard,” in Internet Besieged: Countering Cyberspace Scofflaws, edited by D. E. Denning and P. J. Denning, Addison-Wesley, Reading, MA, USA pp. 275–280 (1998).
  1904. W. L. Tuchman and C. Meyer. “Efficacy of the Data Encryption Standard,” Proceedings of Compcon Fall ’78 pp. 340–347 (Sep. 1978).
  1905. K. J. Turner. Using Formal Description Techniques: An Introduction to Estelle, Lotos, and SDL, John Wiley & Sons, Inc., New York, NY, USA (1993)
    ISBN: 978-0-471-93455-4
  1906. S. Turner. “Transport Layer Security,” IEEE Internet Computing 18(6) pp. 60–63 (Nov. 2014).
    DOI: 10.1109/MIC.2014.126
  1907. K. Twidle, N. Dulay, E. Lupu, and M. Sloman. “Ponder2: A Policy System for Autonomous Pervasive Environments,” Proceedings of the Fifth International Conference on Autonomic and Autonomous Systems pp. 330–335 (Apr. 2009).
    DOI: 10.1109/ICAS.2009.42
  1908. R. Uhlig, G. Neiger, D. Rodgers, A. L. Santoni, F. C. M. Martins, A. V. Anderson, S. B. Bennett, A. Kägi, F. H. Leung, and L. Smith. “Intel Virtualization Technology,” IEEE Computer 36(5) pp. 48–56 (May 2005).
    DOI: 10.1109/MC.2005.163
  1909. L. Ullman. Effortless E-Commerce with PHP and MySQL, New Riders, San Francisco, CA, USA (2013)
    ISBN: 978-0-321-94936-3
  1910. N. Unger, S. Dechand, J. Bonneau, S. Fahl, H. Perl, I. Goldberg, and M. Smith. “SoK: Secure Messaging,” Proceedings of the 2015 IEEE Symposium on Security and Privacy pp. 232–249 (May 2015).
    DOI: 10.1109/SP.2015.22
  1911. T. E. Uribe and S. Cheung. “Automatic Analysis of Firewall an Network Intrusion Detection System Configurations,” Journal of Computer Security 15(6) pp. 691–715 (2007).
    DOI: 10.3233/JCS-2007-15605
  1912. US-CERT. Indicators Associated With WannaCry Ransomware, Alert TA17-132A, US-CERT, Pittsburgh, PA, USA (May 2017)
    URL: https://www.us-cert.gov/ncas/alerts/TA17-132A
  1913. B. Uscilowski. Mobile Adware and Malware Analysis, White Paper, Symantec Corporation, Mountain View, CA, USA (Oct. 2013)
    URL: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/madware_and_malware_analysis.pdf
  1914. A. Uszok, J. Bradshaw, R. Jeffers, N. Suri, P. Hayes, M. Breedy, L. Bunch, M. Johnson, S. Kulkarni, and J. Lott. “KAoS Policy and Domain Services: Toward a Description-Logic Approach to Policy Representation, Deconfliction, and Enforcement,” Proceedings of the Fourth IEEE International Workshop on Policies for Distributed Systems and Networks pp. 93–96 (June 2003).
    DOI: 10.1109/POLICY.2003.1206963
  1915. A. Uszok, J. M. Bradshaw, and R. Jeffers. “KAoS: A Policy and Domain Services Framework for Grid Computing and Semantic Web Services,” Proceedings of the Second International Conference on Trust Management (Lecture Notes in Computer Science 2995) pp. 16–26 (Mar. 2004).
    DOI: 10.1007/978-3-540-24747-0_2
  1916. J. Vaidya, V. Atluri, and Q. Guo. “The Role Mining Problem: A Formal Perspective,” ACM Transactions on Information and System Security 13(3) pp. 27:1–27:31 (July 2010).
    DOI: 10.1145/1805974.1805983
  1917. J. Vaidya, V. Atluri, and J. Warner. “RoleMiner: Mining Roles Using Subset Enumeration,” Proceedings of the 13th ACM Conference on Computer and Communications Security pp. 144–153 (Oct. 2006).
    DOI: 10.1145/1180405.1180424
  1918. G. Valenzise, M. Tagliasacchi, and S. Tubaro. “Revealing the Traces of JPEG Compression Anti-Forensics,” IEEE Transactions on Information Forensics and Security 8(2) pp. 335–349 (Feb. 2013).
    DOI: 10.1109/TIFS.2012.2234117
  1919. R. van der Meyden and C. Zhang. “A Comparison of Semantic Models for Noninterference,” Theoretical Computer Science 411(47) pp. 4123–4147 (Oct. 2010).
    DOI: 10.1016/j.tcs.2010.08.013
  1920. T. van der Putte and J. Keuning. “Biometrical Fingerprint Recognition: Don’t Get Your Fingers Burned,” Proceedings of the Fourth Smart Card Research and Advanced Application Conference (IFIP Advances in Information and Communication Technology 52) pp. 289–303 (Sep. 2000).
    DOI: 10.1007/978-0-387-35528-3_17
  1921. M. van Dijk, C. Gentry, S. Halevi, and V. Vaikuntanathan. “Fully Homomorphic Encryption over the Integers,” Advances in Cryptology — EUROCRYPT 2010 (Lecture Notes in Computer Science 6110) pp. 24–43 (May 2010).
    DOI: 10.1007/978-3-642-13190-5_2
  1922. W. van Eck. “Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk?,” Computers & Security 4(4) pp. 269–286 (Dec. 1985).
    DOI: 10.1016/0167-4048(85)90046-X
  1923. P. C. van Oorschot and M. J. Wiener. “A Known-Plaintext Attack on Two-Key Triple Encryption,” Advances in Cryptology — CRYPTO ’90 ( Lecture Notes in Computer Science) pp. 318–325 (May 1990).
    DOI: 10.1007/3-540-46877-3_29
  1924. P. van Oorschot and C. Herley. “A Research Agenda Acknowledging the Persistence of Passwords,” IEEE Security & Privacy 10(1) pp. 28–36 (Jan. 2012).
    DOI: 10.1109/MSP.2011.150
  1925. J. Vanegue. “The Weird Machines in Proof-Carrying Code,” Proceedings of the 2014 IEEE Security and Privacy Workshops pp. 209–213 (May 2014).
    DOI: 10.1109/SPW.2014.37
  1926. E. Vasquez-Fernandez and D. Gonzalez-Jiminez. “Face Recognition for Authentication on Mobile Devices,” Image and Vision Computing 55(1) pp. 31–33 (Nov. 2016).
    DOI: 10.1016/j.imavis.2016.03.018
  1927. W. Venema. “TCP Wrapper: Network Monitoring, Access Control, and Booby Traps,” Proceedings of the Third USENIX Security Symposium pp. 85–92 (July 1992)
    URL: https://www.usenix.org/legacy/publications/library/proceedings/sec92/full_papers/venema.pdf
  1928. B. R. Venkatraman and R. E. Newman-Wolfe. “Capacity Estimation and Auditability of Network Covert Channels,” Proceedings of the 1995 IEEE Symposium on Security and Privacy pp. 186–198 (May 1995).
    DOI: 10.1109/SECPRI.1995.398932
  1929. E. R. Verheul. “Selecting Secure Passwords,” Topics in Cryptology — CT-RSA 2007: The Cryptographers’ Track at the RSA Conference (Lecture Notes in Computer Science 4377) pp. 49–66 (Feb. 2007).
    DOI: 10.1007/11967668_4
  1930. J. Viega. The Myths of Security: What the Computer Security Industry Doesn’t Want You to Know, O’Reilly Media, Inc., Sebastopol, CA, USA (2009)
    ISBN: 978-0-596-52302-2
  1931. J. Viega, J. T. Bloch, Y. Kohno, and G. McGraw. “ITS4: a Static Vulnerability Scanner for C and C++ Code,” Proceedings of the 16th Annual Computer Security Applications Conference pp. 257–267 (Dec. 2000).
    DOI: 10.1109/ACSAC.2000.898880
  1932. J. Viega and G. McGraw. Building Secure Software: How to Avoid Security Problems the Right Way, Addison-Wesley Professional, Boston, MA (2001)
    ISBN: 978-0-201-72152-2
  1933. J. Viega, G. McGraw, T. Mutdosch, and E. W. Felten. “Statically Scanning Java Code: Finding Security Vulnerabilities,” IEEE Software 17(5) pp. 68–74 (Sep. 2000).
    DOI: 10.1109/52.877869
  1934. J. Viega and D. A. McGrew. “The Security and Performance of the Galois/Counter Mode (GCM) of Operation,” Proceedings of the Fifth International Conference on Cryptology in India: Progress in Cryptology — INDOCRYPT 2004 (Lecture Notes in Computer Science 3348) pp. 343–355 (Dec. 2004).
    DOI: 10.1007/978-3-540-30556-9_27
  1935. J. Viega and M. Messier. Secure Programming Cookbook for C and C++, O’Reilly Media, Inc., Sebastopol, CA, USA (2003).
    ISBN: 978-0-596-00394-4
  1936. Virgil. The Aeneid, Penguin Classics, New York, NY, USA (Dec. 2010)
    ISBN: 978-0-14-310629-6
  1937. S. Visram, W. Artner, and P. Marsden. “Safety Case for the NERC Air Traffic Control System,” Proceedings of the 16th International Conference on Computer Safety, Reliability and Security pp. 345–361 (Oct. 1997).
    DOI: 10.1007/978-1-4471-0937-2_30
  1938. P. Vixie. “DNS and BIND Security Issues,” Proceedings of the Fifth USENIX UNIX Security Symposium pp. 209–216 (June 1995)
    URL: http://www.usenix.org/publications/library/proceedings/security95/vixie.html
  1939. J. Voas, A. Ghosh, G. McGraw, F. Charron, and K. Miller. “Defining an Adaptive Software Security Metric from a Dynamic Software Failure Tolerance Measure,” Proceedings of the 11th Annual Conference on Computer Assurance pp. 250–263 (June 1996).
    DOI: 10.1109/CMPASS.1996.507892
  1940. J. M. Voas and A. K. Ghosh. “Software Fault Injection for Survivability,” Proceedings of the 2000 DARPA Information Survivability Conference and Exposition pp. 338–346 (Jan. 2000).
    DOI: 10.1109/DISCEX.2000.821531
  1941. J. M. Voas, A. K. Ghosh, F. Charron, and L. Kassab. “Reducing Uncertainty About Common-Mode Failures,” Proceedings of the Eighth International Symposium on Software Reliability Engineering pp. 308–319 (Nov. 1997).
    DOI: 10.1109/ISSRE.1997.630879
  1942. C. Vogt. “PUMA—A Capability-Based Architecture to Support Security and Fault Tolerance,” Proceedings of the 1990 International Workshop on Computer Architectures to Support Security and Persistance of Information pp. 217–228 (May 1990).
    DOI: 10.1007/978-1-4471-3178-6_15
  1943. P. Vogt, F. Nentwich, N. Jovanovic, E. Kirda, C. Kruegel, and G. Vigna. “Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis,” Proceedings of the 2007 Symposium on Network and Distributed System Security (Feb. 2007)
    URL: http://www.isoc.org/isoc/conferences/ndss/07/papers/cross-site-scripting_prevention.pdf
  1944. M. Völp, C.-J. Hamann, and H. Härtig. “Avoiding Timing Channels in Fixed-Priority Schedulers,” Proceedings of the Third ACM Symposium on Information, Computer and Communications Security pp. 44–55 (2008).
    DOI: 10.1145/1368310.1368320
  1945. D. Volpano, C. Irvine, and G. Smith. “A Sound Type System for Secure Flow Analysis,” Journal of Computer Security 4(2/3) pp. 167–187 (1996).
    DOI: 10.3233/JCS-1996-42-304
  1946. L. von Ahn, M. Blum, N. J. Hopper, and J. Langford. “CAPTCHA: Using Hard AI Problems for Security,” Advances in Cryptology — EUROCRYPT 2003 pp. 294–311 (May 2003).
    DOI: 10.1007/3-540-39200-9_18
  1947. S. von Solms and D. Naccache. “On Blind Signatures and Perfect Crimes,” Computers & Security 11(6) pp. 581–583 (Oct. 1992).
    DOI: 10.1016/0167-4048(92)90193-U
  1948. J. Voris, N. Boggs, and S. J. Stolfo. “Lost in Translation: Improving Decoy Documents via Automated Translation,” Proceedings of the 2012 IEEE Symposium on Security and Privacy Workshops pp. 129–133 (May 2012).
    DOI: 10.1109/SPW.2012.20
  1949. V. L. Voydock and S. T. Kent. “Security Mechanisms in High-Level Network Protocols,” ACM Computing Surveys 15(2) pp. 135–171 (June 1983).
    DOI: 10.1145/356909.356913
  1950. D. Wagner. “The Boomerang Attack,” Proceedings of the Sixth International Workshop on Fast Software Encryption pp. 156–170 (Mar. 1999).
    DOI: 10.1007/3-540-48519-8_12
  1951. D. Wagner. Voting Systems Audit Log Study,” Report for the California Secretary of State (June 2010).
    URL: https://people.eecs.berkeley.edu/~daw/papers/auditlog-ca10.pdf
  1952. D. Wagner, J. S. Foster, E. Brewer, and A. Aiken. “A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities,” Proceedings of the 2001 Symposium on Network and Distributed System Security pp. 3–17 (Feb. 2000)
    URL: http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2017/09/A-First-Step-Towards-Automated-Detection-of-Buffer-Overrun-Vulnerabilities-Paper-David-Wagner.pdf
  1953. D. Wagner and B. Schneier. “Analysis of the SSL 3.0 Protocol,” Proceedings of the Second USENIX Workshop on Electronic Commerce (Nov. 1996)
    URL: http://www.usenix.org/publications/library/proceedings/ec96/wagner.html
  1954. D. Wagner and P. Soto. “Mimicry Attacks on Host-Based Intrusion Detection Systems,” Proceedings of the Ninth ACM Conference on Computer and Communications Security pp. 255–264 (Nov. 2002).
    DOI: 10.1145/586110.586145
  1955. S. S. Wagstaff Jr. The Joy of Factoring (Student Mathematical Library 68), American Mathematical Society, Providence, RI, USA (2013)
    ISBN: 978-1-4704-1048-3
  1956. R. Wahbe, S. Lucco, T. E. Anderson, and S. L. Graham. “Efficient Software-Based Fault Isolation,” Proceedings of the 14th ACM Symposium on Operating Systems Principles pp. 203–216 (Dec. 1993).
    DOI: 10.1145/168619.168635
  1957. M. Waidner and B. Pfitzmann. “The Dining Cryptographers in the Disco: Unconditional Sender and Recipient Untraceability with Computationally Secure Serviceability,” Advances in Cryptology — EUROCRYPT ’89 (Lecture Notes in Computer Science 434) p. 690 (Apr. 1990).
    DOI: 10.1007/3-540-46885-4_69
  1958. T. Walcott and M. Bishop. “Traducement: A Model for Record Security,” ACM Transactions on Information and System Security 7(4) pp. 576–590 (Nov. 2004).
    DOI: 10.1145/1042031.1042035
  1959. K. M. Walker, D. F. Sterne, M. L. Badger, M. J. Petkac, D. L. Shermann, and K. A. Oostendorp. “Confining Root Programs with Domain and Type Enforcement (DTE),” Proceedings of the Sixth USENIX UNIX Security Symposium (July 1996)
    URL: https://www.usenix.org/conference/6th-usenix-security-symposium/confining-root-programs-domain-and-type-enforcement
  1960. S. T. Walker, S. B. Lipner, C. M. Ellison, and D. M. Balenson. “Commercial Key Recovery,” Communications of the ACM 39(3) pp. 41–47 (Mar. 1996).
    DOI: 10.1145/227234.227240
  1961. F. E. Walter, S. Battison, and F. Schweitzer. “A Model of a Trust-Based Recommendation System on a Social Network,” Autonomous Agents and Multi-Agent Systems 16(1) pp. 57–74 (Feb. 2008).
    DOI: 10.1007/s10458-007-9021-x
  1962. D. Wang, L. Zhang, N. Ma, and X. Li. “Two Secret Sharing Schemes Based on Boolean Operations,” Pattern Recognition 40(10) pp. 2776–2785 (Oct. 2007).
    DOI: 10.1016/j.patcog.2006.11.018
  1963. H. Wang, S. Jha, M. Livny, and P. D. McDaniel. “Security Policy Reconciliation in Distributed Computing Environments,” Proceedings of the Fifth IEEE International Workshop on Policies for Distributed Systems and Networks pp. 137–145 (June 2004).
    DOI: 10.1109/POLICY.2004.1309160
  1964. J. Wang, F. Zhang, K. Sun, and A. Stavrou. “Firmware-Assisted Memory Acquisition and Analysis Tools for Digital Forensics,” Proceedings of the Sixth International Workshop on Systematic Approaches to Digital Forensic Engineering (May 2011).
    DOI: 10.1109/SADFE.2011.7
  1965. L. Wang, K. Ohta, and N. Kunihiro. “New Key-Recovery Attacks on HMAC/NMAC-MD4 and NMAC-MD5,” Advances in Cryptology — EUROCRYPT 2008 (Lecture Notes in Computer Science 4965) pp. 237–253 (Apr. 2008).
    DOI: 10.1007/978-3-540-78967-3_14
  1966. Q. Wang, C. Wang, K. Ren, W. Lou, and J. Li. “Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing,” IEEE Transactions on Parallel and Distributed Systems 22(5) pp. 847–859 (May 2010).
    DOI: 10.1109/TPDS.2010.183
  1967. W. Wang and Z. Lu. “Cyber Security in the Smart Grid: Survey and Challenges,” Computer Networks 57(5) pp. 1344–1371 (Apr. 2013).
    DOI: 10.1016/j.comnet.2012.12.017
  1968. X. Wang, T. DeMartini, B. Wragg, M. Paramasivam, and C. Barlas. “The MPEG-21 Rights Expression Language and Rights Data Dictionary,” IEEE Transactions on Multimedia 7(3) pp. 408–417 (June 2005).
    DOI: 10.1109/TMM.2005.846788
  1969. X. Wang, G. Lao, T. DeMartini, H. Reddy, M. Nguyen, and E. Valenzuela. “XrML - eXtensible Rights Markup Language,” Proceedings of the 2002 ACM Workshop on XML Security pp. 71–79 (Nov. 2002).
    DOI: 10.1145/764792.764803
  1970. X. Wang and M. K. Reiter. “Defending Against Denial-of-Service Attacks with Puzzle Auctions (Extended Abstract),” Proceedings of the 2003 IEEE Symposium on Security and Privacy pp. 78–92 (May 2003).
    DOI: 10.1109/SECPRI.2003.1199329
  1971. X. Wang, Y. L. Yin, and H. Yu. “Finding Collisions in the Full SHA-1,” Advances in Cryptology — CRYPTO 2005 (Lecture Notes in Computer Science 3621) pp. 17–36 (Aug. 2005).
    DOI: 10.1007/11535218_2
  1972. X. Wang and H. Yu. “How to Break MD5 and Other Hash Functions,” Advances in Cryptology — EUROCRYPT 2005 (Lecture Notes in Computer Science 3494) pp. 19–35 (May 2005).
    DOI: 10.1007/11426639_2
  1973. X. Wang, N. Zeldovich, and M. F. Kaashoek. “Retroactive Auditing,” Proceedings of the Second Asia-Pacific Workshop on Systems pp. 9:1–9:5 (July 2011).
    DOI: 10.1145/2103799.2103810
  1974. Z. Wang and R. B. Lee. “Capacity Estimation of Non-Synchronous Covert Channels,” Proceedings of the 25th IEEE International Conference on Distributed Computing Systems Workshops pp. 170–176 (June 2005).
    DOI: 10.1109/ICDCSW.2005.47
  1975. R. Wash. “Folk Models of Home Computer Security,” Proceedings of the Sixth Symposium on Usable Privacy and Security pp. 11:1–11:6 (July 2010).
    DOI: 10.1145/1837110.1837125
  1976. R. Wash and E. Rader. “Too Much Knowledge? Security Beliefs and Protective Behaviors Among United States Internet Users,” Proceedings of the 11th Symposium on Usable Privacy and Security pp. 309–325 (July 2015)
    URL: https://www.usenix.org/conference/soups2015/proceedings/presentation/wash
  1977. G. Wassermann and Z. Su. “Static Detection of Cross-site Scripting Vulnerabilities,” Proceedings of the 30th International Conference on Software Engineering pp. 171–180 (2008).
    DOI: 10.1145/1368088.1368112
  1978. B. Waters, A. Juels, J. A. Halderman, and E. W. Felten. “New Client Puzzle Outsourcing Techniques for DoS Resistance,” Proceedings of the 11th ACM Conference on Computer and Communications Security pp. 246–256 (Oct. 2004).
    DOI: 10.1145/1030083.1030117
  1979. D. Watson. “Honeynets: A Tool for Counterintelligence in Online Security,” Network Security 2007(1) pp. 4–8 (Jan. 2007).
    DOI: 10.1016/S1353-4858(07)70004-1
  1980. J. Watson. “VirtualBox: Bits and Bytes Masquerading As Machines,” Linux Journal (166) (Feb. 2008)
    URL: http://www.linuxjournal.com/article/9941
  1981. P. Watson. “A Multi-Level Security Model for Partitioning Workflows over Federated Clouds,” Proceedings of the IEEE Third International Conference on Cloud Computing Technology and Science pp. 180–188 (Nov. 2011).
    DOI: 10.1109/CloudCom.2011.33
  1982. R. N. M. Watson. “TrustedBSD: Adding Trusted Operating System Features to FreeBSD,” Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference pp. 15–28 (2001)
    URL: https://www.usenix.org/conference/2001-usenix-annual-technical-conference/trustedbsd-adding-trusted-operating-system
  1983. R. N. M. Watson, J. Anderson, B. Laurie, and K. Kennaway. “Capsicum: Practical Capabilities for UNIX,” Proceedings of the 19th USENIX Security Symposium (Aug. 2010)
    URL: https://www.usenix.org/legacy/event/sec10/tech/full_papers/Watson.pdf
  1984. R. N. M. Watson, J. Woodruff, P. G. Neumann, S. W. Moore, J. Anderson, D. Chisnall, N. Dave, B. Davis, K. Gudka, B. Laurie, S. J. Murdoch, R. Norton, M. Roe, S. Son, and M. Vadera. “CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization,” Proceedings of the 2015 IEEE Symposium on Security and Privacy pp. 20–37 (May 2015).
    DOI: 10.1109/SP.2015.9
  1985. M. A. Wayne, E. R. Jeffrey, G. M. Akselrod, and P. G. Kwiat. “Photon Arrival Time Quantum Random Number Generation,” Journal of Modern Optics 56(4) pp. 516–522 (Feb. 2009).
    DOI: 10.1080/09500340802553244
  1986. C. Wee. “LAFS: A Logging and Auditing File System,” Proceedings of the 11th Annual Computer Security Applications Conference pp. 231–240 (Dec. 1995).
  1987. F. Wei, S. Roy, X. Ou, and Robby. “Amandroid: A Precise and General Inter-component Data Flow Analysis Framework for Security Vetting of Android Apps,” Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security pp. 1329–1341 (Nov. 2014).
    DOI: 10.1145/2660267.2660357
  1988. J. Wei and C. Pu. “TOCTTOU Vulnerabilities in UNIX-Style File Systems: an Anatomical Study,” Proceedings of the 4th USENIX Conference on File and Storage Technologies pp. 155–167 (Dec. 2005)
    URL: https://www.usenix.org/legacy/event/fast05/tech/wei.html
  1989. M. Weir, S. Aggarwal, M. Collins, and H. Stern. “Testing Metrics for Password Creation Policies by Attacking Large Sets of Revealed Passwords,” Proceedings of the 17th ACM Conference on Computer and Communications Security pp. 162–175 (Oct. 2010).
    DOI: 10.1145/1866307.1866327
  1990. M. Weir, S. Aggarwal, B. de Medeiros, and B. Glodek. “Password Cracking Using Probabilistic Context-Free Grammars,” Proceedings of the 2009 IEEE Symposium on Security and Privacy pp. 391–405 (May 2009).
    DOI: 10.1109/SP.2009.8
  1991. M. Weiser. “Program Slicing,” IEEE Transactions on Software Engineering SE-10(4) pp. 352–357 (July 1984).
    DOI: 10.1109/TSE.1984.5010248
  1992. C. Weissman. “Security Controls in the ADEPT-50 Time-Sharing System,” Proceedings of the AFIPS ’69 Fall Joint Computer Conference pp. 119–133 (Nov. 1969).
    DOI: 10.1145/1478559.1478574
  1993. C. Weissman. “Essay 11: Penetration Testing,” in [10], pp. 269–296.
  1994. C. Weissman. Security Penetration Testing Guideline: A Chapter of the Handbook for the Computer Security Certification of Trusted Systems, Technical Memorandum 5540:082A, Naval Research Laboratory, Washington, DC, USA (Jan. 1995)
    URL: http://www.windowsecurity.com/uplarticle/12/PENET.pdf
  1995. C. Weissman. “MLS-PCA: A High Assurance Security Architecture for Future Avionics,” Proceedings of the 19th Annual Computer Security Applications Conference pp. 2–12 (Dec. 2003).
    DOI: 10.1109/CSAC.2003.1254305
  1996. S. Wendzel, S. Zander, B. Fechner, and C. Herdin. “Pattern-Based Survey and Categorization of Network Covert Channel Techniques,” ACM Computing Surveys 47(3) pp. 50:1–50:26 (Apr. 2015).
    DOI: 10.1145/2684195
  1997. M. M. Wenzel. “Isabelle/Isar — A Versatile Environment for Human-Readable Formal Proof Documents,” Ph.D. Dissertation, Informatics Institute, Technical University of Munich, Munich, Germany (Jan. 2002)
    URL: https://mediatum.ub.tum.de/doc/601724/601724.pdf
  1998. R. West. “The Psychology of Security,” Communications of the ACM 51(4) pp. 34–40 (Apr. 2008).
    DOI: 10.1145/1330311.1330320
  1999. D. Wetherall. “Active Network Vision and Reality: Lessons from a Capsule-Based System,” Proceedings of the 2002 DARPA Active Networks Conference and Exposition pp. 25–40 (May 2002).
    DOI: 10.1109/DANCE.2002.1003482
  2000. D. A. Wheeler. “Secure Programming HOWTO, Version 3.72,” unpublished (2015). URL: https://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO.pdf
  2001. D. Whiting, R. Housley, and N. Ferguson. Counter with CBC-MAC (CCM), RFC 3610 (Sep. 2003).
    DOI: 10.17487/RFC3610
  2002. A. Whitten and J. D. Tygar. “Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0,” Proceedings of the Eighth USENIX UNIX Security Symposium pp. 169–184 (Aug. 1999)
    URL: https://www.usenix.org/conference/8th-usenix-security-symposium/why-johnny-cant-encrypt-usability-evaluation-pgp-50
  2003. D. R. Wichers, D. M. Cook, R. A. Olsson, J. Crossley, P. Kerchen, K. N. Levitt, and R. Lo. “PACLs: An Access Control List Approach to Anti-Viral Security,” Proceedings of the 13th National Computer Security Conference pp. 340–349 (Oct. 1990).
  2004. D. J. M. Wiemer. “Wiemer-Murray Domain Security Policy Model for International Interoperability,” Proceedings of the 21st National Information Systems Security Conference pp. 526–536 (Oct. 1998)
    URL: http://csrc.nist.gov/nissc/1998/proceedings/paperF20.pdf
  2005. R. P. Wildes. “Iris Recognition: An Emerging Biometric Technology,” Proceedings of the IEEE 85(9) pp. 1348–1363 (Sep. 1997).
    DOI: 10.1109/5.628669
  2006. M. V. Wilkes. Time-Sharing Computer Systems, Elsevier Science Inc., New York, NY, USA (1975)
    ISBN: 978-0-444-19525-8
  2007. A. L. Wilkinson, D. H. Anderson, D. P. Chang, L. H. Hin, A. J. Mayo, I. T. Viney, R. Williams, and W. Wright. “A Penetration Analysis of a Burroughs Large System,” ACM SIGOPS Operating Systems Review 15(1) pp. 14–25 (Jan. 1981).
    DOI: 10.1145/1041454.1041455
  2008. J. R. Williams and K. Ferriaolo. “P3I — Protection Profile Process Improvement,” Proceedings of the 22nd National Information Systems Security Conference pp. 175–188 (Oct. 1999).
  2009. S. P. Wilson, J. A. McDermid, P. M. Kirkham, C. H. Pygott, and D. J. Tombs. “Computer Based Support for Standards and Processes in Safety Critical Systems,” Proceedings of the 16th International Conference on Computer Safety, Reliability and Security pp. 197–209 (Sep. 1997).
    DOI: 10.1007/978-1-4471-0997-6_16
  2010. J. M. Wing. “A Symbiotic Relationship Between Formal Methods and Security,” Proceedings of the 1998 Computer Security, Dependability and Assurance: From Needs to Solutions pp. 26–38 (July 1998).
    DOI: 10.1109/CSDA.1998.798355
  2011. I. Winkler. “The Non-Technical Threat to Computing Systems,” Computing Systems 9(1) pp. 3–14 (Winter 1996).
  2012. H. B. Winkler-Parenty. “SYBASE: The Trusted Subject DBMS,” Proceedings of the 13th National Computer Security Conference pp. 589–593 (Oct. 1990).
  2013. R. Winton. “Hollywood Hospital Pays $17,000 in Bitcoin to Hackers; FBI Investigating,” Los Angeles Times (Feb. 18, 2016)
    URL: http://www.latimes.com/business/technology/la-me-ln-hollywood-hospital-bitcoin-20160217-story.html
  2014. Wireshark. Adb: Malformed Packet and Buffer Overflow, Bug 14460, Wireshark (Feb. 2018)
    URL: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14460
  2015. S. Wiseman. “A Secure Capability Computer System,” Proceedings of the 1986 IEEE Symposium on Security and Privacy pp. 86–94 (Apr. 1986).
    DOI: 10.1109/SP.1986.10007
  2016. S. Wiseman. “Preventing Viruses in Computer Systems,” Computers & Security 8(5) pp. 427–432 (Aug. 1989).
    DOI: 10.1016/0167-4048(89)90024-2
  2017. T. Y. C. Woo and S. S. Lam. “Authentication for Distributed Systems,” IEEE Computer 25(1) pp. 39–52 (Jan. 1992).
    DOI: 10.1109/2.108052
  2018. T. Y. C. Woo and S. S. Lam. “ ‘Authentication’ Revisited,” IEEE Computer 25(3) p. 10 (Mar. 1992).
    DOI: 10.1109/2.121502
  2019. C. C. Wood. “Principles of Secure Information System Design,” Computers & Security 9(1) pp. 13–24 (Feb. 1990).
    DOI: 10.1016/0167-4048(90)90150-R
  2020. C. C. Wood. “Principles of Secure Information Design with Groupware Examples,” Computers & Security 12(7) pp. 663–678 (Nov. 1993).
    DOI: 10.1016/0167-4048(93)90084-I
  2021. C. C. Wood. Information Security Policies Made Easy, Information Shield, Sugar Land, TX, USA (2015)
    ISBN: 978-1-881-58517-6
  2022. J. Woodruff, R. N. M. Watson, D. Chisnall, S. W. Moore, J. Anderson, B. Davis, B. Laurie, P. G. Neumann, R. Norton, and M. Roe. “The CHERI Capability Model: Revisiting RISC in an Age of Risk,” Proceedings of the 41st ACM/IEEE Annual International Symposium on Computer Architecture pp. 457–468 (June 2014).
    DOI: 10.1109/ISCA.2014.6853201
  2023. B. Woodward. The Secret Man: The Story of Watergate’s Deep Throat, Simon & Schuster, New York, NY, USA (2005)
    ISBN: 978-0-7432-8716-6
  2024. A. Wool. “A Quantitative Study of Firewall Configuration Errors,” IEEE Computer 37(6) pp. 62–67 (June 2004).
    DOI: 10.1109/MC.2004.2
  2025. J. C. Wray. “An Analysis of Covert Timing Channels,” Proceedings of the 1991 IEEE Symposium on Research in Security and Privacy pp. 2–6 (May 1991).
    DOI: 10.1109/RISP.1991.130767
  2026. A. Wright. “Hacking Cars,” Communications of the ACM 54(11) pp. 18–19 (Nov. 2011).
    DOI: 10.1145/2018396.2018403
  2027. H. Wu and B. Preneel. “Cryptanalysis of the Stream Cipher ABC v2,” Proceedings of the 13th International Workshop on Selected Areas in Cryptography (Lecture Notes in Computer Science 4356) pp. 56–66 (Aug. 2006).
    DOI: 10.1007/978-3-540-74462-7_5
  2028. H. Wu and B. Preneel. “Differential Cryptanalysis of the Stream Ciphers Py, Py6 and Pypy,” Advances in Cryptology — EUROCRYPT 2007 (Lecture Notes in Computer Science 4515) pp. 276–290 (May 2007).
    DOI: 10.1007/978-3-540-72540-4_16
  2029. S. X. Wu and W. Banzhaf. “The Use of Computational Intelligence in Intrusion Detection Systems: A Review,” Applied Soft Computing 10(1) pp. 1–35 (Jan. 2010).
    DOI: 10.1016/j.asoc.2009.06.019
  2030. W. Wulf, E. Cohen, W. Corwin, A. Jones, R. Levin, C. Pierson, and F. Pollack. “HYDRA: The Kernel of a Multiprocessor Operating System,” Communications of the ACM 17(6) pp. 337–345 (June 1974).
    DOI: 10.1145/355616.364017
  2031. W. C. A. Wungaards and B. J. Overeinder. “Securing DNS: Extending DNS Servers with a DNSSEC Validator,” IEEE Security & Privacy 7(5) pp. 36–43 (Sep. 2009).
    DOI: 10.1109/MSP.2009.133
  2032. X501. Information Technology—Open Systems Interconnection—The Directory: Models, Recommendation X.501, ITU-T (Nov. 2008).
  2033. M. Xia, L. Gong, Y. Lyu, Z. Qi, and X. Liu. “Effective Real-Time Android Application Auditing,” Proceedings of the 2015 IEEE Symposium on Security and Privacy pp. 899–914 (May 2015).
    DOI: 10.1109/SP.2015.60
  2034. Y. Xie and A. Aiken. “Static Detection of Security Vulnerabilities in Scripting Languages,” Proceedings of the 15th USENIX Security Symposium pp. 179–192 (Aug. 2006)
    URL: https://www.usenix.org/legacy/events/sec06/tech/xie.html
  2035. Y. Xie and S.-Z. Yu. “Monitoring the Application-layer DDoS Attacks for Popular Websites,” IEEE/ACM Transactions on Networking 17(1) pp. 15–25 (Feb. 2009).
    DOI: 10.1109/TNET.2008.925628
  2036. L. Xiong and L. Liu. “PeerTrust: Supporting Reputation-Based Trust for Peer-to-Peer Electronic Communities,” IEEE Transactions on Knowledge and Data Engineering 16(7) pp. 843–857 (July 2004).
    DOI: 10.1109/TKDE.2004.1318566
  2037. K. Xu, H. Xiong, C. Wu, D. Stefan, and D. Yao. “Data-Provenance Verification For Secure Hosts,” IEEE Transactions on Dependable and Secure Computing 9(2) pp. 173–183 (Mar. 2012).
    DOI: 10.1109/TDSC.2011.50
  2038. R. Xu, H. Saïdi, and R. Andreson. “Aurasium: Practical Policy Enforcement for Android Applications,” Proceedings of the 21st USENIX Security Symposium pp. 539–552 (Aug. 2012).
  2039. Y. Xu, M. Bailey, F. Jahanian, K. Joshi, M. Hiltunen, and R. Schlichting. “An Exploration of L2 Cache Covert Channels in Virtualized Environments,” Proceedings of the Third ACM Workshop on Cloud Computing Security pp. 29–40 (Oct. 2011).
    DOI: 10.1145/2046660.2046670
  2040. F. Yamaguchi, N. Golde, D. Arp, and K. Rieck. “Modeling and Discovering Vulnerabilities with Code Property Graphs,” Proceedings of the 2014 IEEE Symposium on Security and Privacy pp. 590–604 (May 2014).
    DOI: 10.1109/SP.2014.44
  2041. R. V. Yampolskiy. “Analyzing User Password Selection Behavior for Reduction of Password Space,” Proceedings of the 40th Annual IEEE International Carnahan Conferences Security Technology pp. 109–115 (Oct. 2006).
    DOI: 10.1109/CCST.2006.313438
  2042. J. Yan and A. S. El Ahmad. “Usability of CAPTCHAs or Usability Issues in CAPTCHA Design,” Proceedings of the Fourth Symposium on Usable Privacy and Security pp. 44–52 (July 2008).
    DOI: 10.1145/1408664.1408671
  2043. K. Yang, M. Hicks, Q. Dong, T. Austin, and D. Sylvester. “A2: Analog Malicious Hardware,” Proceedings of the 2016 IEEE Symposium on Security and Privacy pp. 18–37 (May 2016).
    DOI: 10.1109/SP.2016.10
  2044. X. Yang, D. Wetherall, and T. Anderson. “TVA: A DoS-limiting Network Architecture,” IEEE/ACM Transactions on Networking 16(6) pp. 1267–1280 (Dec. 2008).
    DOI: 10.1109/TNET.2007.914506
  2045. Y. Yang, K. McLaughlin, T. Littler, S. Sezar, B. Pranggono, and H. F. Wang. “Intrusion Detection System for IEC 60870-5-104 Based SCADA Networks,” Proceedings of the 2013 IEEE Power and Energy Society General Meeting pp. 1–5 (July 2013).
    DOI: 10.1109/PESMG.2013.6672100
  2046. D. Yaozu, L. Shaofan, M. Asit, N. Jun, T. Kun, X. Xuefei, Y. Fred, and Y. Wilfred. “Extending Xen with Intel Virtualization Technology,” Intel Technology Journal 10(3) pp. 193–203 (Aug. 2006).
  2047. W.-S. Yap, S. L. Yeo, S.-H. Heng, and M. Henricksen. “Security Anaysis of GCM for Communication,” Security and Communication Networks 7(5) pp. 854–864 (May 2014).
    DOI: 10.1002/sec.798
  2048. Y. Yarom and K. Falkner. “FLUSH+RELOAD: A High Resolution, Low Noise, L3 Cache Side-Channel Attack,” Proceedings of the 23rd USENIX Security Symposium pp. 719–732 (Aug. 2014).
  2049. A. Yasinsac and J. Childs. “Formal Analysis of Modern Security Protocols,” Information Sciences 171(1-3) pp. 189–211 (Mar. 2005).
    DOI: 10.1016/j.ins.2004.03.021
  2050. B. Yee, D. Sehr, G. Dardyk, J. B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. “Native Client: A Sandbox for Portable, Untrusted x86 Native Code,” Proceedings of the 2009 IEEE Symposium on Security and Privacy pp. 79–93 (May 2009).
    DOI: 10.1109/SP.2009.25
  2051. K.-P. Yee. “User Interaction Design for Secure Systems,” Proceedings of the Fourth International Conference on Information and Communications Security (Lecture Notes in Computer Science 2513) pp. 278–290 (Dec. 2002).
    DOI: 10.1007/3-540-36159-6_24
  2052. I.-L. Yen and R. Paul. “Key Applications for High-Assurance Systems,” IEEE Computer 31(4) pp. 35–36 (Apr. 1998).
    DOI: 10.1109/2.666841
  2053. T. Yetiser. Polymorphic Viruses: Implementation, Detection, and Protection, Technical Report, VDS Advanced Research Group, Baltimore, MD, USA (Jan. 1993)
    URL: http://83.133.184.251/virensimulation.org/lib/ayt01.html
  2054. H. Yin, C. Bockisch, and M. Aksit. “A Fine-Grained Debugger for Aspect-Oriented Programming,” Proceedings of the Eleventh Annual International Conference on Aspect-Oriented Software Development pp. 59–70 (2012).
    DOI: 10.1145/2162049.2162057
  2055. H. Yin, D. Song, M. Egele, C. Kruegel, and E. Kirda. “Panorama: Capturing System-wide Information Flow for Malware Detection and Analysis,” Proceedings of the 14th ACM Conference on Computer and Communications Security pp. 116–127 (Oct. 2007).
    DOI: 10.1145/1315245.1315261
  2056. H. Yin and H. Wang. “Building an Application-Aware IPsec Policy System,” IEEE/ACM Transactions on Networking 15(6) pp. 1502–1513 (Dec. 2007).
    DOI: 10.1109/TNET.2007.896536
  2057. V. L. Yisa, M. Baba, and E. T. Olaniyi. “A Review of Top Open Source Password Cracking Tools,” Proceedings of the 2016 International Conference on Information and Communication Technology and Its Applications pp. 134–138 (Nov. 2016)
    URL: http://ceur-ws.org/Vol-1830/Paper89.pdf
  2058. T. Ylönen. “SSH—Secure Login Connections over the Internet,” Proceedings of the Sixth USENIX UNIX Security Symposium pp. 37–42 (July 1996).
  2059. T. Ylönen and C. Lonvick. The Secure Shell (SSH) Protocol Architecture, RFC 4251 (Jan. 2006)
    URL: http://www.rfc-editor.org/rfc/rfc4251.txt
  2060. J. Yoo, E. Jee, and S. Cha. “Formal Modeling and Verification of Safety-Critical Software,” IEEE Software 26(3) pp. 42–49 (May 2009).
    DOI: 10.1109/MS.2009.67
  2061. K. Yoshio, Y. Yoshiaki, and T. Hidekazu. “An Improvement to a Decentralized Management Method for Uniquely Accessible Attribute Information,” Proceedings of the 2009 International Conference on Availability, Reliability and Security pp. 984–989 (Mar. 2009).
    DOI: 10.1109/ARES.2009.21
  2062. P. Yosifovich, A. Ionescu, M. E. Russinovich, and D. A. Solomon. Windows Internals, Part 1: System Architecture, Processes, Threads, Memory Management, and More, Microsoft Press, Redmond, WA, USA (2017)
    ISBN: 978-0-7356-8418-8
  2063. A. Young and M. Yung. “Cryptovirology: Extortion-Based Security Threats and Countermeasures,” Proceedings of the 1996 IEEE Symposium on Security and Privacy pp. 129–139 (May 1996).
    DOI: 10.1109/SECPRI.1996.502676
  2064. C. Young. “Taxonomy of Computer Virus Defense Mechanisms,” Proceedings of the Tenth National Computer Security Conference pp. 220–225 (Sep. 1987).
  2065. C.-F. Yu and V. D. Gligor. “A Formal Specification and Verification Method for the Prevention of Denial of Service,” Proceedings of the 1988 IEEE Symposium on Security and Privacy pp. 187–202 (Apr. 1988).
    DOI: 10.1109/SECPRI.1988.8111
  2066. C.-F. Yu and V. D. Gligor. “A Specification and Verification Method for Preventing Denial of Service,” IEEE Transactions on Software Engineerin 16(6) pp. 581–592 (June 1990).
    DOI: 10.1109/32.55087
  2067. T. Yu, S. Hartman, and K. Raeburn. “The Perils of Unauthenticated Encryption: Kerberos Version 4,” Proceedings of the 2004 Symposium on Network and Distributed System Security (Feb. 2004)
    URL: http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2017/09/The-Perils-of-Unauthenticated-Encryption-Kerberos-Version-4-Tom-Yu.pdf
  2068. Y. Yu and W. Rodeheffer, Tom anbd Chen. “RaceTrack: Efficient Detection of Data Race Conditions via Adaptive Tracking,” Proceedings of the 20th ACM Symposium on Operating Systems Principles pp. 221–234 (Dec. 2005).
    DOI: 10.1145/1095810.1095832
  2069. E. Yuan and J. Tong. “Attributed Based Access Control (ABAC) for Web Services,” Proceedings of the 2005 IEEE International Conference on Web Services (July 2005).
    DOI: 10.1109/ICWS.2005.25
  2070. L. Yuan, J. Mai, Z. Su, H. Chen, C.-N. Chuah, and P. Mohapatra. “FIREMAN: A toolkit for FIREwall Modeling and ANalysis,” Proceedings of the 2006 IEEE Symposium on Security and Privacy pp. 213–228 (May 2006).
    DOI: 10.1109/SP.2006.16
  2071. R. Yuan and W. T. Strayer. Virtual Private Networks: Technologies and Solutions, Addison-Wesley Professional, Boston, MA, USA (2001)
    ISBN: 978-0-201-70209-5
  2072. J. Yuill, F. Wu, J. Settle, F. Gong, R. Forno, M. Huang, and J. Asbery. “Intrusion-Detection for Incident-Response, Using a Military Battlefield-Intelligence Process,” Computer Networks 34(4) pp. 671–697 (Oct. 2000).
    DOI: 10.1016/S1389-1286(00)00142-0
  2073. J. Yuill, M. Zappe, D. E. Denning, and F. Feer. “Honeyfiles: Deceptive Files for Intrusion Detection,” Proceedings of the Fifth Annual IEEE SMC Informaton Assurance Workshop pp. 116–122 (June 2004).
    DOI: 10.1109/IAW.2004.1437806
  2074. A. L. Yuille, P. W. Hallinan, and D. S. Cohen. “Feature Extraction from Faces Using Deformable Templates,” International Journal of Computer Vision 8(2) pp. 99–111 (Aug. 1992).
    DOI: 10.1007/BF00127169
  2075. A. Zakinthinos and E. S. Lee. “The Composability of Non-Interference,” Journal of Computer Security 3(4) pp. 269–281 (1995).
    DOI: 10.3233/JCS-1994/1995-3404
  2076. D. Zamboni. Learning CFEngine 3, O’Reilly Media, Sebastopol, CA, USA (2012)
    ISBN: 978-1-4493-1220-6
  2077. S. Zander, G. Armitage, and P. Branch. “A Survey of Covert Channels and Countermeasures in Computer Network Protocols,” IEEE Communications Surveys & Tutorials 9(3) pp. 44–57 (Third Quarter 2007).
    DOI: 10.1109/COMST.2007.4317620
  2078. P. Zave and M. Jackson. “Four Dark Corners of Requirements Engineering,” ACM Transactions on Software Engineering and Methodology 6(1) pp. 1–30 (Jan. 1997).
    DOI: 10.1145/237432.237434
  2079. S. Zawoad, A. K. Dutta, and R. Hasan. “SecLaaS: Secure Logging-as-a-service for Cloud Forensics,” Proceedings of the Eighth ACM SIGSAC Symposium on Information, Computer and Communications Security pp. 219–230 (May 2013).
    DOI: 10.1145/2484313.2484342
  2080. S. Zdancewic and A. C. Myers. “Robust Declassification,” Proceedings of the 14th Computer Security Foundations Workshop pp. 15–23 (June 2001).
    DOI: 10.1109/CSFW.2001.930133
  2081. K. D. Zeilenga. COSINE LDAP/X.500 Schema, RFC 4524 (June 2006).
    DOI: 10.17487/RFC4524
  2082. K. D. Zeilenga. Lightweight Directory Access Protocol (LDAP): Directory Information Models, RFC 4512 (June 2006).
    DOI: 10.17487/RFC4512
  2083. K. Zetter. “Palin E-Mail Hacker Says It Was Easy,” Wired (Sep. 2008)
    URL: https://www.wired.com/2008/09/palin-e-mail-ha/
  2084. K. Zetter. “Researchers Uncover RSA Phishing Attack, Hiding in Plain Sight,” Wired (Aug. 2011)
    URL: https://www.wired.com/2011/08/how-rsa-got-hacked/
  2085. C. C. Zhang, M. Winslett, and C. A. Gunter. “On the Safety and Efficiency of Firewall Policy Deployment,” Proceedings of the 2007 IEEE Symposium on Security and Privacy pp. 33–50 (May 2007).
    DOI: 10.1109/SP.2007.32
  2086. C. Zhang, T. Wang, T. Wei, Y. Chen, and W. Zou. “IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time,” Proceedings of the 15th European Symposium on Research in Computer Security (Lecture Notes in Computer Science 6345) pp. 71–86 (Sep. 2010).
    DOI: 10.1007/978-3-642-15497-3_5
  2087. D. Zhang, W.-K. Kong, J. You, and M. Wong. “Online Palmprint Identification,” IEEE Transactions on Pattern Analysis and Machine Intelligence 25(9) pp. 1041–1050 (Sep. 2003).
    DOI: 10.1109/TPAMI.2003.1227981
  2088. D. Zhang, K. Ramamohanarao, R. Zhang, and S. Versteeg. “Efficient Graph Based Approach to Large Scale Role Engineering,” Transactions on Data Privacy 7(1) pp. 1–26 (2014).
  2089. F. Zhang, A. Kondoro, and S. Muftic. “Location-Based Authentication and Authorization Using Smart Phones,” Proceedings of the 2012 IEEE International Conference on Trust, Security and Privacy in Computing and Communications pp. 1285–1292 (June 2012).
    DOI: 10.1109/TrustCom.2012.198
  2090. L. Zhang and A. C. Myers. “End-to-End Availability Policies and Noninterference,” Proceedings of the 18th Computer Security Foundations Workshop pp. 272–286 (June 2005).
    DOI: 10.1109/CSFW.2005.16
  2091. L. Zhang, S. Tan, J. Yang, and Y. Chen. “VoiceLive: A Phoneme Localization Based Liveness Detection for Voice Authentication on Smartphones,” Proceedings of the 23rd ACM SIGSAC Conference on Computer and Communications Security pp. 1080–1091 (Oct. 2016).
    DOI: 10.1145/2976749.2978296
  2092. X. Zhang, Y. Li, and D. Nalla. “An Attribute-Based Access Control Matrix Model,” Proceedings of the 2005 ACM Symposium on Applied Computing pp. 359–363 (Mar. 2005).
    DOI: 10.1145/1066677.1066760
  2093. Y. Zhang, F. Monrose, and M. K. Reiter. “The Security of Modern Password Expiration: An Algorithmic Framework and Empirical Analysis,” Proceedings of the 17th ACM Conference on Computer and Communications Security pp. 176–186 (Oct. 2010).
    DOI: 10.1145/1866307.1866328
  2094. G. Zheng, W. Li, and C. Zhan. “Cryptographic Key Generation from Biometric Data Using Lattice Mapping,” Proceedings of the 18th International Conference on Pattern Recognition pp. 513–516 (Aug. 2006).
    DOI: 10.1109/ICPR.2006.423
  2095. Y. Zheng. “Digital Signcryption or How to Achieve Cost(Signature & Encryption) ≪ Cost(Signature) + Cost(Encryption),” Advances in Cryptology — CRYPTO ’97 (Lecture Notes in Computer Science 1294) pp. 165–179 (Aug. 1997).
    DOI: 10.1007/BFb0052234
  2096. Y. Zheng, J. Pieprzyk, and J. Seberry. “HAVAL—A One-Way Hashing Algorithm with Variable Length of Output,” Advances in Cryptology—AUSCRYPT ’92 (Lecture Notes in Computer Science 718) pp. 83–104 (Dec. 1992).
    DOI: 10.1007/3-540-57220-1_54
  2097. Y. Zhou, X. Wang, Y. Chen, and Z. Wang. “ARMlock: Hardware-based Fault Isolation for ARM,” Proceedings of the 21st ACM SIGSAC Conference on Computer and Communications Security pp. 558–569 (Nov. 2014).
    DOI: 10.1145/2660267.2660344
  2098. H. Zhu, P. A. V. Hall, and J. H. R. May. “Software Unit Test Coverage and Adequacy,” ACM Computing Surveys 29(4) pp. 366–427 (Dec. 1997).
    DOI: 0.1145/267580.267590
  2099. L. Zhu, K. Jaganathan, and K. Lauter. Elliptic Curve Cryptography (ECC) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT), RFC 5349 (Sep. 2008).
    DOI: 10.17487/RFC5349
  2100. L. Zhu, K. Jaganathan, and N. Williams. Online Certificate Status Protocol (OCSP) Support for Public Key Cryptography for Initial Authentication in Kerberos (PKINIT), RFC 4557 (June 2006).
    DOI: 10.17487/RFC4557
  2101. L. Zhu and B. Tung. Public Key Cryptography for Initial Authentication in Kerberos (PKINIT), RFC 4556 (June 2006).
    DOI: 10.17487/RFC4556
  2102. M. Zhu, Z. Hu, and P. Liu. “Reinforcement Learning Algorithms for Adaptive Cyber Defense Against Heartbleed,” Proceedings of the First ACM Workshop on Moving Target Defense pp. 51–58 (Nov. 2014).
    DOI: 10.1145/2663474.2663481
  2103. Y. Zhu, X. Fu, B. Graham, R. Bettati, and W. Zhao. “On Flow Correlation Attacks and Countermeasures in Mix Networks,” Proceedings of the Fourth International Workshop on Privacy Enhancing Technologies (Lecture Notes in Computer Science 3424) pp. 207–225 (2004).
    DOI: 10.1007/11423409_13
  2104. X. Zi, L. Yao, X. Jiang, L. Pan, and J. Li. “Evaluating the Transmission Rate of Covert Timing Channels in a Network,” Computer Networks 55(12) pp. 2760–2771 (Aug. 2011).
    DOI: 10.1016/j.comnet.2011.05.018
  2105. C.-N. Ziegler and G. Lausen. “Spreading Activation Models for Trust Propagation,” Proceedings of the 2004 IEEE International Conference on e-Technology, e-Commerce and e-Service pp. 83–97 (Mar. 2004).
    DOI: 10.1109/EEE.2004.1287293
  2106. D. P. Zimmerman. The Finger User Information Protocol, RFC 1288 (Dec. 1991).
    DOI: 10.17487/RFC1288
  2107. P. Zimmermann, A. Johnson, and J. Callas. ZRTP: Media Path Key Agreement for Unicast Secure RTP, RFC 6189 (Apr. 2011).
    DOI: 10.17487/RFC6189
  2108. D. Zissis and D. Lekkas. “Addressing Cloud Computing Security Issues,” Future Generation Computer Systems 28(3) pp. 583–592 (Mar. 2012).
    DOI: 10.1016/j.future.2010.12.006
  2109. C. C. Zou, W. Gong, and D. Towsley. “Code Red Worm Propagation Modeling and Analysis,” Proceedings of the Ninth ACM Conference on Computer and Communications Security pp. 138–147 (Nov. 2002).
    DOI: 10.1145/586110.586130
  2110. Z. Zuo and M. Zhou. “Some Further Theoretical Results about Computer Viruses,” The Computer Journal 47(6) pp. 627–633 (Jan. 2004).
    DOI: 10.1093/comjnl/47.6.627
  2111. J. Zurawski. “The Science DMZ — Introduction and Architecture,” Presentation at Operating Innovative Networks (Oct. 2013).
    URL: http://www.crc.nd.edu/~rich/OIN.10.2013/Science_DMZ/20131002-OIN-ScienceDMZ-1-Intro_Arch.pdf
  2112. M. E. Zurko and R. T. Simon. “User-Centered Security,” Proceedings of the 1996 Workshop on New Security Paradigms pp. 27–33 (Sep. 1996).
    DOI: 10.1145/304851.304859
  2113. M. Zviran and W. J. Haga. “Cognitive Passwords: The Key to Easy Access Control,” Computers & Security 9(8) pp. 723–736 (Dec. 1990).
    DOI: 10.1016/0167-4048(90)90115-A
  2114. About Touch ID Advanced Security Technology (Sep. 2017)
    URL: https://support.apple.com/en-us/HT204587
  2115. Acceptable Use Policy, Section 310-23, Exhibit A, UC Davis Policy and Procedure Manual, Office of the Chancellor and Provost, University of California at Davis (Sep. 2013).
    URL: https://ucdavispolicy.ellucid.com/documents/view/359/2339/
  2116. Advanced Encryption Standard, FIPS PUB 197, National Institute of Standards and Technology, Gaithersburg, MD, USA (Nov. 2001).
    DOI: 10.6028/NIST.FIPS.197
  2117. AMD64 Architecture Programmer’s Manual Volume 2: System Programming, Number 24593 Rev. 3.23, Advanced Micro Devices, Sunnyvale, CA, USA (May 2013)
    URL: https://archive.org/details/24593APMV21
  2118. Arrangement on the Recognition of Common Criteria Certificates in the Field of Information Technology Security, Technical Report, Common Criteria (July 2014).
    URL:https://www.commoncriteriaportal.org/files/CCRA
  2119. Article 17: Right to Erasure (`Right to be Forgotten’),” Regulation (EU) 2016/679 of the European Parliament and of the Council (Apr. 2016).
    URL: http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf
  2120. Buffer Overflow in Kerberos Administration Daemon, CERT Advisory CA-2002-29, CERT, Pittsburgh, PA (Oct. 2002)
    URL: https://resources.sei.cmu.edu/library/asset-view.cfm?assetID=496194
  2121. Buffer Overflow in Sendmail, CERT Advisory CA-2003-25, CERT, Pittsburgh, PA, USA (Oct. 2003)
    URL: http://www.cert.org/historical/advisories/CA-2003-25.cfm
  2122. Bundesamt für Sicherheit in der Informationstechnik (2017)
    URL: https://www.bsi.bund.de/EN/Topics/CommonCriteria/commoncriteria_node.html
  2123. California Elections Code, Division 19. Certification of Voting Systems. Chapter 3. Certification of Voting Systems. Article 1. Procedures for Certification of Voting Systems.”
    URL: http://leginfo.legislature.ca.gov/faces/codes_displayText.xhtml?lawCode=ELEC&division=19.&title=&part=&chapter=3.&article=1.
  2124. The Canadian Trusted Computer Product Evaluation Criteria, Version 3.0e, Report, Canadian System Security Centre, Ottowa, ON, Canada (Jan. 1993).
  2125. CapROS: The Capability-based Reliable Operating System (2016).
    URL: http://www.capros.org/
  2126. Cisco IOS Security Command Reference, Cisco Systems, Inc., San Jose, CA, USA (Apr. 2011).
    URL: http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_cr_book.pdf
  2127. The Common Criteria (Apr. 2017)
    URL: https://www.commoncriteriaportal.org
  2128. Common Criteria: Certified Products (Dec. 2017)
    URL: https://www.commoncriteriaportal.org/products/
  2129. Common Criteria for Information Technology Security Evaluation Version 3.1, Revision 5, Part 1: Introduction and General Model, Technical Report CCMB-2017-04-001, Common Criteria (Apr. 2017)
    URL: https://www.commoncriteriaportal.org/files/ccfiles/CCPART1V3.1R5.pdf
  2130. Common Criteria for Information Technology Security Evaluation Version 3.1, Revision 5, Part 2: Security Functional Components, Technical Report CCMB-2017-04-002, Common Criteria (Apr. 2017)
    URL: https://www.commoncriteriaportal.org/files/ccfiles/CCPART2V3.1R5.pdf
  2131. Common Criteria for Information Technology Security Evaluation Version 3.1, Revision 5, Part 3: Security Assurance Components, Technical Report CCMB-2017-04-003, Common Criteria (Apr. 2017)
    URL: https://www.commoncriteriaportal.org/files/ccfiles/CCPART3V3.1R5.pdf
  2132. Common Criteria: Other Publications, Common Criteria (Apr. 2017)
    URL: https://www.commoncriteriaportal.org/cc/
  2133. Common Methodology for Information Technology Security Evaluation Version 3.1, Revision 5: Evaluation Methodology, Technical Report CCMB-2017-04-004, Common Criteria (Apr. 2017)
    URL: https://www.commoncriteriaportal.org/files/ccfiles/CEMV3.1R5.pdf
  2134. Common Vulnerabilities and Exposures, The MITRE Corporation, Bedford, MA, USA (Mar. 2017)
    URL: https://cve.mitre.org/index.html
  2135. Common Vulnerabilities and Exposures: CVE-1999-0965, The MITRE Corporation, Bedford, MA, USA (Jan. 2000)
    URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0965
  2136. Common Vulnerabilities and Exposures: CVE-2016-3706, The MITRE Corporation, Bedford, MA, USA (Mar. 2016)
    URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3706
  2137. Common Weakness Enumeration, The MITRE Corporation, Bedford, MA, USA (Jan. 2017)
    URL: http://cwe.mitre.org/
  2138. Communications and Technology Electronic Communications—Allowable Use, Section 310-23, UC Davis Policy and Procedure Manual, Office of the Chancellor and Provost, University of California at Davis (Sep. 2013)
    URL: https://ucdavispolicy.ellucid.com/documents/view/357
  2139. Communications Security Establishment, Government of Canada, Common Criteria (July 2015)
    URL: https://www.cse-cst.gc.ca/en/canadian-common-criteria-scheme/main
  2140. Creating and Using Oracle Solaris Zones, Part Number E54752, Oracle, Inc., Redwood City, CA, USA (Oct. 2017)
    URL: https://docs.oracle.com/cd/E36784_01/pdf/E37628.pdf
  2141. Cryptographic Algorithm Validation Program, National Institute for Standards and Technology, Gaithersburg, MD, USA (Sep. 2017)
    URL: https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program
  2142. Cryptographic Module Validation Program, National Institute for Standards and Technology, Gaithersburg, MD, USA (Sep. 2017)
    URL: https://csrc.nist.gov/Projects/Cryptographic-Module-Validation-Program
  2143. CryptoLocker Ransomware Infections, Alert TA13-309A, US-CERT, Pittsburgh, PA, USA (Nov. 2013)
    URL: https://www.us-cert.gov/ncas/alerts/TA13-309A
  2144. CSEC-The Swedish Certification Body for IT Security, Common Criteria (Nov. 2017)
    URL: http://fmv.se/en/Our-activities/CSEC—The-Swedish-Certification-Body-for-IT-Security/
  2145. CWE Glossary, The MITRE Corporation, Bedford, MA, USA (Jan. 2017)
    URL: http://cwe.mitre.org/documents/glossary/index.html
  2146. Data Encryption Standard, FIPS PUB 46, National Bureau of Standards, Gaithersburg, MD, USA (Jan. 1977)
    URL: https://csrc.nist.gov/publications/detail/fips/46/3/archive/1999-10-25
  2147. DES Modes of Operation, FIPS PUB 81, National Bureau of Standards (Dec. 1980)
    URL: https://csrc.nist.gov/csrc/media/publications/fips/81/archive/1980-12-02/documents/fips81.pdf
  2148. Digital Signature Standard (DSS), FIPS PUB 186-4, National Institute of Standards and Technology, Gaithersburg, MD, USA (July 2013).
    DOI: 10.6028/NIST.FIPS.186-4
  2149. DNS Amplification Attacks, Alert TA13-088A, US-CERT, Pittsburgh, PA, USA (Oct. 2016)
    URL: https://www.us-cert.gov/ncas/alerts/TA13-088A
  2150. Electronic Communications Policy, University of California Office of the President, Oakland, CA, USA (Aug. 2005)
    URL: http://policy.ucop.edu/doc/7000470/ElectronicCommunications
  2151. Electronic Mail Policy, University of California Office of the President, Oakland, CA, USA (Mar. 1998).
  2152. Escrowed Encryption Standard (EES), FIPS PUB 185, National Institute of Standards and Technology, Gaithersburg, MD, USA (Feb. 1994)
    URL: https://csrc.nist.gov/csrc/media/publications/fips/185/archive/1994-02-09/documents/fips185.pdf
  2153. The Evolution of the CWE Development and Research Views, The MITRE Corporation, Bedford, MA, USA (Sep. 2008)
    URL: http://cwe.mitre.org/documents/views/view-evolution.html
  2154. External Interface Guide to SET Secure Electronic Transaction (Sep. 1997)
    URL: http://www.exelana.com/set/spec100/set_eig.pdf
  2155. Federal Criteria for Information Technology Security, Version 1.0, Technical Report, National Institute of Standards and Technology and National Security Agency, Gaithersburg, MD, USA (1992).
  2156. File Formats: priv_desc(4): Descriptions of Defined Privileges, Sun Microsystems, Inc., Palo Alto, CA, USA (Sep. 1999)
    URL: http://download.oracle.com/docs/cd/E19109-01/tsolaris8/835-8005/6ruu381re/index.html
  2157. Financial Services Act of 1986, §48(2)(h), cited in [294].
  2158. FORTEZZA Cryptologic Interface Programmers Guide, Technical Report Revision 1.52, National Security Agency, Ft. George G. Meade, MD, USA (Nov. 1995).
  2159. FORTEZZA Message Security Protocol Software Interface Control Document, Technical Report Version 3.01, National Security Agency, Ft. George G. Meade, MD, USA (Nov. 1995).
  2160. Ghostscript Vulnerability, CERT Advisory CA-1995-10, CERT, Pittsburgh, PA, USA (Aug. 1995)
    URL: http://www.cert.org/historical/advisories/CA-1995-10.cfm
  2161. Good Practice Guide on Vulnerability Disclosure, Catalogue Number TP-01-15-893-EN-N, European Union Agency for Network and Information Security, Heraklion, Greece (Nov. 2015).
    DOI: 10.2824/610384
  2162. Google 2-Step Verification, Google, Mountain View, CS, USA.
    URL: https://www.google.com/landing/2step
  2163. A Guide to Understanding Audit in Trusted Systems, Report NCSC-TG-001, Department of Defense, Washington, DC, USA (July 1987)
    URL: https://fas.org/irp/nsa/rainbow/tg001.htm
  2164. A Guide to Understanding Covert Channel Analysis of Trusted Systems, Report NCSC-TG-030, Department of Defense, Washington, DC, USA (Nov. 1993)
    URL: http://fas.org/irp/nsa/rainbow/tg030.htm
  2165. Guidelines for Smart Grid Security, Special Publication 7628 Revision 1, National Institute of Standards and Technology, Gaithersburg, MD, USA (Sep. 2014).
    DOI: 10.6028/NIST.IR.7628r1
  2166. The Haskell Programming Language (Dec. 2013)
    URL: https://wiki.haskell.org/Haskell
  2167. HP-UX Security Vulnerability in sendmail, CIAC Information Bulletin J-040, U.S. Department of Energy Computer Incident Advisory Capability, Livermore, CA, USA (Apr. 1999)
    URL: ftp://ftp.cerias.purdue.edu/pub/advisories/ciac/j-fy99/j-040.hp.sendmail.denial.of.service.failures.txt
  2168. iAPX 432 General Data Processor Architecture Reference Manual, Order Number 171860-004, Intel Corp., Santa Clara, CA, USA (1983)
    URL: http://www.bitsavers.org/components/intel/iAPX_432/171860-004_iAPX_432_General_Data_Processor_Architecture_Reference_Manual_Feb84.pdf
  2169. Information about the PC CYBORG (AIDS) Trojan Horse, CIAC Information Bulletin A-10, CIAC, Livermore, CA, USA (Dec. 1989)
    URL: http://www.securityfocus.com/advisories/700
  2170. Information Technology - Security Techniques - Security Requirements for Cryptographic Modules, Standard ISO/IEC 19790:2006, International Organization for Standardization, Geneva, Switzerland (Mar. 2006)
    URL: https://www.iso.org/standard/33928.html
  2171. Information Technology - Security Techniques - Security Requirements for Cryptographic Modules, Standard ISO/IEC 19790:2012, International Organization for Standardization, Geneva, Switzerland (Aug. 2012)
    URL: https://www.iso.org/standard/52906.html
  2172. Information Technology - Security Techniques - Systems Security Engineering — Capability Maturity Model® (SSE-CMM®), Standard ISO/IEC 21827:2008, International Organization for Standardization, Geneva, Switzerland (Oct. 2008)
    URL: https://www.iso.org/standard/44716.html
  2173. Information Technology - Security Techniques - Test Requirements for Cryptographic Modules, Standard ISO/IEC 24759:2008, International Organization for Standardization, Geneva, Switzerland (Feb. 2008)
    URL: https://www.iso.org/standard/41529.html
  2174. Information Technology - Security Techniques - Test Requirements for Cryptographic Modules, Standard ISO/IEC 24759:2014, International Organization for Standardization, Geneva, Switzerland (Feb. 2014)
    URL: https://www.iso.org/standard/59142.html
  2175. Information Technology - Security Techniques - Test Requirements for Cryptographic Modules, Standard ISO/IEC 24759:2017, International Organization for Standardization, Geneva, Switzerland (Feb. 2017)
    URL: https://www.iso.org/standard/72515.html
  2176. Information Technology—Open Systems Interconnection—The Directory: Public-Key and Attribute Certificate Frameworks, Recommendation X.509, ITU-T (Nov. 2008)
    URL: http://www.itu.int/itu-t/recommendations/rec.aspx?rec=X.509
  2177. Information Technology Security Evaluation Criteria (ITSEC), Technical Report, Commission of the European Communities, Brussels, Belgium (June 1991).
  2178. Intel 64 and IA-32 Architectures Software Developer’s Manual, Volume 3 (3A, 3B & 3C): System Programming Guide, Number Order Number 325384-044US, Intel Corporation, Santa Clara, CA, USA (Aug. 2012).
  2179. Intel 64 and IA-32 Architectures Software Developer’s Manual Volume 3A: System Programming Guide, Part 1, Order Number 253668-060US, Intel Corporation, Santa Clara, CA, USA (Sep. 2016)
    URL: https://www.intel.com/content/www/us/en/architecture-and-technology/64-ia-32-architectures-software-developer-vol-3a-part-1-manual.html
  2180. Intel Itanium Architecture Software Developer’s Manual Volume 2: System Architecture, Document Number 245318-005, Intel Corporation, Santa Clara, CA, USA (May 2010)
    URL: https://www.intel.com/content/dam/www/public/us/en/documents/manuals/itanium-architecture-software-developer-rev-2-3-vol-2-manual.pdf
  2181. Internet Movie Database
    URL: http://www.imdb.com/
  2182. IP Denial-of-Service Attacks, CERT Advisory CA-1997-28, CERT, Pittsburgh, PA, USA (Dec. 1997)
    URL: https://resources.sei.cmu.edu/asset_files/WhitePaper/1997_019_001_496176.pdf
  2183. IT-Security Criteria: Criteria for the Evaluation of Trustworthiness of IT Systems, Technical Report, German Information Security Agency, Bonn, Germany (June 1989).
  2184. “Locky Ransomware Strain Led Kentucky Hospital to an ‘Internal State of Emergency’,” Trend Micro Security News, Trend Micro, Irving, TX, USA (Mar. 24, 2016).
    URL: http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/locky-ransomware-strain-led-kentucky-hospital-to-an-internal-state-of-emergency
  2185. “Mac_biba - Biba Data Integrity Policy,” FreeBSD Manual Pages for FreeBSD 11.1-RELEASE and Ports (Jan. 2008).
    URL: https://www.freebsd.org/cgi/man.cgi?mac_biba
  2186. Managing Security on the DG/UX System, Number 093-7011389-04, Data General Corporation, Westboro, MA, USA (Nov. 1996).
  2187. Microsoft PlayReady Content Protection Technology, White Paper, Microsoft Corp., Redmond, WA, USA (Apr. 2015)
    URL: http://download.microsoft.com/download/B/D/4/BD42A75B-5B3E-49C0-B70D-DD49FA9592F9/DevelopingMicrosoftPlayReadyClients_March2015.pdf
  2188. Microsoft PlayReady Developing PlayReady Clients, White Paper, Microsoft Corp., Redmond, WA, USA (Apr. 2015)
    URL: http://download.microsoft.com/download/B/D/4/BD42A75B-5B3E-49C0-B70D-DD49FA9592F9/DevelopingMicrosoftPlayReadyClients_March2015.pdf
  2189. Microsoft PlayReady Protecting Premium Live TV Services with PlayReady, White Paper, Microsoft Corp., Redmond, WA, USA (Apr. 2015)
    URL: http://download.microsoft.com/download/2/D/D/2DD6B4E8-CABF-4DE9-8F61-895BE8F1ED33/ProtectingLiveTVServicesWithPlayReady_March2015.pdf
  2190. MIME Conversion Buffer Overflow in Sendmail Versions 8.8.3 and 8.8.4, CERT Advisory CA-1997-05, CERT, Pittsburgh, PA, USA (Jan. 1997)
    URL: https://resources.sei.cmu.edu/asset_files/WhitePaper/1997_019_001_496176.pdf
  2191. Multiple SunOS Vulnerabilities Patched, CERT Advisory CA-1992-15, CERT, Pittsburgh, PA, USA (July 1992)
    URL: https://resources.sei.cmu.edu/asset_files/WhitePaper/1992_019_001_496266.pdf
  2192. Nagios XI — Log Monitoring with Swatchdog, Technical Report, Nagios Enterprises, LLC, St. Paul, MN, USA (Feb. 2017)
    URL: https://assets.nagios.com/downloads/nagiosxi/docs/Log_Monitoring_With_Swatch.pdf
  2193. National Information Assurance Partnership, Common Criteria (2017)
    URL: https://www.niap-ccevs.org
  2194. NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 3.0, Special Publication 1108r3, National Institute of Standards and Technology, Gaithersburg, MD, USA (Sep. 2014).
    DOI: 10.6028/NIST.SP.1108r3
  2195. NSA Releases Fortezza Algorithms, Press Release, National Security Agency, Ft. George G. Meade, MD, USA (June 1998)
    URL: http://cryptome.org/jya/nsa-press.htm
  2196. NSTISSP #11 FAQs (Mar. 2005)
    URL: http://gravicom.us/downloads/docs/nstissp-11-faqs.pdf
  2197. The OCaml Programming Language (2018).
    URL: https://ocaml.org
  2198. On the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data,” Directive 95/46/EC of the European Parliament and of the Council (Oct. 1995).
    URL: https://eur-lex.europa.eu/legal-content/en/TXT/?uri=CELEX
  2199. On the Protection of Natural Persons with Regard to the Processing of Personal Data by Competent Authorities for the Purposes of the Prevention, Investigation, Detection or Prosecution of Criminal Offences or the Execution of Criminal Penalties, and on the Free Movement of Such Data, and Repealing Council Framework Decision 2008/977/JHA, Directive (EU) 2016/680 of the European Parliament and of the Council (Apr. 2016).
    URL: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016L0680&from=EN
  2200. OpenLDAP Software 2.4 Administrator’s Guide, The OpenLDAP Project (Feb. 2016)
    URL: https://www.openldap.org/doc/admin24/
  2201. Overview of Red Team Reports, Technical Report, Office of the California Secretary of State, Sacramento CA, USA (July 2007)
    URL: http://votingsystems.cdn.sos.ca.gov/oversight/ttbr/red-overview.pdf
  2202. Password Management Guideline, Technical Report CSC-STD-002-85, Department of Defense (Apr. 1985)
    URL: https://fas.org/irp/nsa/rainbow/std002.htm
  2203. PDP-11 04/34/45/55 Processor Handbook, Digital Equipment Corporation, Maynard, MA, USA (1976).
  2204. Penetration Testing Execution Standard (Jan. 2012)
    URL: http://www.pentest-standard.org/
  2205. Privacy Act of 1974, 5 U.S.C. §552a (2012).
    URL: https://www.gpo.gov/fdsys/pkg/USCODE-2012-title5/pdf/USCODE-2012-title5-partI-chap5-subchapII-sec552a.pdf
  2206. Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy, The National Academies Press, Washington, DC, USA (2010)
    ISBN: 978-0-309-16035-3
  2207. A Proposed Interpretation of the TCSEC for Virtual Machine Monitor Architectures, Report, Trusted Information Systems, Inc., Glenwood, MD, USA (May 1990).
  2208. Ransomware and Recent Variants, Alert TA16-091A, US-CERT, Pittsburgh, PA, USA (Mar. 2016)
    URL: https://www.us-cert.gov/ncas/alerts/TA16-091A
  2209. rpc.ypupdated Vulnerability, CERT Advisory CA-1995-17, CERT, Pittsburgh, PA, USA (Dec. 1995)
    URL: https://resources.sei.cmu.edu/asset_files/WhitePaper/1995_019_001_496168.pdf
  2210. RSA SecurID Hardware Token Data Sheet, RSA Data Security, Inc., Bedford, MA, USA.
    URL: https://community.rsa.com/servlet/JiveServlet/downloadBody/62314-102-1-69028/h13821-ds-rsa-securid-hardware-tokens.pdf
  2211. RSA SecurID Hardware Token Technical Specifications, RSA Data Security, Inc., Bedford, MA, USA.
    URL: https://community.rsa.com/docs/DOC-62315
  2212. The Rust Programming Language (Dec. 2017)
    URL: http://www.rust-lang.org
  2213. Secure Hash Standard (SHS), FIPS PUB 180, National Institute of Standards and Technology, Gaithersburg, MD, USA (May 1993).
  2214. Secure Hash Standard (SHS), FIPS PUB 180-4, National Institute of Standards and Technology, Gaithersburg, MD, USA (Aug. 2015).
    DOI: 10.6028/NIST.FIPS.180-4
  2215. Securities and Investment Board Rules, Chapter III, Part 5:08, cited in [294].
  2216. Security Configration Guide: Access Control Lists, Cisco IOS XE Release 3S, Cisco Systems, Inc., San Jose, CA, USA (2015)
    URL: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-3s/sec-data-acl-xe-3s-book.pdf
  2217. Security Requirements for Cryptographic Modules, FIPS PUB 140-2, National Institute of Standards and Technology, Gaithersburg, MD, USA (May 2001).
    DOI: 10.6028/NIST.FIPS.140-2
  2218. Security Updates Available for Adobe Acrobat and Reader, Adobe Security Bulletin APSB17-01, Adobe Systems, Inc., San Jose, CA, USA (Jan. 2017)
    URL: https://helpx.adobe.com/security/products/acrobat/apsb17-01.html
  2219. Sendmail Daemon Mode Vulnerability, CERT Advisory CA-1996-24, CERT, Pittsburgh, PA,USA (Nov. 1996)
    URL: https://www.cert.org/historical/advisories/CA-1996-24.cfm
  2220. Sendmail Group Permissions Vulnerability, CERT Advisory CA-1996-25, CERT, Pittsburgh, PA,USA (Dec. 1996)
    URL: https://www.cert.org/historical/advisories/CA-1996-25.cfm
  2221. Sendmail: Information Disclosure, Gentoo Security Advisory GLSA 201412-32, Gentoo Security (Dec. 2014)
    URL: https://security.gentoo.org/glsa/201412-32
  2222. Sendmail prescan() Buffer Overflow Vulnerability, Vulnerability Note VU#784980, US-CERT, Pittsburgh, PA, USA (Sep. 2003)
    URL: https://www.kb.cert.org/vuls/id/784980
  2223. Sendmail Signal I/O Race Condition, Vulnerability Note VU#834865, US-CERT, Pittsburgh, PA, USA (Mar. 2006)
    URL: https://www.kb.cert.org/vuls/id/834865
  2224. Sendmail v5 Vulnerability, CERT Advisory CA-1995-08, CERT, Pittsburgh, PA, USA (Aug. 1995)
    URL: https://www.cert.org/historical/advisories/CA-1995-08.cfm
  2225. Sendmail Vulnerabilities, CERT Advisory CA-1996-20, CERT, Pittsburgh, PA, USA (Sep. 1996)
    URL: https://www.cert.org/historical/advisories/CA-1996-20.cfm
  2226. “SET Secure Electronic Transaction Specification Book 1: Business Description, Version 1.0” (May 1997)
    URL: http://www.exelana.com/set/spec100/set_bk1.pdf
  2227. “SET Secure Electronic Transaction Specification Book 2: Programmer’s Guide, Version 1.0” (May 1997)
    URL: http://www.exelana.com/set/spec100/set_bk2.pdf
  2228. “SET Secure Electronic Transaction Specification Book 3: Formal Protocol Definition, Version 1.0” (May 1997)
    URL: http://www.exelana.com/set/spec100/set_bk3.pdf
  2229. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, FIPS PUB 202, National Institute of Standards and Technology, Gaithersburg, MD, USA (Aug. 2015).
    DOI: 10.6028/NIST.FIPS.202
  2230. SKIPJACK and KEA Algorithm Specifications, Version 2.0, Technical Report, National Institute of Standards and Technology, Gaithersburg, MD, USA (May 1998)
    URL: http://csrc.nist.gov/groups/ST/toolkit/documents/skipjack/skipjack.pdf
  2231. Standards for Efficient Cryptography 2 (SEC 2): Recommended Elliptic Curve Domain Paramneters, Version 2.0, Technical Report, Certicom Research (Jan. 2010).
    URL: http://www.secg.org/sec2-v2.pdf
  2232. Sun 4.1.X Loadmodule Vulnerability, CERT Advisory CA-1995-12, CERT, Pittsburgh, PA (Oct. 1995)
    URL: https://resources.sei.cmu.edu/asset_files/WhitePaper/1995_019_001_496168.pdf
  2233. SunSHIELD Basic Security Module Guide, Part Number 806-1789-10, Sun Microsystems, Inc., Palo Alto, CA, USA (Feb. 2000)
    URL: https://docs.oracle.com/cd/E19455-01/806-1789/806-1789.pdf
  2234. Symantec Decomposer Engine Multiple Parsing Vulnerabilities, Security Advisory SYM16-010, Symantec, Inc., Mountain View, CA, USA (June 2016)
    URL: https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20160628_00
  2235. System Administration Guide: Security Services, Part No. E27224-10, Oracle Corp., Redwood City, CA, USA (Jan. 2013)
    URL: https://docs.oracle.com/cd/E26505_01/pdf/E27224.pdf
  2236. Systems Security Engineering Capability Maturity Model (SSE-CMM) Model Description Document, Version 2.0, Technical Report, Booz Allen & Hamilton, McLean, VA, USA (Apr. 1999)
    URL: http://www.dtic.mil/dtic/tr/fulltext/u2/a393329.pdf
  2237. Target: 40 Million Credit Cards Compromised, CNN, Atlanta, GA, USA (Dec. 19, 2013)
    URL: http://money.cnn.com/2013/12/18/news/companies/target-credit-card/index.html
  2238. Trojan horse version of TCP Wrappers, CERT Advisory CA-1999-01, CERT, Pittsburgh, PA (Jan. 1999)
    URL: https://www.cert.org/historical/advisories/CA-1999-01.cfm
  2239. Trusted Computer System Evaluation Criteria, Technical Report DoD 5200.28-STD, Department of Defense, Washington, DC, USA (Dec. 1985)
    URL: https://fas.org/irp/nsa/rainbow/std001.htm
  2240. Trusted Database Management System Interpretation, Report NCSC-TG-021, Department of Defense, Washington, DC, USA (Apr. 1991)
    URL: http://fas.org/irp/nsa/rainbow/tg021.htm
  2241. Trusted Extensions Configuration and Administration, Part Number E36840, Oracle, Inc., Redwood City, CA, USA (July 2014)
    URL: https://docs.oracle.com/cd/E23824_01/pdf/821-1482.pdf
  2242. Trusted Network Interpretation, Report NCSC-TG-005, Department of Defense, Washington, DC, USA (July 1987)
    URL: http://fas.org/irp/nsa/rainbow/tg005.htm
  2243. Trusted Platform Module Library Specification, Family “2.0”, Level 00, Revision 01.38, Technical Report, Trusted Computing Group, Beaverton, OR, USA (Sep. 2016)
    URL: https://trustedcomputinggroup.org/tpm-library-specification/
  2244. Trusted Solaris Administrator’s Procedures, Number 805-8120-10, Sun Microsystems, Inc., Palo Alto, CA, USA (Dec. 2000)
    URL: https://docs.oracle.com/cd/E19109-01/tsolaris8/805-8120-10/805-8120-10.pdf
  2245. Trusted Solaris Developer’s Guide, Manual Number 805-8116-10, Sun Microsystems, Inc., Palo Alto, CA, USA (Dec. 2000)
    URL: https://docs.oracle.com/cd/E19109-01/tsolaris8/805-8116-10/805-8116-10.pdf
  2246. Trusted Solaris User’s Guide, Number 805-8115-10, Sun Microsystems, Inc., Palo Alto, CA, USA (Dec. 2000)
    URL: https://docs.oracle.com/cd/E19109-01/tsolaris8/805-8115-10/805-8115-10.pdf
  2247. Unauthentic “Microsoft Corporation” Certificates, CERT Advisory CA-2001-04, CERT, Pittsburgh, PA, USA (Mar. 2001)
    URL: https://www.kb.cert.org/vuls/id/869360
  2248. UNICOS Security Administration Reference Manual, Cray Research, Inc., Mendota Heights, MN, USA (1989).
  2249. Virus Bulletin Archives, Virus Bulletin, Abingdon, UK (2014.
    URL: https://www.virusbulletin.com/virusbulletin/archive
  2250. Vulnerabilities Equities Policy and Process for the United States Government, Charter, The White House, United States Government, Washington, DC, USA (Nov. 2017)
    URL: https://www.whitehouse.gov/articles/improving-making-vulnerability-equities-process-transparent-right-thing/
  2251. W32.Duqu: The Precursor to the Next Stuxnet, Technical Report, Symantec Corporation, Mountain View, CA, USA (Oct. 2011).
  2252. WhatsApp Encryption Overview, Technical White Paper, WhatsApp, Inc., Mountain View, CA, USA (Apr. 2016)
    URL: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf
  2253. Windows Firewall Blocks Some Programs After You Install Windows XP SP3,” Microsoft Windows Technical Support Article 842242, Microsoft Corp., Redmond, WA, USA (Nov. 2007).
    URL: https://support.microsoft.com/en-us/help/842242/windows-firewall-blocks-some-programs-after-you-install-windows-xp-sp3
  2254. Writeable /etc/utmp Vulnerability, CERT Advisory CA-1994-06, CERT, Pittsburgh, PA, USA (Mar. 1994)
    URL: http://www.cert.org/historical/advisories/CA-1994-06.cfm
  2255. xterm Logfile Vulnerability, CIAC Information Bulletin E-04, U.S. Department of Energy Computer Incident Advisory Capability, Livermore, CA, USA (Nov. 1993)
    URL: https://www.cvedetails.com/cve/CVE-1999-0965/
  2256. z/OS V2R1.0 Security Server RACF Command Language Reference, IBM z/OS V2R1 SA23-2292-00, IBM Corporation, Poughkeepsie, NY, USA (2013)
    URL: http://publibz.boulder.ibm.com/epubs/pdf/ich2a400.pdf

“Books are the training weights of the mind.”
            —Epictetus


Last updated on Wednesday, November 7, 2018 at 7:31:14 PM
Valid HTML 5 Valid CSS! Built with BBEdit Built on a Macintosh