A Reading List in Information Security
Center for Education and Research in Information Assurance
and Security (CERIAS)
and Department of Computer Science
Last Updated on March 10, 2004.
This reading list is prepared by information security faculty members at
Purdue's Computer Science Department,
with help from many other people.
This list is primarily for Purdue Computer Science graduate students who plan to
take the oral Qualifier Exam in the infomation security area.
This list is likely to be used as a basis for a Qualifier exam. For example,
a student may be asked to read all the basic papers, a textbook on cryptography,
and a number of (e.g., five)
additional papers. These additional papers may be chosen from the list of advanced
papers or assigned by the exam committee.
To which extent this list is used for a particular exam is completely up to the exam
committee to decide.
The list of basic
papers are also recommended for any graduate student who plan to conduct research in
security. The list of advanced papers are recommended for students who wish to
know more about particular research areas in security.
We have copies of some papers that are not available online. These papers
are kept in REC 217. Ask the receptionist in REC 217 for the "Security Qual2
Readings" folder, make copies of the papers you need, and return the folder.
Comments and suggestions are welcome. Please send them to firstname.lastname@example.org
- W. Diffie and M.E. Hellman.
New directions in cryptography.
IEEE Transactions on Information Theory, Volume 22, Number 6, November
1976, pp. 644 - 654.
S. Goldwasser and S. Micali.
Probabilistic encryption. Journal of Computer & System
Sciences, Volume 28, Number 2, April 1984, pp. 270-299.
K. Thompson. Reflections on Trusting Trust. Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763.
J.H. Saltzer and M.D. Schroeder. Part I-A of The
Protection of Information in Computer Systems.
Proceedings of the IEEE, 63(9):1278-1308, 1975.
The eight principles in Part I-A are as relevant today as they were back then.
L. Lamport, R. Shostak, and M. Pease.
The Byzantine Generals
Problem ACM Transactions on Programming Languages and Systems
4(3):382-401, July 1982.
Technically, this is not a security paper. However, it is a fundamental paper of distributed computing,
which is closely related to security.
D.D. Clark and D.R. Wilson.
"A Comparison of Commercial and Military Computer Security Policies"
In Proceedings of the 1987 IEEE Symposium on Security and Privacy.
R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman.
Role-Based Access Control Models.
IEEE Computer, 29(2):38--47, February 1996.
E. Spafford. "The Internet Worm Program: An Analysis".
Purdue Technical Report CSD-TR-823.
S.M. Bellovin. "Security Problems in the TCP/IP Protocol Suite"
ACM Computer Communication Review, Volume 19 , Issue 2 (April
D. Denning. "An
IEEE Transactions on Software Engineering, Volume. SE-13, Number 2,
February1987, pp. 222-232.
V. Paxson. "Bro: A System for Detecting Network Intruders in Real-Time,
Computer Networks, 31(23-24), pp. 2435-2463, 14 Dec. 1999.
M. Abadi and R. Needham. Prudent
Engineering Practice for Cryptographic Protocols".
IEEE Transactions on Software Engineering. January 1996 (Vol. 22, No. 1)
R. Anderson. "Why Cryptosystems Fail".
Communications of the ACM, 37(11):32-40, November 1994.
N. Borisov, I. Goldberg, D. Wagner.
Intercepting Mobile Communications: The Insecurity
of 802.11, MOBICOM 2001.
- M. Blum and S. Micali. "How to generate cryptographically strong sequences of pseudo-random bits".
SIAM Journal on Computing, Volume 13, Issue 4 (November 1984), pages 850--864. Conference version in FOCS 1982.
Copy available in REC 217.
- S. Goldwasser, S. Micali, and C. Rackoff. "Knowledge complexity of Interactive Proof Systems".
SIAM Journal on Computing, Volume 18, Issue 1 (February 1989), pages 186--208. Conference version in STOC 1985.
- M. Bellare and P. Rogaway. Random
oracles are practical: a paradigm for designing efficient protocols.
In Proceedings of First ACM Conference on Computer and Communications Security (CCS), 1993.
- M. Bellare, A. Desai, D. Pointcheval and P. Rogaway.
Relations among notions of security for public-key encryption schemes.
Extended abstract in Advances in Cryptology - Crypto 98.
- Matt Franklin and Moti Yung. "Varieties of secure distributed computing".
P. Paillier. Public-Key
Cryptosystems Based on Composite Degree Residuosity Classes, EUROCRYPT 1999.
- A. Herzberg, S. Jarecki, H. Krawczyk, and M. Yung.
Proactive secret sharing or: How to cope with perpetual leakage.
- D. Boneh and M. Franklin. "Identity-based encryption from the Weil pairing"
SIAM J. of Computing, Vol. 32, No. 3, pp. 586-615, 2003.
Extended abstract in proceedings of Crypto '2001, Lecture Notes in Computer Science, Vol. 2139, Springer-Verlag, pp. 213-229, 2001.
- M. Bellare and O. Goldreich. "On defining proofs of knowledge".
In CRYPTO 1992.
Michael A. Harrison and Walter L. Ruzzo and Jeffrey D. Ullman.
"Protection in Operating Systems". CACM, August 1976.
- M. Abadi, M. Burrows, B. Lampson, and G. Plotkin.
"A calculus for access control in distributed systems".
ACM Transactions on Programming Languages and Systems (TOPLAS). Volume 15, Issue 4 (September 1993), Pages: 706 - 734.
M. Blaze, J. Feigenbaum, and J. Lacy.
Decentralized Trust Management.
In Proc. of IEEE Symposium on Security and Privacy, 1996.
R. L. Rivest and B. Lampson.
--- A Simple Distributed Security Infrastructure. Version 1.1.
- F.B. Schneider. Enforceable security policies.
ACM Transactions on Information and System Security (TISSEC). Volume 3, Issue 1 (February 2000). Pages: 30 - 50
- E Bertino, E Ferrari, V Atluri. "The specification and enforcement of authorization constraints in workflow management systems".
- R.S. Sandhu. "Lattice-based access control models".
- D. Sutherland. "A Model of Information"
- Goguen and Meseguer. "Unwinding and Inference Control"
- Goguen and Meseguer. "Security Policies and Security Models"
- P.P. Griffiths and B.W. Wade.
"An authorization mechanism for a relational database system"
ACM Transactions on Database Systems (TODS), Volume 1 , Issue 3 (September 1976), Pages: 242 - 255.
Nabil R. Adam, John C. Wortmann. "Security-control methods for statistical databases: a comparative study"
F Rabitti, E Bertino, W Kim, D Woelk. "A model of authorization for next-generation database systems".
Network Security and Intrusion Detection
J.G. Steiner, B.C. Neuman, J.I. Schiller.
"Kerberos: An Authentication
Service for Open Network Systems" In Usenix Conference Proceedings, pp. 191--202, Mar. 1988.
S.M. Bellovin, M Merritt. "Limitations
of the Kerberos Authentication System, ACM Computer Communications Review, 1991.
B. Lampson, M. Abadi, M. Burrows, and E. Wobber.
Authentication in Distributed Systems: Theory and Practice
ACM Transactions on Computer Systems (TOCS). Volume 10, Issue 4 (November 1992). Pages: 265 - 310.
- Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson.
Practical Network Support for IP Traceback SIGCOMM 2000.
Kihong Park, Heejo Lee. On the Effectiveness of Route-Based Packet Filtering for Distributed DoS
Attack Prevention in Power-Law Internets SIGCOMM 2001
S. Forrest, A.S. Perelson, L. Allen, and R. Cherukuri
Self-nonself discrimination in a computer
In 1994 IEEE Symposium on Security and Privacy.
S. Forrest, S.A. Hofmeyr, A. Somayaji, T.A. Longstaff
A sense of self for Unix processes
T. Ptacek and T. Newsham
Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection
- M. Castro and B. Liskov. Practical
Byzantine Fault Tolerance. In Proceedings of the Third Symposium on Operating Systems Design
and Implementation (OSDI '99), New Orleans, USA, February 1999.
R. Wahbe, S. Lucco, T.E. Anderson, and S.L. Graham.
Efficient software-based fault isolation
Proceedings of the fourteenth ACM symposium on Operating systems principles, Pages: 203 - 216, 1994.
Analysis of Cryptographic Protocols
D. Dolev and A. Yao. "On the security of public key protocols"
- M Burrows, M Abadi, R Needham. "A logic of authentication"
- Gavin Lowe.
"Breaking and fixing the Needham-Schroeder public-key protocol using FDR"
FJT Fabrega, JC Herzog, JD Guttman. "Strand spaces: Proving security protocols correct"
Privacy and Anonymity
- Anonymous Connections and Onion Routing
- Freenet: A distributed anonymous information storage and retrieval system
- Crowds: Anonymity for web transactions