Reading List
This is a tentative list of research papers that we plan to read this semester. Please find a partner, pick a paper that you two are responsible to present, and register with me in person or by email no later than September 4, 2003. First come first serve. If the paper you have in mind has been chosen by other people, please pick another one that is still open. Schedule will be set up after every group has chosen a paper.
Denial-of-Service Attacks
Denial of Service via Algorithmic Complexity Attacks, Scott A. Crosby, Dan S. Wallach, Proceedings of 12th USENIX Security Symposium, August 2003.
A Framework for Classifying Denial of Service Attack, Alefiya Hussain, John Heidemann, Christos Papadopoulos, Proceedings of SIGCOMM 2003, August 2003.
802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions, John Bellardo and Stefan Savage, Proceedings of 12th USENIX Security Symposium, August 2003.
Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants), Aleksandar Kuzmanovic, Edward W. Knightly, Proceedings of SIGCOMM 2003, August 2003.
Intrusion Detection
Active
Mapping: Resisting NIDS Evasion Without Altering Traffic
Stateful Intrusion Detection for High-Speed Networks, Christopher Kruegel, Fredrik Valeur, Giovanni Vigna, Richard A. Kemmerer, Proceedings of 2002 IEEE Symposium on Security and Privacy, May 2002.
Anonymity
Mixminion:
Design of a Type III Anonymous Remailer Protocol
Defending
Anonymous Communication Against Passive Logging Attacks
Secret
Handshakes from Pairing-Based Key Agreements
Random
Key Predistribution Schemes for Sensor Networks
Authentication
The Logic of Authentication Protocols, Paul Syverson and Iliano Cervesato, in Foundations of Security Analysis and Design, Springer Verlag LNCS 2171.
Dos and Don'ts of Client Authentication on the Web, Kevin Fu, Emil Sit, Kendra Smith, Nick Feamster, Proceedings of 10th USENIX Security Symposium, August 2001.
Establishing the Genuinity of Remote Computer Systems, Rick Kennell and Leah H. Jamieson, Proceedings of 12th USENIX Security Symposium, August 2003.
Expander Graphs for Digital Stream Authentication and Robust Overlay Networks, Dawn X. Song, David Zuckerman, J. D. Tygar, Proceedings of 2002 IEEE Symposium on Security and Privacy, May 2002.
Access Control
dRBAC: Distributed Role-based Access Control for Dynamic Coalition Environments, Eric Freudenthal, Tracy Pesin, Lawrence Port, Edward Keenan, Vijay Karamcheti, Proceedings of 22nd International Conference on Distributed Computing Systems, July 2002.
Gothic: A Group Access Control Architecture for Secure Multicast and Anycast, Paul Judge, Mostafa Ammar, Proceedings of INFOCOM 2002, June 2002.
Miscellaneous
Remote Timing Attacks Are Practical, David Brumley and Dan Boneh, Proceedings of 12th USENIX Security Symposium, August 2003.
Automated Generation and Analysis of Attack Graphs, Oleg Sheyner, Somesh Jha, Jeannette Wing, Richard Lippmann, Joshua Haines, Proceedings of 2002 IEEE Symposium on Security and Privacy, May 2002.