New Directions in Cryptography - Whitfield Diffie and Martin Hellman (1976) It's hard to emphasize just how revolutionary the concept of public key cryptography is. This paper started it all, introducing D-H key agreement and digital signatures. https://ee.stanford.edu/~hellman/publications/24.pdf …
-
-
Prikaži ovu nit
-
Reflections on Trusting Trust - Ken Thompson (1984) This paper succinctly describes the concept that it's not enough to trust software, you also need to trust the software that compiles the software, and the software that compiles the compiler, and so on https://www.archive.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf …
Prikaži ovu nit -
Lest We Remember: Cold Boot Attacks on Encryption Keys - J. Alex Halderman et al. (2008) Another security paper that explores the reasons why good encryption software can be insufficient in the face of physical attacks. https://jhalderm.com/pub/papers/coldboot-sec08.pdf …
Prikaži ovu nit -
Improving SSL Warnings: Comprehension and Adherence - Adrienne Porter Felt et al. (2015) A data-driven study of how well/poorly user interfaces express security features to users in web browsers. https://dl.acm.org/citation.cfm?id=2702442 …
Prikaži ovu nit -
This World of Ours - James Mickens (2014) A comedic article that helps emphasize the difference between targeted attacks by well-resourced adversaries and the more pedestrian threats faced by the general populace. https://www.usenix.org/system/files/1401_08-12_mickens.pdf …
Prikaži ovu nit -
Return-Oriented Programming - Solar Designer (1997) A new attack methodology that revolutionized offensive security. http://seclists.org/bugtraq/1997/Aug/63 …
Prikaži ovu nit -
Format String Attacks - Tim Newsham (2000) Still one of the most pervasive security issues, format string vulnerabilities demonstrate the dangers of mixing abstractions. http://forum.ouah.org/FormatString.PDF …
Prikaži ovu nit -
Ceremony Design and Analysis - Carl Ellison (2007) This paper introduces the idea of a ceremony as a generalization of a security protocol, formalizing the often overlooked human element. https://eprint.iacr.org/2007/399.pdf
Prikaži ovu nit -
Programming Satan’s Computer - Ross Anderson and Roger Needham (1995) An exploration of the adversarial models needed to build secure software. https://www.cl.cam.ac.uk/~rja14/Papers/satan.pdf …
Prikaži ovu nit -
Survivable Key Compromise in Software Update Systems - Justin Samuel, Nick Mathewson, Justin Cappos, Roger Dingledine (2010) This paper introduces The Update Framework (TUF) for secure software updates. https://justinsamuel.com/papers/survivable-key-compromise-ccs2010.pdf …
Prikaži ovu nit -
Validation of Elliptic Curve Public Keys - Adrian Antipa et al. (2003) The first of many papers exploring some of the subtle risks of elliptic curve cryptography. https://iacr.org/archive/pkc2003/25670211/25670211.pdf …
Prikaži ovu nit -
Some thoughts on security after ten years of qmail 1.0 - Daniel J. Bernstein (2007) A retrospective of a popular mail transfer agent by the author with best practices learned. https://cr.yp.to/qmail/qmailsec-20071101.pdf …
Prikaži ovu nit -
Straight Talk: New Yorkers on Mobile Messaging and Implications for Privacy - Ame Elliott, Sara Brody (2016) A revealing field study about security, privacy and surveillance. https://simplysecure.org/resources/techreports/NYC15-MobMsg.pdf …
Prikaži ovu nit -
Singularity - Microsoft Research (2003) A series of works derived from the Midori advanced development OS project.https://www.microsoft.com/en-us/research/project/singularity/ …
Prikaži ovu nit -
That's it for now. This is not a comprehensive reading list, but hopefully anyone working or studying security engineering can find something useful.
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.