Annotated Bibliography 13 and References Those Who Cannot Remember the Past Are Condemned to Repeat It
Total Page:16
File Type:pdf, Size:1020Kb
32697 13 299-320 r7jk.ps 1/4/06 1:04 PM Page 299 Annotated Bibliography 13 and References Those who cannot remember the past are condemned to repeat it. George Santayana Annotated Bibliography: An Emerging Literature What follows is a noncomprehensive bibliography of software security pub- lications. This list is heavily biased toward recent publications. The refer- ences here can serve as a springboard to the wider literature. Below each reference is a brief description of the work and its place in the literature. All opinions are mine. The bibliography is divided into three sections. First is a very short list of required reading (the top five list for software security). Second is a com- plete list of all references cited in this book. Third is a list of other important software security references not otherwise mentioned in this book. There are overlaps only between the required reading list and the other two lists. Required Reading: The Top Five This is a completely biased list of the top five publications to read in soft- ware security (presented in alphabetical order). If you have time to read only a handful of stuff, read everything on this list first. 1. [Anderson 2001] Ross Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley and Sons, New York, 2001. <http://www.cl.cam.ac.uk/~rja14/book.html> This is probably the best security book on the market. If you can buy only one other book relevant to software security, buy this one. Security Engineering is about building systems that remain depend- able in the face of malicious attack, unintentional error, or accident. Anderson’s treatment focuses on the tools, processes, and methods needed to design, implement, and test complete systems and to adapt existing systems as their environment evolves. 299 32697 13 299-320 r7jk.ps 1/4/06 1:04 PM Page 300 300 Chapter 13 Annotated Bibliography and References 2. [Hoglund and McGraw 2004] Greg Hoglund and Gary McGraw. Exploiting Software: How to Break Code. Addison-Wesley, Boston, MA, 2004. <http://www.exploitingsoftware.com> One of my three software security books. Exploiting Software goes way beyond the script kiddie hacking basics by describing the soft- ware attacker’s toolkit and how it is commonly used by bad guys. This book includes hard-core information on real attacks against real software. It also introduces the notion of attack patterns. 3. [Howard and LeBlanc 2003] Michael Howard and David LeBlanc. Writing Secure Code, 2nd edition. Microsoft Press, Redmond, WA, 2003. Mike Howard’s blog serves as the de facto site for this book <http://blogs.msdn.com/michael_howard/>. Writing Secure Code is a very good treatment of software security with an emphasis on code and implementation problems (bugs). The introduction of the STRIDE model is particularly noteworthy. If you’re serious about software security, you need to read this book. 4. [Saltzer and Schroeder 1975] Jerome Saltzer and Michael Schroeder. “The Protection of Information in Computer Systems,” Proceedings of the IEEE 9(63), September 1975, pp. 1278–1308. <http://web.mit. edu/Saltzer/www/publications/protection/> An absolutely classic paper that everyone cites but few actually read. This paper introduces and discusses a number of central security principles. The paper itself is a pithy, short, essential read. (By the way, a treatment of the principles idea related to software security can be found in Building Secure Software.) 5. [Viega and McGraw 2001] John Viega and Gary McGraw. Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley, Boston, MA, 2001. <http://www. buildingsecuresoftware.com/> One of my three software security books. Building Secure Software launched the field of software security. Though there is plenty of code in BSS, the book itself is really a philosophical treatment introducing the idea of building security in. References Cited in Software Security: Building Security In A complete alphabetical listing of all references in this book, including those references mentioned in footnotes. 32697 13 299-320 r7jk.ps 1/4/06 1:04 PM Page 301 Annotated Bibliography: An Emerging Literature 301 [Abbott et al. 1976] Robert Abbott, Janet Chin, James Donnelley, William Konigsford, Shigeru Tokubo, and Douglas Webb. “Security Analysis and Enhancements of Computer Operating Systems,” NBSIR 76-1041, National Bureau of Standards, ICST, Washington, DC, 1976. Abbott introduces the RISOS taxonomy of computer security problems related to operating systems. Very early work in understanding security vulnerabilities. [Alexander 2003] Ian Alexander. “Misuse Cases: Use Cases with Hostile Intent,” IEEE Software 20(1), January/February 2003, pp. 58–66. Alexander advocates using misuse and use cases together to conduct threat and hazard analysis during requirements analysis. [Anderson 2001] Ross Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley and Sons, New York, 2001. See entry in Required Reading. [Arkin, Stender, and McGraw 2005] Brad Arkin, Scott Stender, and Gary McGraw. “Software Penetration Testing,” IEEE Security & Privacy 3(1), 2005, pp. 84–87. One of the original BSI articles from IEEE Security & Privacy magazine that sparked this book. See <http://www.computer.org/security> for sub- scription information. [Ashcraft and Engler 2002] Ken Ashcraft and Dawson Engler. “Using Programmer-Written Compiler Extensions to Catch Security Holes,” Pro- ceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, IEEE Computer Society Press, 2002, pp. 131–147. Engler’s work on static analysis is now being commercialized by Cover- ity. This academic paper describes the bug-finding technology developed at UC Berkeley. [Aslam 1995] Taimur Aslam. “A Taxonomy of Security Faults in the UNIX Operating System.” Master’s Thesis, Purdue University, 1995. An early taxonomy focused on UNIX security problems. [Ball and Rajamani 2001] Tom Ball and Sriram Rajamani. “Automatically Validating Temporal Safety Properties of Interfaces,” Proceedings of the 8th International SPIN Workshop on Model Checking of Software, Springer Lecture Notes in Computer Science, vol. 2057, 2001, pp. 103–122. The SLAM model checker uses predicate abstraction to examine program safety properties. Tom Ball now runs a research group at Microsoft. 32697 13 299-320 r7jk.ps 1/4/06 1:04 PM Page 302 302 Chapter 13 Annotated Bibliography and References [Barnum and McGraw 2005] Sean Barnum and Gary McGraw. “Knowl- edge for Software Security,” IEEE Security & Privacy 3(2), 2005, pp. 74–78. One of the original BSI articles from IEEE Security & Privacy magazine that sparked this book. See <http://www.computer.org/security> for sub- scription information. [Bisbey and Hollingworth 1978] Richard Bisbey and Dennis Hollingworth. “Protection Analysis Project Final Report,” ISI/RR-78-13, DTIC AD A056816, USC/Information Sciences Institute, 1978. A description of the Protection Analysis (PA) project meant to enable anybody (with or without any knowledge about computer security) to discover security errors in a system by using a pattern-directed approach. Formalized patterns were used to search for corresponding errors. The PA project was the first project to explore automation of security defect detection. [Bishop 2003] Matt Bishop. Computer Security: Art and Science. Addison- Wesley, Boston, MA, 2003. A decent though overly formal textbook on computer security. Matt Bishop is one of the pioneers of software security. Echoes of his philoso- phy of building security in are evident in this book. [Bishop and Dilger 1996] Matt Bishop and Mike Dilger. “Checking for Race Conditions in File Accesses,” Computing Systems 9(2), 1996, pp. 131–152. Matt Bishop’s seminal paper explains a simple static analysis tool for detecting time-of-check–time-of-use (TOCTOU) defects. [Bush, Pincus, and Sielaff 2000] William Bush, Jonathan Pincus, and David Sielaff. “A Static Analyzer for Finding Dynamic Programming Errors,” Soft- ware Practice and Experience, 30(7), June 2000, pp. 775–802. The only paper published about Prefix, the complicated precursor to Prefast invented by Jon Pincus and used internally at Microsoft for many years. [Cavusoglu, Mishra, and Raghunathan 2002] Huseyin Cavusoglu, Birendra Mishra, and Srinivasan Raghunathan. “The Effect of Internet Security Breach Announcements on Market Value of Breached Firms and Internet Security Developers,” Technical Report from the University of Texas at Dallas School of Management, February 2002. A minor academic study indicating a link between security events and negative stock price movements. 32697 13 299-320 r7jk.ps 1/4/06 1:04 PM Page 303 Annotated Bibliography: An Emerging Literature 303 [Chen and Wagner 2002] Hao Chen and David Wagner. “MOPS: An Infra- structure for Examining Security Properties of Software,” Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS2002), Washington, DC, ACM Press, 2002, pp. 235–244. MOPS takes a model-checking approach to look for violations of tem- poral safety properties. Developers can model their own safety proper- ties, and some have used the tool to check for privilege management errors, incorrect construction of chroot jails, file access race conditions, and ill-conceived temporary file schemes. [Chess 2002] Brian Chess. “Improving Computer Security Using Extended Static Checking,” Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, IEEE Computer Society Press, 2002, pp. 118–130. The Eau Claire tool uses a theorem prover to create a general specification-checking framework for C programs. It can help find common security problems like buffer overflows, file access race con- ditions, and format string bugs. Developers can use specifications to ensure that function implementations behave as expected. [Chess and McGraw 2004] Brian Chess and Gary McGraw. “Static Analysis for Security,” IEEE Security & Privacy 2(6), 2004, pp. 76–79. One of the original BSI articles from IEEE Security & Privacy magazine that sparked this book. See <http://www.computer.org/security> for sub- scription information. [Cheswick and Bellovin 1994] Bill Cheswick and Steve Bellovin.