Annotated Bibliography 13 and References Those Who Cannot Remember the Past Are Condemned to Repeat It

Total Page:16

File Type:pdf, Size:1020Kb

Annotated Bibliography 13 and References Those Who Cannot Remember the Past Are Condemned to Repeat It 32697 13 299-320 r7jk.ps 1/4/06 1:04 PM Page 299 Annotated Bibliography 13 and References Those who cannot remember the past are condemned to repeat it. George Santayana Annotated Bibliography: An Emerging Literature What follows is a noncomprehensive bibliography of software security pub- lications. This list is heavily biased toward recent publications. The refer- ences here can serve as a springboard to the wider literature. Below each reference is a brief description of the work and its place in the literature. All opinions are mine. The bibliography is divided into three sections. First is a very short list of required reading (the top five list for software security). Second is a com- plete list of all references cited in this book. Third is a list of other important software security references not otherwise mentioned in this book. There are overlaps only between the required reading list and the other two lists. Required Reading: The Top Five This is a completely biased list of the top five publications to read in soft- ware security (presented in alphabetical order). If you have time to read only a handful of stuff, read everything on this list first. 1. [Anderson 2001] Ross Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley and Sons, New York, 2001. <http://www.cl.cam.ac.uk/~rja14/book.html> This is probably the best security book on the market. If you can buy only one other book relevant to software security, buy this one. Security Engineering is about building systems that remain depend- able in the face of malicious attack, unintentional error, or accident. Anderson’s treatment focuses on the tools, processes, and methods needed to design, implement, and test complete systems and to adapt existing systems as their environment evolves. 299 32697 13 299-320 r7jk.ps 1/4/06 1:04 PM Page 300 300 Chapter 13 Annotated Bibliography and References 2. [Hoglund and McGraw 2004] Greg Hoglund and Gary McGraw. Exploiting Software: How to Break Code. Addison-Wesley, Boston, MA, 2004. <http://www.exploitingsoftware.com> One of my three software security books. Exploiting Software goes way beyond the script kiddie hacking basics by describing the soft- ware attacker’s toolkit and how it is commonly used by bad guys. This book includes hard-core information on real attacks against real software. It also introduces the notion of attack patterns. 3. [Howard and LeBlanc 2003] Michael Howard and David LeBlanc. Writing Secure Code, 2nd edition. Microsoft Press, Redmond, WA, 2003. Mike Howard’s blog serves as the de facto site for this book <http://blogs.msdn.com/michael_howard/>. Writing Secure Code is a very good treatment of software security with an emphasis on code and implementation problems (bugs). The introduction of the STRIDE model is particularly noteworthy. If you’re serious about software security, you need to read this book. 4. [Saltzer and Schroeder 1975] Jerome Saltzer and Michael Schroeder. “The Protection of Information in Computer Systems,” Proceedings of the IEEE 9(63), September 1975, pp. 1278–1308. <http://web.mit. edu/Saltzer/www/publications/protection/> An absolutely classic paper that everyone cites but few actually read. This paper introduces and discusses a number of central security principles. The paper itself is a pithy, short, essential read. (By the way, a treatment of the principles idea related to software security can be found in Building Secure Software.) 5. [Viega and McGraw 2001] John Viega and Gary McGraw. Building Secure Software: How to Avoid Security Problems the Right Way. Addison-Wesley, Boston, MA, 2001. <http://www. buildingsecuresoftware.com/> One of my three software security books. Building Secure Software launched the field of software security. Though there is plenty of code in BSS, the book itself is really a philosophical treatment introducing the idea of building security in. References Cited in Software Security: Building Security In A complete alphabetical listing of all references in this book, including those references mentioned in footnotes. 32697 13 299-320 r7jk.ps 1/4/06 1:04 PM Page 301 Annotated Bibliography: An Emerging Literature 301 [Abbott et al. 1976] Robert Abbott, Janet Chin, James Donnelley, William Konigsford, Shigeru Tokubo, and Douglas Webb. “Security Analysis and Enhancements of Computer Operating Systems,” NBSIR 76-1041, National Bureau of Standards, ICST, Washington, DC, 1976. Abbott introduces the RISOS taxonomy of computer security problems related to operating systems. Very early work in understanding security vulnerabilities. [Alexander 2003] Ian Alexander. “Misuse Cases: Use Cases with Hostile Intent,” IEEE Software 20(1), January/February 2003, pp. 58–66. Alexander advocates using misuse and use cases together to conduct threat and hazard analysis during requirements analysis. [Anderson 2001] Ross Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. John Wiley and Sons, New York, 2001. See entry in Required Reading. [Arkin, Stender, and McGraw 2005] Brad Arkin, Scott Stender, and Gary McGraw. “Software Penetration Testing,” IEEE Security & Privacy 3(1), 2005, pp. 84–87. One of the original BSI articles from IEEE Security & Privacy magazine that sparked this book. See <http://www.computer.org/security> for sub- scription information. [Ashcraft and Engler 2002] Ken Ashcraft and Dawson Engler. “Using Programmer-Written Compiler Extensions to Catch Security Holes,” Pro- ceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, IEEE Computer Society Press, 2002, pp. 131–147. Engler’s work on static analysis is now being commercialized by Cover- ity. This academic paper describes the bug-finding technology developed at UC Berkeley. [Aslam 1995] Taimur Aslam. “A Taxonomy of Security Faults in the UNIX Operating System.” Master’s Thesis, Purdue University, 1995. An early taxonomy focused on UNIX security problems. [Ball and Rajamani 2001] Tom Ball and Sriram Rajamani. “Automatically Validating Temporal Safety Properties of Interfaces,” Proceedings of the 8th International SPIN Workshop on Model Checking of Software, Springer Lecture Notes in Computer Science, vol. 2057, 2001, pp. 103–122. The SLAM model checker uses predicate abstraction to examine program safety properties. Tom Ball now runs a research group at Microsoft. 32697 13 299-320 r7jk.ps 1/4/06 1:04 PM Page 302 302 Chapter 13 Annotated Bibliography and References [Barnum and McGraw 2005] Sean Barnum and Gary McGraw. “Knowl- edge for Software Security,” IEEE Security & Privacy 3(2), 2005, pp. 74–78. One of the original BSI articles from IEEE Security & Privacy magazine that sparked this book. See <http://www.computer.org/security> for sub- scription information. [Bisbey and Hollingworth 1978] Richard Bisbey and Dennis Hollingworth. “Protection Analysis Project Final Report,” ISI/RR-78-13, DTIC AD A056816, USC/Information Sciences Institute, 1978. A description of the Protection Analysis (PA) project meant to enable anybody (with or without any knowledge about computer security) to discover security errors in a system by using a pattern-directed approach. Formalized patterns were used to search for corresponding errors. The PA project was the first project to explore automation of security defect detection. [Bishop 2003] Matt Bishop. Computer Security: Art and Science. Addison- Wesley, Boston, MA, 2003. A decent though overly formal textbook on computer security. Matt Bishop is one of the pioneers of software security. Echoes of his philoso- phy of building security in are evident in this book. [Bishop and Dilger 1996] Matt Bishop and Mike Dilger. “Checking for Race Conditions in File Accesses,” Computing Systems 9(2), 1996, pp. 131–152. Matt Bishop’s seminal paper explains a simple static analysis tool for detecting time-of-check–time-of-use (TOCTOU) defects. [Bush, Pincus, and Sielaff 2000] William Bush, Jonathan Pincus, and David Sielaff. “A Static Analyzer for Finding Dynamic Programming Errors,” Soft- ware Practice and Experience, 30(7), June 2000, pp. 775–802. The only paper published about Prefix, the complicated precursor to Prefast invented by Jon Pincus and used internally at Microsoft for many years. [Cavusoglu, Mishra, and Raghunathan 2002] Huseyin Cavusoglu, Birendra Mishra, and Srinivasan Raghunathan. “The Effect of Internet Security Breach Announcements on Market Value of Breached Firms and Internet Security Developers,” Technical Report from the University of Texas at Dallas School of Management, February 2002. A minor academic study indicating a link between security events and negative stock price movements. 32697 13 299-320 r7jk.ps 1/4/06 1:04 PM Page 303 Annotated Bibliography: An Emerging Literature 303 [Chen and Wagner 2002] Hao Chen and David Wagner. “MOPS: An Infra- structure for Examining Security Properties of Software,” Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS2002), Washington, DC, ACM Press, 2002, pp. 235–244. MOPS takes a model-checking approach to look for violations of tem- poral safety properties. Developers can model their own safety proper- ties, and some have used the tool to check for privilege management errors, incorrect construction of chroot jails, file access race conditions, and ill-conceived temporary file schemes. [Chess 2002] Brian Chess. “Improving Computer Security Using Extended Static Checking,” Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, IEEE Computer Society Press, 2002, pp. 118–130. The Eau Claire tool uses a theorem prover to create a general specification-checking framework for C programs. It can help find common security problems like buffer overflows, file access race con- ditions, and format string bugs. Developers can use specifications to ensure that function implementations behave as expected. [Chess and McGraw 2004] Brian Chess and Gary McGraw. “Static Analysis for Security,” IEEE Security & Privacy 2(6), 2004, pp. 76–79. One of the original BSI articles from IEEE Security & Privacy magazine that sparked this book. See <http://www.computer.org/security> for sub- scription information. [Cheswick and Bellovin 1994] Bill Cheswick and Steve Bellovin.
Recommended publications
  • 00-Frontmatter.Pdf
    Proceedings of the Eighth Symposium on Operating Systems Principles 14-16 December 1981 Asilomar Conference Grounds Pacific Grove, California Special Interest Group on Operating Systems (SIGOPS) Association for Computing Machinery (ACM) Vol. 15 No. 5 December 1981 ACM ORDER NO. 534810 The Association for Computing Machinery, Inc. 1133 Avenue of the Americas New York, New York 10036 Copyright © 1981 by the Association for Computing Machinery, Inc. Copying without fee is permitted provided that the copies are not made or distributed for direct commercial advantage and credit to the source is given. Abstracting with credit is permitted. For other copying of articles that carry a code at the bottom of the first page, copying is permitted provided that the per-copy fee indicated in the code is paid through the Copyright Clearance Center, P.O. Box 765, Schenectady, N.Y. 12301. For permission to republish write to: Director of Publications, Association for Computing Machinery. To copy otherwise, or republish, requires a fee and/or specific permission. ISBN 0-89791-062-1 Additional copies may be ordered prepaid from: ACM Order Department Price: P.O. Box 64145 Members $13.00 Baltimore, MD 21264 Non-Members $17.00 ACM Order No. 534810 'ii Eighth Symposium on Operating Systems Principles General Chairperson John Howard - IBM Research, San Jose Program Chairperson David P. Reed - MIT Program Committee David Cheriton - University of British Columbia Dorothy Denning - Purdue University Jim Gray- Tandem Computers John Howard - IBM Research, San Jose Anita Jones - Carnegie-Mellon University Butler Lampson - Xerox PARC Edward Lazowska- University of Washington Alan Smith - University of California, Berkeley Local A rrangements Sara Dake - Registration Jim Gray - Catering Gene McDaniel - Wine iii 8SOSP Referees Sten Andler Thomas H.
    [Show full text]
  • Hints and Principles for Computer System Design Butler Lampson May 14, 2021
    Hints and Principles for Computer System Design Butler Lampson May 14, 2021 Abstract This new long version of my 1983 paper suggests the goals you might have for your system— Simple, Timely, Efficient, Adaptable, Dependable, Yummy (STEADY)—and techniques for achieving them—Approximate, Incremental, Divide & Conquer (AID). It also gives some princi- ples for system design that are more than just hints, and many examples of how to apply the ideas. Table of Contents 1. Introduction 3 1.1 Oppositions and slogans 4 2. Principles 6 2.1 Abstraction 6 2.1.1 Safety and liveness 8 2.1.2 Operations 9 2.2 Writing a spec 9 2.2.1 Leaky specs and bad specs 12 2.2.2 Executable specs 13 2.3 Writing the code: Correctness 13 2.3.1 Types 16 2.3.2 Languages 16 2.4 Modules and interfaces 17 2.4.1 Classes and objects 18 2.4.2 Layers and platforms 20 2.4.3 Components 21 2.4.4 Open systems 21 2.4.5 Robustness 22 2.4.6 Standards 23 2.5 Points of view 23 2.5.1 Notation 24 3. Goals and Techniques 25 3.1 Overview 25 3.1.1 Goals 25 3.1.2 Techniques 26 3.2 Simple 27 3.2.1 Do one thing well 27 3.2.2 Brute force 29 3.2.3 Reduction 30 3.3 Timely 30 3.4 Efficient 31 3.4.1 Before the ABCs 31 3.4.2 Algorithms 36 3.4.3 Approximate 37 3.4.4 Batch 42 1 3.4.5 Cache 43 3.4.6 Concurrency 44 3.5 Adaptable 50 3.5.1 Scaling 51 3.5.2 Inflection points 52 3.6 Dependable 53 3.6.1 Correctness 55 3.6.2 Retry 56 3.6.3 Replication 57 3.6.4 Detecting failures: real time 59 3.6.5 Recovery and repair 60 3.6.6 Transactions 60 3.6.7 Security 61 3.7 Yummy 64 3.7.1 User interfaces 64 3.8 Incremental 66 3.8.1 Being and becoming 66 3.8.2 Indirection 70 4.
    [Show full text]
  • Report on the Workshop on Fundamental Issues in Distributed Computing
    Report on the Workshop on Fundamental Issues in Distributed Computing Fall brook, California December 15-17, 1980 Sponsored by the Association for Computing Machinery, SlGOPS and SIGPLAN Prog ram Chairperson: Barbara Liskov, MIT Laboratory for Computer Science Program Committee: Jim Gray, Tandem Computers Anita Jones, Carnegie Mellon University Butler Lampson, Xerox PARC Jerry Popek, University of California at Los Angeles David Reed, MIT Laboratory for Computer Science Local Arrangements: Bruce Walker, University of California at Los Angeles Transcription and Editing: Maurice Herlihy, MIT Laboratory for Computer Science Gerald Leitner, University of California at Los Angeles Karen Sollins, MIT Laboratory for Computer Science 9 1. Introduction Barbara Liskov A workshop on fundamental issues in distributed computing was held at the Pala Mesa Resort, Fallbrook, California, on December 15-17, 1980. The purpose of the meeting was to offer researchers in the areas of systems and programming languages a forum for exchange of ideas about the rapidly expanding research area of distributed computing. Our goal was to try and enhance understanding of fundamental issues, but from a practical perspective. We were not looking for a theory of distributed computing, but rather for an understanding of important concepts arising from practical work. Accordingly, the program committee organized the workshop around the set of concepts that we felt were significant. The sessions were organized as follows: Session Title Leader Real Systems Jim Gray Atomicity David Reed Protection Jerry Popek Applications Rich Rashid Naming Jerry Popek Communications Butler Lampson What do We Need from Theory Sue Owicki What are Important Practical Problems Barbara Liskov The sessions were oriented toward discussion rather than formal presentation.
    [Show full text]
  • An Interview with PETER J. DENNING, Oral History 423, Conducted by Jeffrey R
    Calhoun: The NPS Institutional Archive DSpace Repository Faculty and Researchers Faculty and Researchers Collection 2013-04-10 An Interview with PETER J. DENNING, Oral History 423, Conducted by Jeffrey R. Yost on 10 April 2013 Monterey, California: Naval Postgraduate School. http://hdl.handle.net/10945/37925 Downloaded from NPS Archive: Calhoun An Interview with PETER J. DENNING OH 423 Conducted by Jeffrey R. Yost on 10 April 2013 Computer Security History Project Naval Postgraduate School, Monterey, CA Charles Babbage Institute Center for the History of Information Technology University of Minnesota, Minneapolis Copyright, Charles Babbage Institute Peter J. Denning Interview 10 April 2013 Oral History 423 Abstract This interview focuses on Peter Denning’s pioneering early contributions to computer security. This includes discussion of his perspective on CTSS and Multics as a graduate student at MIT, pioneering (with his student Scott Graham) the critical computer security concept of a reference monitor for each information object as a young faculty member at Princeton University, and his continuing contributions to the computer security field in his first years as a faculty member at Purdue University. Because of an extensive, career spanning oral history done with Denning as part of the ACM Oral History series (which includes his contributions as President of ACM, research on operating systems, and principles of computer science), this interview is primarily limited to Denning’s early career when computer security was one of his fundamental research areas. This material is based upon work supported by the National Science Foundation under Grant No. 1116862, “Building an Infrastructure for Computer Security History.” 2 Yost: My name is Jeffrey Yost and I’m here today on the campus of Naval Postgraduate School with Professor Peter Denning.
    [Show full text]
  • An Interview With
    An Interview with PETER J. DENNING OH 423 Conducted by Jeffrey R. Yost on 10 April 2013 Computer Security History Project Naval Postgraduate School, Monterey, CA Charles Babbage Institute Center for the History of Information Technology University of Minnesota, Minneapolis Copyright, Charles Babbage Institute Peter J. Denning Interview 10 April 2013 Oral History 423 Abstract This interview focuses on Peter Denning’s pioneering early contributions to computer security. This includes discussion of his perspective on CTSS and Multics as a graduate student at MIT, pioneering (with his student Scott Graham) the critical computer security concept of a reference monitor for each information object as a young faculty member at Princeton University, and his continuing contributions to the computer security field in his first years as a faculty member at Purdue University. Because of an extensive, career spanning oral history done with Denning as part of the ACM Oral History series (which includes his contributions as President of ACM, research on operating systems, and principles of computer science), this interview is primarily limited to Denning’s early career when computer security was one of his fundamental research areas. This material is based upon work supported by the National Science Foundation under Grant No. 1116862, “Building an Infrastructure for Computer Security History.” 2 Yost: My name is Jeffrey Yost and I’m here today on the campus of Naval Postgraduate School with Professor Peter Denning. This is an interview for CBI’s NSF-funded project, “Building an Infrastructure for Computer Security History.” It’s April 10, 2013. Because of your lengthy, publicly available ACM oral history, I’ll focus pretty much on the topic of computer security but I’d like to get some basic biographical information first.
    [Show full text]