Bibliography [AB04] Tom Anderson and David Brady. Principle of least astonishment. Ore- gon Pattern Repository, November 15 2004. http://c2.com/cgi/wiki? PrincipleOfLeastAstonishment. [Acc05] Access Data. Forensic toolkit—overview, 2005. http://www.accessdata. com/Product04_Overview.htm?ProductNum=04. [Adv87] Display ad 57, February 8 1987. [Age05] US Environmental Protection Agency. Wastes: The hazardous waste mani- fest system, 2005. http://www.epa.gov/epaoswer/hazwaste/gener/ manifest/. [AHR05a] Ben Adida, Susan Hohenberger, and Ronald L. Rivest. Fighting Phishing Attacks: A Lightweight Trust Architecture for Detecting Spoofed Emails (to appear), 2005. Available at http://theory.lcs.mit.edu/⇠rivest/ publications.html. [AHR05b] Ben Adida, Susan Hohenberger, and Ronald L. Rivest. Separable Identity- Based Ring Signatures: Theoretical Foundations For Fighting Phishing Attacks (to appear), 2005. Available at http://theory.lcs.mit.edu/⇠rivest/ publications.html. [AIS77] Christopher Alexander, Sara Ishikawa, and Murray Silverstein. A Pattern Lan- guage: towns, buildings, construction. Oxford University Press, 1977. (with Max Jacobson, Ingrid Fiksdahl-King and Shlomo Angel). [AKM+93] H. Alvestrand, S. Kille, R. Miles, M. Rose, and S. Thompson. RFC 1495: Map- ping between X.400 and RFC-822 message bodies, August 1993. Obsoleted by RFC2156 [Kil98]. Obsoletes RFC987, RFC1026, RFC1138, RFC1148, RFC1327 [Kil86, Kil87, Kil89, Kil90, HK92]. Status: PROPOSED STANDARD. [Ale79] Christopher Alexander. The Timeless Way of Building. Oxford University Press, 1979. 429 430 BIBLIOGRAPHY [Ale96] Christopher Alexander. Patterns in architecture [videorecording], October 8 1996. Recorded at OOPSLA 1996, San Jose, California. [Alt00] Steven Alter. Same words, different meanings: are basic IS/IT concepts our self-imposed Tower of Babel? Commun. AIS, 3(3es):2, 2000. [Alv97] Harald T. Alvestrand. X.400 frequenty asked questions, October 27 1997. http: //www.alvestrand.no/x400/faq-mhsnews.html. Cited on March 22, 2005. [Ame05] American Library Association Office for Information Technology Policy. Man- aging cookies to protect patron privacy, 2005. http://www.ala.org/ala/ washoff/oitp/emailtutorials/privacya/20.htm. Accessed April 20, 2005. [And98] M. Andrews. RFC 2308: Negative caching of DNS queries (DNS NCACHE), March 1998. Updates RFC1034, RFC1035 [Moc87b, Moc87c]. Status: PRO- POSED STANDARD. [App03] Appligent, Inc. Redax User Guide, Version 3.5. Appligent, 2003. http://www. appligent.com. [App04a] Apple Computer. Apple human interface guidelines, December 2004. http://developer.apple.com/documentation/UserExperience/ Conceptual/OSXHIGuidelines/OSXHIGuidelines.pdf. [App04b] Apple Computer. Apple human interface guidelines, March 2004. http://developer.apple.com/documentation/UserExperience/ Conceptual/OSXHIGuidelines/OSXHIGuidelines.pdf. [App04c] Apple Computer. Apple human interface guidelines, October 2004. http://developer.apple.com/documentation/UserExperience/ Conceptual/OSXHIGuidelines/OSXHIGuidelines.pdf. [App04d] Apple Computer. Apple software design guidelines, May 2004. http: //developer.apple.com/documentation/MacOSX/Conceptual/ AppleSWDesign/AppleSWDesign.pdf. [App04e] Apple Computer. Enabling secure storage with keychain services, June 2004. http://developer.apple.com/documentation/Security/ Conceptual/keychainServConcepts/keychainServConcepts.pdf. [App05] Apple. Apple – Mac OS X – security, 2005. http://www.apple.com/ macosx/features/security/. Cited on April 15, 2005. [Art02] Henrik Artman. Procurer usability requirements: negotiations in contract devel- opment. In NordiCHI ’02: Proceedings of the second Nordic conference on Human- computer interaction, pages 61–70. ACM Press, 2002. ISBN 1-58113-616-1. BIBLIOGRAPHY 431 [AS99] Anne Adams and Martina Angela Sasse. Users are not the enemy. Communica- tions of the ACM, 42:41–46, 1999. [Ass05] Association for India’s Development Austin. Computer drive, February 2005. http://studentorgs.utexas.edu/aidaustin/comp_drive.html. [ASZ96] D. Atkins, W. Stallings, and P. Zimmermann. RFC 1991: PGP message exchange formats, August 1996. Status: INFORMATIONAL. [Bal93] D. Balenson. RFC 1423: Privacy enhancement for Internet electronic mail: Part III: Algorithms, modes, and identifiers, February 1993. Obsoletes RFC1115. Sta- tus: PROPOSED STANDARD. [Bar91] John A. Barry. Technobabble. MIT Press, 1991. [Bax05] Ilse Baxter. Response to your questions, April 15 2005. [BBG00] Nicholas Bohm, Ian Brown, and Brian Gladman. Electronic commerce: Who carries the risk of fraud? Journal of Information Law & Technology, 2000. http: //www2.warwick.ac.uk/fac/soc/law/elj/jilt/2000_3/bohm/. [bBL02] Yung bin Benjamin Lee, August 2002. Personal Communication (via Gene Spaf- ford). [BC87] Kent Beck and Ward Cunningham. Using pattern languages for object-oriented programs. Technical Report CR-87-43, Apple Computer, Tektronix, September 1987. [BDSG04] Dirk Balfanz, Glenn Durfee, D. K. Smetters, and R. E. Grinter. In search of usable security: five lessons from the field. Security & Privacy Magazine, 2:19–24, Sept– Oct 2004. [BDSG05] Dirk Balfanz, Glenn Durfee, D. K. Smetters, and R. E. Grinter. Making the impos- sible easy: Usable PKI. In Lorrie Cranor and Simson Garfinkel, editors, Security and Usability. O’Reilly, 2005. To appear in August 2005. [Ber02] Scott Berinato. Good stuff cheap: A new hardware market is developing to give CIOs what they want most: good stuff cheap. This is its story. CIO, pages 53–59, 15 October 2002. [Ber05a] David Berlind. Thought to be redacted, classified military info exposed by cut n’ paste. ZDNet, May 1 2005. http://blogs.zdnet.com/BTL/?p=1329. [Ber05b] Jordy Berson. Creating usable security products for consumers. In Lorrie Cranor and Simson Garfinkel, editors, Security and Usability. O’Reilly, 2005. To appear in August 2005. [BF01] Dan Boneh and Matthew Franklin. Identity based encryption from the Weil pair- ing. Lecture Notes in Computer Science, 2139:213+, 2001. citeseer.ist. psu.edu/article/boneh01identitybased.html. 432 BIBLIOGRAPHY [BHm04] Bob Blakley, Craig Heath, and members of The Open Group Security Forum. Security design patterns. Technical Report G031, The Open Group, April 2004. http://www.opengroup.org/publications/catalog/g031.htm. [Bid96] C. Bradford Biddle. Misplaced priorities: The Utah Digital Signature Act and liability allocation in a public key infrastructure. San Diego Law Review, 33, 1996. [Bis96] Matt Bishop. Unix security: Threats and solutions, March 1996. http: //seclab.cs.ucdavis.edu/projects/vulnerabilities/scriv/ 1996-share86.pdf. Presentation to SHARE 86.0. [BL03] Ann Bostrom and Ragnar E. Lofstedt. Communicating risk: Wireless and hard- wired. Risk Analysis, 23(2):241–247, 2003. [Bla93] Matt Blaze. A cryptographic file system for Unix. In 1st ACM Conference on Com- munications and Computing Security, pages 9–16. ACM Press, November 1993. [BNN04a] Mihir Bellare, Chanathip Namprempre, and Gregory Neven. Security proofs for identity-based identification and signature schemes, 2004. http://eprint. iacr.org/2004/252.pdf. Updated version of [BNN04b]. [BNN04b] Mihir Bellare, Chanathip Namprempre, and Gregory Neven. Security proofs for identity-based identification and signature schemes. In C. Cachin and J. Ca- menisch, editors, Advances in Cryptology — Eurocrypt 2004, volume 3027 of Lecture notes in Computer Science, pages 268–286. 2004, 2004. [Bor96] Lorraine Borman. SIGCHI: the early years. SIGCHI Bull., 28(1):4–6, 1996. ISSN 0736-6906. http://doi.acm.org/10.1145/249170.249172. [BP01] Steven Bauer and Nissanka B. Priyantha. Secure data deletion for Linux file sys- tems. In Proc. 10th Usenix Security Symposium, pages 153–164. Usenix, San Antonio, Texas, 2001. http://www.usenix.org/events/sec01/full_ papers/bauer/bauer_html/. [Bra89a] R. Braden. STD 3: Requirements for Internet hosts — communication layers, October 1989. See also RFC1122, RFC1123 [Bra89b, Bra89c]. [Bra89b] R. T. Braden. RFC 1122: Requirements for Internet hosts — communication layers, October 1, 1989. See also STD0003 [Bra89a]. Status: STANDARD. [Bra89c] R. T. Braden. RFC 1123: Requirements for Internet hosts — application and sup- port, October 1, 1989. See also STD0003 [Bra89a]. Updates RFC0822 [Cro82a]. Updated by RFC2181 [EB97]. Status: STANDARD. [Bre00] Eric A. Brewer. Towards robust distributed systems (abstract). In PODC ’00: Proceedings of the nineteenth annual ACM symposium on Principles of distributed computing, page 7. ACM Press, 2000. ISBN 1-58113-183-6. BIBLIOGRAPHY 433 [BS99] Ian Brown and C. R. Snow. A proxy approach to e-mail security. Softw. Pract. Exper., 29(12):1049–1060, 1999. ISSN 0038-0644. [BS03] Sacha Brostoff and M. Angela Sasse. Ten strikes and you’re out: Increasing the number of login attempts can improve password usability. In Workshop on Human-Computer Interaction and Security Systems, part of CHI2003. ACM Press, April 2003. citeseer.ist.psu.edu/618589.html. [BSD93] unlink, 1993. 4th Berkeley Distribution. [Bud02] Len Budney. Mailcrypt, September 2002. http://mailcrypt. sourceforge.net/. [Bus05] Business Environmental Resource Center. Hazardous waste generator fact sheet, 2005. http://sacberc.org/HazWaste.html. [Bye03] Simon Byers. Scalable exploitation of, and responses to information leakage through hidden data in published documents, April 3 2003. [CAG02] Lorrie Faith Cranor, Manjula Arjula, and Praveen Guduru. Use of a P3P user agent by early adopters. In WPES ’02: Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, pages 1–10. ACM Press, 2002.