ACM Tech Pack on Security

October 2012

Security Tech Pack Committee
Dan Boneh, Stanford University
Neil Daswani, Stanford University, Twitter (formerly Dasient, Inc.)
John Mitchell, Stanford University, Tech Pack Committee Chair
Mark Zhandry, Stanford Universty







Copyright ACM 2012


Table of Contents
Introduction
Network Security
Operating System Security
Software Security
Web Security
Malware
Cryptography
Economics of Security














INTRODUCTION
Over the past few decades, computer security has become a central concern for almost
all computer systems. Because security relies on making certain actions impossible,
security is difficult or impossible to add to a system after it is built. Instead, security
should be considered in the requirement stage and carried through design,
implementation, and operations. In each of the sections of this ACM Tech Pak, we focus
on key themes and topics of the field so that interested readers with the equivalent of an
undergraduate computer science background may become familiar with key areas of
computer security.
Early mathematical work in the area of cryptography laid the groundwork for key
security guarantees that systems seek to provide. Focus on security over the decades
has also gone up the stack starting with network and operating security to
application layer security. While software security techniques in general have been
very helpful in providing application layer security, the security of web applications
has received special focus due to their pervasiveness (as well as the initial lack of
protections built into client/server web protocols). Over the decades, malicious
software (or malware) has been used more and more aggressively by the cybercriminal
community to achieve nefarious goals and often bypass security checks and
countermeasures deployed in various levels of software. As the goal of attackers has
also shifted from mischief to cybercrime over the years as computer systems and the
data stored by them has become more valuable, the study of the economics of security
has also become an important part of the field.






NETWORK SECURITY
READINGS
A Look Back at "Security Problems in the TCP/IP Protocol Suite".
Steven M. Bellovin. Scientific American (Sept. 1991), pp. 94-10.
DOI=10.1145/329124.329126.
Abstract: About fifteen years ago, I wrote a paper on security problems in the TCP/IP
protocol suite, In particular, I focused on protocol-level issues, rather than
implementation aws. It is instructive to look back at that paper, to see where my focus
and my predictions were accurate, where I was wrong, and where dangers have yet to
happen. This is a reprint of the original paper, with added commentary.
Significance: Describes several attacks exploiting weaknesses in the TCP/IP protocol,
and how to defend against them.
Bro: a system for detecting network intruders in real-time.
Vern Paxson. 1999. Comput. Netw., 31, 23-24 (December 1999), 2435-2463.
DOI=10.1016/S1389-1286(99)00112-7.
Abstract: We describe Bro, a stand-alone system for detecting network intruders in real-
time by passively monitoring a network link over which the intruder's traf?c transits.
We give an overview of the system's design, which emphasizes high-speed (FDDI-rate)
monitoring, real-time noti?cation, clear separation between mechanism and policy, and
extensibility. To achieve these ends, Bro is divided into an "event engine" that reduces a
kernel-?ltered network traf?c stream into a series of higher-level events, and a "policy
script interpreter" that interprets event handlers written in a specialized language used
to express a site's security policy. Event handlers can update state information,
synthesize new events, record information to disk, and generate real-time noti?cations
via syslog. We also discuss a number of attacks that attempt to subvert passive
monitoring systems and defenses against these, and give particulars of how Bro
analyzes the four applications integrated into it so far: Finger, FTP, Portmapper and
Telnet. The system is publicly available in source code form.
Significance: Outlines a system called Bro, which passively monitors network traffic to
detect intruders.
Practical network support for IP traceback (ACM DL: Free for Members).
Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson. 2000. SIGCOMM
Comput. Commun. Rev. 30, 4 (August 2000), 295-306. DOI=10.1145/347057.347560.
Abstract: This paper describes a technique for tracing anonymous packet flooding
attacks in the Internet back towards their source. This work is motivated by the
increased frequency and sophistication of denial-of-service attacks and by the difficulty
in tracing packets with incorrect, or "spoofed", source addresses. In this paper we
describe a general purpose traceback mechanism based on probabilistic packet marking
in the network. Our approach allows a victim to identify the network path(s) traversed
by attack traffic without requiring interactive operational support from Internet Service
Providers (ISPs). Moreover, this traceback can be performed "post-mortem" - after an
attack has completed. We present an implementation of this technology that is
incrementally deployable, (mostly) backwards compatible and can be efficiently
implemented using conventional technology.
Significance: Shows how to trace denial-of-service attacks, identifying the routes
followed by the attack traffic, even after the attack has finished.
Inferring Internet denial-of-service activity (ACM DL: Free for Members).
David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, and Stefan
Savage. 2006. ACM Trans. Comput. Syst. 24, 2 (May 2006), 115-139.
DOI=10.1145/1132026.1132027.
Abstract: In this article, we seek to address a simple question: "How prevalent are
denial-of-service attacks in the Internet?" Our motivation is to quantitatively
understand the nature of the current threat as well as to enable longer-term analyses of
trends and recurring patterns of attacks. We present a new technique, called
"backscatter analysis," that provides a conservative estimate of worldwide denial-of-
service activity. We use this approach on 22 traces (each covering a week or more)
gathered over three years from 2001 through 2004. Across this corpus we quantitatively
assess the number, duration, and focus of attacks, and qualitatively characterize their
behavior. In total, we observed over 68,000 attacks directed at over 34,000 distinct
victim IP addresses - ranging from well-known e-commerce companies such as Amazon
and Hotmail to small foreign ISPs and dial-up connections. We believe our technique is
the first to provide quantitative estimates of Internet-wide denial-of-service activity and
that this article describes the most comprehensive public measurements of such activity
to date.
Significance: Develops a way to measure denial-of-service activity, called "backscatter
analysis," and applies this technique to get estimates of world-wide denial-of-service
activity.
Network security: private communication in a public world, second edition.
Charlie Kaufman, Radia Perlman, and Mike Speciner. 2002. Network Security: Private
Communication in a Public World, Second Edition (Second ed.). Prentice Hall Press, Upper
Saddle River, NJ, USA.
Abstract: Widely regarded as the most comprehensive yet comprehensible guide to
network security, the First Edition of Network Security received critical acclaim for its
lucid and witty explanations of the inner workings of network security protocols. Now,
in the Second Edition, this books exceptionally distinguished author team draws on its
hard-won experience to illuminate every facet of information security, from the basics
to advanced cryptography and authentication; secure Web and email services; and
emerging security standards. Highlights of the book's extensive new coverage include
Advanced Encryption Standard (AES), IPsec, SSL, X.509 and related PKI standards, and
Web security. The authors go far beyond documenting standards and technology: they
contrast competing schemes, explain strengths and weaknesses, and identify the crucial
errors most likely to compromise secure systems.
Significance: Offers comprehensive coverage of network security, including
cryptography, authentication, internet security standards, email security, web security,
and security implementations.

OPERATING SYSTEM SECURITY
READINGS
The Protection of Information in Computer Systems.
Jerome Saltzer and Michael D. Schroeder. Proceedings of the IEEE, Vol. 63, No. 9
(September 1975), pp. 1278-1308. DOI=10.1.1.126.9257.
Abstract: This tutorial paper explores the mechanics of protecting computer-stored
information from unauthorized use or modification. It concentrates on those
architectural structures--whether hardware or software--that are necessary to support
information protection. The paper develops in three main sections. Section I describes
desired functions, design principles, and examples of elementary protection and
authentication mechanisms. Any reader familiar with computers should find the first
section to be reasonably accessible. Section II requires some familiarity with descriptor-
based computer architecture. It examines in depth the principles of modern protection
architectures and the relation between capability systems and access control list
systems, and ends with a brief analysis of protected subsystems and protected objects.
The reader who is dismayed by either the prerequisites or the level of detail in the
second section may wish to skip to Section III, which reviews the state of the art and
current research projects and provides suggestions for further reading.
Significance: Details how to protect computer-stored data from unauthorized use and
modification, focusing on the needed hardware and software architectural structures.
A hardware architecture for implementing protection rings (ACM DL: Free for
Members).
Michael D. Schroeder and Jerome H. Saltzer. 1972. Commun. ACM 15, 3 (March 1972),
157-170. DOI=10.1145/361268.361275.
Abstract: Protection of computations and information is an important aspect of a
computer utility. In a system which uses segmentation as a memory addressing scheme,
protection can be achieved in part by associating concentric rings of decreasing access
privilege with a computation. This paper describes hardware processor mechanisms for
implementing these rings of protection. The mechanisms allow cross-ring calls and
subsequent returns to occur without trapping to the supervisor. Automatic hardware
validation of references across ring boundaries is also performed. Thus, a call by a user
procedure to a protected subsystem (including the supervisor) is identical to a call to a
companion user procedure. The mechanisms of passing and referencing arguments are
the same in both cases as well.
Significance: Describes hardware mechanisms for implementing protection rings in
order to limit the access privileges of a program.
Password security: a case history (ACM DL: Free for Members).
Robert Morris and Ken Thompson. 1979. Commun. ACM ACM 22, 11 (November 1979),
594-597. DOI=10.1145/359168.359172.
Abstract: This paper describes the history of the design of the password security
scheme on a remotely accessed time-sharing system. The present design was the result
of countering observed attempts to penetrate the system. The result is a compromise
between extreme security and ease of use.
Significance: Covers the history of the password security scheme for a time-sharing
system, detailing the various approaches taken to secure passwords, and the attacks on
them.
Traps and Pitfalls: Practical Problems in System Call Interposition Based Security Tools.
Tal Garfinkel. 2003. Proc. Network and Distributed Systems Security Symposium.
DOI=10.1.1.12.198.
Abstract: System call interposition is a powerful method for regulating and monitoring
application behavior. In recent years, a wide variety of security tools have been
developed that use this technique. This approach brings with it a host of pitfalls for the
unwary implementer that if overlooked can allow his tool to be easily circumvented. To
shed light on these problems, we present the lessons we learned in the course of several
design and implementation cycles with our own system call interposition-based
sandboxing tool. We first present some of the problems and pitfalls we encountered,
including incorrectly replicating OS semantics, overlooking indirect paths to resources,
race conditions, incorrectly subsetting a complex interface, and side effects of denying
system calls. We then present some practical solutions to these problems, and provide
general principles for avoiding the difficulties we encountered.
Significance: Presents some challenges faced in implementing a system call
interposition sandbox, and describes solutions for these challenges and general
principles for avoiding them.
Terra: a virtual machine-based platform for trusted computing (ACM DL: Free for
Members).
Tal Garfinkel, Ben Pfaff, Jim Chow, Mendel Rosenblum, and Dan Boneh. 2003. SIGOPS
Oper. Syst. Rev. 37, 5 (October 2003), 193-206. DOI=10.1145/1165389.945464.
Abstract: We present a flexible architecture for trusted computing, called Terra, that
allows applications with a wide range of security requirements to run simultaneously
on commodity hardware. Applications on Terra enjoy the semantics of running on a
separate, dedicated, tamper-resistant hardware platform, while retaining the ability to
run side-by-side with normal applications on a general-purpose computing platform.
Terra achieves this synthesis by use of a trusted virtual machine monitor (TVMM) that
partitions a tamper-resistant hardware platform into multiple, isolated virtual machines
(VM), providing the appearance of multiple boxes on a single, general-purpose
platform. To each VM, the TVMM provides the semantics of either an "open box," i.e. a
general-purpose hardware platform like today's PCs and workstations, or a "closed
box," an opaque special-purpose platform that protects the privacy and integrity of its
contents like today's game consoles and cellular phones. The software stack in each VM
can be tailored from the hardware interface up to meet the security requirements of its
application(s). The hardware and TVMM can act as a trusted party to allow closed-box
VMs to cryptographically identify the software they run, i.e. what is in the box, to
remote parties. We explore the strengths and limitations of this architecture by
describing our prototype implementation and several applications that we developed
for it.
Significance: Introduces Terra, a trusted computing architecture that facilitates running
applications with varying security requirements together on a single platform.
Understanding Android Security.
William Enck, Machigar Ongtang, and Patrick McDaniel. 2009. IEEE Security and
Privacy, 7, 1 (January 2009), 50-57. DOI=10.1109/MSP.2009.26. Also available here.
Summary: Google's Android platform is a widely anticipated open source operating
system for mobile phones. This article describes Android's security model and attempts
to unmask the complexity of secure application development. The authors conclude by
identifying lessons and opportunities for future enhancements.
Significance: Explains how security is achieved in the Android operating system,
outlining potential issues in developing applications.
Hey, you, get off of my cloud: exploring information leakage in third-party compute
clouds (ACM DL: Free for Members).
Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage. 2009. In
Proceedings of the 16th ACM conference on Computer and communications security (CCS '09).
ACM, New York, NY, USA, 199-212. DOI=10.1145/1653662.1653687.
Abstract: Third-party cloud computing represents the promise of outsourcing as
applied to computation. Services, such as Microsoft's Azure and Amazon's EC2, allow
users to instantiate virtual machines (VMs) on demand and thus purchase precisely the
capacity they require when they require it. In turn, the use of virtualization allows
third-party cloud providers to maximize the utilization of their sunk capital costs by
multiplexing many customer VMs across a shared physical infrastructure. However, in
this paper, we show that this approach can also introduce new vulnerabilities. Using
the Amazon EC2 service as a case study, we show that it is possible to map the internal
cloud infrastructure, identify where a particular target VM is likely to reside, and then
instantiate new VMs until one is placed co-resident with the target. We explore how
such placement can then be used to mount cross-VM side-channel attacks to extract
information from a target VM on the same machine.
Significance: Shows how malicious users of cloud computing services can exploit side-
channel attacks to learn information about other users.

SOFTWARE SECURITY
READINGS
Reflections on trusting trust (ACM DL: Free for Members).
Ken Thompson. 1984. In Commun. ACM 27, 8 (August 1984), 761-763.
DOI=10.1145/358198.358210.
Abstract: To what extent should one trust a statement that a program is free of Trojan
horses? Perhaps it is more important to trust the people who wrote the software.
Significance: Argues that analyzing source code is not enough to trust that a program
is not malicious.
Reflections on trusting trust.
Cowan, C.; Wagle, F.; Calton Pu; Beattie, S.; Walpole, J. 2000. In DARPA Information
Survivability Conference and Exposition, 2000. DISCEX '00. Proceedings vol.2, no., pp.119-
129 vol.2, 2000. DOI=10.1109/DISCEX.2000.821514. Also available here.
Abstract: Buffer overflows have been the most common form of security vulnerability
for the last ten years. More over, buffer overflow vulnerabilities dominate the area of
remote network penetration vulnerabilities, where an anonymous Internet user seeks to
gain partial or total control of a host. If buffer overflow vulnerabilities could be
effectively eliminated, a very large portion of the most serious security threats would
also be eliminated. In this paper, we survey the various types of buffer overflow
vulnerabilities and attacks, and survey the various defensive measures that mitigate
buffer overflow vulnerabilities, including our own StackGuard method. We then
consider which combinations of techniques can eliminate the problem of buffer
overflow vulnerabilities, while preserving the functionality and performance of existing
systems.
Significance: Outlines various attacks exploiting buffer overflows, and potential
defenses against these attacks.
Smashing the Stack for Fun and Profit.
Aleph One. Phrack 49 (August 11, 1996).
Abstract: `smash the stack` [C programming] n. On many C implementations it is
possible to corrupt the execution stack by writing past the end of an array declared auto
in a routine. Code that does this is said to smash the stack, and can cause return from
the routine to jump to a random address. This can produce some of the most insidious
data-dependent bugs known to mankind. Variants include trash the stack, scribble the
stack, mangle the stack; the term mung the stack is not used, as this is never done
intentionally. See spam; see also alias bug, fandango on core, memory leak, precedence
lossage, overrun screw.
Significance: Provides a detailed description of what a buffer overflow is and how to
exploit them.
Using Programmer-Written Compiler Extensions to Catch Security Holes.
Ken Ashcraft and Dawson Engler. 2002. In Proceedings of the 2002 IEEE Symposium on
Security and Privacy (SP '02). IEEE Computer Society, Washington, DC, USA, 143-.
DOI=10.1.1.127.6553. Also available fromCiteSeer.
Abstract: This paper shows how system-specific static analysis can find security errors
that violate rules such as "integers from untrusted sources must be sanitized before use"
and "do not dereference user-supplied pointers." In our approach, programmers write
system-specific extensions that are linked into the compiler and check their code for
errors. We demonstrate the approach's effectiveness by using it to find over 100 security
errors in Linux and OpenBSD, over 50 of which have led to kernel patches. An unusual
feature of our approach is the use of methods to automatically detect when we miss
code actions that should be checked.
Significance: Explains how to catch security errors using programmer-written compiler
extensions, allowing even obscure security rules to be enforced without every
programmer needing to know the rules.
Building Secure Software: How to Avoid Security Problems the Right Way.
John Viega and Gary McGraw. 2011. (1st ed.). Addison-Wesley Professional.
Abstract: Building Secure Software cuts to the heart of computer security to help you get
security right the first time. If you are serious about computer security, you need to
read this book, which includes essential lessons for both security professionals who
have come to realize that software is the problem, and software developers who intend
to make their code behave. Written for anyone involved in software development and
usefrom managers to codersthis book is your first step toward building more
secure software. Building Secure Software provides expert perspectives and techniques
to help you ensure the security of essential software. If you consider threats and
vulnerabilities early in the development cycle you can build security into your system.
With this book you will learn how to determine an acceptable level of risk, develop
security tests, and plug security holes before software is even shipped.
Significance: Covers many of the concepts involved in writing secure software, calling
attention to the common problems faced, what causes them, and how to fix them.

WEB SECURITY
READINGS
Transaction generators: root kits for web.
Collin Jackson, Dan Boneh, and John Mitchell. 2007. In Proceedings of the 2nd USENIX
workshop on Hot topics in security (HOTSEC'07), Trent Jaeger, Matt Blaze, Angelos D.
Keromytis, Patrick McDaniel, Fabian Monrose, Niels Provos, Reiner Sailer, Leendert
van Doorn, Helen Wang, and Steve Zdancewic (Eds.). USENIX Association, Berkeley,
CA, USA, Article 1, 4 pages. Also availablehere.
Abstract: Current phishing attacks focus primarily on stealing user credentials such as
passwords. In response, web sites are deploying stronger authentication and back-end
analytics systems that make it harder for phishers to extract value from stolen
passwords. As defenses against traditional phishing improve, we expect to see huge
growth in the use of a different type of malware called a Transaction Generator (TG).
Instead of relying on stolen credentials, a TG simply waits for the user to log in to his
account and then issues transactions on behalf of the user. Since strong authentication is
ineffective against TGs, mitigation must focus on transaction integrity. We discuss
rootkit-like methods that allow TGs to hide their tracks, and explore a number of
mitigation techniques, including transaction con?rmation. These results suggest that
recent identity systems such as CardSpace and OpenID must also address transaction
integrity.
Significance: Discusses the threat of Transaction Generators, a type of malware that
works even in the presence of strong authentication.
Protecting browser state from web privacy attacks (ACM DL: Free for Members).
Collin Jackson, Andrew Bortz, Dan Boneh, and John C. Mitchell. 2006. In In Proceedings
of the 15th international conference on World Wide Web (WWW '06). ACM, New York, NY,
USA, 737-744. DOI=10.1145/1135777.1135884.
Abstract: Through a variety of means, including a range of browser cache methods and
inspecting the color of a visited hyperlink, client-side browser state can be exploited to
track users against their wishes. This tracking is possible because persistent, client-side
browser state is not properly partitioned on per-site basis in current browsers. We
address this problem by refining the general notion of a "same-origin" policy and
implementing two browser extensions that enforce this policy on the browser cache and
visited links. We also analyze various degrees of cooperation between sites to track
users, and show that even if long-term browser state is properly partitioned, it is still
possible for sites to use modern web features to bounce users between sites and
invisibly engage in cross-domain tracking of their visitors. Cooperative privacy attacks
are an unavoidable consequence of all persistent browser state that affects the behavior
of the browser, and disabling or frequently expiring this state is the only way to achieve
true privacy against colluding parties.
Significance: Covers various ways in which browser state can be used to track
unwilling users, and discusses how to fix these problems.
The Security Architecture of the Chromium Browser.
Adam Barth, Collin Jackson, Charles Reis, and the Google Chrome Team.
Abstract: Most current web browsers employ a monolithic architecture that combines
"the user" and "the web" into a single protection domain. An attacker who exploits an
arbitrary code execution vulnerability in such a browser can steal sensitive les or install
malware. In this paper, we present the security architecture of Chromium, the open-
source browser upon which Google Chrome is built. Chromium has two modules in
separate protection domains: a browser kernel, which interacts with the operating
system, and a rendering engine, which runs with restricted privileges in a sandbox. This
architecture helps mitigate high-severity attacks without sacrificing compatibility with
existing web sites. We define a threat model for browser exploits and evaluate how the
architecture would have mitigated past vulnerabilities.
Significance: Explains how the Chromium browser alleviates many of the security
issues faced by modern browsers, while maintaining compatibility with websites.
Securing frame communication in browsers (ACM DL: Free for Members).
Adam Barth, Collin Jackson, and John C. Mitchell. 2009. In Commun. ACM 52, 6 (June
2009), 83-91. DOI=10.1145/1516046.1516066.
Abstract: Many web sites embed third-party content in frames, relying on the browser's
security policy to protect them from malicious content. Frames, however, are often
insufficient isolation primitives because most browsers let framed content manipulate
other frames through navigation. We evaluate existing frame navigation policies and
advocate a stricter policy, which we deploy in the open-source browsers. In addition to
preventing undesirable interactions, the browser's strict isolation policy also hinders
communication between cooperating frames. We analyze two techniques for inter-
frame communication. The first method, fragment identi?er messaging, provides
con?dentiality without authentication, which we repair using concepts from a well-
known network protocol. The second method, postMessage, provides authentication,
but we discover an attack that breaches con?dentiality. We modify the postMessage API
to provide confidentiality and see our modifications standardized and adopted in
browser implementations.
Significance: Discusses vulnerabilities arising from combining content from several
sources on a single website, and how to mitigate these problems.
SSL and TLS: designing and building secure systems.
Eric Rescorla. 2001. Addison-Wesley Longman Publishing Co., Inc., Boston, MA, USA.
Abstract: Secure Sockets Layer (SSL) is used in virtually every commercial web browser
and server. In this book, one of the world's leading network security experts explains
how SSL works -- and gives implementers step-by-step guidance and proven design
patterns for building secure systems with SSL. Eric Rescorla also provides the first in-
depth introduction to Transport Layer Security (TLS), the highly anticipated,
maximum-security successor to SSL. Rescorla starts by introducing SSL's fundamentals:
how it works, and the threats it is intended to address. One step at a time, he addresses
each key SSL concept and technique, including cryptography, SSL performance
optimization, designing and coding, and how to work around SSL's limitations.
Rescorla demonstrates TLS at work in SMTP-based Internet security applications. The
book includes detailed examples of SSL/TLS implementations, with in-depth insight
into the key design choices that informed them. For all network and security designers,
enterprise developers, system implementers, and suppliers of Internet security products
and services.
Significance: Details the workings of SSL/TLS, and explains how to use them in
building secure software systems.
Foundations of Security: What Every Programmer Needs to Know (ACM Learning
Center Book: Free for Members).
Neil Daswani, Christoph Kern, and Anita Kesavan. 2007. Apress, Berkely, CA, USA.
Abstract: Foundations of Security: What Every Programmer Needs to Know teaches
new and current software professionals state-of-the-art software security design
principles, methodology, and concrete programming techniques they need to build
secure software systems. Once you're enabled with the techniques covered in this book,
you can start to alleviate some of the inherent vulnerabilities that make today's software
so susceptible to attack. The book uses web servers and web applications as running
examples throughout the book.
Significance: Covers the current concepts in security, various attacks and exploits, and
design principles to defend against such threats.

MALWARE
READINGS
The internet worm program: an analysis. (ACM DL: Free for Members).
Eugene H. Spafford. 1989. In SIGCOMM Comput. Commun. Rev. 19, 1 (January 1989), 17-
57. DOI=10.1145/66093.66095.
Abstract: On the evening of 2 November 1988, someone infected the Internet with a
worm program. That program exploited flaws in utility programs in systems based on
BSD-derived versions of UNIX. The flaws allowed the program to break into those
machines and copy itself, thus infecting those systems. This program eventually spread
to thousands of machines, and disrupted normal activities and Internet connectivity for
many days. This report gives a detailed description of the components of the worm
programdata and functions. It is based on study of two completely independent
reverse-compilations of the worm and a version disassembled to VAX assembly
language. Almost no source code is given in the paper because of current concerns
about the state of the "immune system" of Internet hosts, but the description should be
detailed enough to allow the reader to understand the behavior of the program. The
paper contains a review of the security flaws exploited by the worm program, and gives
some recommendations on how to eliminate or mitigate their future use. The report also
includes an analysis of the coding style and methods used by the author(s) of the worm,
and draws some conclusions about his abilities and intent.
Significance: Details the workings of the Morris Worm, one of the first computer
worms.
Inside the Slammer Worm.
David Moore, Vern Paxson, Stefan Savage, Colleen Shannon, Stuart Staniford, and
Nicholas Weaver. 2003. IEEE Security and Privacy 1, 4 (July 2003), 33-39.
DOI=10.1109/MSECP.2003.1219056.Also availablehere.
Abstract: The Slammer worm spread so quickly that human response was ineffective. In
January 2003, it packed a benign payload, but its disruptive capacity was surprising.
Why was it so effective and what new challenges do this new breed of worm pose?
Significance: Describes the fast-spreading Slammer Worm, how it spread, and how it
was stopped.
The anatomy of Clickbot.A..
Neil Daswani and Michael Stoppelman. 2007. In Proceedings of the first conference on First
Workshop on Hot Topics in Understanding Botnets (HotBots'07). (USENIX Association,
Berkeley, CA, USA, 11-11. Also availablehere.
Abstract: This paper provides a detailed case study of the architecture of the Clickbot.A
botnet that attempted a low-noise click fraud attack against syndicated search engines.
The botnet of over 100,000 machines was controlled using a HTTP-based botmaster.
Google identi?ed all clicks on its ads exhibiting Clickbot.Alike patterns and marked
them as invalid. We disclose the results of our investigation of this botnet to educate the
security research community and provide information regarding the novelties of the
attack.
Significance: Discusses the details of Clickbot.A, a clickbot that attacked search
engines, and how it was defeated.
Malware Detection.
Mihai Christodorescu, Somesh Jha, Douglas Maughan, Dawn Song, and Cliff Wang.
2006. Advances in Information Security. Springer-Verlag New York, Inc., Secaucus, NJ,
USA.
Abstract: This book captures the state of the art research in the area of malicious code
detection, prevention and mitigation. It contains cutting-edge behavior-based
techniques to analyze and detect obfuscated malware. The book analyzes current trends
in malware activity online, including botnets and malicious code for profit, and it
proposes effective models for detection and prevention of attacks using. Furthermore,
the book introduces novel techniques for creating services that protect their own
integrity and safety, plus the data they manage.: Covers strategies for detecting
malicious programs, defending software against such malware, and recovering from an
infection.
Botnet Detection: Countering the Largest Security Threat.
Wenke Lee, Cliff Wang, and David Dagon. 2010. (1st ed.) Springer Publishing
Company, Incorporated.
Abstract: Botnets have become the platform of choice for launching attacks and
committing fraud on the Internet. A better understanding of Botnets will help to
coordinate and develop new technologies to counter this serious security threat.
Significance: Summarizes various tools used for detecting botnets , analyzing them,
and responding to botnet attacks.

CRYPTOGRAPHY
READINGS
Practice-Oriented Provable Security and the Social Construction of Cryptography.
Phillip Rogaway. Eurocrypt 2009.
Abstract: Traditionally, "provable security" was tied in the minds cryptographers to
public-key cryptography, asymptotic analyses, number-theoretic primitives, and proof-
of-concept designs. In this essay I survey some of the work that I have done (much of it
joint with Mihir Bellare) that has helped to erode these associations. I will use the story
of practice-oriented provable security as the backdrop with which to make the case for
what might be called a "social constructionist" view of our ?eld. This view entails the
claim that the body of work our community has produced is less the inevitable
consequence of what we aim to study than the contingent consequence of sensibilities
and assumptions within our disciplinary culture.
Significance: Describes a line of research dubbed "practice-oriented provable security,"
and argues that for a more "constructionist" view of cryptography.
Twenty Years of Attacks on the RSA Cryptosystem.
Dan Boneh. 1999. Notices of the American Mathematical Society (AMS), vol. 46, no. 2,
pp. 203-213.
Abstract: Two decades of research led to a number fascinating attacks on RSA. We
survey several attacks and classify them into four categories: elementary attacks, attacks
on low private exponent, attacks on low public exponent, and attacks on the
implementation of RSA. We hope to illustrate some of the pitfalls security engineers
should avoid when designing new systems.
Significance: Describes various attacks against different flavors of the RSA
cryptosystem, showing what to avoid when creating new systems.
Why cryptosystems fail (ACM DL: Free for Members).
Ross Anderson. 1993. In Proceedings of the 1st ACM conference on Computer and
communications security (CCS '93). ACM, New York, NY, USA, 215-227.
DOI=10.1145/168588.168615.
Abstract: Designers of cryptographic systems are at a disadvantage to most other
engineers, in that information on how their systems fail is hard to get: their major users
have traditionally been government agencies, which are very secretive about their
mistakes.In this article, we present the results of a survey of the failure modes of retail
banking systems, which constitute the next largest application of cryptology. It turns
out that the threat model commonly used by cryptosystem designers was wrong: most
frauds were not caused by cryptanalysis or other technical attacks, but by
implementation errors and management failures. This suggests that a paradigm shift is
overdue in computer security; we look at some of the alternatives, and see some signs
that this shift may be getting under way.
Significance: Argues that in practice, cryptosystems fail due to implementation errors,
not technical attacks, and that cryptosystem designers need to look at cryptography in
this light.
Introduction to Modern Cryptography (Chapman & Hall/Crc Cryptography and
Network Security Series).
Jonathan Katz and Yehuda Lindell. 2007. Chapman & Hall/CRC.
Abstract: Cryptography plays a key role in ensuring the privacy and integrity of data
and the security of computer networks. Introduction to Modern Cryptography provides
a rigorous yet accessible treatment of modern cryptography, with a focus on formal
definitions, precise assumptions, and rigorous proofs. The authors introduce the core
principles of modern cryptography, including the modern, computational approach to
security that overcomes the limitations of perfect secrecy. An extensive treatment of
private-key encryption and message authentication follows. The authors also illustrate
design principles for block ciphers, such as the Data Encryption Standard (DES) and the
Advanced Encryption Standard (AES), and present provably secure constructions of
block ciphers from lower-level primitives. The second half of the book focuses on
public-key cryptography, beginning with a self-contained introduction to the number
theory needed to understand the RSA, Diffie-Hellman, El Gamal, and other
cryptosystems. After exploring public-key encryption and digital signatures, the book
concludes with a discussion of the random oracle model and its applications. Serving as
a textbook, a reference, or for self-study, Introduction to Modern Cryptography
presents the necessary tools to fully understand this fascinating subject.
Significance: Covers the key concepts in modern cryptography, including the standard
security definitions, classic constructions, and their security proofs.
Cryptography.
Ronald L. Rivest. 1991. In Handbook of theoretical computer science (vol. A), Jan van
Leeuwen (Ed.). MIT Press, Cambridge, MA, USA 617-755. Also availablehere.
Abstract: Cryptology has advanced tremendously since 1976; this chapter provides a
brief overview of the current state-of-the-art in the field. Several major themes
predominate in the development. One such theme is the careful elaboration of the
definition of security for a cryptosystem. A second theme has been the search for
provably secure cryptosystems, based on plausible assumptions about the difficulty of
specific number-theoretic problems or on the existence of certain kinds of functions
(such as one-way functions). A third theme is the invention of many novel and
surprising cryptographic capabilities, such as public-key cryptography, digital
signatures, secret-sharing, oblivious transfers, and zero-knowledge proofs. These
themes have been developed and interwoven so that today theorems of breathtaking
generality and power assert the existence of cryptographic techniques capable of
solving almost any imaginable cryptographic problem.
Significance: Provides an overview of modern cryptography, including many of the
security goals and summaries of major results.

ECONOMICS OF SECURITY
READINGS
Why cryptosystems fail (ACM DL: Free for Members).
Chris Kanich, Christian Kreibich, Kirill Levchenko, Brandon Enright, Geoffrey M.
Voelker, Vern Paxson, and Stefan Savage. 2008. In Proceedings of the 15th ACM conference
on Computer and communications security (CCS '08). ACM, New York, NY, USA, 3-14.
DOI=10.1145/1455770.1455774.
Abstract: The "conversion rate" of spamthe probability that an unsolicited e-mail will
ultimately elicit a "sale"underlies the entire spam value proposition. However, our
understanding of this critical behavior is quite limited, and the literature lacks any
quantitative study concerning its true value. In this paper we present a methodology for
measuring the conversion rate of spam. Using a parasitic infiltration of an existing
botnet's infrastructure, we analyze two spam campaigns: one designed to propagate a
malware Trojan, the other marketing on-line pharmaceuticals. For nearly a half billion
spam e-mails we identify the number that are successfully delivered, the number that
pass through popular anti-spam filters, the number that elicit user visits to the
advertised sites, and the number of "sales" and "infections" produced.
Significance: Estimates the probability that a spam email results in a sale or infection,
and uses these findings in a discussion of the economics of spam campaigns.

The ACM Digital Library is published by the Association for Computing Machinery.
Copyright ACM 2012