J. H. Saltzer and M. D. Schroeder. The Protection of Information in Computer Systems. Proceedings of the IEEE, 63(9), pp. 1278-1308, September 1975. (Note: skip or skim Section II and III)

 Ken Thompson. Reflections on trusting trust. Comm. of the ACM 27(8), August1984.

Diomidis Spinellis. Reflections on Trusting Trust Revisited. Communications of the ACM, 46(6), June 2003.

Anup K. Ghosh, Tom O'Connor, Gary McGraw. An Automated Approach for Identifying Potential Vulnerabilities in Software. Proc. of IEEE Symp. on Security and Privacy, 1998.

Compaq Corporation. Data Integrity for NonStop servers: Data integrity concepts, features, and technology, 2004.

Aleph One. Smashing the Stack for Fun and Profit. Phrack Magazine 49(7), Nov, 1996

Anonymous. Once upon a free(). Phrack Magazine 57(9), Aug 2001.

 Amit Klein. Cross site scripting explained. 2002

  Sven Dietrich, Neil Long, and David Dittrich. Analyzing distributed denial of service attack tools: The shaft case. In Proceedings of 14th Systems Administration Conference (LISA), 2000.

Stuart Staniford, Vern Paxson, and Nicholas Weaver. How to 0wn the Internet in Your Spare Time. In Proceedings of the 11th USENIX Security Symposium, 2002.

·  David Moore, Vern Paxson, Stefan Savage and et al. The Spread of the Sapphire/Slammer Worm, 2003

·  Nicholas Weaver, Vern Paxson, Stuart Staniford, and Robert Cunningham. A Taxonomy of Computer Worms. In First Workshop on Rapid Malcode (WORM), 2003.

·  Cliff Changchun Zou, Weibo Gong, Don Towsley. Code Red Worm Propagation Modeling and Analysis. In Proceedings of the 9th ACM Conference on Computer and Communication Security, Nov. 2002.

Sudhakar Govindavajhala, Andrew W. Appel. Using Memory Errors to Attack a Virtual Machine. In IEEE Symposium on Security and Privacy, 2003.

Jun Xu, Shou Chen, Zbigniew Kalbarczyk and Ravishankar K. Iyer. An Experimental Study of Security Vulnerabilities Caused by Errors. In Proc. of IEEE Intl' Conf. on Dependable Systems and Networks (DSN), 2001.

Peter A. Loscocco, Stephen D. Smalley, Patrick A. Muckelbauer, Ruth C. Taylor, S. Jeff Turner, John F. Farrell. The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments. Proceedings of the 21st National Information Systems Security Conference, October 1998.

 Department of Defense. Orange Book Summary (TCSEC). Trusted Computer System Evaluation Criteria, DOD 5200.28 STD, December, 1985. (Orange Book Excerpts, Chart, Full-Text)

 Peter A. Loscocco, Stephen D. Smalley. Meeting Critical Security Objectives with Security-Enhanced Linux. Proceedings of the Ottawa Linux Symposium, 2001.

 Chris Wright, Crispin Cowan, James Morris, Stephen Smalley, Greg Kroah-Hartman. Linux Security Modules: General Security Support for the Linux Kernel. Proc. of the USENIX Security Symposium, 2002.

D. Wagner, J. S. Foster, E. Brewer and A. Aiken. A First Step towards Automated Detection of Buffer Overrun Vulnerabilities. Proc. of Network and Distributed System Security Symp. Feb, 2000.

V. Ganapathy, S. Jha and et al. Buffer Overrun Detection using Linear Programming and Static Analysis. Proc of 10^th ACM Conf. on Computer and Communication Security, Oct, 2003.

 Eric Larson and Todd Austin. High Coverage Detection of Input-Related Security Faults. Proc. 12^th USENIX Security Conf, 2003.

Crispin Cowan, Matt Barringer, and et al. FormatGuard: Automatic Protection From printf Format String Vulnerabilities. Proc. 10th USENIX Security Symposium, 2001.

Umesh Shankar, Kunal Talwar, Jeffrey S. Foster, David Wagner. Detecting Format String Vulnerabilities with Type Qualifiers. Proc. 10th USENIX Security Symp., 2001.

  Scut/Team Teso. Exploiting Format String Vulnerabilities. March, 2001

M. Bishop and M. Dilger. Checking for Race Conditions in File Accesses. Computing Systems 9 (2) pp. 131-152, 1996.

Crispin Cowan, Steve Beattie, Chris Wright, and Greg Kroah-Hartman. RaceGuard: Kernel Protection From Temporary File Race Vulnerabilities. In USENIX Security Symposium, 2001.

 Hao Chen, David Wagner, and Drew Dean. Setuid Demystified. Proc. of 11th USENIX Security Symposium, 2002.

Ken Ashcraft and Dawson Engler. Using Programmer-Written Compiler Extensions to Catch Security Holes. Proc. of IEEE Symp. on Security and Privacy, 2002.

David Wagner and Drew Dean. Intrusion Detection via Static Analysis. Proceedings of the IEEE Symposium on Security and Privacy, 2001.

George C. Necula, Peter Lee. Safe Kernel Extensions without Run-Time Checking. USENIX OSDI'96, 1996.

George C. Necula. Proof-Carrying Code. The 24th ACM Symposium on Principles of Programming Languages (POPL), 1997.

J. Xu, Z. Kalbarczyk and R. K. Iyer. Transparent Runtime Randomization for Security. Proc. of 22nd Symp. on Reliable and Distributed Systems. Oct 2003.

Stephanie Forrest, Anil Somayaji, and David H. Ackley. Building diverse computer systems. In 6th Workshop on Hot Topics in Operating Systems, 1997.

 Sandeep Bhatkar, Daniel C. DuVarney, and R. Sekar. Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits. Proc. 12th USENIX Security Conf, 2003.

 Gaurav S. Kc, Angelos D. Keromytis and Vassilis Prevelakis. Countering Code-Injection Attacks with Instruction-Set Randomization. Proc of 10^th ACM Conf. on Computer and Communication Security, Oct, 2003.

 Elena Gabriela Barrantes, David H. Ackley, Stephanie Forrest, Trek S. Palmer, Darko Stefanovic and Dino Dai Zovi. Randomized instruction set emulation to disrupt binary code injection attacks. Proc of 10^th ACM Conf. on Computer and Communication Security, Oct, 2003.

 Crispin Cowan, Steve Beattie, John Johansen and Perry Wagle. PointGuard: Protecting Pointers from Buffer Overflow Vulnerabilities. Proc. of 12th USENIX Security Symposium, 2003.

  Ian Goldberg, David Wagner, Randi Thomas, Eric A. Brewer. A Secure Environment for Untrusted Helper Applications. Proceedings of the 6th USENIX Security Symposium, 1996.

Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji, Thomas A. Longstaff. A Sense of Self for UNIX Processes. In Proceedings of the IEEE Symposium on Security and Privacy, 1996.

Drew Dean, Edward W. Felten, Dan S. Wallach. Java Security: From HotJava to Netscape and Beyond. In IEEE Symposium on Security and Privacy, 1996.

·     Dan S. Wallach, Dirk Balfanz, Drew Dean, Edward W. Felten. Extensible Security Architectures for Java. In 16th ACM Symposium on Operating Systems Principles, 1997.

·     Cormac Flanagan, K. Rustan M. Leino, Mark Lillibridge, Greg Nelson, James B. Saxe, and Raymie Stata. Extended static checking for Java. ACM Conference on Programming Language Design and Implementation (PLDI), 2002.

·     The Last Stage of Delirium Research Group. Java and Java Virtual Machine Security Vulnerabilities and Their Exploitation Techniques, 2002.

Hao Chen, Drew Dean and David Wagner. Model Checking One Million Lines of C Code. Proc. of 11th Network and Distributed System Security Symposium, 2004.

Thomas Ball, Sriram K. Rajamani. Automatically Validating Temporal Safety Properties of Interfaces. In SPIN 2001, Workshop on Model Checking of Software, LNCS 2057, May 2001.

David Lie, Chandramohan Thekkath et al. Architectural Support for Copy and Tamper Resistant Software. In Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS-IX), 2000.

 David Lie, Chandramohan Thekkath and Mark Horowitz.  Implementing an Untrusted Operating System on Trusted Hardware.  In the Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP 2003).  October, 2003.

 Benjie Chen and Robert Morris. Certifying Program Execution with Secure Processors. HotOS, 2003