;Required Readings

@inproceedings{anderson93_cryptosystems,
  author = "Ross Anderson",
  title = "Why cryptosystems fail",
  booktitle = "Proceedings of the 1st ACM conference on Computer and communications security",
  year = "1993",
  pages = "215--227",
  abstract = "Designers of cryptographic systems are at a disadvantage to most other engineers, in that information on how their systems fail is hard to get: their major users have traditionally been government agencies, which are very secretive about their mistakes.In this article, we present the results of a survey of the failure modes of retail banking systems, which constitute the next largest application of cryptology. It turns out that the threat model commonly used by cryptosystem designers was wrong: most frauds were not caused by cryptanalysis or other technical attacks, but by implementation errors and management failures. This suggests that a paradigm shift is overdue in computer security; we look at some of the alternatives, and see some signs that this shift may be getting under way.",
  url = "http://doi.acm.org/10.1145/168588.168615",
  studentname =   "",
  summary =       "",
  contribution1 = "",
  contribution2 = "",
  contribution3 = "",
  contribution4 = "",
  contribution5 = "",
  weakness1 =     "",
  weakness2 =     "",
  weakness3 =     "",
  weakness4 =     "",
  weakness5 =     "",
  interesting =   "high/med/low",
  opinions =      "", 
}

@article{bergstrom01_home_automation,
   author = "Peter Bergstrom, Kevin Driscoll, John Kimball",
   title = "Making Home Automation Communications Secure",
   journal = "Computer",
   year = "2001",
   pages = "50-56",
   url = "http://ieeexplore.ieee.org/iel5/2/20660/00955099.pdf",
   studentname =   "",
   summary =       "",
   contribution1 = "",
   contribution2 = "",
   contribution3 = "",
   contribution4 = "",
   contribution5 = "",
   weakness1 =     "",
   weakness2 =     "",
   weakness3 =     "",
   weakness4 =     "",
   weakness5 =     "",
   interesting =   "high/med/low",
   opinions =      "",
}


@conference{wargo03_eEnabled_aircraft,
   author = "Wargo, C. & Dhas, C.",
   title = "Security Considerations for the e-Enabled Aircraft",
   inproceedings = "Aerospace Conference 2003",
   year = "2003",
   abstract = "Abstract The aviation industry continues to adopt Internet Protocol (IP) technology as the design basis for networking the functional domains both onboard and offboard commercial aircraft. The emerging network domains include connections to wireless networks reaching to ground-based services for Business Operations and Air Traffic Control. This increased IP connectivity to e-services is the beginning of the air commerce web. Realizing the benefits of these eservices will be dependent upon the choice of security measures used in domain and cross-domain communications. This paper addresses security considerations to be taken into account for the various eservice domains. Security mechanisms available in today’s protocols are described and summarized. The lack of a coherent overall aviation security solution is also discussed. The paper intentionally does not refer to specific technical or procedural vulnerabilities that may exist in today’s designs.",
   url = "http://www.ece.cmu.edu/~ece749/papers/wargo03_security_aircraft.pdf",
   studentname =   "",
   summary =       "",
   contribution1 = "",
   contribution2 = "",
   contribution3 = "",
   contribution4 = "",
   contribution5 = "",
   weakness1 =     "",
   weakness2 =     "",
   weakness3 =     "",
   weakness4 =     "",
   weakness5 =     "",
   interesting =   "high/med/low",
   opinions =      "",
 }
 
 ;Supplemental Readings
 
 @Conference{Lampson91,
    author = "Lampson, B. ; Abadi, M. ; Burrows, M. ; Wobber, E.",
    title  = "Authentication in distributed systems: theory and practice",
    inbook = "Operating Systems Review 25, no. 5, ",
    year = "1991",
    abstract = "The authors describe a theory of authentication and a system that implements it. The theory is based on the notion of principal and a `speaks for' relation between principals. A simple principal either has a name or is a communication channel; a compound principal can express an adopted role or delegation of authority. The theory explains how to reason about a principal's authority by deducing the other principals that it can speak for; authenticating a channel is one important application. The authors use the theory to explain many existing and proposed mechanisms for security. In particular, they describe the system they have built. It passes principals efficiently as arguments or results of remote procedure calls, and it handles public and shared key encryption, name lookup in a large name space, groups of principals, loading programs, delegation, access control, and revocation",
    url    = "http://doi.acm.org/10.1145/138873.138874",
    studentname =   "",
    summary =   "",
    contribution1 =   "",
    contribution2 =   "",
    contribution3 =   "",
    contribution4 =   "",
    contribution5 =   "",
    weakness1 =   "",
    weakness2 =   "",
    weakness3 =   "",
    weakness4 =   "",
    weakness5 =   "",
    interesting =   "high/med/low",
    opinions =   "",
 }
 
 @Conference{Dobson86,
    author = "Dobson, J.E. ; Randell, B. ",
    title  = "Building reliable secure computing systems out of unreliable insecure components",
    inbook = "Proceedings of the 1986 IEEE Symposium on Security and Privacy ",
    year = "1986",
    pages = "187-93",
    abstract = "Parallels are drawn between the problems and techniques associated with achieving high reliability, and those associated with the provision of security, in distributed computing systems. Some limitations of the concept of a trusted computing base are discussed, and an alternative approach to the design of highly secure computing systems is put forward, based on fault tolerance concepts and techniques",
    url    = "http://ieeexplore.ieee.org/iel5/7785/21388/00991533.pdf",
    studentname =   "",
    summary =   "",
    contribution1 =   "",
    contribution2 =   "",
    contribution3 =   "",
    contribution4 =   "",
    contribution5 =   "",
    weakness1 =   "",
    weakness2 =   "",
    weakness3 =   "",
    weakness4 =   "",
    weakness5 =   "",
    interesting =   "high/med/low",
    opinions =   "",
 }
 
 @article{Wood02,
    author = "Wood, A.D. ; Stankovic, J.A.",
    title  = "Denial of service in sensor networks",
    journal = "Computer 35,",
    year = "2002",
    pages = "54-62",
    number = "10",
    abstract = "Sensor networks hold the promise of facilitating large-scale, real-time data processing in complex environments, helping to protect and monitor military, environmental, safety-critical, or domestic infrastructures and resources, Denial-of-service attacks against such networks, however, may permit real world damage to public health and safety. Without proper security mechanisms, networks will be confined to limited, controlled environments, negating much of the promise they hold. The limited ability of individual sensor nodes to thwart failure or attack makes ensuring network availability more difficult. To identify denial-of-service vulnerabilities, the authors analyzed two effective sensor network protocols that did not initially consider security. These examples demonstrate that consideration of security at design time is the best way to ensure successful network deployment",
    url    = "http://ieeexplore.ieee.org/iel5/2/22283/01039518.pdf",
    studentname =   "",
    summary =   "",
    contribution1 =   "",
    contribution2 =   "",
    contribution3 =   "",
    contribution4 =   "",
    contribution5 =   "",
    weakness1 =   "",
    weakness2 =   "",
    weakness3 =   "",
    weakness4 =   "",
    weakness5 =   "",
    interesting =   "high/med/low",
    opinions =   "",
 }