@InProceedings{ikepaper, author = "Niklas Hallqvist and Angelos D. Keromytis", title = {{Implementing Internet Key Exchange (IKE)}}, booktitle = "{Proceedings of the Annual USENIX Technical Conference}", year = "2000", month = "June", OPTpages = "", OPTnumber = "", OPTmonth = "", OPTnote = "", OPTannote = "" } @Article{smbdf, author = {S. M. Bellovin}, title = {{Distributed Firewalls}}, journal = {{\it ;login:} magazine, special issue on security}, month = {November}, year = {1999} } @InProceedings{Hadzic97, title = {P4: A Platform for {FPGA} Implementation of Protocol Boosters}, publisher = {Springer-Verlag}, series = {Lecture Notes in Computer Science}, number = 1304, booktitle = {Field Programmable Logic 1997}, author = {Ilija Had\v{z}i\'{c} and Jonathan M. Smith}, year = 1997, pages = {438--447} } @inproceedings{aegis, title = {A Secure and Reliable Bootstrap Architecture}, author = {William A. Arbaugh and David J. Farber and Jonathan M. Smith}, booktitle = {IEEE Security and Privacy Conference}, pages = {65--71}, month = {May}, year = {1997}, city = {Oakland}, state = {CA} } @inproceedings{TCM98, author = "Scott Thibault and Charles Consel and Gilles Muller", title = "{Safe and Efficient Active Network Programming}", booktitle = "17th IEEE Symposium on Reliable Distributed Systems", month = "October", year = 1998 } @Article{pbst, author = {D. C. Feldmeier and A. J. McAuley and J. M. Smith and D. Bakin and W. S. Marcus and T. M. Raleigh}, title = {{Protocol Boosters}}, journal = {IEEE JSAC (Special Issue on Protocol Architectures for the 21st Century)}, pages = {437--443}, month = {April}, year = {1998} } @misc{daSilva98, title = "NetScript Tutorial", author = "Sushil da Silva", howpublished = {{http://www.cs.columbia.edu\-/\verb+~+dasilva\-/pubs\-/netscript-0.10\-/doc/tutorial.html}}, month = "October", year = 1998 } @inproceedings{Schuba97, author = {C. Schuba and I. Krsul and M. Kuhn and E. Spafford and A. Sundaram and D. Zamboni}, title = {Analysis of a Denial of Service Attack on TCP}, pages = {208-223}, booktitle = {IEEE Security and Privacy Conference}, month = {May}, year = {1997}, city = {Oakland}, state = {CA} } @INPROCEEDINGS{McCa9301:BSD, AUTHOR="McCanne, Steven and Jacobson, Van", TITLE="A {BSD} Packet Filter: A New Architecture for User-level Packet Capture", BOOKTITLE="Proceedings of USENIX Winter Technical Conference", ORGANIZATION="Usenix", ADDRESS="San Diego, California", PAGES="259--269", MONTH=jan, YEAR=1993, ABSTRACT="Many versions of Unix provide facilities for user-level packet capture, making possible the use of general purpose workstations for network monitoring. Because network monitors run as user-level processes, packets must be copied across the kernel/user-space protection boundary. This copying can be ninimized by deploying a kernel agent called a packet filter, which discards unwanted packets as early as possible. The original Unix packet filter was designed arround a stack-based filter evaluator that perfomrs sub-optimally on current RISC CPUs. The BSD Packet Filter (BPF) uses a new, register-based filter evaluator that is up to 20 times faster than the original design. BPF also uses a straightforward buffering strategy that makes its overall performance up to 100 times faster than Sun's NIT running on the same hardware.", REFERENCES=10, KEYWORDS="packet filter; protocol implementation; Unix", ENTRYBY=CZ } @TECHREPORT{rfc2065, AUTHOR="Eastlake, D. and 3rd and Kaufman, C.", TITLE="Domain Name System Security Extensions", TYPE="Request for Comments (Proposed Standard)", INSTITUTION="Internet Engineering Task Force", NUMBER=2065, MONTH=jan, YEAR=1997, ABSTRACT="The Domain Name System (DNS) has become a critical operational part of the Internet infrastructure yet it has no strong security mechanisms to assure data integrity or authentication. Extensions to the DNS are described that provide these services to security aware resolvers or applications through the use of cryptographic digital signatures. This document is a product of the DNS Security Working Group of the IETF.", URL="ftp://ftp.isi.edu/in-notes/rfc2065.txt", ENTRYBY=Sc } @techreport{rtm85, author = {R. T. Morris}, title = {{A Weakness in the 4.2BSD Unix TCP/IP Software}}, year = 1985, month = {February}, institution = {{AT\&T Bell Laboratories}}, number = 117, type = {Computing Science Technical Report} } @TECHREPORT{rfc2246, AUTHOR="Dierks, T. and Allen, C.", TITLE="The {TLS} Protocol Version 1.0", TYPE="Request for Comments (Proposed Standard)", INSTITUTION="Internet Engineering Task Force", NUMBER=2246, MONTH=jan, YEAR=1999, ABSTRACT="This document specifies Version 1.0 of the Transport Layer Security (TLS) protocol. The TLS protocol provides communications privacy over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.", URL="ftp://ftp.isi.edu/in-notes/rfc2246.txt", ENTRYBY=Sc } @INPROCEEDINGS{Hall94:One, AUTHOR="Haller, Neil M.", TITLE={{The S/Key one-time password system}}, BOOKTITLE="Proceedings of the {ISOC} Symposium on Network and Distributed System Security", YEAR=1994, KEYWORDS="security; password; s/key", ENTRYBY="oechslin" } @TECHREPORT{rfc1760, AUTHOR="Haller, N.", TITLE={{The S/KEY One-Time Password System}}, TYPE="Request for Comments (Informational)", INSTITUTION="Internet Engineering Task Force", NUMBER=1760, MONTH=feb, YEAR=1995, ABSTRACT="This document describes the S/KEY* One-Time Password system as released for public use by Bellcore.", URL="ftp://ftp.isi.edu/in-notes/rfc1760.txt", ENTRYBY=Sc } @TECHREPORT{draft-ietf-ipsec-auth-hmac-ripemd-160-96, AUTHOR="Keromytis, A. and Provos, N.", TITLE="The Use of {HMAC-RIPEMD-160-96} within {ESP} and {AH}", TYPE="{Internet Draft}", INSTITUTION="Internet Engineering Task Force", NOTE="Work in progress", MONTH=feb, YEAR=1999, ABSTRACT="This draft describes the use of the HMAC algorithm [RFC-2104] in conjunction with the RIPEMD-160 algorithm [RIPEMD-160] as an authentication mechanism within the revised IPSEC Encapsulating Security Payload [ESP] and the revised IPSEC Authentication Header [AH]. HMAC with RIPEMD-160 provides data origin authentication and integrity protection. Further information on the other components necessary for ESP and AH implementations is provided by [Thayer97a].", URL="ftp://www.ietf.org/internet-drafts/draft-ietf-ipsec-auth-hmac-ripemd-160-96-03.txt", DAY=22, ENTRYBY=Sc } @TECHREPORT{rfc2405, AUTHOR="Madson, C. and Doraswamy, N.", TITLE="The {ESP} {DES-CBC} Cipher Algorithm With Explicit {IV}", TYPE="Request for Comments (Proposed Standard)", INSTITUTION="Internet Engineering Task Force", NUMBER=2405, MONTH=nov, YEAR=1998, ABSTRACT="This document describes the use of the DES Cipher algorithm in Cipher Block Chaining Mode, with an explicit IV, as a confidentiality mechanism within the context of the IPSec Encapsulating Security Payload (ESP).", URL="ftp://ftp.isi.edu/in-notes/rfc2405.txt", ENTRYBY=Sc } @TECHREPORT{rfc2367, AUTHOR="McDonald, D. and Metz, C. and Phan, B.", TITLE={{PF\_KEY Key Management API, Version 2}}, TYPE="Request for Comments (Informational)", INSTITUTION="Internet Engineering Task Force", NUMBER=2367, MONTH=jul, YEAR=1998, ABSTRACT="A generic key management API that can be used not only for IP Security but also for other network security services is presented in this document. Version 1 of this API was implemented inside 4.4-Lite BSD as part of the U. S. Naval Research Laboratory's freely distributable and usable IPv6 and IPsec implementation. It is documented here for the benefit of others who might also adopt and use the API, thus providing increased portability of key management applications (e.g. a manual keying application, an ISAKMP daemon, a GKMP daemon, a Photuris daemon, or a SKIP certificate discovery protocol daemon).", URL="ftp://ftp.isi.edu/in-notes/rfc2367.txt", ENTRYBY=Sc } @TECHREPORT{newESP, AUTHOR="Kent, S. and Atkinson, R.", TITLE="{IP} Encapsulating Security Payload {(ESP)}", TYPE="Request for Comments (Proposed Standard)", INSTITUTION="Internet Engineering Task Force", NUMBER=2406, MONTH=nov, YEAR=1998, ABSTRACT="The Encapsulating Security Payload (ESP) header is designed to provide a mix of security services in IPv4 and IPv6.", URL="ftp://ftp.isi.edu/in-notes/rfc2406.txt", ENTRYBY=Sc } @TECHREPORT{newAH, AUTHOR="Kent, S. and Atkinson, R.", TITLE="{IP} Authentication Header", TYPE="Request for Comments (Proposed Standard)", INSTITUTION="Internet Engineering Task Force", NUMBER=2402, MONTH=nov, YEAR=1998, ABSTRACT={The IP Authentication Header (AH) is used to provide connectionless integrity and data origin authentication for IP datagrams (hereafter referred to as just "authentication"), and to provide protection against replays.}, URL="ftp://ftp.isi.edu/in-notes/rfc2402.txt", ENTRYBY=Sc } @TECHREPORT{newIPsec, AUTHOR="Kent, S. and Atkinson, R.", TITLE="Security Architecture for the Internet Protocol", TYPE="Request for Comments (Proposed Standard)", INSTITUTION="Internet Engineering Task Force", NUMBER=2401, MONTH=nov, YEAR=1998, ABSTRACT="This memo specifies the base architecture for IPsec compliant systems. The goal of the architecture is to provide various security services for traffic at the IP layer, in both the IPv4 and IPv6 environments. This document describes the goals of such systems, their components and how they fit together with each other and into the IP environment. It also describes the security services offered by the IPsec protocols, and how these services can be employed in the IP environment.", URL="ftp://ftp.isi.edu/in-notes/rfc2401.txt", ENTRYBY=Sc } @InProceedings{bcrypt, author = "Niels Provos and David Mazi\`eres", title = "A {F}uture-{A}daptable {P}assword {S}cheme", booktitle = "{Proceedings of the Annual USENIX Technical Conference}", year = "1999", OPTpages = "", OPTnumber = "", OPTmonth = "", OPTnote = "", OPTannote = "" } @InProceedings{schneier, author = "Bruce Schneier", title = "{Description of a New Variable-Length Key, 64-Bit Block Cipher (Blowfish)}", pages = "191-204", booktitle = "{Fast Software Encryption, Cambridge Security Workshop Proceedings}", year = "1993", publisher = "{Springer-Verlag}", month = "December", } @Book{feistel, author = "Michael Ruby", title = "Pseudorandomness and Cryptographic Applications", publisher = "Princeton Computer Science Notes", year = "1996" } @InCollection{Edjlali:SIP99, author = {G.~Edjlali and A.~Acharya and V.~Chaudhary}, title = {History-based Access Control for Mobile Code}, booktitle = "Secure Internet Programming", pages = "??--??", crossref = "SIP99" } @InCollection{Wilhelm:SIP99, author = {U.~Wilhelm and S.~Staamann and L.~Buttyan}, title = {Introducing Trusted Third Parties to the Mobile Agent Paradigm}, booktitle = "Secure Internet Programming", pages = "??--??", crossref = "SIP99" } @InCollection{Tschudin:SIP99, author = {C.~Tschudin}, title = {Apoptosis --- The programmed death of distributed services}, booktitle = "Secure Internet Programming", pages = "??--??", crossref = "SIP99" } @InCollection{Doorn:SIP99, author = {L.~van~Doorn and M.~Abadi and M.~Burrows and E.~Wobber}, title = {Secure Network Objects}, booktitle = "Secure Internet Programming", pages = "??--??", crossref = "SIP99" } @InCollection{Jones:SIP99, author = {M.~B.~Jones}, title = {Interposition Agents: Transparently Interposing User Code at the System Interface}, booktitle = "Secure Internet Programming", pages = "??--??", crossref = "SIP99" } @InCollection{Cardelli:SIP99, author = {L.~Cardelli}, title = {Abstractions for Mobile Computation}, booktitle = "Secure Internet Programming", pages = "??--??", crossref = "SIP99" } @InCollection{Leroy:SIP99, author = {X.~Leroy and F.~Rouaix}, title = {{Security properties of typed applets}}, booktitle = "Secure Internet Programming", crossref = "SIP99" } @InCollection{Alexander:SIP99, author = {D.~S.~Alexander and W.~A.~Arbaugh and A.~D.~Keromytis and J.~M.~Smith}, title = {Security in Active Networks}, booktitle = "Secure Internet Programming", pages = "433--451", crossref = "SIP99" } @InCollection{Swarup:SIP99, author = {V.~Swarup and J.~T.~Fabrega}, title = {Understanding Trust}, booktitle = "Secure Internet Programming", pages = "??--??", crossref = "SIP99" } @InCollection{Roth:SIP99, author = {V.~Roth}, title = {Mutual Protection of Co-operating Agents}, booktitle = "Secure Internet Programming", pages = "??--??", crossref = "SIP99" } @InCollection{Grimm:SIP99, author = {R.~Grimm and B.~Bershad}, title = {Providing Policy Neutral and Transparent Access Control in Extensible Systems}, booktitle = "Secure Internet Programming", pages = "??--??", crossref = "SIP99" } @InCollection{Hennessey:SIP99, author = {M.~Hennessey and J.~Riely}, title = {Type-safe Execution of Mobile Agents in Anonymous Networks}, booktitle = "Secure Internet Programming", pages = "??--??", crossref = "SIP99" } @InCollection{Nicola:SIP99, author = {R.~De~Nicola and G.~L.~Ferrari and R.~Pugliese}, title = {Types as Specifications of Access Policies}, booktitle = "Secure Internet Programming", pages = "??--??", crossref = "SIP99" } @InCollection{Eicken:SIP99, author = {T.~von~Eicken}, title = {J-Kernel a capability based operating system for Java}, booktitle = "Secure Internet Programming", pages = "??--??", crossref = "SIP99" } @InCollection{Abadi:SIP99, author = {M.~Abadi}, title = {Protection in Programming Language Translation}, booktitle = "Secure Internet Programming", pages = "??--??", crossref = "SIP99" } @InCollection{Ancona:SIP99, author = {M.~Ancona and W.~Cazzola and E.~Fernandez}, title = {Reflective Authorization Systems: Possibilities, Benefits and Drawbacks}, booktitle = "Secure Internet Programming", pages = "??--??", crossref = "SIP99" } @InCollection{Hulaas:SIP99, author = {Jaarle Hulaas and Alex Villazon and Juergen Harms}, title = {User Interfaces as a General Mechanism for the Specification of Functionality and Access Rights in Open Dynamic Environments}, booktitle = "Secure Internet Programming", pages = "??--??", crossref = "SIP99" } @InCollection{Blaze:SIP99, author = {M.~Blaze and J.~Feigenbaum and J.~Ioannidis and A.~Keromytis}, title = {The Role of Trust Management in Distributed Systems Security}, booktitle = "Secure Internet Programming", pages = "185--210", crossref = "SIP99" } @InCollection{Jaeger:SIP99, author = {T.~Jaeger}, title = {Access Control in Configurable Systems}, booktitle = "Secure Internet Programming", pages = "??--??", crossref = "SIP99" } @InCollection{Aura:SIP99, author = {T.~Aura}, title = {Distributed access rights management with delegation certificates}, booktitle = "Secure Internet Programming", pages = "??--??", crossref = "SIP99" } @InCollection{Brose:SIP99, author = {G.~Brose}, title = {A View-Based Access Control Model for {CORBA}}, booktitle = "Secure Internet Programming", pages = "??--??", crossref = "SIP99" } @Book{SIP99, author = "Jan Vitek and Christian Jensen", title = "Secure Internet Programming: Security Issues for Mobile and Distributed Objects", volume = "1603", publisher = "Springer-Verlag Inc.", address = "New York, NY, USA", year = "1999", ISBN = "3-540-66130-1", ISSN = "0302-9743", LCCN = "", series = "Lecture Notes in Computer Science", keywords = "Computer security; Electronic data processing --- Distributed processing --- Security; Intelligent agents (Computer software) --- Security measures; measures; Mobile agents (Computer software)", } @InProceedings{bellovinprob97, author = {S. Bellovin}, title = {{Probable Plaintext Cryptanalysis of the IP Security Protocols}}, booktitle = {Proceedings of the Symposium on Network and Distributed System Security}, year = 1997, month = {February}, city = {San Diego, CA}, pages = {155--160} } @InProceedings{keynotecambridge, author = {M. Blaze and J. Feigenbaum and A. Keromytis}, title = {{KeyNote: Trust Management for Public-Key Infrastructures}}, publisher = {Springer, LNCS vol. 1550}, booktitle = {Proceedings of the 1998 Cambridge Security Protocols International Workshop}, year = 1999, pages = {59--63} } @InProceedings{MMH, author = {S. Halevi and H. Krawczyk}, title = {{MMH: Message Authentication in Software in the Gbit/second Rates}}, booktitle = {Proceedings of the 4th Workshop on Fast Software Encryption}, publisher = {Springer, LNCS vol. 1267}, pages = {172--189}, year = 1997 } @InProceedings{Syverson94, title = {{A Taxonomy of Replay Attacks}}, author = {P. Syverson}, booktitle = {Proceedings of the Computer Security Foundations Workshop VII (CSFW7)}, month = {June}, year = 1994 } @Article{esy, title = {{The Complexity of Promise Problems with Applications to Public-Key Cryptography}}, author = {S. Even and A. Selman and Y. Yacobi}, year = 1984, journal = {Information and Control}, pages = {159--174}, volume = 61 } @Article{Gong92, author = {L. Gong}, title = {{A Security Risk of Depending on Synchronized Clocks}}, journal = {ACM Operating Systems Review}, volume = 26, number = 1, month = {January}, year = 1992 } @InProceedings{Guttman97, author = {Joshua D. Guttman}, title = {{Filtering Postures: Local Enforcement for Global Policies}}, pages = {120-129}, booktitle = {IEEE Security and Privacy Conference}, month = {May}, year = {1997}, city = {Oakland}, state = {CA} } @Article{Sullivan94, author = {Gordon R. Sullivan and James M. Dubik}, title = {{War in the Information Age}}, institution = {Strategic Studies Institute, US Army War College}, month = {June}, year = 1994 } @Article{safetynet, author = {Ian Wakeman and Alan Jeffrey and Rory Graves and Tim Owen}, title = {{Designing a Programming Language for Active Networks}}, journal = {submitted to Hipparch special issue of Network and ISDN Systems}, year = 1998, month = {June}, note = {http://www.cogs.susx.ac.uk/\-projects/\-safetynet/\-papers/\-isdn.ps.gz} } @Misc{ssyslog, key = "ssyslog", title = {{Secure Syslog}}, howpublished = "\texttt{http://www.core-sdi.com/Core-SDI /english/slogging/ssyslog.html}", } @Misc{Ensemble, key = "Ensemble", title = {{Ensemble Home Page}}, howpublished = "\texttt{http://simon.cs.cornell.edu/Info /Projects/Ensemble}" } @Article{Hoare78, author = {C. A. R. Hoare}, title = {{Communicating Sequential Processes}}, year = 1978, month = {August}, journal = {Communications of the ACM}, pages = {666--677}, volume = 21, number = 8 } @Article{SwitchWareArch, author = "D. S. Alexander and W. A. Arbaugh and M. Hicks and P. Kakkar and A. D. Keromytis and J. T. Moore and C. A. Gunter and S. M. Nettles and J. M. Smith", title = {{The SwitchWare Active Network Architecture}}, journal = "IEEE Network Magazine, special issue on Active and Programmable Networks", volume = 12, number = 3, pages = {29--36}, year = 1998 } @Article{sane, author = "D. S. Alexander and W. A. Arbaugh and A. D. Keromytis and J. M. Smith", title = {{A Secure Active Network Environment Architecture: Realization in SwitchWare}}, journal = "IEEE Network Magazine, special issue on Active and Programmable Networks", volume = 12, number = 3, pages = {37--45}, year = 1998 } @Article{dteup96, author = {L. Badger and D. F. Sterne and D. L. Sherman and K. M. Walker}, title = {A domain and type enforcement UNIX prototype}, year = 1996, pages = {47--83}, volume = 9, number = 1, journal = {USENIX Computing Systems} } @InProceedings{pdtefu95, author = {L. Badger and D. F. Sterne and D. L. Sherman and K. M. Walker and S. A. Haghighat}, title = {Practical domain and type enforcement for UNIX}, year = 1995, booktitle = {Proc. of 1995 IEEE Symposium on Security and Privacy} } @InProceedings{ulrfs93, author = {G. S. Fowler and Y. Huang and D. G. Korn and H. Rao}, title = {A user-level replicated file system}, year = 1993, booktitle = {Summer 1993 USENIX Conference Proceedings}, pages = {119--132} } @InProceedings{3dfs89, author = {D. G. Korn and E. Krell}, title = {{The 3-D file system}}, year = 1989, booktitle = {Summer 1989 USENIX Conference Proceedings}, pages = {147--156} } @InProceedings{rnasd92, author = {W. LeFebvre}, title = {{Restricting network access to system daemons under SunOS}}, year = 1992, booktitle = {UNIX Security Symposium III Proceedings}, pages = {93--103} } @InProceedings{eupmacl88, author = {G. Fernandex and L. Allen}, title = {{Extending the Unix Protection Model with Access Control Lists}}, year = 1988, booktitle = {Proc. of 1988 Summer USENIX Conference}, pages = {119--132} } @InProceedings{tron95, author = {A. Berman and V. Bourassa and E. Selberg}, title = {{TRON: Process-specific file protection for the UNIX operating system}}, booktitle = {Proc. of 1995 USENIX Winter Technical Conference}, year = 1995, pages = {165--175} } @InProceedings{tal98, author = {G. Morrisett and D. Walker and K. Crary and N. Glew}, title = {{From System F to Typed Assembly Language}}, year = 1998, month = {January}, booktitle = {Proc. of the 25th ACM Symposium on Principles of Programming Languages} } @InProceedings{impdj98, author = {C. Hawblitzel and C. Chang and G. Czajkowski}, title = {{Implementing Multiple Protection Domains in Java}}, year = 1998, month = {June}, booktitle = {Proc. of the 1998 USENIX Annual Technical Conference}, pages = {259--270} } @InProceedings{tstclsm98, author = {J. Y. Levy and J. K. Ousterhout and B. B. Welch}, title = {{The Safe-Tcl Security Model}}, year = 1998, month = {June}, booktitle = {Proc. of the 1998 USENIX Annual Technical Conference}, pages = {271--282} } @InProceedings{spsasos94, author = {J. S. Chase and H. M. Levy and M. J. Feeley and E. D. Lazowska}, title = {{Sharing and Protection in a Single-Address-Space Operating System}}, year = 1994, month = {November}, booktitle = {ACM Transactions on Computer systems} } @InProceedings{pcism74, author = {J. H. Saltzer}, title = {{Protection and the Control of Information Sharing in Multics}}, year = 1974, booktitle = {Communications of the ACM}, pages = {388--402}, month = {July} } @InProceedings{esbfi93, author = {R. Wahbe and S. Lucco and T. E. Anderson and S. L. Graham}, title = {{Efficient Software-based Fault Isolation}}, year = 1993, booktitle = {Proc. of the 14th Symposium on Operating System Principles}, pages = {203--216}, month = {December} } @InProceedings{ospfgp98, author = {T. Jaeger and J. Liedtke and N. Islam}, title = {{Operating System Protection for Fine-Grained Programs}}, year = 1998, month = {January}, booktitle = {Proc. of 7th USENIX Security Symposium}, pages = {143--157} } @InProceedings{ptmas98, author = {U. G. Wilhelm and S. Staamann and L. Buttyan}, title = {{On the Problem of Trust in Mobile Agent Systems}}, year = 1998, month = {March}, booktitle = {Proc. of Network and Distributed System Security Symposium (NDSS)}, pages = {114--124} } @InProceedings{ipdjdk98, author = {L. Gong and R. Schemers}, title = {{Implementing Protection Domains in the Java Development Kit 1.2}}, year = 1998, month = {March}, booktitle = {Proc. of Network and Distributed System Security Symposium (NDSS)}, pages = {125-134} } @InProceedings{seuhacwh96, author = {I. Goldberg and D. Wagner and R. Thomas and E. A. Brewer}, title = {{A Secure Environment for Untrusted Helper Applications: Confining the Wily Hacker}}, year = 1996, booktitle = {Proc. of the 5th USENIX Security Symposium} } @InProceedings{Rouaix96, author = "Fran\c{c}ois Louaix", title = {{A Web Navigator with Applets in {Caml}}}, booktitle = "Fifth {WWW} Conference", year = 1996 } @InProceedings{piglet-sigops98, author = {S. J. Muir and J. M. Smith}, title = {{Functional divisions in the Piglet multiprocessor operating system}}, year = 1998, month = {September}, booktitle = {SIGOPS European Workshop} } @Article{aglets, author = {G\"unter Kajoth and Danny B. Lange and Mitsuru Oshima}, title = {A Security Model for Aglets}, journal = {IEEE Internet Computing}, year = 1997, volume = 1, number = 4, month = {July - August} } @PhdThesis{alexander98, author = {D. S. Alexander}, title = {{ALIEN: A Generalized Computing Model of Active Networks}}, year = 1998, month = {September}, school = {University of Pennsylvania} } @PhdThesis{schroeder72, author = {M. D. Schroeder}, title = {Cooperation of Mutually Suspicious Subsystems in a Computer Utility}, year = 1972, month = {September}, school = {MIT} } @PhdThesis{akjones73, author = {A. K. Jones}, title = {Protection in Programmed Systems}, year = 1973, school = {CMU}, month = {June} } @PhdThesis{knabe, author = {Frederick Colville Knabe}, title = {{Language Support for Mobile Agents}}, school = {CMU}, year = 1995, month = {December} } @InProceedings{parnas, author = {D. L. Parnas}, title = {On a 'buzzword': Hierarchical structure}, booktitle = {Proc. of the IFIP Congress}, year = 1974, publisher = {North-Holland}, pages = {336-339} } @InProceedings{Wetherall98, author = {David J. Wetherall and John Guttag and David L. Tennenhouse}, title = {{ANTS: A Toolkit for Building and Dynamically Deploying Network Protocols}}, booktitle = {IEEE OpenArch Proceedings}, year = 1998, publisher = {IEEE Computer Society Press, Los Alamitos}, month = {April} } @InProceedings{Wallach97, author = {Dan S. Wallach and Dirk Balfanz and Drew Dean and Edward W. Felten}, title = {{Flexible Security Architecture for Java}}, booktitle = {Proceedings of the 16th ACM Symposium on Operating Systems Principles}, year = 1997, month = {October} } @InProceedings{NDSS, author = {W. A. Arbaugh and A. D. Keromytis and D. J. Farber and J. M. Smith}, title = {{Automated Recovery in a Secure Bootstrap Process}}, booktitle = {Proceedings of Network and Distributed System Security Symposium}, year = 1998, month = {March}, pages = {155--167}, organization = {Internet Society} } @InProceedings{PolicyMaker, author = {M. Blaze and J. Feigenbaum and J. Lacy}, title = {{Decentralized Trust Management}}, booktitle = {Proc. of the 17th Symposium on Security and Privacy}, year = 1996, publisher = {IEEE Computer Society Press, Los Alamitos}, pages = {164--173} } @InProceedings{PMFC, author = {M. Blaze and J. Feigenbaum and M. Strauss}, title = {{Compliance Checking in the PolicyMaker Trust-Management System}}, booktitle = {Proc. of the Financial Cryptography '98, Lecture Notes in Computer Science, vol. 1465}, publisher = {Springer, Berlin}, pages = {254--274}, year = {1998} } @InProceedings{lsm, author = {J. Lacy and J. Snyder and D. Maher}, title = {{Music on the Internet and the Intellectual Property Protection Problem}}, booktitle = {Proc. of the International Symposium on Industrial Electronics}, publisher = {IEEE Press}, city = {New York}, year = 1997, pages = {SS77--83} } @Misc{lmb, author = {R. Levien and L. McCarthy and M. Blaze}, title = {{Trans\-pa\-rent Inter\-net E\--mail Se\-cu\-ri\-ty}}, howpublished = {http://www.\-cs.\-umass.\-edu/\-\verb+~+lmccarth/crypto/pa\-per\-s/email.ps} } @Misc{ipv6, author = {S. Deering and R. Hinden}, title = {{Internet Protocol, Version 6 (IPv6) Specification}}, howpublished = {Internet RFC 1883}, year = 1996, month = {January} } @Misc{IPsec, author = {R. Atkinson}, title = {{Security Architecture for the Internet Protocol}}, howpublished = {RFC 1825}, year = 1995, month = {August} } @Misc{SOCKS5, author = {M. Leech and M. Ganis and Y. Lee and R. Kuris and D. Koblas and L. Jones}, title = {{SOCKS Protocol Version 5}}, howpublished = {RFC1928}, year = 1996, month = {March} } @TECHREPORT{SSH, AUTHOR="Ylonen, T. and Kivinen, T. and Saarinen, M. and Rinne, T. and Lehtinen, S.", TITLE={{SSH Protocol Architecture}}, TYPE="{Internet Draft}", INSTITUTION="Internet Engineering Task Force", NOTE="Work in progress", MONTH=feb, YEAR=1999, ABSTRACT="SSH is a protocol for secure remote login and other secure network ser- vices over an insecure network. This document describes the architecture of the SSH protocol, and the notation and terminology used in SSH proto- col documents. It also discusses the SSH algorithm naming system that allows local extensions. The SSH protocol consists of three major com- ponents: Transport layer protocol provides server authentication, confi- dentiality, and integrity with perfect forward secrecy. User authentica- tion protocol authenticates the client to the server. Connection proto- col multiplexes the encrypted tunnel into several logical channels. Details of these protocols are described in separate documents.", URL="ftp://www.ietf.org/internet-drafts/draft-ietf-secsh-architecture-03.txt", DAY=22, ENTRYBY=Sc } @Misc{TLS, author = {Tim Dierks and Christopher Allen}, title = {{The TLS PRotocol Version 1.0}}, howpublished = {Work In Progress}, year = 1997, month = {November} } @Misc{ANEP, author = "D. S. Alexander and B.b Braden and C. A. Gunter and A. W. Jackson and A. D. Keromytis and G. J. Minden and D. Wetherall", title = {{Active Network Encapsulation Protocol (ANEP)}}, howpublished = {http://www.cis.upenn.edu/\verb+~+angelos/ANEP.txt.gz}, year = 1997, month = {August} } @Misc{AH, author = {R. Atkinson}, title = {{IP Authentication Header}}, howpublished = {RFC 1826}, year = 1995, month = {August} } @Misc{ESP, author = {R. Atkinson}, title = {{IP Encapsulating Security Payload}}, howpublished = {RFC 1827}, year = 1995, month = {August} } @TechReport{SnareWork, author = {J. Chinitz and S. Sonnenberg}, title = {{A Transparent Security Framework For TCP/IP and Legacy Applications}}, howpublished = {http://www.isoft.com/}, year = 1996, month = {August}, institution = {Intellisoft Corp.} } @TechReport{saneimp, author = {D. S. Alexander and Kostas G. Anagnostakis and W. A. Arbaugh and A. D. Keromytis and J. M. Smith}, title = {{The Price of Safety in an Active Network}}, year = 1999, month = {January}, institution = {University of Pennsylvania}, type = {Technical Report}, number = {MS-CIS-99-02} } @TechReport{oldsaneimp, author = {D. S. Alexander and W. A. Arbaugh and A. D. Keromytis and J. M. Smith}, title = {{Performance Implications of Securing Active Networks}}, year = {1998}, month = {January}, institution = {University of Pennsylvania}, type = {Technical Report}, number = {MS-CIS-98-02} } @TechReport{mcst98, author = {J. Moore}, title = {{Mobile Code Security Techniques}}, year = {1998}, month = {May}, institution = {University of Pennsylvania}, type = {Technical Report}, number = {MS-CIS-98-28} } @Misc{PGP, author = {P. Zimmerman}, title = {{PGP User's Manual}}, year = {1995} } @TechReport{SDSI, author = {B. Lampson and R. Rivest}, title = {{Cryptography and Information Security Group Research Project: A Simple Distributed Security Infrastructure}}, institution = {MIT}, year = 1997, howpublished = {http://theory.lcs.mit.edu/\verb+~+cis/sdsi.html} } @TechReport{active-firewall, author = {Angelos D. Keromytis and Matt Blaze and John Ioannidis and Jonathan M. Smith}, title = {{Firewalls in Active Networks}}, institution = {University of Pennsylvania}, year = 1998, month = {February}, type = {Technical Report}, number = {MS-CIS-98-03} } @Misc{etherboot, author = {Markus Gutschke and Ken Yap}, title = {{Etherboot 3.2}}, howpublished = {http://www.syd.dit.csiro.au/staff/ken/personal/etherboot/}, year = 1997, month = {July} } @Manual{gnump, title = {{The GNU Multiple Precision Arithmetic Library}}, author = {Torbjorn Granlund}, organization = {{TMG Datakonsult}}, edition = {2.0.2}, year = 1996, month = {June} } @Misc{draft-mcdonald, title = {{A Simple IP Security API Extension to BSD Sockets}}, author = {D. L. McDonald}, howpublished = {Work in Progress}, } @Misc{ipsec-ah-draft-rfc, title = {{IP Security Authentication Header}}, author = {Stephen Kent and Randall Atkinson}, howpublished = {Work in Progress}, year = 1997, month = {October} } @Misc{KeyNote, author = {M. Blaze and J. Feigenbaum and J. Ioannidis and A. D. Keromytis}, title = {The KeyNote Trust Management System Version 2}, howpublished = {Internet RFC 2704}, year = "1999", month = {September} } @Misc{keynotedraft, author = {M. Blaze and J. Feigenbaum and J. Ioannidis and A. D. Keromytis}, title = {The KeyNote Trust Management System Version 2}, howpublished = {Internet RFC 2704}, year = "1999", month = {September} } @Misc{rfc-hmac-md5, author = {M. Oehler and R. Glenn}, title = {{HMAC-MD5 IP Authentication with Replay Prevention}}, howpublished = {Internet RFC 2085}, year = 1997, month = {February} } @TECHREPORT{rfc2404, AUTHOR="Madson, C. and Glenn, R.", TITLE="The Use of {HMAC-SHA-1-96} within {ESP} and {AH}", TYPE="Request for Comments (Proposed Standard)", INSTITUTION="Internet Engineering Task Force", NUMBER=2404, MONTH=nov, YEAR=1998, ABSTRACT="This memo describes the use of the HMAC algorithm [RFC-2104] in conjunction with the SHA-1 algorithm [FIPS-180-1] as an authentication mechanism within the revised IPSEC Encapsulating Security Payload [ESP] and the revised IPSEC Authentication Header [AH]. HMAC with SHA-1 provides data origin authentication and integrity protection.", URL="ftp://ftp.isi.edu/in-notes/rfc2404.txt", ENTRYBY=Sc } @TECHREPORT{rfc2403, AUTHOR="Madson, C. and Glenn, R.", TITLE="The Use of {HMAC-MD5-96} within {ESP} and {AH}", TYPE="Request for Comments (Proposed Standard)", INSTITUTION="Internet Engineering Task Force", NUMBER=2403, MONTH=nov, YEAR=1998, ABSTRACT="This memo describes the use of the HMAC algorithm [RFC-2104] in conjunction with the MD5 algorithm [RFC-1321] as an authentication mechanism within the revised IPSEC Encapsulating Security Payload [ESP] and the revised IPSEC Authentication Header [AH]. HMAC with MD5 provides data origin authentication and integrity protection.", URL="ftp://ftp.isi.edu/in-notes/rfc2403.txt", ENTRYBY=Sc } @Misc{draft-sha1-hmac, author = {C. Madson and R. Glenn}, title = {{The Use of HMAC-SHA1-1-96 within ESP and AH}}, howpublished = {Work in Progress}, year = 1997, month = {November} } @Manual{netpc, title = {Network PC System Design Guidelines}, author = {Compaq Computer and Dell Computer and Hewlett Packard and Intel and Microsoft Corporations }, edition = {1.0b}, year = 1997, month = {July} } @Misc{intel-usenet, author = {Joe Goldmeer}, title = {Re: Re: Pentium PRO floating point patch}, howpublished = {USENET Posting to intel.motherboards.pentium\_pro}, year = 1997, month = {November}, annote = {Message Id: JRm8vl568GA.187@newsgroups.intel.com} } @Misc{assigned-num-rfc, author = {J. Reynolds and J. Postel}, title = {Assigned {N}umbers}, howpublished = {Internet RFC 1700}, year = 1994, month = {October} } @Misc{ip-ah-sha1, author = {Perry Metzger and William Simpson}, title = {{IP Authentication using Keyed SHA}}, howpublished = {Internet RFC 1852}, year = 1995, month = {October} } @Misc{rfc1321, author = {R. Rivest}, title = {{The MD5 Message-Digest Algorithm}}, howpublished = {Internet RFC 1321}, year = 1992, month = {April} } @Misc{rfc1853, author = {William Simpson}, title = {{IP in IP Tunneling}}, howpublished = {Internet RFC 1853}, year = 1995, month = {October} } @Misc{rfc-icmp, author = {J. Postel}, title = {{Internet Control Message Protocol}}, howpublished = {Internet RFC 792}, year = 1981, month = {September} } @Misc{rfc1191, author = {J. Mogul and S. Deering}, title = {Path MTU Discovery}, howpublished = {Internet RFC 1191}, year = 1990, month = {November} } @Misc{ip-ah-md5, author = {Perry Metzger and William Simpson}, title = {IP Authentication using Keyed MD5}, howpublished = {Internet RFC 1828}, year = 1995, month = {August} } @Misc{ip-esp-des-cbc, author = {Perry Metzger and Phil Karn and William Simpson}, title = {The ESP DES-CBC Transform}, howpublished = {Internet RFC 1829}, year = 1995, month = {August} } @Misc{ip-esp-3des-cbc, author = {Perry Metzger and Phil Karn and William Simpson}, title = {The ESP Triple DES-CBC Transform}, howpublished = {Internet RFC 1851}, year = 1995, month = {October} } @Misc{dnssec, author = {D. Eastlake and C. Kaufman}, title = {Dynamic {N}ame {S}ervice and {S}ecurity}, howpublished = {Internet RFC 2065}, year = 1997, month = {January} } @Misc{skip, author = {Ashar Aziz and Tom Markson and Hemma Prafullchandra}, title = {Assigned {N}umbers for {SKIP} {P}rotocols}, howpublished = {http://skip.incog.com/spec/numbers.html} } @Misc{blind, author = {Anonymous}, title = {Blind {R}eference for {R}eviewing {P}urposes} } @InProceedings{failstop, author = {Li Gong and Paul Syverson}, title = {Fail-{S}top {P}rotocols: An {A}pproach to {D}esigning {S}ecure {P}rotocols}, booktitle = {Proceedings of IFIP DCCA-5}, year = 1995, month = {September} } @Misc{cryptolib, author = {Jack Lacy and Don Mitchell and Matt Blaze}, title = {CryptoLib 2.0Beta}, howpublished = {Email to cryptolib@research.att.com}, year = 1995 } @Misc{isc-dhcp, author = {Ted Lemon}, title = {Dynamic {H}ost {C}onfiguration {S}erver}, howpublished = {ftp://ftp.fugue.com/pub/}, year = 1997 } @Misc{dhcp-options, author = {S. Alexander and R. Droms}, title = {{DHCP} {O}ptions and {BOOTP} {V}endor {E}xtensions}, howpublished = {Internet RFC 2132}, year = 1997, month = {March} } @InProceedings{tcpsyn, author = {L.T. Heberlein and M. Bishop}, title = {Attack {C}lass: {A}ddress {S}poofing}, booktitle = {Proceedings of the 19th National Information Systems Security Conference}, year = 1996, month = {October}, pages = {371--377} } @Misc{tftp-rfc, author = {K. R. Sollins}, title = {The {TFTP} {P}rotocol (Revision 2)}, howpublished = {Internet RFC 1350}, year = 1992, month = {July} } @Misc{hmac-rfc, author = {H. Krawczyk and M. Bellare and R. Canetti}, title = {{HMAC}:{K}eyed--{H}ashing for {M}essage {A}uthentication}, howpublished = {Internet RFC 2104}, year = 1997, month = {February} } @Misc{tftp-opt-rfc, author = {G. Malkin and A. Harkin}, title = {{TFTP} {O}ption {E}xtension}, howpublished = {Internet RFC 1782}, year = 1995, month = {March} } @Misc{tftp-bootp, author = {Ross Finlayson}, title = {Bootstrap {L}oading using {TFTP}}, howpublished = {Internet RFC 906}, year = 1984, month = {June} } @TECHREPORT{rfc2407, AUTHOR="Piper, D.", TITLE="The Internet {IP} Security Domain of Interpretation for {ISAKMP}", TYPE="Request for Comments (Proposed Standard)", INSTITUTION="Internet Engineering Task Force", NUMBER=2407, MONTH=nov, YEAR=1998, ABSTRACT="The Internet Security Association and Key Management Protocol (ISAKMP) defines a framework for security association management and cryptographic key establishment for the Internet. This framework consists of defined exchanges, payloads, and processing guidelines that occur within a given Domain of Interpretation (DOI). This document defines the Internet IP Security DOI (IPSEC DOI), which instantiates ISAKMP for use with IP when IP uses ISAKMP to negotiate security associations.", URL="ftp://ftp.isi.edu/in-notes/rfc2407.txt", ENTRYBY=Sc } @TECHREPORT{rfc2408, AUTHOR="Maughan, D. and Schertler, M. and Schneider, M. and Turner, J.", TITLE="Internet Security Association and Key Management Protocol {(ISAKMP)}", TYPE="Request for Comments (Proposed Standard)", INSTITUTION="Internet Engineering Task Force", NUMBER=2408, MONTH=nov, YEAR=1998, ABSTRACT="This memo describes a protocol utilizing security concepts necessary for establishing Security Associations (SA) and cryptographic keys in an Internet environment.", URL="ftp://ftp.isi.edu/in-notes/rfc2408.txt", ENTRYBY=Sc } @TECHREPORT{rfc2409, AUTHOR="Harkins, D. and Carrel, D.", TITLE="The Internet Key Exchange {(IKE)}", TYPE="Request for Comments (Proposed Standard)", INSTITUTION="Internet Engineering Task Force", NUMBER=2409, MONTH=nov, YEAR=1998, ABSTRACT="This document describes a protocol using part of Oakley and part of SKEME in conjunction with ISAKMP to obtain authenticated keying material for use with ISAKMP, and for other security associations such as AH and ESP for the IETF IPsec DOI.", URL="ftp://ftp.isi.edu/in-notes/rfc2409.txt", ENTRYBY=Sc } @TECHREPORT{photuris, AUTHOR="Karn, P. and Simpson, W.", TITLE="Photuris: Session-Key Management Protocol", TYPE="Request for Comments (Experimental)", INSTITUTION="Internet Engineering Task Force", NUMBER=2522, MONTH=mar, YEAR=1999, ABSTRACT="Photuris is a session-key management protocol intended for use with the IP Security Protocols (AH and ESP). This document defines the basic protocol mechanisms.", URL="ftp://ftp.isi.edu/in-notes/rfc2522.txt", ENTRYBY=Sc } @TECHREPORT{rfc2523, AUTHOR="Karn, P. and Simpson, W.", TITLE="Photuris: Extended Schemes and Attributes", TYPE="Request for Comments (Experimental)", INSTITUTION="Internet Engineering Task Force", NUMBER=2523, MONTH=mar, YEAR=1999, ABSTRACT="Photuris is a session-key management protocol. Extensible Exchange-Schemes are provided to enable future implementation changes without affecting the basic protocol.", URL="ftp://ftp.isi.edu/in-notes/rfc2523.txt", ENTRYBY=Sc } @Manual{BER, author = {Consultation Committee}, title = {{Recommendation X.209: Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1)}}, institution = {International Telephone and Telegraph, International Telecommunications Union}, year = 1988 } @Article{ACC, title = {{Using Active Networking to Enhance Feedback Congestion Control Mechanisms}}, author = {Theodore Faber}, year = 1998, journal = {IEEE Network Magazine, special issue on Active and Programmable Networks}, } @Article{NewIntSer, title = {{Introducing New Internet Services: Why and How}}, author = {D. Wetherall and U. Legedza and J. Guttag}, year = 1998, journal = {IEEE Network Magazine, special issue on Active and Programmable Networks}, volume = 12, number = 3, pages = {12--19} } @Article{FuzzyMulticast, title = {{The Support of Active Networks for Fuzzy-Tolerant Multicast Applications}}, author = {M. Calderon and M. Sedano and A. Azcorra and C. Alonso}, year = 1998, journal = {IEEE Network Magazine, special issue on Active and Programmable Networks}, volume = 12, number = 3, pages = {20--28} } @Article{keykos, author = {Norman Hardy}, title = {The {K}ey{KOS}}, journal = {Operating Systems Review}, year = 1985, volume = 19, number = 4, month = {October}, pages = {8--25} } @Misc{intel-dhcp, author = {Baiju V. Patel}, title = {Securing {DHCP}}, howpublished = {Work in Progress}, year = 1997, month = {July} } @Book{capability, author = {H.M. Levy}, title = {Capability {B}ased {C}omputer {S}ystems}, publisher = {Digital Press}, year = 1984 } @Book{Hoare84, author = {C.A.R. Hoare}, title = {{Communicating Sequential Processes}}, year = 1984, publisher = {Prentice-Hall} } @Misc{dhc-auth-rfc, author = {R. Droms}, title = {Authentication for {DHCP} {M}essages}, howpublished = {Work in Progress}, year = 1997, month = {August} } @Misc{dhc-rfc, author = {R. Droms}, title = {Dynamic {H}ost {C}onfiguration {P}rotocol}, howpublished = {Internet RFC 2131}, year = 1997, month = {March} } @Misc{spki-bnf, author = {Carl M. Ellison}, title = {{SDSI/SPKI BNF}}, howpublished = {Private Email}, year = 1997, month = {July} } @Misc{spki, author = {C. M. Ellison and B. Frantz and R. Rivest and B. M. Thomas and T. Ylonen}, title = {Simple {P}ublic {K}ey {C}erti\-fi\-ca\-te}, year = 1997, month = {April}, howpublished = {Work in Progress, http://www.pobox.com/\verb+~+cme/html/spki.html} } @Misc{sha1, publisher = {{N}ational {I}nstitute of {S}tandards}, key = {NIST}, title = {{S}ecure {H}ash {S}tandard}, institution = {U.S. Department of Commerce}, year = 1995, number = {FIPS-180-1}, month = {April}, note = {Also known as: 59 Fed Reg 35317 (1994)} } @Misc{dsa, publisher = {{N}ational {I}nstitute of {S}tandards}, key = {NIST}, title = {{D}igital {S}ignature {S}tandard}, institution = {U.S. Department of Commerce}, year = 1994, number = {FIPS-186}, month = {May} } @Misc{des, publisher = {{N}ational {B}ureau of {S}tandards}, key = {NBS}, title = {{D}ata {E}ncryption {S}tandard}, institution = {U.S. Department of Commerce}, year = 1977, number = {FIPS-46}, month = {January} } @Article{StS, author = {W. Diffie and P.C. van Oorschot and M.J. Wiener}, title = {Authentication and {A}uthenticated {K}ey {E}xchanges}, journal = {Designs, Codes and Cryptography}, year = 1992, volume = 2, pages = {107--125} } @Article{DH, author = {W. Diffie and M.E. Hellman}, title = {New {D}irections in {C}ryptography}, journal = {IEEE Transactions on Information Theory}, year = 1976, volume = {IT--22}, number = 6, month = {Nov}, pages = {644--654} } @Article{protocol-boosters, author = {D. C. Feldmeier and A. J McAuley and J. M. Smith and D. S. Bakin and W. S. Marcus and T. M. Raleigh}, title = {{Protocol Boosters}}, journal = {IEEE Journal on Selected Areas in Communications (Special Issue on Protocol Architectures for 21st Century Applications}, month = {April}, year = 1998, pages = {437--444}, volume = 16, number = 3 } @InProceedings{oakland, author = {W. A. Arbaugh and D. J. Farber and J. M. Smith}, title = {A {S}ecure and {R}eliable {B}ootstrap {A}rchitecture}, booktitle = {Proceedings 1997 IEEE Symposium on Security and Privacy}, year = 1997, month = {May}, pages = {65--71} } @InProceedings{atkinson:96, author = {Randall J. Atkinson and Daniel L. McDonald and Bao G. Phan and Craig W. Metz and Kenneth C. Chin}, title = {{Implementation of IPv6 in 4.4 BSD}}, booktitle = {Proceedings of the 1996 USENIX Technical Conference}, year = 1996, organization = {USENIX}, month = {January}, pages = {113--125} } @InProceedings{swipe, author = {John Ioannidis and Matt Blaze}, title = {{The Architecture and Implementation of Network-Layer Security Under Unix}}, booktitle = {Fourth Usenix Security Symposium Proceedings}, year = 1993, organization = {USENIX}, month = {October} } @Misc{bsafe:bench, author = {RSA Data Security, Inc.}, title = {BSAFE 3.0 Benchmarks}, howpublished = {RSA Data Security Engineering Report}, year = 1996, note = {http://www.rsa.com/rsa/developers/bench.htm} } @TechReport{microsoft:ntfs, author = {Microsoft}, title = {Overview of FAT, HPFS, and NTFS File Systems}, institution = {Microsoft}, year = 1996, type = {Knowledge Base Article}, number = {Q100108}, month = {October} } @Misc{mach:boot, author = {R. Grimes}, title = {{AT}386 {P}rotected {M}ode {B}ootstrap {L}oader}, howpublished = {/sys/i386/boot/biosboot/README.MACH}, year = 1993, month = {October}, note = {2.1.5 FreeBSD} } @Misc{freebsd:boot, author = {Julian Elischer}, title = {386 Boot}, howpublished = {/sys/i386/boot/biosboot/README.386}, year = 1996, month = {July}, note = {2.1.5 FreeBSD} } @Article{kannan, author = {M. Blum and S. Kannan}, title = {Designing Programs that Check their Work}, journal = {JACM}, year = 1995, volume = 42, number = 1, month = {January}, pages = {269--291} } @InProceedings{feigenbaum:96, author = {Matt Blaze and Joan Feigenbaum and Jack Lacy}, title = {Decentralized {T}rust {M}anagement}, booktitle = {IEEE Conference on Security and Privacy}, year = 1996, organization = {IEEE}, month = {May} } @InProceedings{otoole:95, author = {Dawson R. Engler and M. Frans Kaashoek and James W. O'Toole}, title = {The Operating System Kernel as a Secure Programmable Machine}, booktitle = {Proceedings of the Sixth SIGOPS European Workshop}, month = {September}, year = {1994}, pages = {62--67} } @Article{birlix:93, author = {Hermann H\"artig and Oliver Kowalski and Winfried K\"uhnhauser}, title = {The {B}irlix Security Architecture}, journal = {Journal of Computer Security}, year = 1993, volume = 2, number = 1, pages = {5--21} } @Article{bishop:96, author = {Matt Bishop and Michael Dilger}, title = {Checking for Race Conditions in File Accesses}, journal = {Computing Systems}, year = 1996, volume = 9, number = 2, month = {Spring}, pages = {131--152} } @TechReport{verisign, author = {Verisign, Inc.}, title = {Verisign Certification Practice Statement}, institution = {Verisign, Inc.}, year = 1996, number = {Version 1.1}, address = {Mountain View, CA.}, month = {August} } @Book{phoenix:1991, author = {Phoenix Technologies Ltd.}, title = {System BIOS for IBM PCs, Compatibles, and EISA Computers}, publisher = {Addison Wesley}, year = 1991, edition = {2nd} } @TechReport{isakmp, author = {Douglas Maughan and Mark Schertler and Mark Schneider and Jeff Turner}, title = {Internet {S}ecurity {A}ssociation and {K}ey {M}anagement {P}rotocol ({ISAKMP})}, institution = {IPSEC Working Group}, year = 1996, type = {INTERNET--DRAFT}, month = {June} } @Misc{arbaugh:94, author = {William A. Arbaugh}, title = {{Signed Execution}}, howpublished = {Office of INFOSEC Research and Technology Program Status Review}, year = 1994, month = {February} } @InProceedings{rubin:betsi, author = {Aviel D. Rubin}, title = {{Trusted Distribution of Software Over the Internet}}, booktitle = {Symposium on Network and Distributed System Security}, year = 1995, organization = {Internet Society} } @TechReport{orange, author = {DOD}, title = {{Trusted Computer System Evaluation Criteria}}, institution = {Department of Defense}, year = 1985, number = {DOD 5200.28-STD}, month = {December} } @PhdThesis{Yee:94, author = {Bennet Yee}, title = {{Using Secure Coprocessors}}, school = {Carnegie Mellon University}, year = 1994 } @PhdThesis{Clark:94, author = {Paul Christopher Clark}, title = {{BITS: A Smartcard Protected Operating System}}, school = {George Washington University}, year = 1994 } @Article{lampson:92, author = {Butler Lampson and Martin Abadi and Michael Burrows}, title = {{Authentication in Distributed Systems: Theory and Practice}}, journal = {ACM Transactions on Computer Systems}, year = 1992, volume = {v10}, month = {November}, pages = {265--310} } @Article{pozzo:87, author = {Maria M. Pozzo and Terence E. Gray}, title = {An {A}pproach to {C}ontaining {C}omputer {V}iruses}, journal = {Computers and Security}, year = 1987, volume = 6, number = 4, month = {August}, pages = {321--331} } @InProceedings{pozzo:86, author = {Maria M. Pozzo and Terrence E. Gray}, title = {A {M}odel for the {C}ontainment of {C}omputer {V}iruses}, booktitle = {1989 IEEE Symposium on Security and Privacy}, year = 1989, organization = {IEEE}, pages = {312--318} } @Article{lampson:76, author = {B.W. Lampson and H.E. Sturgis}, title = {Reflections on an Operating System Design}, journal = {CACM}, year = 1976, month = {May}, pages = {251--265} } @InProceedings{needham:77, author = {R.M. Needham and R.D.H. Walker}, title = {{The Cambridge CAP computer and its protection system}}, booktitle = {Sixth Symposium on Operating Systems Principles}, year = 1977, month = {November}, pages = {1--10} } @InProceedings{schroeder:75, author = {M.D. Schroeder}, title = {{Engineering a Security Kernel for MULTICS}}, booktitle = {Fifth Symposium on Operating Systems Principles}, year = 1975, month = {November}, pages = {125--132} } @Article{gligor:79, author = {Virgil D. Gligor and Bruce G. Lindsay}, title = {{Object Migration and Authentication}}, journal = {IEEE Transactions on Software Engineering}, year = 1979, month = {November}, pages = {607--611} } @TechReport{chaum:78, author = {D.L. Chaum and R.S. Fabry}, title = {Implementing {C}apability-{B}ased {P}rotection using {E}ncryption}, institution = {University of California at Berkeley}, year = 1978, type = {Memo}, number = {UCB/ERL M78/46}, month = {July} } @TechReport{yee:91, author = {J.D. Tygar and Bennet Yee}, title = {{DYAD: A System for Using Physically Secure Coprocessors}}, institution = {Carnegie Mellon University}, year = 1991, type = {Technical Report}, number = {CMU--CS--91--140R}, month = {May} } @InProceedings{vonglahn:84, author = {Peter G. von Glahn, David J. Farber and Stephen T. Walker}, title = {{The Trusted Office of the Future}}, booktitle = {COMPCON '84 Twenty Eighth IEEE Computer Security International Conference}, year = 1984, pages = {36--47} } @InProceedings{branstad:89, author = {M. Branstad, H. Tajalli, F. Mayer and D. Dalva}, title = {Access Mediation in a Message-Passing Kernel}, booktitle = {IEEE Conference on Security and Privacy}, year = 1989, pages = {66--71} } @InProceedings{schroeder:77, author = {M.D. Schroeder, D.D. Clark and J.H. Saltzer}, title = {{The {MULTICS} Kernel Design Project}}, booktitle = {Sixth ACM Symposium on Operating Systems Principles}, year = 1977, pages = {43--56} } @InCollection{thompson:87, author = {Ken Thompson}, title = {{Reflections on Trusting Trust (1983 Turing Award Lecture)}}, booktitle = {ACM Turing Award Lectures: The First Twenty Years 1966--1985}, publisher = {ACM Press}, year = 1987, address = {New York} } @Article{ritchie:74, author = {D.M. Ritchie and K.L. Thompson}, title = {The UNIX Operating System}, journal = {Communications of the ACM}, year = 1974, volume = 17, month = {July}, pages = {365--375} } @Article{thompson:78, author = {K.L. Thompson}, title = {UNIX Implementation}, journal = {The Bell System Technical Journal}, year = 1978, volume = 57, number = 6, month = {July--August}, pages = {1931--1946} } @InProceedings{kim:94, author = {G. Kiim and E. Spafford}, title = {Experience with Tripwire: Using Integrity Checkers for Intrusion Detection}, booktitle = {System Administration, Networking, and Security Conference III}, year = 1994, organization = {USENIX} } @InProceedings{Vince:93, author = {D. Vincenzetti and M. Cotrozzi}, title = {ATP: Anti Tampering Program}, booktitle = {USENIX Security IV Conference}, year = 1993, organization = {USENIX}, pages = {79--90} } @InProceedings{davida:89, author = {G. Davida, Y. Desmedt and B. Matt}, title = {Defending {S}ystems {A}gainst {V}iruses through {C}ryptographic {A}uthentication}, booktitle = {1989 IEEE Symposium on Security and Privacy}, year = 1989, organization = {IEEE}, pages = {312--318} } @Misc{authenticode, author = {Microsoft}, title = {Authenticode {T}echonology}, howpublished = {Microsoft's Developer Network Library, October 1996} } @Manual{pkcs1, title = {PKCS \#1: RSA Encryption Standard}, author = {RSA Laboratories}, edition = {Version 1.5}, year = 1993, note = {November} } @Manual{pkcs7, title = {PKCS \#7: Cryptographic Message Syntax Standard}, author = {RSA Laboratories}, edition = {Version 1.5}, year = 1993, month = {November} } @Manual{x509, title = {X.509: The Directory Authentication Framework}, author = {Consultation Committee}, organization = {International Telephone and Telegraph, International Telecommunications Union}, address = {Geneva}, year = 1989 } @Misc{microsoft-kmi, author = {Microsoft}, title = {Proposal for Authenticating Code via the Internet}, howpublished = {http://www.microsoft.com/workshop/prog/security/misf8-f.htm}, year = 1996, month = {April} } @Manual{lilo, title = {LILO Technical Overview}, author = {Werner Almesberger}, edition = {Version 19}, year = 1996, month = {May} } @Article{survey, author = {D.L. Tennenhouse and J.M. Smith and W.D. Sincoskie and D.J. Wetherall and G.J. Minden}, title = {A Survey of Active Network Research}, journal = {IEEE Communications Magazine}, year = 1997, month = {January}, pages = {80 -- 86} } @string{SIGPLAN = "ACM SIGPLAN Notices"} @string{ACM = "ACM Press"} @string{LFP = "{ACM} {S}ymposium on {LISP} and {F}unctional {P}rogramming"} @String{inst-USC-ISI = "University of Southern California, Information Sciences Institute"} @String{inst-USC-ISI:adr = "Marina del Rey, CA, USA"} @Misc{cert-ping, title = {CERT Advisory CA-96.26: Denial-of-Service Attack via ping}, howpublished = {ftp://info.cert.org/pub/cert\_advisories/CA-96.26.ping}, month = {October}, year = 1996 } @Misc{cert-syn-ack, title = {CERT Advisory CA-96.21: TCP SYN Flooding}, howpublished = {ftp://info.cert.org/pub/cert\_advisories/CA-96.21.tcp\_syn\_flooding}, month = {September}, year = 1996 } @InProceedings{DCAN, author = {J. E. van der Merwe and I. M. Leslie}, title = "Switchlets and Dynamic Virtual {ATM} Networks", booktitle = {Proc. of the Fifth IFIP/IEEE International Symposium on Integrated Network Management}, year = 1997, address = {San Diego, CA.}, month = {May} } @INPROCEEDINGS{gcreplica:pldi, AUTHOR = "{S}. {M}.~{N}ettles and {J}. {W}.~{O}'{T}oole", TITLE = "{R}eal-{T}ime {R}eplication {G}arbage {C}ollection", BOOKTITLE = "{SIGPLAN} {S}ymposium on {P}rogramming {L}anguage {D}esign and {I}mplementation", PAGES = "217--226", YEAR = 1993, ORGANIZATION = "ACM", MONTH = "{J}une" } @inproceedings{gcreplica:lfp, author = "{J}. {O}'{T}oole and {S}. {N}ettles", booktitle = LFP, title = "{C}oncurrent {R}eplicating {G}arbage {C}ollection", year = "1994", month = jun, publisher = "{ACM} {P}ress" } @techreport{nett93b, title = "Concurrent Garbage Collection of Persistent Heaps", author = "Scott M. Nettles and James W. O'Toole and David Gifford", number = "MIT/LCS/TR--569 and CMU--CS--93--137", institution = "Computer Science Department, Carnegie-Mellon University", URL = "ftp://reports.adm.cs.cmu.edu/usr/anon/1993/CMU-CS-93-137.ps", month = apr, year = 1993, comment = "The same paper as \cite{otoo93a}" } @techreport{ieee-std, title = "Media access control (MAC) bridges", author = "IEEE", number = "ISO/IEC 10038", year= 1993, institution = "ISO/IEC" } @inproceedings{nett93c, author = "Scott M. Nettles and James W. O'Toole", title = {{Implementing Orthogonal Persistence: A Simple Optimization Based on Replicating Collection}}, crossref = "IWOOOS93", } @article{bake78, author = "Henry G. Baker", title = "List Processing in Real-Time on a Serial Computer", journal = CACM, publisher = ACM, volume = 21, number = 4, pages = "280--94", year = "1978", comment = "The best known real-time incremental copying gc. Uses a read barrier.", comment = "Also AI Laboratory Working Paper 139, 1977", URL = "ftp://ftp.netcom.com/pub/hb/hbaker/RealTimeGC.ps.Z" } @article{Feldmeier98, author = "D. C. Feldmeier and A. McAuley and J. M. Smith", title = {{Protocol Boosters}}, journal = "IEEE JSAC Special Issue on Protocol Architectures for the 21st Century", year = "1998" } @inproceedings{doli93, title = "A Concurrent Generational Garbage Collector for a Multi-Threaded Implementation of {ML}", author = "Damien Doligez and Xavier Leroy", pages = "113--123", booktitle = "Conference Record of the Twentieth Annual ACM Symposium on Principles of Programming Languages", publisher = ACM, month = jan, year = 1993, series = SIGPLAN, } @INPROCEEDINGS{OToole93, author="{J}. {O}'{T}oole and {S}. {N}ettles and {D}. {G}ifford", title="{C}oncurrent {C}ompacting {G}arbage {C}ollection of a {P}ersistent {H}eap", BOOKTITLE = "{P}roceedings of the 14th {ACM} {S}ymposium on {O}perating {S}ystems {P}rinciples", YEAR = 1993, ORGANIZATION = "ACM", MONTH = "{D}ecember" } @incollection(smlnj, author = "{A}. {W}. {A}ppel and {D}. {B}. {M}ac{Q}ueen", title = "{A} {S}tandard {ML} {C}ompiler", booktitle = "{F}unctional {P}rogramming {L}anguages and {C}omputer {A}rchitecture", note = "{V}olume 274 of {\em {L}ecture {N}otes in {C}omputer {S}cience}", publisher = "{S}pringer-{V}erlag", year = 1987, pages = "301--324") @Inproceedings{Wallach96, title ={ASHs: Application-specific handlers for high-performance messaging}, author = {D. A. Wallach and D. Engler and M. F. Kaashoek}, booktitle = {Proc. 1996 ACM SIGCOMM Conference}, Year = {1996} } @InProceedings{Alexander97, author = {D. S. Alexander and M. Shaw and S. M. Nettles and J. M Smith}, title = {Active Bridging}, booktitle = {Proc. 1997 ACM SIGCOMM Conference}, year = 1997 } @InProceedings{LCN97, author = {R. Black and P. Barham and A. Donnelly and N. Stratford}, title = {Protocol Implementation in a Vertically Structured Operating System}, booktitle = {Proc. 22nd Annual Conference on Local Computer Networks}, year = 1997 } @Inproceedings{Edmond86, title = "The Butterfly(TM) Satellite IMP for the Wideband Packet Satellite Network", author = {W. Edmond and S. Blumenthal and A. Echenique and S. Storch and T. Calderwood and T. Rees}, booktitle = {Proc. 1986 ACM SIGCOMM Conference}, Year = {1986}, Pages = {194-203} } @Article{Katsuki78, title = "Pluribus: An Operational Fault-Tolerant Multiprocessor", author = {D. Katsuki and E. S. Elsam and W. F. Mann and E. S. Roberts and J. G. Robinson and F. S. Skowronski and E. W. Wolf}, journal = "Proceedings of the IEEE", volume = {66}, number = {10}, month = {October}, year={1978}, pages = "1146--1159" } @Inproceedings{Kay93, title = "The Importance of Non-Data Touching Processing Overheads in TCP/IP", author = "Jonathan Kay and Joseph Pasquale", booktitle = "Proceedings ACM SIGCOMM Conference", pages = "259--269", location = "San Francisco, CA", month = "September", year = {1993} } @Article{TCPSML, author = {Biagioni, E.}, title = "A Structured {TCP} in {Standard ML}", journal = {Proceedings, 1994 SIGCOMM Conference}, year = 1994, address = {London, UK}, pages = "36--45" } @Article{Romkey, author = {D. Clark and V. Jacobson and J. Romkey and H. Salwen}, title = {An Analysis of TCP Processing Overhead}, journal = {IEEE Communications Magazine}, volume = {27}, number = {6}, month = {June}, year = {1989}, pages = "23--29" } @InProceedings{Clark92, title = "Supporting Real-Time Applications in an Integrated Service Packet Network: Architecture and Mechanism", author = {D. Clark and Scott Shenker and L. Zhang}, month = {August}, year = "1992", pages = "14--26", booktitle = {Proceedings, 1992 SIGCOMM Conference} } @Article{Pappalardo96, title = "{BBN} to test {RSVP}", author = {D. Pappalardo}, journal = {Network World}, pages = "1,14", month = {December}, volume = {13}, number = {50}, year = 1996 } @Book{Stevens, author = {G. R. Wright and W. R. Stevens}, title = "TCP/IP Illustrated Volume 2 - The Implementation", publisher = "Addison-Wesley", year = 1995 } @Book{ML, author = {R. Milner and M. Tofte and R. Harper}, title = "The Definition of {Standard ML}", publisher = {MIT Press}, year = 1990 } @Book{perlman, author = {Radia Perlman}, title = "Interconnections: Bridges and Routers", publisher = {Addison-Wesley}, year = 1992 } @Article{sincos, author = {W. David Sincoskie and Charles J. Cotton}, title = "Extended Bridge Algorithms for Large Networks", journal = "IEEE Network", year = 1988, volume = 2, number = 1, month = {January}, pages = "16--24" } @TechReport{switchware, author = {J. M. Smith and D. J. Farber and C. A. Gunter and S. M Nettles and D. C. Feldmeier and W. D. Sincoskie}, title = {{SwitchWare: Accelerating Network Evolution}}, institution = {CIS Dept. University of Pennsylvania}, year = 1996, number = {MS-CIS-96-38} } @InProceedings{rvr, author = {Robbert van Renesse}, title = "Masking the Overhead of Protocol Layering", booktitle = "Proceedings, 1996 ACM SIGCOMM Conference", year = 1996, organization = {SIGCOMM}, address = {Palo Alto, CA}, pages = "96--104" } @InProceedings{unet, author = {T. von Eicken and A. Basu and V. Buch and W. Vogels}, title = {{U-Net: A User-Level Network Interface for Parallel and Distributed Computing}}, booktitle = "Proceedings of the 15th SOSP", year = 1995, organization = {SIGOPS} } @Article{mmm, author = {Fran\c{c}ois Rouaix}, title = {{A Web Navigator with Applets in {Caml}}}, journal = {Fifth WWW Conference}, year = 1996, month = {May}, note = {http://pauillac.inria.fr-/mmm/papers/mmm.ps.gz} } @Inproceedings{Varghese87, title = {{Transparent Interconnection of Incompatible Local Area Networks Using Bridges}}, author = {G. Varghese and R. Perlman}, booktitle = {Proceedings, 1988 SIGCOMM Conference}, month = {August}, year = 1988, pages = "381--389" } @TechReport{Bhattacharjee96, title = "Implementation of an Active Network Architecture", author = {Samrat Bhattacharjee and Ken Calvert and Ellen W. Zegura}, month = {July}, year = {1996}, institution = {Georgia Institute of Technology}, note = {White paper presented at Gigabit Switch Technology Workshop, Washington University} } @Inproceedings{Wetherall96a, title = "The {ACTIVE\_IP} Option", author = {David J. Wetherall and David L. Tennenhouse}, booktitle = {7th ACM SIGOPS European Workshop}, month = {September}, year = {1996}, note = "http://www.tns.lcs.mit.edu-/publications/sigops96ws.html" } @Inproceedings{Yemini96, title = "Towards Programmable Networks", author = {Y. Yemini and S. daSilva}, booktitle = {IFIP/IEEE International Workshop on Distributed Systems: Operations and Management}, location = "L'Aquila, ITALY", month = {October}, note = "http://www.cs.columbia.edu-/\verb+~+dasilva/netscript.html", year = {1996} } @TechReport{Hartman96, title = "Liquid Software: A New Paradigm for Networked Systems", author = {John Hartman and Udi Manber and Larry Peterson and Todd Proebsting}, institution = "University of Arizona", number = "TR 96-11", month = {June}, note = "http://www.cs.arizona.edu/liquid/", year = "1996" } @Misc{smart-packets, author = {Beverly Schwartz and Wenyi Zhou and Alden W. Jackson and W. Timothy Strayer and Dennis Rockwell and Craig Partridge}, title = {Smart Packets for Active Networks}, howpublished = {http://www.net-tech.bbn.com/smtpkts/smart.ps.gz}, month = {January}, year = 1998 } @TechReport{Partridge96, title ={{Smart Packets}}, author = {C. Partridge and A. Jackson}, institution = "BBN", year = "1996", note = "http://www.net-tech.bbn.com-/smtpkts/smtpkts-index.html" } @Article{Hawe84, title = "Transparent Interconnection of Local Area Networks with Bridges", author = {W. Hawe and A. Kirby and B. Stewart}, journal = {Journal of Telecommunication Networks}, month = {September}, year = "1984" } @Article{Spawn, title = "Spawn: A Distributed Computational Economy", author = {C. A. Waldspurger and T. Hogg and B. A. Huberman and J. O. Kephart and W. S. Stornetta}, journal = {IEEE Transactions on Software Engineering}, month = {February}, year = "1992", volune = 18, number = 2, pages = "103--117" } @Article{Kuwabara96, title = "An Equilibratory Market-Based Approach for Distributed Resource Allocation and Its Application to Communication Network Control", author = {K. Kuwabara and T. Ishida and Y. Nishibe and T. Suda}, journal = {World Scientific}, year = "1996", pages = "53--73" } @Misc{rfc-ip, author = "Jon Postel", title = {{Internet Protocol}}, institution = inst-USC-ISI, address = inst-USC-ISI:adr, pages = "iii + 45", howpublished = {Internet RFC 791}, year = "1981", annote = "``RFC: 791.'' ``STD: 5.'' Bibliography: p. 45.", keywords = "Data transmission systems; Computer networks.", } @Misc{rfc-tcp, author = "Jon Postel", title = {{Transmission Control Protocol}}, institution = inst-USC-ISI, address = inst-USC-ISI:adr, pages = "iii + 85", howpublished = {Internet RFC 793}, year = "1981", annote = "``RFC: 793.'' ``STD: 7.'' Bibliography: p. 85.", keywords = "Data transmission systems; Computer networks.", } @Misc{rfc-udp, author = "Jon Postel", title = {{User Datagram Protocol}}, institution = inst-USC-ISI, address = inst-USC-ISI:adr, pages = "3", howpublished = {Internet RFC 768}, year = "1980", annote = "``RFC: 768.'' ``STD: 6.'' Bibliography: p. 3.", keywords = "Data transmission systems; Computer networks.", } @Misc{rfc-tftp, author = "Karen R. Sollins", title = "The {TFTP} Protocol (revision 2)", institution = "MIT", pages = "11", howpublished = {Internet RFC 1350}, year = "1992", annote = "``RFC: 1350.'' ``STD: 33.'' Bibliography: p. 11.", keywords = "Data transmission systems; Computer networks.", } @Misc{rfc-rsvp, author = {R. Braden and L. Zhang and S. Berson and S. Herzog and S. Jamin}, title = {{Resource {R}e{S}er{V}ation Protocol {(RSVP)} -- Version 1 Functional Specification}}, howpublished = {Internet RFC 2208}, annote = "``RFC: 2208.''", year = 1997 } @Misc{rfc-ip-multicast, author = {S. E. Deering}, title = {{Host extensions for {IP} multicasting}}, institution = {Stanford University}, howpublished = {Internet RFC 1112}, year = 1989, annote = {"``RFC: 1112''"} } @PhdThesis{Paxson97, author = {Vern Paxson}, title = {Measurement and Analysis of End-to-End Internet Dynamics}, school = {University of California, Berkeley}, year = {1997}, OPTkey = {}, OPTaddress = {}, OPTtype = {}, OPTmonth = April, OPTnote = {}, OPTannote = {} } @Misc{PLANurl, author = {Mike W. Hicks and Jonathan T. Moore}, title = {{PLAN Web Page}}, howpublished = {http://www.cis.upenn.edu/\verb+~+switchware/PLAN/} } @STRING{jic = "Journal of Information and Computation" } @Article{ milner.parrow.ea:calculus-mobile, author = "Robin Milner and Joachim Parrow and David Walker", title = {{A Calculus of Mobile Processes, {P}arts {I} and {II}}}, journal = jic, year = "1992", volume = "100", pages = "1-77", month = sep } @TechReport{Scout, author = "A. B. Montz and D. Mosberger and S. W. O'Malley and L. L. Peterson and T. A. Proebsting and J. H. Hartman", title = {{Scout: A communications-oriented operating system}}, institution = "Department of Computer Science, University of Arizona", year = 1994, month = {June}, annote = {"``Technical Report 94-20''".} } @TechReport{Joust, author = "J. Hartman and L. Peterson and A. Bavier and P. Bigot and P. Bridges and B. Montz and R. Piltz and T. Proebsting and O. Spatscheck", title = {{Joust: A Platform for Communications-Oriented Liquid Software}}, institution = "Department of Computer Science, University of Arizona", year = 1997, month = {November}, annote = {"``Technical Report 97-16''".} } @TechReport{Hicks98, author = "M. Hicks and P. Kakkar and J. T. Moore and C. A. Gunter and S. Nettles", title = {{PLAN: A Programming Language for Active Networks}}, institution = "Department of Computer and Information Science, University of Pennsylvania", year = 1998, number = {MS-CIS-98-25}, month = {February} } @TechReport{intel-flash, author = {Peter Hazen}, title = {{Intel's Flash Memory Boot Block Architecture for Safe Firmware Updates}}, institution = {Intel}, year = 1995, type = {Application Brief}, number = {AB-57}, month = {December} } @TechReport{kerberos, author = {S. P. Miller and B. C. Neuman and J. I. Schiller and J. H. Saltzer}, title = {{Kerberos authentication and authorization system}}, institution = {MIT}, year = 1987, month = {December}, howpublished = {Project Athena Technical Plan} } @InProceedings{fluxoskit, author = {Bryan Ford and Godmar Back and Greg Benson and Jay Lepreau and Albert Lin and Olin Shivers}, title = {{The Flux OSKit: A Substrate for OS and Language Research}}, institution = {Department of Computer Science, University of Utah}, year = 1997, month = {October}, booktitle = {Proc. of the 16th ACM Symposium on Operating Systems Principles} } @InProceedings{Sansom86, author = {R. D. Sansom and D. P. Julin and R. F. Rashid}, title = {Extending a Capability Based System into a Network Environment}, booktitle = {Proceedings of the 1986 ACM SIGCOMM Conference}, year = 1986, month = {August} } @InProceedings{dhcp++, author = {W. A. Arbaugh and A. D. Keromytis and J. M. Smith}, title = {{DHCP++: Applying an Efficient Implementation Method for Fail-stop Cryptographic Protocols}}, year = {1998}, month = {November}, pages = {59--65}, booktitle = {Proceedings of Global Internet (GlobeCom) '98} } @Article{v1n1p1, journal="Journal of Cryptology", volume=1, number=1, year=1988, pages="1-2", author="E. F. Brickell", title="Editorial"} @Article{v1n1p2, journal="Journal of Cryptology", volume=1, number=1, year=1988, pages="3-36", author="B. S. Kaliski and R. L. Rivest and A. T. Sherman", title="Is the Data Encryption Standard a Group? (Results of Cycling Experiments on DES)"} @Article{v1n1p3, journal="Journal of Cryptology", volume=1, number=1, year=1988, pages="37-52", author="D. R. Stinson", title="Some Constructions and Bounds for Authentication Codes"} @Article{v1n1p4, journal="Journal of Cryptology", volume=1, number=1, year=1988, pages="53-64", author="P. Beauchemin and G. Brassard and C. Crepeau and C. Goutier and C. Pomerance", title="The Generation of Random Numbers that Are Probably Prime"} @Article{v1n1p5, journal="Journal of Cryptology", volume=1, number=1, year=1988, pages="65-75", author="D. Chaum", title="The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability"} @Article{v1n2p1, journal="Journal of Cryptology", volume=1, number=2, year=1988, pages="77-94", author="U. Feige and A. Fiat and A. Shamir", title="Zero-Knowledge Proofs of Identity"} @Article{v1n2p2, journal="Journal of Cryptology", volume=1, number=2, year=1988, pages="95-105", author="K. S. McCurley", title="A Key Distribution System Equivalent to Factoring"} @Article{v1n2p3, journal="Journal of Cryptology", volume=1, number=2, year=1988, pages="107-118", author="J. A. Buchmann and H. C. Williams", title="A Key-Exchange System Based on Imaginary Quadratic Fields"} @Article{v1n2p4, journal="Journal of Cryptology", volume=1, number=2, year=1988, pages="119-127", author="D. R. Stinson", title="A Construction for Authentication/Secrecy Codes from Certain Combinatorial Designs"} @Article{v1n2p5, journal="Journal of Cryptology", volume=1, number=2, year=1988, pages="129-131", author="P. Beauchemin and G. Brassard", title="A Generalization of Hellman's Extension to Shannon's Approach to Cryptography"} @Article{v1n2p6, journal="Journal of Cryptology", volume=1, number=2, year=1988, pages="133-138", author="M. Tompa and H. Woll", title="How to Share a Secret with Cheaters"} @Article{v1n3p1, journal="Journal of Cryptology", volume=1, number=3, year=1989, pages="139-150", author="N. Koblitz", title="Hyperelliptic Cryptosystems"} @Article{v1n3p2, journal="Journal of Cryptology", volume=1, number=3, year=1989, pages="151-158", author="M. Luby and C. Rackoff", title="A Study of Password Security"} @Article{v1n3p3, journal="Journal of Cryptology", volume=1, number=3, year=1989, pages="159-176", author="W. Meier and O. Staffelbach", title="Fast Correlation Attacks on Certain Stream Ciphers"} @Article{v1n3p4, journal="Journal of Cryptology", volume=1, number=3, year=1989, pages="177-184", author="J. F. Boyar", title="Inferring Sequences Produced by a Linear Congruential Generator Missing Low-Order Bits"} @Article{v1n3p5, journal="Journal of Cryptology", volume=1, number=3, year=1989, pages="185-188", author="F. Piper and M. Walker", title="Linear Ciphers and Spreads"} @Article{v2n1p1, journal="Journal of Cryptology", volume=2, number=1, year=1990, pages="1-12", author="M. Abadi and J. Feigenbaum", title="Secure Circuit Evaluation"} @Article{v2n1p2, journal="Journal of Cryptology", volume=2, number=1, year=1990, pages="13-22", author="K. Nishimura and M. Sibuya", title="Probability To Meet in the Middle"} @Article{v2n1p3, journal="Journal of Cryptology", volume=2, number=1, year=1990, pages="23-49", author="D. R. Stinson", title="The Combinatorics of Authentication and Secrecy Codes"} @Article{v2n1p4, journal="Journal of Cryptology", volume=2, number=1, year=1990, pages="51-59", author="Li Gong and D. J. Wheeler", title="A Matrix Key-Distribution Scheme"} @Article{v2n2p1, journal="Journal of Cryptology", volume=2, number=2, year=1990, pages="63-76", author="J. F. Boyar and S. A. Kurtz and M. W. Krentel", title="A Discrete Logarithm Implementation of Perfect Zero-Knowledge Blobs"} @Article{v2n2p2, journal="Journal of Cryptology", volume=2, number=2, year=1990, pages="77-104", author="G. J. Simmons", title="A Cartesian Product Construction for Unconditionally Secure Authentication Codes that Permit Arbitration"} @Article{v2n2p3, journal="Journal of Cryptology", volume=2, number=2, year=1990, pages="105-112", author="H. Niedderreiter", title="A Combinatorial Approach to Probabilistic Results on the Linear Complexity Profile of Random Sequences"} @Article{v2n3p1, journal="Journal of Cryptology", volume=2, number=3, year=1990, pages="115-130", author="R. Forre", title="Methods and Instruments for Designing S-Boxes"} @Article{v2n3p2, journal="Journal of Cryptology", volume=2, number=3, year=1990, pages="131-143", author="M. Walker", title="Information-Theoretic Bounds for Authentication Schemes"} @Article{v2n3p3, journal="Journal of Cryptology", volume=2, number=3, year=1990, pages="145-154", author="S. Murphy", title="The Cryptanalysis of FEAL-4 with 20 Chosen Plaintexts"} @Article{v2n3p4, journal="Journal of Cryptology", volume=2, number=3, year=1990, pages="155-170", author="C. Mitchell", title="Enumerating Boolean Functions of Cryptographic Significance"} @Article{v3n1p1, journal="Journal of Cryptology", volume=3, number=1, year=1990, pages="1-25", author="P. Godlewski and C. Mitchell", title="Key-Minimal Crytosystems for Unconditional Secrecy"} @Article{v3n1p2, journal="Journal of Cryptology", volume=3, number=1, year=1990, pages="27-41", author="C. Adams and S. E. Tavares", title="The Structured Design of Cryptographically Good S-Boxes"} @Article{v3n1p3, journal="Journal of Cryptology", volume=3, number=1, year=1990, pages="43-58", author="R. C. Merkle", title="A Fast Software One-Way Hash Function"} @Article{v3n2p1, journal="Journal of Cryptology", volume=3, number=2, year=1991, pages="61-62", author="T. A. Berson and R. A. Rueppel", title="Guest Editor's Introduction"} @Article{v3n2p2, journal="Journal of Cryptology", volume=3, number=2, year=1991, pages="63-79", author="G. B. Agnew and R. C. Mullin and I. M. Onyszchuk and S. A. Vanstone ", title="An Implementation for a Fast Public-Key Cryptosystem"} @Article{v3n2p3, journal="Journal of Cryptology", volume=3, number=2, year=1991, pages="81-98", author="K. Gaarder and E. Snekkenes", title={{Applying a Formal Analysis Technique to the CCITT X.509 Strong Two-Way Authentication Protocol}} } @Article{v3n2p4, journal="Journal of Cryptology", volume=3, number=2, year=1991, pages="99-111", author="S. Haber and W. S. Stornetta", title="How to Time-Stamp a Digital Document"} @Article{v3n2p5, journal="Journal of Cryptology", volume=3, number=2, year=1991, pages="113-136", author="S. M. Matyas", title="Key Processing with Control Vectors"} @Article{v3n2p6, journal="Journal of Cryptology", volume=3, number=2, year=1991, pages="137-146", author="J. Pastor", title="CRYPTOPOST (TM) - A Cryptographic Application to Mail Processing"} @Article{v3n3p1, journal="Journal of Cryptology", volume=3, number=3, year=1991, pages="149-155", author="H. W. Lenstra, Jr.", title="On the Chor-Rivest Knapsack Cryptosystem"} @Article{v3n3p2, journal="Journal of Cryptology", volume=3, number=3, year=1991, pages="157-172", author="S. Micali and C.-P. Schnorr", title="Efficient, Perfect Polynomial Random Number Generators"} @Article{v3n3p3, journal="Journal of Cryptology", volume=3, number=3, year=1991, pages="173-186", author="M. De Soete", title="New Bounds and Constructions for Authentication/Secrecy Codes with Splitting"} @Article{v3n3p4, journal="Journal of Cryptology", volume=3, number=3, year=1991, pages="187-199", author="B. S. Kaliski", title="One-Way Permutations on Elliptic Curves"} @Article{v3n3p5, journal="Journal of Cryptology", volume=3, number=3, year=1991, pages="201-212 ", author="J. Golic and M. J. Mihaljevic", title="A Generalized Correlation Attack on a Class of Stream Ciphers Based on the Levenshtein Distance"} @Article{v4n1p1, journal="Journal of Cryptology", volume=4, number=1, year=1991, pages="1", author="E. F. Brickell", title="Editorial Introduction"} @Article{v4n1p2, journal="Journal of Cryptology", volume=4, number=1, year=1991, pages="3-72", author="E. Biham and A. Shamir", title="Differential Cryptanalysis of DES-like Cryptosystems"} @Article{v4n2p1, journal="Journal of Cryptology", volume=4, number=2, year=1991, pages="73", author="J. Feigenbaum", title="Guest Editor's Introduction"} @Article{v4n2p2, journal="Journal of Cryptology", volume=4, number=2, year=1991, pages="75-122", author="D. Beaver", title="Secure Multiparty Protocols and Zero-Knowledge Proof Systems Tolerating a Faulty Minority"} @Article{v4n2p3, journal="Journal of Cryptology", volume=4, number=2, year=1991, pages="123-134", author="E. F. Brickell and D. M. Davenport ", title="On the Classification of Ideal Secret Sharing Schemes"} @Article{v4n2p4, journal="Journal of Cryptology", volume=4, number=2, year=1991, pages="135-149", author="U. M. Maurer and J. L. Massey", title="Local Randomness in Pseudorandom Sequences"} @Article{v4n2p5, journal="Journal of Cryptology", volume=4, number=2, year=1991, pages="151-158", author="M. Naor", title="Bit Commitment Using Pseudorandomness"} @Article{v4n3p1, journal="Journal of Cryptology", volume=4, number=3, year=1991, pages="161-174", author="C.-P. Schnorr", title="Efficient Signature Generation by Smart Cards"} @Article{v4n3p2, journal="Journal of Cryptology", volume=4, number=3, year=1991, pages="175-183", author="S. Bengio and G. Brassard and Y. G. Desmedt and C. Goutier and J.-J. Quisquater ", title="Secure Implementations of Identification Systems"} @Article{v4n3p3, journal="Journal of Cryptology", volume=4, number=3, year=1991, pages="185-206", author="J. F. Boyar and K. Friedl and C. Lund", title="Practical Zero-Knowledge Proofs: Giving Hints and Using Deficiencies"} @Article{v4n3p4, journal="Journal of Cryptology", volume=4, number=3, year=1991, pages="207-213", author="N. Koblitz", title="Elliptic Curve Implementations of Zero-Knowledge Blobs"} @Article{v5n1p1, journal="Journal of Cryptology", volume=5, number=1, year=1992, pages="1", author="I. B. Damgard", title="Preface"} @Article{v5n1p2, journal="Journal of Cryptology", volume=5, number=1, year=1992, pages="3-28", author="C. H. Bennett and F. Bessette and G. Brassard and L. Salvail and J. Smolin", title="Experimental Quantum Cryptography"} @Article{v5n1p3, journal="Journal of Cryptology", volume=5, number=1, year=1992, pages="29-39", author="E. F. Brickell and K. S. McCurley", title="An Interactive Identification Scheme Based on Discrete Logarithms and Factoring"} @Article{v5n1p4, journal="Journal of Cryptology", volume=5, number=1, year=1992, pages="41-52", author="J.-H. Evertse and E. van Heyst ", title="Which New RSA-Signatures Can be Computed from Certain Given RSA-Signatures?"} @Article{v5n1p5, journal="Journal of Cryptology", volume=5, number=1, year=1992, pages="53-66", author="U. M. Maurer", title="Conditionally-Perfect Secrecy and a Provably-Secure Randomized Cipher "} @Article{v5n1p6, journal="Journal of Cryptology", volume=5, number=1, year=1992, pages="67-86", author="W. Meier and O. Staffelbach", title="Correlation Properties of Combiners with Memory in Stream Ciphers"} @Article{v5n2p1, journal="Journal of Cryptology", volume=5, number=2, year=1992, pages="89-105", author="U. M. Maurer", title="A Universal Statistical Test for Random Bit Generators"} @Article{v5n2p2, journal="Journal of Cryptology", volume=5, number=2, year=1992, pages="107-131", author="S. Lloyd ", title="Counting Binary Functions with Certain Cryptographic Properties"} @Article{v5n2p3, journal="Journal of Cryptology", volume=5, number=2, year=1992, pages="133-137", author="J. Georgiades", title="Some Remarks on the Security of the Identification Scheme Based on Permuted Kernels"} @Article{v5n2p4, journal="Journal of Cryptology", volume=5, number=2, year=1992, pages="139-150", author="J. H. Loxton and D. S. P. Khoo and G. J. Bird and J. Seberry ", title="A Cubic RSA Code Equivalent to Factorization"} @Article{v5n3p1, journal="Journal of Cryptology", volume=5, number=3, year=1992, pages="153-166", author="E. F. Brickell and D. R. Stinson", title="Some Improved Bounds on the Information Rate of Perfect Secret Sharing Schemes"} @Article{v5n3p2, journal="Journal of Cryptology", volume=5, number=3, year=1992, pages="167-183", author="S. S Magliveras and N. D. Memon", title="Algebraic Properties of Cryptosystem PGM"} @Article{v5n3p3, journal="Journal of Cryptology", volume=5, number=3, year=1992, pages="185-191", author="S. J. Phillips and N. C. Phillips", title="Strongly Ideal Secret Sharing Schemes"} @Article{v5n3p4, journal="Journal of Cryptology", volume=5, number=3, year=1992, pages="193-207", author="Zong-Duo Dai", title="Binary Sequences Derived from ML-Sequences over Rings, I: Periods of Minimal Polynomials"} @Article{v6n1p1, journal="Journal of Cryptology", volume=6, number=1, year=1993, pages="1", author="G. Brassard", title="Editor's Note"} @Article{v6n1p2, journal="Journal of Cryptology", volume=6, number=1, year=1993, pages="3-13", author="G. B. Agnew and T. Beth and R. C. Mullin and S. A. Vanstone", title="Arithmetic Operations in {GF}$(2^m)$"} @Article{v6n1p3, journal="Journal of Cryptology", volume=6, number=1, year=1993, pages="15-20", author="M. Ito and A. Saio and T. Nishizeki", title="Multiple Assignment Scheme for Sharing Secret"} @Article{v6n1p4, journal="Journal of Cryptology", volume=6, number=1, year=1993, pages="21-53", author="O. Goldreich ", title="A Uniform-Complexity Treatment of Encryption and Zero-Knowledge"} @Article{v6n1p5, journal="Journal of Cryptology", volume=6, number=1, year=1993, pages="55-61", author="U. M. Maurer and J. L. Massey", title="Cascade Ciphers: The Importance of Being First"} @Article{v6n2p1, journal="Journal of Cryptology", volume=6, number=2, year=1993, pages="65-85", author="J. F. Boyar and C. Lund and R. Peralta", title="On the Communication Complexity of Zero-Knowledge Proofs"} @Article{v6n2p2, journal="Journal of Cryptology", volume=6, number=2, year=1993, pages="87-95", author="B. Chor and E. Kushilevitz", title="Secret Sharing Over Infinite Domains"} @Article{v6n2p3, journal="Journal of Cryptology", volume=6, number=2, year=1993, pages="97-116", author="O. Goldreich and E. Kushilevitz", title="A Perfect Zero-Knowledge Proof System for a Problem Equivalent to the Discrete Logarithm "} @Article{v6n3p1, journal="Journal of Cryptology", volume=6, number=3, year=1993, pages="119-133", author="A. W. Schrift and A. Shamir", title="Universal Tests for Nonuniform Distributions"} @Article{v6n3p2, journal="Journal of Cryptology", volume=6, number=3, year=1993, pages="135-156", author="U. Rosenbaum", title="A Lower Bound on Authentication After Having Observed a Sequence of Messages"} @Article{v6n3p3, journal="Journal of Cryptology", volume=6, number=3, year=1993, pages="157-167", author="R. M. Capocelli and A. DeSantis and L. Gargano and U. Vaccaro", title="On the Size of Shares for Secret Sharing Schemes"} @Article{v6n3p4, journal="Journal of Cryptology", volume=6, number=3, year=1993, pages="169-180", author="D. Coppersmith", title="Modifications to the Number Field Sieve"} @Article{v6n4p1, journal="Journal of Cryptology", volume=6, number=4, year=1993, pages="183-208", author="G. Orton and L. Peppard and S. E. Tavares", title="A Design of a Fast Pipelined Modular Multiplier Based on a Diminished-Radix Algorithm "} @Article{v6n4p2, journal="Journal of Cryptology", volume=6, number=4, year=1993, pages="209-224", author="A. J. Menezes and S. A. Vanstone", title="Elliptic Curve Cryptosystems and Their Implementations"} @Article{v6n4p3, journal="Journal of Cryptology", volume=6, number=4, year=1993, pages="225-232", author="A. K. Lenstra and Y. Yacobi", title="User Impersonation in Key Certification Schemes"} @Article{v7n1p1, journal="Journal of Cryptology", volume=7, number=1, year=1994, pages="1-32", author="O. Goldreich and Y. Oren", title="Definitions and Properties of Zero-Knowledge Proof Systems"} @Article{v7n1p2, journal="Journal of Cryptology", volume=7, number=1, year=1994, pages="33-51", author="A. Klapper", title="The Vulnerability of Geometric Sequences Based on Fields of Odd Characteristic"} @Article{v7n1p3, journal="Journal of Cryptology", volume=7, number=1, year=1994, pages="53-60", author="B. Chor and M. Gereb-Graus and E. Kushilevitz ", title="On the Structure of the Privacy Hierarchy"} @Article{v7n1p4, journal="Journal of Cryptology", volume=7, number=1, year=1994, pages="61-65", author="S. Murphy and K. Paterson and P. Wild", title="A Weak Cipher that Generates the Symmetric Group"} @Article{v7n2p1, journal="Journal of Cryptology", volume=7, number=2, year=1994, pages="69-77", author="G. J. Simmons", title="Proof of Soundness (Integrity) of Cryptographic Protocols "} @Article{v7n2p2, journal="Journal of Cryptology", volume=7, number=2, year=1994, pages="79-130", author="R. Kemmerer and C. Meadows and J. Millen", title="Three System for Cryptographic Protocol Analysis"} @Article{v7n3p1, journal="Journal of Cryptology", volume=7, number=3, year=1994, pages="133-151", author="L. O'Connor", title="An Analysis of a Class of Algorithms for S-Box Construction"} @Article{v7n3p2, journal="Journal of Cryptology", volume=7, number=3, year=1994, pages="153-170", author="Shang-Hua Teng", title="Functional Inversion and Communication Complexity"} @Article{v7n3p3, journal="Journal of Cryptology", volume=7, number=3, year=1994, pages="171-199", author="R. Scheidler and J. A. Buchmann and H. C. Williams", title="A Key-Exchange Protocol Using Real Quadratic Fields"} @Article{v7n4p1, journal="Journal of Cryptology", volume=7, number=4, year=1994, pages="201-212", author="Minghua Qu and S. A. Vanstone", title="Factorizations in the Elementary Abelian p-Group and Their Cryptographic Significance"} @Article{v7n4p2, journal="Journal of Cryptology", volume=7, number=4, year=1994, pages="213-227", author="L. O'Connor and A. Klapper", title="Algebraic Nonlinearity and Its Applications to Cryptography"} @Article{v7n4p3, journal="Journal of Cryptology", volume=7, number=4, year=1994, pages="229-246", author="E. Biham", title="New Types of Cryptanalytic Attacks Using Related Keys"} @Article{v8n1p1, journal="Journal of Cryptology", volume=8, number=1, year=1995, pages="1-25", author="D. Davies and S. Murphy", title="Pairs and Triplets of DES S-Boxes"} @Article{v8n1p2, journal="Journal of Cryptology", volume=8, number=1, year=1995, pages="27-37", author="K. Nyberg and L. R. Knudsen", title="Provable Security Against a Differential Attack"} @Article{v8n1p3, journal="Journal of Cryptology", volume=8, number=1, year=1995, pages="39-64", author="C. Blundo and A. DeSantis and D. R. Stinson and U. Vaccaro", title="Graph Decompositions and Secret Sharing Schemes"} @Article{v8n2p1, journal="Journal of Cryptology", volume=8, number=2, year=1995, pages="67-86", author="L. O'Connor", title="On the Distribution of Characteristics in Bijective Mappings"} @Article{v8n2p2, journal="Journal of Cryptology", volume=8, number=2, year=1995, pages="87-100", author="A. Russell", title="Necessary and Sufficient Condtions for Collision-Free Hashing"} @Article{v8n2p3, journal="Journal of Cryptology", volume=8, number=2, year=1995, pages="101-114", author="S. A. Vanstone and R. J. Zuccherato", title="Short RSA Keys and Their Generation"} @Article{v8n3p1, journal="Journal of Cryptology", volume=8, number=3, year=1995, pages="115-122", author="Yi Xian Yang and Baoan Guo", title="Further Enumerating Boolean Functions of Cryptographic Significance"} @Article{v8n3p2, journal="Journal of Cryptology", volume=8, number=3, year=1995, pages="123-155", author="U. M. Maurer", title="Fast Generation of Prime Numbers and Secure Public-Key Cryptographic Parameters"} @Article{v8n3p3, journal="Journal of Cryptology", volume=8, number=3, year=1995, pages="157-166", author="S. Blackburn and S. Murphy and J. Stern", title="The Cryptanalysis of a Public-Key Implementation of Finite Group Mappings"} @Article{v8n3p4, journal="Journal of Cryptology", volume=8, number=3, year=1995, pages="167-173", author="D. R. Stinson and J. L. Massey", title="An Infinite Class of Counterexamples to a Conjecture Concerning Nonlinear Resilient Functions"} @Article{v8n4p1, journal="Journal of Cryptology", volume=8, number=4, year=1995, pages="177-188", author="Dingyi Pei", title="Information-Theoretic Bounds for Authentication Codes and Block Designs"} @Article{v8n4p2, journal="Journal of Cryptology", volume=8, number=4, year=1995, pages="189-200", author="Martin Dyer and Trevor Fenner and Alan Frieze and Andrew Thomason", title="On Key Storage in Secure Networks"} @Article{v8n4p3, journal="Journal of Cryptology", volume=8, number=4, year=1995, pages="201-222", author="I. B. Damgard", title="Practical and Provably Secure Release of a Secret and Exchange of Signatures"} @Article{v9n1p1, journal="Journal of Cryptology", volume=9, number=1, year=1996, pages="1-19", author="H. M. Heys and S. E. Tavares", title="Substitution-Permutation Networks Resistant to Differential and Linear Cryptanalysis"} @Article{v9n1p2, journal="Journal of Cryptology", volume=9, number=1, year=1996, pages="21-34", author="I. Ben-Aroya and E. Biham", title="Differential Cryptanalysis of Lucifer"} @Article{v9n1p3, journal="Journal of Cryptology", volume=9, number=1, year=1996, pages="35-67", author="S. Even and O. Goldreich and S. Micali", title="On-Line/Off-Line Digital Signatures"} @Article{v9n2p1, journal="Journal of Cryptology", volume=9, number=2, year=1996, pages="71-99", author="M. J. Fischer and R. N. Wright", title="Bounds on Secret Key Exchange Using a Random Deal of Cards"} @Article{v9n2p2, journal="Journal of Cryptology", volume=9, number=2, year=1996, pages="101-109", author="T. Itoh and M. Hoshi and S. Tsujii", title="A Low Communication Competitive Interactive Proof System for Promised Quadratic Residuosity"} @Article{v9n2p3, journal="Journal of Cryptology", volume=9, number=2, year=1996, pages="111-126", author="J. Golic", title="Correlation Properties of a General Binary Combiner with Memory"} @Article{v9n3p1, journal="Journal of Cryptology", volume=9, number=3, year=1996, pages="127--128", author="C. Crepeau", title="Guest Editor's Introduction"} @Article{v9n3p2, journal="Journal of Cryptology", volume=9, number=3, year=1996, pages="129--148", author="A. de Santis and G. Persiano", title="The Power of Preprocessing in Zero-Knowledge Proofs of Knowledge"} @Article{v9n3p3, journal="Journal of Cryptology", volume=9, number=3, year=1996, pages="149--166", author="M. Bellare and M. Yung", title="Certifying Permutations: Noninteractive Zero-Knowledge Based on Any Trapdoor Permutation"} @Article{v9n3p4, journal="Journal of Cryptology", volume=9, number=3, year=1996, pages="167--190", author="O. Goldreich and A. Kahan", title="How to Construct Constant-Round Zero-Knowledge Proof Systems for NP"} @Article{v9n3p5, journal="Journal of Cryptology", volume=9, number=3, year=1996, pages="191--195", author="M. J. Fischer and S. Micali and C. Rackoff", title="A Secure Protocol for the Oblivious Transfer (Extended Abstract)"} @Article{v9n4p1, journal="Journal of Cryptology", volume=9, number=4, year=1996, pages="199-216", author="R. Impagliazzo and M. Naor", title="Efficient Cryptographic Schemes Provably as Secure as Subset Sum"} @Article{v9n4p2, journal="Journal of Cryptology", volume=9, number=4, year=1996, pages="217-232", author="M. Franklin and S. Haber", title="Joint Encryption and Message-Efficient Secure Computation"} @Article{v9n4p3, journal="Journal of Cryptology", volume=9, number=4, year=1996, pages="233-250", author="W.-A. Jackson and K. M. Martin and C. M. O'Keefe", title="Ideal Secret Sharing Schemes with Multiple Secrets"} @Article{v9n4p4, journal="Journal of Cryptology", volume=9, number=4, year=1996, pages="251-261", author="Y. Han and L. A. Hemaspaandra", title="Pseudorandom Generators and the Frequency of Simplicity"} @Article{v10n1p1, journal="Journal of Cryptology", volume=10, number=1, year=1997, pages="1--16", author="P. de Rooij", title="On Schnorr's Preprocessing for Digital Signature Schemes"} @Article{v10n1p2, journal="Journal of Cryptology", volume=10, number=1, year=1997, pages="17--36", author="D. Beaver and J. Feigenbaum and J. Kilian and P. Rogaway", title="Locally Random Reductions: Improvements and Applications"} @Article{v10n1p3, journal="Journal of Cryptology", volume=10, number=1, year=1997, pages="37--50", author="T. Itoh and Y. Ohta and H. Shizuya", title="A Language-Dependent Cryptographic Primitive"} @Article{v10n1p4, journal="Journal of Cryptology", volume=10, number=1, year=1997, pages="51--70", author="H. Dobbertin", title="RIPEMD with Two-Round Compress Function is Not Collision-Free"} @Article{v10n1p5, journal="Journal of Cryptology", volume=10, number=1, year=1997, pages="71--72", author="B. S. Kaliski", title="A Chosen Message Attack on Demytko's Elliptic Curve Cryptosystem"} @Article{v10n2p1, journal="Journal of Cryptology", volume=10, number=2, year=1997, pages="75--88", author="A. Fiat", title="Batch RSA"} @Article{v10n2p2, journal="Journal of Cryptology", volume=10, number=2, year=1997, pages="89--96", author="Y. Yacobi and M. J. Beller", title="Batch Diffie-Hellman Key Agreement Systems"} @Article{v10n2p3, journal="Journal of Cryptology", volume=10, number=2, year=1997, pages="97--110", author="C. Cachin and U. M. Maurer", title="Linking Information Reconciliation and Privacy Amplification"} @Article{v10n2p4, journal="Journal of Cryptology", volume=10, number=2, year=1997, pages="111-147", author="A. Klapper and M. Goresky", title="Feedback Shift Registers, 2-Adic Span, and Combiners with Memory"} @Article{v10n3p1, journal="Journal of Cryptology", volume=10, number=3, year=1997, pages="151-162", author="S. Even and Y. Mansour", title="A Construction of a Cipher from a Single Pseudorandom Permutation"} @Article{v10n3p2, journal="Journal of Cryptology", volume=10, number=3, year=1997, pages="163-194", author="I. B. Damgard and T. P. Pedersen and B. Pfitzmann", title="On the Existence of Statistically Hiding Bit Commitment Schemes and Fail-Stop Signatures"} @Article{v10n3p3, journal="Journal of Cryptology", volume=10, number=3, year=1997, pages="195-206", author="E. Biham and A. Biryukov", title="An Improvement of Davies' Attack on DES"} @Article{v10n3p4, journal="Journal of Cryptology", volume=10, number=3, year=1997, pages="207-221", author="D. Coppersmith and J. Stern and S. Vaudenay", title="The Security of the Birational Permutation Signature Schemes"} @Article{v10n4p1, journal="Journal of Cryptology", volume=10, number=4, year=1997, pages="223-231", author="L. Csirmaz", title="The Size of a Share Must Be Large"} @Article{v10n4p2, journal="Journal of Cryptology", volume=10, number=4, year=1997, pages="233-260", author="D. Coppersmith", title="Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities"} @Article{v10n4p3, journal="Journal of Cryptology", volume=10, number=4, year=1997, pages="261-289", author="W.-A. Jackson and K.M. Martin and C.M. O'Keefe", title="Mutually Trused Authority-Free Secret Sharing Schemes"} @TECHREPORT{rfc1591, AUTHOR="Postel, J.", TITLE="Domain Name System Structure and Delegation", TYPE="Request for Comments (Informational)", INSTITUTION="Internet Engineering Task Force", NUMBER=1591, PAGES=7, DAY=3, MONTH=mar, YEAR=1994, ABSTRACT="This memo provides some information on the structure of the names in the Domain Name System (DNS), specifically the top-level domain names; and on the administration of domains. The Internet Assigned Numbers Authority (IANA) is the overall authority for the IP Addresses, the Domain Names, and many other parameters, used in the Internet. The day-to-day responsibility for the assignment of IP Addresses, Autonomous System Numbers, and most top and second level Domain Names are handled by the Internet Registry (IR) and regional registries.", URL="ftp://ds.internic.net/rfc/rfc1591.txt" } @ARTICLE{Huit88509, AUTHOR="Huitema, C.", TITLE="The {X.500} Directory Services", PAGES="161-166", VOLUME=16, NUMBER="1-2", JOURNAL={cnis}, MONTH=sep, YEAR=1988, ENTRYBY=ccr } @string{SIGPLAN = "ACM SIGPLAN Notices"} @string{ACM = "ACM Press"} @string{LFP = "{ACM} {S}ymposium on {LISP} and {F}unctional {P}rogramming"} @InProceedings{NeculaL96, author = {George C. Necula and Peter Lee}, title = "{Safe Kernel Extensions Without Run-Time Checking}", booktitle = {{Second Symposium on Operating System Design and Implementation (OSDI)}}, publisher = {Usenix, Seattle}, pages = {229--243}, year = 1996 } @InProceedings{Necula97, author = {George C. Necula}, title = "{Proof-Carrying Code}", booktitle = {{Proceedings of the 24th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL)}}, year = 1997, month = {January}, pages = {106--119}, publisher = {{ACM} Press, New York} } @PhdThesis{Homeier95, author = {Peter V. Homeier}, title = {{Trustworthy Tools for Trustworthy Programs: A Mechanically Verified Verification Condition Generator for the Total Correctness of Procedures}}, school = {University of California, Los Angeles}, year = 1995, month = {June} } @InProceedings{HomeierM94, author = {Peter V. Homeier and David F. Martin}, title = {{Trustworthy Tools for Trustworthy Programs: A Verified Verification Condition Generator}}, booktitle = {Proceedings of the 7th International Workshop on Higher Order Logic Theorem Proving and its Applications}, editor = {Thomas Melham and Juanito Camilleri}, volume = 859, series = {Lecture Notes in Computer Science}, year = 1994, publisher = {Springer-Verlag}, pages = {269-284} } @inproceedings{VanInwegenG94, author = "Myra VanInwegen and Elsa L. Gunter", title = "{HOL-ML}", booktitle = "Higher Order Logic Theorem Proving and Its Applications", publisher = "Springer-Verlag", year = 1994, editor = "Jeffery Joyce and Carl Seger", volume = 780, series = "Lecture Notes in Computer Science", pages = "61-73", month = "February" } @Book{GordonM93, author = {Michael J.C. Gordon and Tom F. Melham}, title = "{Introduction to HOL: A theorem proving environment for higher order logic}", publisher = {Cambridge University Press}, year = 1993 } @InProceedings{Wright92, author = {Andrew Wright and Robert Cartwright}, title = "{A Practical Soft Type System for Scheme}", booktitle = {{ACM} Conference on Lisp and Functional Programming}, editor = {Carolyn L. Talcott}, year = 1994, pages = {250-262}, publisher = {{ACM} Press} } @Article{BlumK95, author = {Manuel Blum and Sampath Kannan}, title = "{Designing Programs that Check Their Work}", journal = {Journal of the {ACM}}, year = 1995, volume = 42 } @Book{GoslingJS96, author = {James Gosling and Bill Joy and Guy Steele}, title = "{The Java Language Specification}", publisher = {Addison Wesley, Reading}, year = 1996 } @Book{LindholmY96, author = {Tim Lindholm and Frank Yellin}, title = "{The Java Virtual Machine Specification}", publisher = {Addison Wesley}, year = 1996 } @Article{Nahrstedt96, title = "{Design, Implementation and Experiences of the OMEGA End-Point Architecture}", author = {K. Nahrstedt and J. M. Smith}, journal = {IEEE Journal on Selected Areas in Communications (Special Issue on Multimedia Systems)}, volume = 14, number = 7, month ={ September}, year = 1996, pages ="1263--1279" } @Article{MahmoodM88, author = {A. Mahmood and E. J. McCluskey}, title = {Concurrent Error Detection Using Watchdog Processors - A Survey}, journal = {{IEEE} Transactions on Computers}, year = 1988, volume = 37, number = 2, month = {February}, pages = {160-174} } @TechReport{FarberP75, author = {D. J. Farber and J. R. Pickens}, title = "{The Overseer: A Powerful Communications Attribute for Debugging and Security in Thin-Wire Connected Control Structures}", institution = {University of California at Urvine}, year = 1975, number = 75 } @TechReport{Cerf71, title = "{Formal Control-Flow Properties for a Model of Computation}", author = {Vinton G. Cerf}, month = {December}, year = 1971, institution = {University of California, Los Angeles}, number = {UCLA-ENG-7178} } @TechReport{Cerf72, title = "{Multiprocessors, Semaphores and a Graph Model of Computation}", author = {Vinton G. Cerf}, month = {April}, year = 1972, institution = {University of California, Los Angeles}, number = {UCLA-ENG-7223}, note = {Ph.D. Thesis} } @inproceedings{Tomlinson75, title = "{Selecting Sequence Numbers}", author = {R. S. Tomlinson}, booktitle = {Proc. SIGCOMM/SIGOPS IPC Workshop}, month = {March}, year = 1975 } @inproceedings{Postel76, title = "{Graph Modeling of Computer Communications Protocols}", author = {J. Postel and D. J. Farber}, booktitle = {Proc. of the Fifth Texas Conference on Computing Systems}, institution = {University of Texas}, month = {October}, year = 1976, pages = "66--77" } @TechReport{FarberFGNSS96, author = {Dave J. Farber and David C. Feldmeier and Carl A. Gunter and Scott M. Nettles and William D. Sincoskie and Jonathan M. Smith}, title = "{{SwitchWare}: Accelerating Network Evolution}", institution = {University of Pennsylvania}, year = 1996, number = {MS-CIS-96-38}, note = {http://www.cis.upenn.edu/\~jms/white-paper.ps} } @TechReport{Keromytis96, author = {A. Keromytis and J. Smith}, title = "{Creating Efficient Fail-Stop Cryptographic Protocols}", institution = {University of Pennsylvania}, number = {MS-CIS-96-32}, year = 1996 } @Article{LeeBG94, author = {I. Lee and P. Bremond-Gregoire and R. Gerber}, title = "{A Process Algebraic Approach to the Specification and Analysis of Resource-Bound Real-Time Systems}", journal = {Proceedings of the {IEEE}}, year = 1994, month = {January}, pages = {158-171} } @INPROCEEDINGS{gcreplica:pldi, AUTHOR = "{S}. {M}.~{N}ettles and {J}. {W}.~{O}'{T}oole", TITLE = "{R}eal-{T}ime {R}eplication {G}arbage {C}ollection", BOOKTITLE = "{SIGPLAN} {S}ymposium on {P}rogramming {L}anguage {D}esign and {I}mplementation", PAGES = "217--226", YEAR = 1993, ORGANIZATION = "ACM", MONTH = "{J}une" } @inproceedings{gcreplica:lfp, author = "{J}. {O}'{T}oole and {S}. {N}ettles", booktitle = LFP, title = "{C}oncurrent {R}eplicating {G}arbage {C}ollection", year = "1994", month = jun, publisher = "{ACM} {P}ress" } @article{bake78, author = "Henry G. Baker", title = "{List Processing in Real-Time on a Serial Computer}", journal = CACM, publisher = ACM, volume = 21, number = 4, pages = "280--94", year = "1978", comment = "The best known real-time incremental copying gc. Uses a read barrier.", comment = "Also AI Laboratory Working Paper 139, 1977", URL = "ftp://ftp.netcom.com/pub/hb/hbaker/RealTimeGC.ps.Z" } @inproceedings{doli93, title = "{A Concurrent Generational Garbage Collector for a Multi-Threaded Implementation of {ML}}", author = "Damien Doligez and Xavier Leroy", pages = "113--123", booktitle = "Conference Record of the Twentieth Annual ACM Symposium on Principles of Programming Languages", publisher = ACM, month = jan, year = 1993, series = SIGPLAN, } @INPROCEEDINGS{OToole93, author="{J}. {O}'{T}oole and {S}. {N}ettles and {D}. {G}ifford", title="{C}oncurrent {C}ompacting {G}arbage {C}ollection of a {P}ersistent {H}eap", BOOKTITLE = "{P}roceedings of the 14th {ACM} {S}ymposium on {O}perating {S}ystems {P}rinciples", YEAR = 1993, ORGANIZATION = "ACM", MONTH = "{D}ecember" } @Inproceedings{Wallach96, title ="{ASHs: Application-specific handlers for high-performance messaging}", author = {D. A. Wallach and D. Engler and M. F. Kaashoek}, booktitle = {Proc. 1996 ACM SIGCOMM Conference}, Year = {1996} } @InProceedings{Clark92, title = "{Supporting Real-Time Applications in an Integrated Service Packet Network: Architecture and Mechanism}", author = {D. Clark and Scott Shenker and L. Zhang}, month = {August}, year = "1992", pages = "14--26", booktitle = {Proceedings, 1992 SIGCOMM Conference} } @Article{Pappalardo96, title = "{BBN} to test {RSVP}", author = {D. Pappalardo}, journal = {Network World}, pages = "1,14", month = {December}, volume = {13}, number = {50}, year = 1996 } @Misc{CAML, title = "{The {Caml Special Light System} (Release 1.10)}", author = {Xavier Leroy}, organization = {INRIA, France}, howpublished = {http://pauillac.inria.fr/ocaml} } @Article{Tennenhouse97, author = {D. L. Tennenhouse and J. M. Smith and W. D. Sincoskie and D. J. Wetherall and G. J. Minden}, title = "{A Survey of Active Network Research}", journal = {IEEE Communications Magazine}, pages = "80--86", month = {January}, year = 1997 } @TechReport{Bhattacharjee96, title = "{Implementation of an Active Network Architecture}", author = {Samrat Bhattacharjee and Ken Calvert and Ellen W. Zegura}, month = {July}, year = {1996}, institution = {Georgia Institute of Technology}, note = {White paper presented at Gigabit Switch Technology Workshop, Washington University} } @Inproceedings{Wetherall96a, title = "{The ACTIVE\_IP Option}", author = {David J. Wetherall and David L. Tennenhouse}, booktitle = {7th ACM SIGOPS European Workshop}, month = {September}, year = {1996}, note = "http://www.tns.lcs.mit.edu-/publications/sigops96ws.html" } @TechReport{Hartman96, title = "{Liquid Software: A New Paradigm for Networked Systems}", author = {J. Hartman and U. Manber and L. Peterson and T. Proebsting}, institution = "University of Arizona", number = "96-11", month = {June}, note = "http://www.cs.arizona.edu/liquid/", year = "1996" } @Article{Leslie96, title = "{The Design and Implementation of an Operating System to Support Distributed Multimedia Applications}", author = {I. M. Leslie and D. McAuley and R. Black and T. Roscoe and P. Barham and D. Evers and R. Fairbairns and E. Hyden}, journal = {IEEE Journal on Selected Areas in Communications}, month = {September}, year = "1996", volume = 14, number = 7, pages = "1280--1297" } @TechReport{Shapiro97, title = "{Operating System Support for Active Networks}", author = {J. S. Shapiro and S. J. Muir and J. M. Smith and D. J. Farber}, month = {February}, year = 1997, institution = {CIS Dept., University of Pennsylvania} } @InProceedings{Bershad95, author = {B. Bershad and S. Savage and P. Pardyak and E. G. Sirer and M. Fiuczynski and D. Becker and S. Eggers and C. Chambers}, title = {Extensibility, Safety and Performance in the SPIN Operating System}, booktitle = {Proc. 15th SOSP}, pages = {267--284}, month = {December}, year = 1995 } @Article{Engler95, author = {D. Engler, {\em et al.,}}, title = "{Exokernel: An Operating System Architecture for Application-Level Resource Management}", booktitle = {Proc. 15th SOSP}, month = {December}, year = {1995} } @Article{Ferrari92, title = "{Real Time Communication in an Internetwork}", author = {D. Ferrari}, journal = {Journal of High-Speed Networks}, volume = 1, year = 1992, pages = {79--103} } @Book{Levy84, title = "{Capability-Based Computer Systems}", author = {H.~M.~Levy}, institution = {Digital Press}, year = 1984 } @article{Mercer94, title = "{Processor Capacity Reserves: Operating System Support for Multimedia Applications}", author = {C. W. Mercer and S. Savage and H. Tokuda}, booktitle = {Proc. IEEE International Conference on Multimedia Computing and Systems}, month = May, year = 1994 } @inproceedings{Mogul87, title = "{The Packet Filter: An Efficient Mechanism for User-level Network Code}", author = {J. Mogul and R. Rashid and M. Accetta}, booktitle = {Proceedings of the Eleventh ACM Symposium on Operating Systems Principles}, pages = {39--51}, month ={ November}, year = 1987 } @inproceedings{McCanne93, title = "{The BSD Packet Filter: A New Architecture for User-level Packet Capture}", author = {S. McCanne and V. Jacobson}, booktitle = {Proc. USENIX Technical Conference}, month = {January}, year = 1993, pages = {259--269} } @Article{Atkinson97, title = "{Toward a More Secure Internet}", author = {Randall J. Atkinson}, journal = {IEEE Computer}, month = {January}, year = {1997}, pages = {57--61} } @inproceedings{Bellovin96, author = {S. M. Bellovin}, title = "{Problem Areas for the {IP} Security Protocols}", booktitle = {Proc. USENIX Security Workshop}, year = 1996, month = {July} } @Article{Bellovin89, author = {S. M. Bellovin}, title = "{Security Problems in the {TCP/IP} Protocol Suite}", journal = {ACM Commputer Communication Review}, month = {May}, year = 1989 } @Techreport{cert, title = "{CERT Advisory CA-96.21: TCP SYN Flooding and IP Spoofing Attacks}", author = {Software Engineering Institute Computer Emergency Response Team}, month = {Sept}, year = 1996, institution ="{SEI}", note = {ftp://info.cert.org/pub/cert\_advisories/CA-96.21.tcp\_syn\_flooding} } @Article{Sullivan94, author = {Gordon R. Sullivan and James M. Dubik}, title = "{War in the Information Age}", institution = {Strategic Studies Institute, US Army War College}, month = {June}, year = 1994 } @Book{Personick95, title = "{Commercial Multimedia Technologies for Twenty-First Century Army Battlefields: a Technology Management Strategy}", author = {S. Personick and D. Crawford and R. Gallager and J. Jaffe and J. Kurose and D. Leeper and C. Manders and B. McCune and A. McLaughlin and J. M. Smith and L. Streeter and L. Wishart and B. Zeigler}, publisher = {National Academy Press}, city = {Washington, DC}, year = 1995 } @article{ClLe96b, author={Duncan Clarke and Insup Lee}, title="{Automatic Specification-Based Testing of Real-Time Properties}", journal={submitted for publication in the special issue on Formal Methods in Software Pce of the IEEE Transactions on Software Engineering}, year={} } @article{LBG94, author = "I. Lee and P. Br\'emond-Gr\'egoire and R. Gerber", title = "{A Process Algebraic Approach to the Specification and Analysis of Resource-Bound Real-Time Systems}", journal ={Proceedings of the IEEE}, month={Jan}, year={1994}, pages={158-171} } @inproceedings{BLG93, author={P. Br\'emond-Gr\'egoire and I. Lee and R. Gerber}, title="{ACSR: An Algebra of Communicating Shared Resources with Dense Time and Priorities}", booktitle={Proc.\ of CONCUR '93}, year=1993} @inproceedings{BLC95, author = "Han\^ene Ben-Abdallah and Insup Lee and Jin-Youg Choi", title = "{A Graphical Language with Formal Semantics for the Specification and Analysis of Real-Time systems}", booktitle= {Proc.\ IEEE Real-Time Systems Symposium}, month = {December}, year = 1995 } @inproceedings{CBLXS96, author={D. Clarke and H. Ben-Abdallah and I. Lee and H. Xie and O. Sokolsky}, title={{XVERSA: An Integrated Graphical and Textual Toolset for the Specification and Analysis of Resource-Bound Real-Time Systems}}, booktitle={Proc.~CAV 96, Springer-Verlag LNCS 1102}, pages={402--405}, month={July}, year={1996}} @InProceedings{LG85, Author= {I. Lee and V. Gehlot}, Title={{Language Constructs for Distributed Real-Time Programming}}, Booktitle={Proc.\ IEEE Real-Time Systems Symposium}, Year=1985 } @Article{blr93, author = "M. Blum and M. Luby and R. Rubinfeld", title = {{Self-Testing/Correcting with Applications to Numerical Problems}}, journal = "J. Comp. Sys. Sci.", year = 1993, volume = 47, number = 3, month = "December" } @Article{Traw95, author = "C. Brendan S. Traw and J. M. Smith", title = {{Striping within the Network Subsystem}}, journal = "IEEE Network", year = 1995, month = "July/August", pages = "22--32" } @misc{Bremford97, author = {Mike Bremford}, title = {{The Ping of Death Page}}, year = 1997, note = {http://www.sophist.demon.co.uk/ping/} } @InProceedings{remotekeying, author = {M. Blaze and J. Feigenbaum and M. Naor}, title = {{A Formal Treatment of Remotely Keyed Encryption}}, booktitle = {Proceedings of EUROCRYPT '98}, month = {May}, year = 1998 } @InProceedings{sessionlayerenc, author = {M. Blaze and S. Bellovin}, title = {{Session-Layer Encryption}}, booktitle = {Proc. of the USENIX Security Symp.}, month = {June}, year = 1995 } @InProceedings{atomicproxy, author = {M. Blaze and G. Bleumer and M. Strauss}, title = {{Atomic Proxy Cryptography and Protocol Divertibility}}, booktitle = {Proceedings of EUROCRYPT '98}, month = {May}, year = 1998 } @Misc{masterkey, author = {M. Blaze and J. Feigenbaum and F.T. Leighton}, title = {{Master-Key Cryptosystems}}, howpublished = {Presented at ``rump session,'' {\em CRYPTO '95.} Santa Barbara, CA}, month = {August}, year = 1995 } @InProceedings{cfs, author = {M. Blaze}, title = {{A Cryptographic File System for Unix}}, booktitle = {Proc. of the 1st ACM Conference on Computer and Communications Security}, month = {November}, year = 1993 } @InProceedings{clipper, author = {M. Blaze}, title = {{Protocol Failure in the Escrowed Encryption Standard}}, booktitle = {Proc. of the 2nd ACM Conference on Computer and Communications Security}, month = {November}, year = 1994, comment = {Also appeared in {\em Building in Big Brother,} L. Hoffman, ed. Springer, 1995} } @InProceedings{cflrs, author = { Y.-H. Chu and J. Feigenbaum and B. LaMacchia and P. Resnick and M. Strauss}, title = {{REFEREE: Trust Management for Web Applications}}, booktitle = {World Wide Web Journal, 2}, pages = {127--139}, year = 1997, comment = {Reprinted from the {\it Proceedings of the 6th International World Wide Web Conference}, World Wide Web Consortium, Cambridge, 1997, pp.~227--238} } @Article{pics, author = {P. Resnick and J. Miller}, title = {{PICS: Internet Access Controls Without Censorship}}, journal = {Communications of the ACM}, month = {October}, year = 1996, pages = {87--93} } @InProceedings{bfrs, author = {M. Blaze and J. Feigenbaum and P. Resnick and M. Strauss}, title = {{Managing Trust in an Information Labeling System}}, booktitle = {European Transactions on Telecommunications, 8}, pages = {491--501}, year = 1997, comment = {Special issue of selected papers from the 1996 Amalfi Conference on Secure Communication in Networks} } @InProceedings{ipsecpaper, author = {A. D. Keromytis and J. Ioannidis and J. M. Smith}, title = {{Implementing IPsec}}, year = 1997, month = {November}, pages = {1948 -- 1952}, booktitle = {Proceedings of Global Internet (GlobeCom) '97} } @TechReport{neumann-formal, author = {Peter G. Neumann}, title = {{Architectures and Formal Representations for Secure Systems}}, institution = {{SRI International}}, year = 1995, type = {{Final Report. SRI Project 6401}}, number = {A002}, month = {October} } @Article{safety, author = {D. Scott Alexander and William A. Arbaugh and Angelos D. Keromytis and Jonathan M. Smith}, title = {{Safety and Security of Programmable Network Infrastructures}}, journal = {IEEE Communications Magazine}, year = 1998, volume = 36, number = 10, pages = {84 -- 92} } @Article{Phrack, author = {Daemon9 and Route and Infinity}, title = {Project Neptune}, journal = {Phrack Magazine}, year = 1996, volume = 7, number = 48 } @Misc{Panix, key = {Panix}, title = {{Cracker Attack Paralyzes PANIX}}, howpublished = {{RISKS Digest. Volume 18. Issue 45.}}, month = {September}, year = 1996 } % @InProceedings{AN94, author = {M. Abadi and R. Needham}, title = {Prudent engineering practice for cryptographic protocols}, booktitle = {IEEE Symposium on Research in Security and Privacy}, year = 1994, organization = {IEEE Computer Society}, pages = {122-136} } @InProceedings{AN95, author = {R. Anderson and R. Needham}, title = {Robustness principles for public key protocols}, booktitle = {Advances in Cryptology - CRYPTO '95}, volume = 963, series = {Lecture Notes in Computer Science}, year = 1995, publisher = {Springer-Verlag}, pages = {236-247} } @InProceedings{Bol97, author = {D. Bolignano}, title = {Towards the formal verification of electronic commerce protocols}, booktitle = {IEEE Computer Security Foundations Workshop}, year = 1997, organization = {IEEE Computer Society}, pages = {133-146}, annote = {Inductive verification using Coq proof assistant} } @InProceedings{Bra97, author = {S. Brackin}, title = {An interface specification language for automatically analyzing cryptographic protocols}, booktitle = {Symposium on Network and Distributed System Security}, year = 1997, organization = {Internet Society}, month = {February} } @InProceedings{Bra96, author = {S. Brackin}, title = {A {HOL} extension of {GNY} for automatically analyzing cryptographic protocols}, booktitle = {9th IEEE Computer Security Foundations Workshop}, year = 1996, organization = {IEEE Computer Society}, pages = {62-77} } @InProceedings{, author = {S. Brackin and C. Meadows and J. Millen}, title = {{CAPSL} interface for the {NRL} protocol analyzer}, booktitle = {IEEE Symposium on Application-Specific Systems and Software Engineering Technology (ASSET '99)}, year = 1999 } @Article{BAN90, author = {M. Burrows and M. Abadi and R. Needham}, title = {A logic of authentication}, journal = {ACM Transactions on Computer Systems}, year = 1990, volume = 8, number = 1, pages = {18-36} } @Article{BAN90a, author = {M. Burrows and M. Abadi and R. Needham}, title = {Rejoinder to {N}essett}, journal = {ACM Operating Systems Review}, year = 1990, volume = 24, number = 2, month = {April}, pages = {39-40} } @InProceedings{Car94, author = {U. Carlsen}, title = {Generating formal cryptographic protocol specifications}, booktitle = {IEEE Symposium on Research in Security and Privacy}, year = 1994, organization = {IEEE Computer Society}, pages = {137-146} } @Unpublished{CJ97, author = {J. Clark and J. Jacob}, title = {A Survey of Authentication Protocol Literature}, note = {\verb+http://www.cs.york.ac.uk/~jac/papers/drareviewps.ps+}, year = 1997 } @InProceedings{DMT98, author = {G. Denker and J. Meseguer and C. Talcott}, title = {Protocol specification and analysis in {M}aude}, booktitle = {Formal Methods and Security Protocols}, year = 1998, note = {LICS '98 Workshop} } @Article{DS81, author = {D. Denning and G. Sacco}, title = {Timestamps in key distribution protocols}, journal = {Communications of the ACM}, year = 1981, volume = 24, number = 8, month = {August} } @TechReport{DS97, author = {B. Dutertre and S. Schneider}, title = {Embedding {CSP} in {PVS}. {A}n application to verify authentication protocols}, institution = {Royal Holloway, University of London}, year = 1997, number = {CSD-TR-97-11}, note = {To appear in TPHOLS '97} } @Article{DY83, author = {D. Dolev and A. Yao}, title = {On the security of public key protocols}, journal = {IEEE Transactions on Information Theory}, year = 1983, volume = {IT-29}, pages = {198-208}, note = {Also STAN-CS-81-854, May 1981, Stanford U.} } @InProceedings{EG83, author = {S. Even and O. Goldreich}, title = {On the security of multi-party ping-pong protocols}, booktitle = {24th IEEE Symposium on Foundations of Computer Science}, year = 1983 } @InProceedings{GNY90, author = {L. Gong and R. Needham and R. Yahalom}, title = {Reasoning about belief in cryptographic protocols}, booktitle = {IEEE Symposium on Research in Security and Privacy}, year = 1990, organization = {IEEE Computer Society}, pages = {234-248} } @Article{HT96, author = {N. Heintze and J. Tygar}, title = {A model for secure protocols and their compositions}, journal = {IEEE Transactions on Software Engineering}, year = 1996, volume = 22, number = 1, month = {January}, pages = {16-30} } @Book{KPS95, author = {C Kaufman and R. Perlman and M. Speciner}, title = {Network Security}, publisher = {Prentice Hall}, year = 1995 } @Article{Kem89, author = {R. Kemmerer}, title = {Analyzing encryption protocols using formal verification techniques}, journal = {IEEE Journal on Selected Areas in Communication}, year = 1989, volume = 7, number = 4, month = {May} } @Article{KMM94, author = {R. Kemmerer and C. Meadows and J. Millen}, title = {Three systems for cryptographic protocol analysis}, journal = {Journal of Cryptology}, year = 1994, volume = 7, number = 2, pages = {79-130} } @InProceedings{KW96, author = {D. Kindred and J. Wing}, title = {Fast, automatic checking of security protocols}, booktitle = {USENIX 2nd Workshop on Electronic Commerce}, year = 1996 } @Article{Low98, author = {G. Lowe}, title = {Casper: a compiler for the analysis of security protocols}, journal = {Journal of Computer Security}, year = 1998, volume = 6, number = 1, pages = {53-84} } @InProceedings{Low98a, author = {G. Lowe}, title = {Towards a completeness result for model checking of security protocols}, booktitle = {11th IEEE Computer Security Foundations Workshop}, year = 1998, organization = {IEEE Computer Society}, pages = {96-105} } @InProceedings{Low96, author = {G. Lowe}, title = {Breaking and fixing the {N}eedham-{S}chroeder public-key protocol using {FDR}}, booktitle = {Proceedings of TACAS}, volume = 1055, series = {Lecture Notes in Computer Science}, year = 1996, publisher = {Springer-Verlag}, pages = {147-166} } @InProceedings{MCJ97, author = {W. Marrero and E. Clarke and S. Jha}, title = {Model checking for security protocols}, booktitle = {DIMACS Workshop on Design and Verification of Security Protocols}, year = 1997, organization = {Rutgers U.} } @InProceedings{Mea91, author = {C. Meadows}, title = {A system for the specification and verification of key management protocols}, booktitle = {IEEE Symposium on Security and Privacy}, year = 1991, organization = {IEEE Computer Society}, pages = {182-195} } @Article{Mea92, author = {C. Meadows}, title = {Aplying formal methods to the analysis of a key management protocol}, journal = {Journal of Computer Security}, year = 1992, volume = 1, number = 1, pages = {5-36} } @Article{Mea96, author = {C. Meadows}, title = {The {NRL} protocol analyzer: an overview}, journal = {Journal of Logic Programming}, year = 1996, volume = 26, number = 2, pages = {113-131} } @InProceedings{Mea96a, author = {C. Meadows}, title = {Language generation and verification in the {NRL} protocol analyzer}, booktitle = {9th IEEE Computer Security Foundations Workshop}, year = 1996, organization = {IEEE Computer Society}, pages = {48-61} } @Article{MCF87, author = {J. Millen and S. Clark and S. Freedman}, title = {The {I}nterrogator: protocol security analysis}, journal = {IEEE Transactions on Software Engineering}, year = 1987, volume = {SE-13}, number = 2, month = {February}, pages = {274-288} } @InProceedings{Mil97, author = {J. Millen}, title = {The {I}nterrogator model}, booktitle = {IEEE Symposium on Security and Privacy}, year = 1995, organization = {IEEE Computer Society}, pages = {251-260} } @TechReport{Mil97a, author = {J. Millen}, title = {{CAPSL}: {C}ommon {A}uthentication {P}rotocol {S}pecification {L}anguage}, institution = {The MITRE Corporation}, year = 1997, number = {MP 97B48} } @InProceedings{MMS97, author = {J. Mitchell and M. Mitchell and U. Stern}, title = {Automated analysis of cryptographic protocols using {M}ur$\phi$}, booktitle = {IEEE Symposium on Security and Privacy}, year = 1997, organization = {IEEE Computer Society}, pages = {141-154} } @Article{NS78, author = {R. Needham and M. Schroeder}, title = {Using encryption for authentication in large networks of computers}, journal = {Communications of the ACM}, year = 1978, volume = 21, number = 12, month = {December}, pages = {993-998} } @Article{Nes90, author = {D. Nessett}, title = {A critique of the {B}urrows, {A}badi and {N}eedham logic}, journal = {ACM Operating Systems Review}, year = 1990, volume = 24, number = 2, month = {April}, pages = {35-38}, } @Article{Pau98, author = {L Paulson}, title = {The inductive approach to verifying cryptographic protocols}, journal = {Journal of Computer Security}, year = 1998, volume = 6, number = 1, pages = {85-128} } @InProceedings{Ros95, author = {A. W. Roscoe}, title = {Modelling and verifying key-exchange protocols using {CSP} and {FDR}}, booktitle = {8th IEEE Computer Security Foundations Workshop}, year = 1995, organization = {IEEE Computer Society}, pages = {98-107} } @Book{Sch96, author = {B. Schneier}, title = {Applied Cryptography}, publisher = {John Wiley}, year = 1996 } @Article{Sch98, author = {S. Schneider}, title = {Verifying authentication protocols in {CSP}}, journal = {IEEE Transactions on Software Engineering}, year = 1998, volume = 24, number = 9, month = {September}, pages = {741-758} } @InProceedings{SvO94, author = {P. Syverson and P. van Oorschot}, title = {On unifying some cryptographic protocol logics}, booktitle = {IEEE Symposium on Research in Security and Privacy}, year = 1994, organization = {IEEE Computer Society}, pages = {14-28} } @InProceedings{Syv91, author = {P. Syverson}, title = {The use of logics in the analysis of cryptographic protocols}, booktitle = {IEEE Symposium on Research in Security and Privacy}, year = 1991, organization = {IEEE Computer Society}, pages = {156-169} } @InProceedings{THG98, author = {J. Thayer and J. Herzog and J. Guttman}, title = {Honest ideals on strand spaces}, booktitle = {11th IEEE Computer Security Foundations Workshop}, year = 1998, publisher = {IEEE Computer Society}, pages = {66-78} } @Article{WL94, author = {T. Woo and S. Lam}, title = {A lesson on authentication protocol design}, journal = {ACM Operating Systems Review}, year = 1994, pages = {24-37} } @TechReport{YW93, author = {A. Yasinsac and W. Wulf}, title = {A formal semantics for evaluating cryptographic protocols}, institution = {U. Virginia}, year = 1993, number = {CS-93-53} }