Some papers on security

These are papers we are thinking about reading. There is nothing comprehensive or representative about this list.

Background

  • M. Burrows, M. Abadi and R. Needham, A Logic of Authentication. Proceedings of the Royal Society, Series A, 426, 1871 (December 1989), 233-271. Also appeared as SRC Research Report 39 and, in a shortened form, in ACM Transactions on Computer Systems 8, 1 (February 1990), 18-36.

  • J. McLean Security Models, Encyclopedia of Software Engineering (ed. John Marciniak), Wiley & Sons, Inc., 1994.

  • P. Neumann, Architectures and Formal Representations for Secure Systems.

  • L. Lamport, Temporal logic of action. (This page has pointers to a number of papers.)

  • Meadows' Example

  • Catherine Meadows, Applying Formal Methods to the Analysis of a Key Managment Protocol, The Journal of Computer Security," vol 1, no 1, Jan. 1992.

  • Gray, J. and McLean, J. Using Temporal Logic to Specify and Verify Cryptographic Protocols (Progress Report), Proceedings of the 8th IEEE Computer Security Foundations Workshop, IEEE Press, 1995.

  • S.A. Schneider, Security Properties and CSP. IEEE Computer Society Symposium on Security and Privacy, Oakland, 1996. (A longer version appears to be the earlier Modelling Security Properties with CSP. Royal Holloway Technical Report CSD-TR-96-04.)

  • Needham-Schroeder Protocol

  • Needham-Schroeder Public-Key Protocol Case Study (Gavin Lowe at Oxford.)

  • Meadows, Catherine A., Analyzing the Needham-Schroeder Public Key Protocol: A Comparison of Two Approaches, Proceedings of ESORICS, Springer Verlag, To appear.
  • Languages and Systems

  • Java Security: From HotJava to Netscape and Beyond. Princeton web page.

  • L. van Doorn, M. Burrows, M. Abadi and Ted Wobber, Secure Network Objects. Proceedings of the 1996 IEEE Symposium on Security and Privacy (May 1996), 211-221.

  • Some relevant pages

  • Martin Abadi at DEC SRC
  • Li Gong at SRI
  • Catherine Meadows Formal Verification of Cryptographic Protocols project at NRL
  • John McLean at NRL
  • Peter Neumann at SRI
  • Oxford security group
  • CAPSL home page with link to bibliography.

  • John C. Mitchell
    Department of Computer Science
    Stanford University
    Stanford CA 94305-9045
    Phone: (415) 723-8634
    Fax: (415) 725-4671