Secure Coding mailing list archives
RE: Top security papers
From: "Wall, Kevin" <Kevin.Wall () qwest com>
Date: Tue, 10 Aug 2004 04:38:55 +0100
Matt Setzer wrote...
It's been kind of quiet around here lately - hopefully just because everyone is off enjoying a well deserved summer (or winter, for those of you in the opposite hemisphere) break. In an effort to stir things up a bit, I thought I'd try to get some opinions about good foundational materials for security professionals. (I'm relatively new to the field, and would like to broaden my background knowledge.) Specifically, what are the top five or ten security papers that you'd recommend to anyone wanting to learn more about security? What are the papers that you keep printed copies of and reread every few years just to get a new perspective on them?
Okay, for starters, in no particular order: Ken Thompson's Turing Award lecture, _Reflections on Trusting Trust_, URL: http://www.acm.org/classics/sep95/ Saltzer & Schroeder, "The Protection of Information in Computer Systems", Proceedings of the IEEE, Sept. 1975, pp. 1278-1308, available at: http://web.mit.edu/Saltzer/www/publications/protection/ David Wheeler, "Secure Programming for Linux and Unix HOWTO", URL: http://www.dwheeler.com/secure-programs/ Aleph One, "Smashing the Stack for Fun and Profit", URL: http://www.insecure.org/stf/smashstack.txt Bruce Schneier, "Why Cryptography Is Harder Than It Looks", URL: http://www.schneier.com/essay-037.html Carl Ellison and Bruce Schneier, "Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure", URL: http://www.schneier.com/paper-pki.html Also, I'd probably through in a few RFCs and the Firewall and Snake-Oil Cryptography FAQs in there as well, but I'm too lazy to look them up right now. -kevin --- Kevin W. Wall Qwest Information Technology, Inc. [EMAIL PROTECTED] Phone: 614.215.4788 "The reason you have people breaking into your software all over the place is because your software sucks..." -- Former whitehouse cybersecurity advisor, Richard Clarke, at eWeek Security Summit
Current thread:
- Top security papers Matt Setzer (Aug 08)
- Re: Top security papers Julie JCH Ryan, D.Sc. (Aug 09)
- Re: Top security papers Crispin Cowan (Aug 09)
- Re: Top security papers Nash (Aug 10)
- OT re Cliff Stoll (was Re: Top security papers) Dave Aronson (Aug 11)
- <Possible follow-ups>
- Re: Top security papers Peter G. Neumann (Aug 09)
- RE: Top security papers Wall, Kevin (Aug 09)
- Re: Top security papers George Capehart (Aug 10)
- RE: Top security papers Jeremy Epstein (Aug 09)