Twitter | Search | |
Nick Sullivan
Thread. I was recently privy to a conversation in which some really smart people in security shared their favorite papers or articles. Security engineering, like other disciplines, has a rich history worth learning from. I'm going to list some of these papers in this thread.
Reply Retweet Like More
Nick Sullivan Aug 12
Replying to @grittygrease
New Directions in Cryptography - Whitfield Diffie and Martin Hellman (1976) It's hard to emphasize just how revolutionary the concept of public key cryptography is. This paper started it all, introducing D-H key agreement and digital signatures.
Reply Retweet Like
Nick Sullivan Aug 12
Replying to @grittygrease
Reflections on Trusting Trust - Ken Thompson (1984) This paper succinctly describes the concept that it's not enough to trust software, you also need to trust the software that compiles the software, and the software that compiles the compiler, and so on
Reply Retweet Like
Nick Sullivan Aug 12
Replying to @grittygrease
Lest We Remember: Cold Boot Attacks on Encryption Keys - J. Alex Halderman et al. (2008) Another security paper that explores the reasons why good encryption software can be insufficient in the face of physical attacks.
Reply Retweet Like
Nick Sullivan Aug 12
Replying to @grittygrease
Improving SSL Warnings: Comprehension and Adherence - Adrienne Porter Felt et al. (2015) A data-driven study of how well/poorly user interfaces express security features to users in web browsers.
Reply Retweet Like
Nick Sullivan Aug 12
Replying to @grittygrease
This World of Ours - James Mickens (2014) A comedic article that helps emphasize the difference between targeted attacks by well-resourced adversaries and the more pedestrian threats faced by the general populace.
Reply Retweet Like
Nick Sullivan Aug 12
Replying to @grittygrease
Return-Oriented Programming - Solar Designer (1997) A new attack methodology that revolutionized offensive security.
Reply Retweet Like
Nick Sullivan Aug 12
Replying to @grittygrease
Format String Attacks - Tim Newsham (2000) Still one of the most pervasive security issues, format string vulnerabilities demonstrate the dangers of mixing abstractions.
Reply Retweet Like
Nick Sullivan Aug 12
Replying to @grittygrease
Ceremony Design and Analysis - Carl Ellison (2007) This paper introduces the idea of a ceremony as a generalization of a security protocol, formalizing the often overlooked human element.
Reply Retweet Like
Nick Sullivan Aug 12
Replying to @grittygrease
Programming Satan’s Computer - Ross Anderson and Roger Needham (1995) An exploration of the adversarial models needed to build secure software.
Reply Retweet Like
Nick Sullivan Aug 12
Replying to @grittygrease
Survivable Key Compromise in Software Update Systems - Justin Samuel, Nick Mathewson, Justin Cappos, Roger Dingledine (2010) This paper introduces The Update Framework (TUF) for secure software updates.
Reply Retweet Like
Nick Sullivan Aug 12
Replying to @grittygrease
Validation of Elliptic Curve Public Keys - Adrian Antipa et al. (2003) The first of many papers exploring some of the subtle risks of elliptic curve cryptography.
Reply Retweet Like
Nick Sullivan Aug 12
Replying to @grittygrease
Some thoughts on security after ten years of qmail 1.0 - Daniel J. Bernstein (2007) A retrospective of a popular mail transfer agent by the author with best practices learned.
Reply Retweet Like
Nick Sullivan Aug 12
Replying to @grittygrease
Straight Talk: New Yorkers on Mobile Messaging and Implications for Privacy - Ame Elliott, Sara Brody (2016) A revealing field study about security, privacy and surveillance.
Reply Retweet Like
Nick Sullivan Aug 12
Replying to @grittygrease
Singularity - Microsoft Research (2003) A series of works derived from the Midori advanced development OS project.
Reply Retweet Like
Nick Sullivan Aug 12
Replying to @grittygrease
That's it for now. This is not a comprehensive reading list, but hopefully anyone working or studying security engineering can find something useful.
Reply Retweet Like
Justin Clark Aug 17
Replying to @grittygrease
Nick, if memory serves me well, shouldn't there also be recognition in this publication for Ralph Merkle too...?
Reply Retweet Like
Nick Sullivan Aug 17
Replying to @justinpclark
Yes, he was also very involved in this work.
Reply Retweet Like
egyp7 Aug 17
Replying to @grittygrease
I would add "Reflections on Trusting Trust", Ken Thompson (1984)
Reply Retweet Like
Nick Sullivan Aug 17
Replying to @egyp7
Scroll up, that’s the second link. Great paper.
Reply Retweet Like