| Communication Theory of Secrecy Systems | Claude Shannon |
• First formal statement of modern cryptography
• Defined secrecy system, cipher, and how to determine the strength of secrecy system from information theoretic perspective
|
| The Protection of Information in Computer Systems | Jerome H. Saltzer, and Michael D. Schroeder |
• Introduces seminal secure design principles
• Descriptor-based protection systems
• Historical insights into computer security
|
| Moore’s Law (Cramming More Components onto integrated circuits (1965) and Progress in Digital Integrated Electronics (1975)) | Gordon Moore |
• Defined a model of processor development and progression
• Provided a way to project computing capabilities into the future
• A fundamental concept that has enabled the quantification of encryption security strength
|
| New Directions in Cryptography | Whitfield Diffie and Martin Hellman |
• First idea for public-key cryptography
• Defined Diffie–Hellman key agreement protocol
|
| A Method for Obtaining Digital Signatures and Public-Key Cryptosystems | Ron Rivest, Adi Shamir, and Leonard Adleman |
• Defined RSA public-key system
• One of the most used public-key cryptographic systems
|
| On Data Banks and Privacy Homomorphisms (1978) | Ronald Rivest, Leonard Adleman, and Michael Dertouzos |
• First paper defined homomorphic encryption
|
| Fully Homomorphic Encryption Using Ideal Lattices (2009) | Craig Gentry |
• Second paper defined the first practical fully homomorphic encryption scheme
|
| The Byzantine Generals Problem | Leslie Lamport, Robert Shostak, and Marshall Pease |
• Theoretical exploration of agreement under adversarial threat
• Defined limitations of trust in redundant systems
• Does not solve the common vulnerability challenge
|
| Smashing the Stack for Fun and Profit | Aleph One (Elias Levy) |
• First widespread introduction to buffer overflows
• Step-by-step discussion of the vulnerability and shell code
• Exploration of the implications
|
| On the Security of Public-Key Protocols | Danny Dolev and Andrew Yao |
• Theoretical exploration of attacks on public key protocols
• Defined Dolev-Yao threat model that has become the threat model used for cryptographic protocols
|
| A Computer Virus and a Cure for Computer Virus | Fred Cohen |
• First definition of a virus
• Proof of undecidability of detecting a virus (counterproof) by mapping to halting problem
|
| The Foundations of Computer Security: We Need Some | Donald Good |
• Essay to complain about lack of strong foundations for engineering in computer security (cybersecurity not a concept yet)
• Surveyed how theoretically secure systems are not really secure
• Proclaimed we need more theories before being able to engineer “secure” systems
|
| Programming Satan’s Computer | Ross Anderson and Roger Needham |
• Theoretical exploration of timing, ordering, and oracle attacks
• Define principles for developing security protocols for integrity and authenticity using cryptography
|
| The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection | Stefan Axelsson |
• Theoretical explanation of the problems we have with IDS
• With extreme ratio of noise to signal (attacks=black swan events) even if you have a 100% detector you still need extremely low false-positive rate to not be inundated with false-positive detections
|
| Red Pill (2004) | Joanna Rutkowska |
• Red pill demonstrated a method to detect that you were running as a guest virtual machine
• Blue pill demonstrated malware becoming a hypervisor to running OS dynamically
|
| Introducing the Blue Pill (2006) |
| The Science of Guessing: Analyzing an Anonymized Corpus of 70 Million Passwords | Joseph Bonneau |
• Study that shows that regardless of subpopulation everyone choose equivalently weak passwords
• An attacker is better off using a global password list
|
No comments:
Post a Comment