D. Boneh
Stanford

Twenty years of attacks on the RSA cryptosystem
Notices of the American Mathematical Society (AMS), Vol. 46, No. 2, pp. 203--213, 1999

URL: http://crypto.stanford.edu/~dabo/papers/RSA-survey.pdf

R. Kemmerer
University of California at Santa Barbara

A practical approach to identifying storage and timing channels: twenty years later
18th Annual Computer Security Applications Conference, December 2002

URL: http://www.acsac.org/2002/papers/classic-channels.pdf

Secure computer systems use both mandatory and discretionary access controls to restrict the flow of information through legitimate communication channels such as files, shared memory and process signals. Unfortunately, in practice one finds that computer systems are built such that users are not limited to communicating only through the intended communication channels. As a result, a well-founded concern of security-conscious system designers is the potential exploitation of system storage locations and timing facilities to provide unforeseen communication channels to users. These illegitimate channels are known as covert storage and timing channels.

Prior to the presentation of this paper twenty years ago the covert channel analysis that took place was mostly ad hoc. Methods for discovering and dealing with these channels were mostly informal, and the formal methods were restricted to a particular specification language. This paper presents a methodology for discovering storage and timing channels that can be used through all phases of the software life cycle to increase confidence that all channels have been identified. In the original paper the methodology was presented and applied to an example system having three different descriptions: English, formal specification, and highorder language implementation. In this paper only the English requirements are considered. However, the paper also presents how the methodology has evolved and the influence it had on other work.

D. Boneh, M. Franklin
Stanford / UC Davis

Identity based encryption from the Weil pairing
SIAM J. of Computing, Vol. 32, No. 3, pp. 586-615, 2003

URL: http://crypto.stanford.edu/~dabo/abstracts/ibe.html

We propose a fully functional identity-based encryption scheme (IBE). The scheme has chosen ciphertext security in the random oracle model assuming an elliptic curve variant of the computational Diffie-Hellman problem. Our system is based on the Weil pairing. We give precise definitions for secure identity based encryption schemes and give several applications for such systems.

A. Shamir
Dept. of Applied Mathematics, The Weizmann Institute of Science

Identity-based cryptosystems and signatures schemes
Advances in Cryptology -- Proceedings of CRYPTO 84 (G.R. Blakley and D. Chaum, eds.), Lecture Notes in Computer Science, vol. 196, Springer-Verlag, 1985, pp. 47-53

URL: http://dsns.csie.nctu.edu.tw/research/crypto/HTML/PDF/C84/47.PDF

H.H. Feng, O.M. Kolesnikov, P. Fogla, W. Lee, W. Gong
University of Massachusetts / Georgia Institute of Technology / Georgia Institute of Technology / Georgia Institute of Technology / University of Massachusetts

Anomaly detection using call stack information
2003 IEEE Symposium on Security and Privacy (Oakland'03), May 11 - 14, 2003

URL: http://www.cc.gatech.edu/~ok/w/ok_idpc.pdf

The call stack of a program execution can be a very good information source for intrusion detection. There is no prior work on dynamically extracting information from call stack and effectively using it to detect exploits. In this paper, we propose a new method to do anomaly detection using call stack information. The basic idea is to extract return addresses from the call stack, and generate abstract execution path between two program execution points. Experiments show that our method can detect some attacks that cannot be detected by other approaches, while its convergence and false positive performance is comparable to or better than the other approaches. We compare our method with other approaches by analyzing their underlying principles and thus achieve a better characterization of their performance, in particular, on what and why attacks will be missed by the various approaches.

A.K. Jones, W.A. Wulf
CMU

Tiwards the design of secure systems
"Software - Practice and Experience" vol. 5, p. 321-336 (1975)

URL: http://www.cs.wisc.edu/areas/os/Qual/Papers/Security/jones-secure.pdf

Within a programmed system, we may distinguish between different kinds of information in order to control the use of each kind by separate security policies, where each policy is tailored to the sensitivity and desired dissemination of that one kind of information. This paper analyses the implications of implementing security policies and describes mechanisms which can be used as the basis for constructing operating systems with the desired security attributes.