Interesting Links

• New Links (June 3, 2000)
  • (from Gene Spafford, 12/29/00) Cipher readers may be interested in the report at this link:  www.cerias.purdue.edu/events/summit_4q2000.php.  Accenture (formerly Andersen Consulting) has released the Security Call to Action and executive summary, from the 15 security experts who participated in the CERIAS Security Vision Roundtable. (More information on this event is posted in the issue E41 of Cipher)

   

• Previously Listed Links
  • Infosec Research Council, Malicious Code Infosec Science and Technology Study Group.  "Attacking Malicious Code" by Gary McGraw and Greg Morrisett www.rstcorp.com/irc.
  • US Biometric Consortium,  www.biometrics.org
  • Information about the UK's Domain Based Security work.  Added 4/1/00.  www.qinetiq.com/home_enterprise_security/infosec_strategy/white_papers.html
  • IFIP WG 1.7 Theoretical Foundations of Security Analysis and Design. Home Page of the newly approved IFIP Working Group with the main aims (among many other) of investigating the theoretical foundations of security, discovering and promoting new areas of application of theoretical techniques in computer security and supporting the systematic use of formal techniques in the development of security related applications.
    The main research topics relevant for the Working Group include:
    • formal definition and verification of the various aspects of security: confidentiality, integrity, authentication and availability;
    • new theoretically-based techniques for the formal analysis and design of cryptographic protocols and their manifold applications (e.g., electronic commerce);
    • information flow modeling and its application to the theory of confidentiality policies, composition of systems, and covert channel analysis;
    • formal techniques for the analysis and verification of mobile code;
    • formal analysis and design for prevention of denial of service.

  • ACSA Information Security Bookshelf
    The Applied Computer Security Associates (ACSA), the sponsor of the Annual Computer Security Applications Conference, has established an Information Security Bookshelf at the above URL.
    ACSA sees this bookshelf being used is as a source of readings for self-study and for courses. You're invited to take a look at the bookshelf and to suggest additional books, papers, and reports. It would be most helpful if you could provide the source files or a URL pointer to them. Suggestions and contributions should be sent to bookshelf@acsac.org. Don't be bashful about suggesting your own work.

    The project needs a permanent editor (or chair, the title is negotiable). If you know someone who might be interested, send that information to the same address.

  • ELECTRONIC IDENTITY FRAUD NEWSLETTER
    Free from e-DENTIFICATION, Inc. Free service to the electronic security community. The objective of this newsletter is to stimulate awareness and create a forum for the exchange of information in an effort to combat the emergence and rampant growth of identity fraud in electronic commerce and electronic data interchange. If you are involved in online security, online privacy issues, electronic commerce, electronic data interchange, credit management, banking, or internet business, you and your associates are invited to subscribe to this free monthly newsletter.

    [Note: Subscriptions appear to come as ascii text. Downloads of back issues require the ability read MS-Word documents. -editor]

• US Government sources/information:
  • FTC Web Site for opting out of sharing of personal information
  • NIST's SKIPJACK and KEA page
  • NIST's AES page
  • ARPA/NSA/DISA Memorandum of Agreement for coordinating Infosec research programs
  • NSA's Trusted Product Evaluation program (TPEP) including pointers to the US Evaluated Product List.
  • Federal Bureau of Investigation
  • Office of the Director of Central Intelligence; pointers to CIA, US Intelligence Community, Center for the Study of Intelligence
  • National Reconnaissance Office
  • Federal Networking Council
  • U.S. House of Representatives
  • U.S. Senate
  • Defense Information Systems Agency (DISA)
  • National Security Agency
  • Computer Security Technology Center at Lawrence Livermore National Laboratory
  • Thomas, online legislation information from the Library of Congress
  • NIST publications, including the Common Criteria
  • COS: Federally Funded Research in the U.S. (not a U.S. Government server; password protected)
  • The White House, if you want to start at the top!
  • NIST Computer Security Resource Clearinghouse - pointers to many places
  • NRL Center for High Assurance Computer Systems, with IEEE and XTP-1 ptrs
  • US Navy SPAWAR INFOSEC Homepage
  • ARPA home page
  • NASA Langley Research Center - and pointers to other Government Labs
  • Software Engineering Institute Information Server

   

• Professional societies and organizations:
  • The Network Security Framework Forum (NSFF)to foster dialog between Government and Industry regarding solutions to network security problems.
  • Organization for Economic Cooperation and Development (OECD) Page on security, privacy, cryptography and intellectual property rights
  • Technical council on Software Engineering (IEEE Computer Society)
  • World Wide Web Consortium. Lots of WWW-related information, including:
    • Web security information and pointers
    • Index of information on electronic payment systems for internet and WWW
  • European Workshop for Open Systems Security Group
  • USENIX & SAGE -- UNIX - related information, conferences, publications
  • IFIP home page   TC11: Security and Protection in Information Processing and TC6: Communication Systems
  • IEEE Computer Society home page
  • The IEEE Computer Society's Distinguished Visitors Program.
  • ACM home page, with pointers to IFIP, Internet Society, etc.
  • Internet Society Home Page
  • The Internet Conference Calendar
  • Internet Society's Internet Engineering Task Force home page
  • IFIP WG 11.3 (Database Security) home page

   

• Other places for interesting papers, announcements, and information
  • ISSL Iowa State University's Information Systems Security Laboratory
  • Paul Kocher's Homepage for Differential Power Analysis (DPA) Attacks
  • Purdue's information assurance and security center
  • Bruce Schneier's new monthly newsletter, Crypto-Gram
  • Avi Rubin's extensive list of cryptography and computer security courses being offered at the graduate level around the world.
  • Web site of FMEInfRes, the Formal Methods Europe Information Resources project
  • John Young's "Cryptome": John Young's "cryptome": extensive and current archive of a broad range of news items, legislation, reports, etc., on cryptography policy, technology, and related items (also free of appalling and wasteful graphics).
  • IBM Patent Server
    Online access to over two million patent descriptions, dating back to January, 1971. Also the last ten years of images.
  • Journal of Internet Banking and Commerce
  • Idaho State University's Information Security Library
  • The Colossus Rebuild Project with links to pages on Bletchley Park. Interesting photos and history of the rebuilding of this codebreaking computer.
  • George Mason U. Center for Secure Information Systems
  • Computer security folks, from Dave Wagner
  • Cryptography folks, from Dave Wagner
  • Computer Security at CERN
  • Federation of American Scientists Project on Government Secrecy
  • RST Corporation's Reliability Hotlist
  • Journal of Computer Security
  • General Magic: includes developer info for Magic Cap
  • Unix Security  (Center for Information Technology, NIH)
  • Northern Telecom's Entrust Technology
  • The Cryptography Project at Georgetown University
  • CCER National Budget Simulation -- try your hand at balancing the budget
  • InterNIC Directory and Database Services -- to help find people in cyberspace
  • The RISKS Forum (US archive site) or (UK archive site)
  • The PRIVACY Forum
  • Archive of back issues of Security Reviews and other good things from Ross Anderson's ftp space
  • Sun's Java(tm) language and security for HotJava(tm) web browser.
  • Sirene; security web page at IBM-Zurich; many links
  • SAIC Security Library
  • U.S. National Academy of Sciences, National Academy of Engineering, Institute of Medicine, and National Research Council home page
  • Purdue COAST home page; SATAN information.
  • CMU NetBill Project home page; electronic commerce information
  • Trusted Information Systems home page
  • Graz University of Technology, Institute for Applied Information Processing and Communications
  • SRI-CSL SRI International Computer Science Lab home page
  • An AT&T Laboratories Research World-Wide Web Server
  • Computer Science Technical Reports Archive Sites
  • Jonathan Bowen - (Formal Methods Sources)