Roger Clarke's Web-Site© Xamax Consultancy Pty Ltd, 1995-2024 |
||||||
HOME | eBusiness |
Information Infrastructure |
Dataveillance & Privacy |
Identity Matters | Other Topics | |
What's New |
Waltzing Matilda | Advanced Site-Search |
Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Fellow, Department of Computer Science, Australian National University
Version of 2 February 2001
© Xamax Consultancy Pty Ltd, 2001
This document is at http://www.rogerclarke.com/EC/IntroSecyBibl.html
This list of references was prepared to accompany my paper 'Introduction to Information Security'.
ACSI 33 (2000) `Security Guidelines for Australian Government IT Systems', Australian Communications Security Instruction No. 33, April 1998, rev. 2000, Defence Signals Directorate, at http://www.dsd.gov.au/infosec/acsi33/acsi_index.html
ACSI 37 (1999) `Australian Government Standards for the Protection of information Technology Systems Processing Non-National Security Information at the Highly Protected Classification', Australian Communications Security Instruction No. 37, Defence Signals Directorate
Adams C. & Lloyd S. (1999) 'Understanding the Public-Key Infrastructure' New Riders Publishing, 1999
AGS 1056 (2000) 'Electronic Commerce: Audit Risk Assessments and Control Considerations' Australian Accounting Research Foundation, August 2000
Anderson R. (2001) `Security Engineering: A Comprehensive Guide to Building Dependable Distributed Systems' Wiley, 2001, from http://www.cl.cam.ac.uk/~rja14/book.html
AS/NZS 3931 (1998) `Risk Analysis of Technological Systems - Application Guide' Standards Australia, 1998
AS/NZS 4360 (1999) `Risk Management' Standards Australia, 1995, 1999
AS 4390 (1996) `Records management' comprising 1 - General, 2 - Responsibilities, 3 - Strategies, 4 - Control, 5 - Appraisal and disposal, 6 - Storage, Standards Australia, 1996
AS/NZS 4444.1 (1999) `Information security management - Code of practice for information security management' Standards Australia, 1999
AS/NZS 4444.2 (2000) `Information security management - Specification for information security management systems' Standards Australia, 2000
AusCERT 'Australian Computer Emergency Response Team', at http://www.auscert.org.au/
Austin T., Huaman D. & Austin T.W. (2000) 'Public Key Infrastructure Essentials', John Wiley & Sons, 2000
Bacard A. (1995) 'The Computer Privacy Handbook: A Practical Guide to E-Mail Encryption, Data Protection, and PGP Privacy Software', Peachpit Press 1995, at http://www.andrebacard.com/press.html
Birman K.P. (1997) 'Building Secure and Reliable Network Applications', Prentice Hall, 1997
Blaze M. (1999) 'Using the KeyNote Trust Management System', November 1999, at http://www.crypto.com/trustmgt/kn.html
Branchaud, M. (1997) 'A Survey of Public Key Infrastructures', Master's Thesis, Department of Computer Science, McGill University, Montreal, March 1997, at http://www.xcert.com/~marcnarc/PKI/thesis/
Brands S.A. (2000) 'Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy' MIT Press, 2000
BS 7799-1 (1999) `Code of practice for information security management' British Standards Institute, 1995, 1999
BS 7799-2 (1999) `Specification for information security management systems' British Standards Institute, 1995, 1999
Caelli W., Longley D. & Shain M. (1989) 'Information Security for Managers' Macmillan, New York, 1989
CERT (2000) 'Security Resources' (originally 'Computer Emergency Response Team'), Carnegie-Mellon University, at http://www.cert.org/nav/other_sources.html
Clarke R. (1994) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues' Info. Technology & People 7,4 (December 1994). At http://www.rogerclarke.com/DV/HumanID.html
Clarke R. (1996) 'Cryptography in Plain Text', Privacy Law & Policy Reporter 3, 2 (May 1996) 24-27, 30-33, at http://www.rogerclarke.com/II/CryptoSecy.html
Clarke R. (1997a) 'Introduction to Dataveillance and Information Privacy, and Definitions of Terms', at http://www.rogerclarke.com/DV/Intro.html
Clarke R. (1997b) 'Chip-Based ID: Promise and Peril' Proc. Int'l Conf. on Privacy, Montreal, 23-26 September 1997, at http://www.rogerclarke.com/DV/IDCards97.html
Clarke R. (1998a) 'Platform for Privacy Preferences: An Overview' (April 1998), Privacy Law & Policy Reporter 5, 2 (July 1998) 35-39, at http://www.rogerclarke.com/DV/P3POview.html
Clarke R. (1998b) 'Platform for Privacy Preferences: Critique' (April 1998), Privacy Law & Policy Reporter 5, 3 (August 1998) at 46-48, at http://www.rogerclarke.com/DV/P3PCrit.html
Clarke R. (1998c) 'Public Key Infrastructure: Position Statement', May 1998, at http://www.rogerclarke.com/DV/PKIPosn.html
Clarke R. (1999a) 'Privacy-Enhancing and Privacy-Sympathetic Technologies: Resources', April 1999, at http://www.rogerclarke.com/DV/PEPST.html
Clarke R. (1999b) 'Identified, Anonymous and Pseudonymous Transactions: The Spectrum of Choice' Proc. User Identification & Privacy Protection Conf., Stockholm, 14-15 June 1999, at http://www.rogerclarke.com/DV/UIPP99.html
Clarke R. (2000a) 'Privacy Requirements of Public Key Infrastructure' Internet Law Bulletin 3, 1 (April 2000) 2-6. Republished in 'Global Electronic Commerce', published by the World Markets Research Centre in collaboration with the UN/ECE's e-Commerce Forum on 'Electronic Commerce for Transition Economies in the Digital Age', 19-20 June 2000, at http://www.rogerclarke.com/DV/PKI2000.html
Clarke R. (2000) 'An Artefact Ill-Fitted to the Needs of the Information Society', November 2000, http://www.rogerclarke.com/II/PKIMisFit.html
Cobb S. (1996) 'The NCSA Guide to PC and LAN Security', McGraw Hill, 1996
CCIB (1998) 'Common Criteria for Information Technology Security Evaluation', Common Criteria Implementation Board, Version 2, 1998, at http://www.cse.dnd.ca/cse/english/cc2dwnld.html
COAST 'Internet Archive of Security-Related Resources', at http://www.cs.purdue.edu/coast/hotlist/
Corcoran D., Sims D. & Hillhouse B. (1999) 'Smart Cards and Biometrics: Your Key to PKI', Linux Journal (March 1999), at http://www2.linuxjournal.com/lj-issues/issue59/3013.html
Diffie W. & Hellman M. (1976) 'New directions in cryptography' IEEE Transactions on Information Theory, pp. 644-654, November 1976
Ellison C. (1996) 'Establishing Identity Without Certification Authorities', Proc. 6th USENIX Security Symposium, San Jose CA, July 22-25, 1996, at http://world.std.com/~cme/usenix.html
Ellison C. (2000b) 'SPKI/SDSI and the Web of Trust' September 2000, at http://world.std.com/~cme/html/web.html
Ellison C. & Schneier B. (2000a) 'Risks of PKI: Electronic Commerce' Inside Risks 116, Commun. ACM 43, 2 (February 2000), at http://www.counterpane.com/insiderisks5.html
Ellison C. & Schneier B. (2000b) 'Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure' Computer Security Journal, v 16, n 1, 2000, pp. 1-7, at http://www.counterpane.com/pki-risks.html
EPIC (1997-) 'EPIC Online Guide to Practical Privacy Tools', at http://www.epic.org/privacy/tools.html
Ennals R. (1996) 'Executive Guide to Preventing Information Technology Disasters' Springer Verlag, 1996
Ford W. & Baum M.S. (1997) 'Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption', Prentice Hall, 1997
Froomkin A.M. (1996) 'The Essential Role of Trusted Third Parties in Electronic Commerce' Oregon L. Rev. 75,1 (Spring, 1996) 49-115
Garfinkel S. (1995) `PGP: Pretty Good Privacy' O'Reilly, 1995
Garfinkel S. & Spafford G. (1996) `Practical Unix and Internet Security, O'Reilly, 1996
Garfinkel S. & Spafford G. (1997) 'Web Security & Commerce' O'Reilly, 1997
Gerck E. (1998) 'Overview of Certification Systems: X.509, CA, PGP and SKIP', August 1998, at http://www.mcg.org.br/cert.htm
GMITS (1996-2000) `Guidelines for the management of IT Security (GMITS)' comprising 1: Concepts and models for IT Security, 2: Managing and planning IT Security, 3: Techniques for the management of IT Security, 4: Selection of safeguards, 5: Management guidance on network security, ISO/IEC TR 13335, 1996-2000
Gollmann D. (1999) `Computer Security' Wiley-Liss, 1999
Greenleaf G.W. & Clarke R. (1997) `Privacy Implications of Digital Signatures', IBC Conference on Digital Signatures, Sydney (March 1997), at http://www.rogerclarke.com/DV/DigSig.html
Grossman W. (2000) 'Circles of Trust', Scientific American, August 2000, at http://www.sciam.com/2000/0800issue/0800cyber.html
Guttman B. & Roback E. (1995) 'An Introduction to Computer Security: The NIST Handbook' U.S. National Institute of Standards and Technology, NIST Special Publication 800-12, October 1995
Gutmann P. (2000) 'X.509 Style Guide', at http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt
Housley R., Ford W., Polk W. and Solo D. (1999) 'Internet X.509 Public Key Infrastructure Certificate and CRL Profile', RFC 2459, January 1999, at http://www.ietf.org/rfc/rfc2459.txt
Hutt A.E., Bosworth S. & Hoyt D.B. (1995) 'Computer Security Handbook' John Wiley, 3rd edition, 1995
IETF (1997-) 'Simple Public Key Infrastructure (SPKI)', at http://www.ietf.org/html.charters/spki-charter.html
IMC (1999) 'S/MIME and OpenPGP', Internet Mail Consortium, July 1999, at http://www.imc.org/smime-pgpmime.html
ISS (2000) `Creating, Implementing and Managing the Information Security Lifecycle', Internet Security Systems, 2000, at http://documents.iss.net/whitepapers/securityCycle.pdf
ISS (2000) `Security Architecture and Incident Management for E-business', Internet Security Systems, 2000, at http://documents.iss.net/whitepapers/secarch.pdf
ITSEC (1991) 'Information Technology Security Evaluation Criteria (ITSEC): Harmonised Criteria of France, Germany, the Netherlands and the United Kingdom', Version 1.2, Commission of the European Communities, June 1991, at http://www.itsec.gov.uk/docs/
Khare R. & Rifkin A. (1997) 'Weaving a Web of Trust' Revised version of a paper World Wide Web Journal 2 3 (Summer 1997) 77-112, at http://www.cs.caltech.edu/~adam/local/trust.html
Kohnfelder, L. M. (1978) 'Towards a Practical Public-key Cryptosystem' MIT S.B. Thesis, May 1978
Krause M. & Tipton H.F. (Eds.) (1998) 'Handbook of Information Security Management, CRC, 1998
Lampson B., Abadi M., Burrows M. & Wobber E. (1992) 'Authentication in distributed systems: theory and practice' ACM Transactions on Computer Systems, 10(4):265-310, November 1992, at http://gatekeeper.dec.com/pub/DEC/SRC/research-reports/abstracts/src-rr-083.html
Lundblade L (1997) 'A Review of E-mail Security Standards' Proc. Conf. INET'97, at http://www.isoc.org/inet97/proceedings/A4/A4_1.HTM
McCullagh D. (1996-) 'Nym', at http://www.well.com/user/declan/nym/
Maurer U. (1996) 'Modelling a Public-Key Infrastructure' Proc. 1996 European Symposium on Research in Computer Security (ESORICS' 96), Lecture Notes in Computer Science, Springer-Verlag, vol. 1146, pp. 325-350, 1996, at ftp://ftp.inf.ethz.ch/pub/publications/papers/ti/isc/wwwisc/Maurer96b.pdf
Menezes A.J., van Oorschot P.C. & Vanstone S.A. (1997) `Handbook of Applied Cryptography', CRC Press, Boca Raton, 1997
Neumann P. (1995) `Computer-Related Risks' Addison-Wesley, 1995
NIST 'Computer Security Resource Clearinghouse', National Institute of Standards and Technology, at http://csrc.nist.gov/
OECD (1992) 'Guidelines for the Security of Information Systems' Organisation for Economic Cooperation and Development, Paris, 1992, at http://www.oecd.org/dsti/sti/it/secur/news/
OpenPGP (2001) 'An Open Specification for Pretty Good Privacy (openpgp)' Internet Engineering Task Force of The Internet Society, at http://www.ietf.org/html.charters/openpgp-charter.html
PSM (1991) 'Protective Security Manual', Protective Security Coordination Centre, Attorney-General's Department, 1991
RFC1847 (1995) 'Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted' Internet Engineering Task Force of The Internet Society, October 1995, at ftp://ftp.isi.edu/in-notes/rfc1847.txt
RFC2015 (1996) 'MIME Security with Pretty Good Privacy (PGP)' Internet Engineering Task Force of The Internet Society, October 1996, at ftp://ftp.isi.edu/in-notes/rfc2015.txt
RFC2246 (1999) 'The TLS Protocol' Internet Engineering Task Force of The Internet Society, January 1999, at ftp://ftp.isi.edu/in-notes/rfc2246.txt
RFC2409 (1998) 'The Internet Key Exchange (IKE)' Internet Engineering Task Force of The Internet Society, November 1998, at ftp://ftp.isi.edu/in-notes/rfc2409.txt
RFC2411 (1998) 'IP Security Document Roadmap', Internet Engineering Task Force of The Internet Society, November 1998, at ftp://ftp.isi.edu/in-notes/rfc2411.txt
RFC2440 (1998) 'OpenPGP Message Format', Internet Engineering Task Force of The Internet Society, November 1998, at ftp://ftp.isi.edu/in-notes/rfc2440.txt
RFC2487 (1999) 'SMTP Service Extension for Secure SMTP over TLS' Internet Engineering Task Force of The Internet Society, January 1999, at ftp://ftp.isi.edu/in-notes/rfc2487.txt
RFC2560 (1999) 'X.509 Internet Public Key Infrastructure: Online Certificate Status Protocol - OCSP' Internet Engineering Task Force of The Internet Society, June 1999, at ftp://ftp.isi.edu/in-notes/rfc2560.txt
RFC2595 (1999) 'Using TLS with IMAP, POP3 and ACAP' Internet Engineering Task Force of The Internet Society, June 1999, at ftp://ftp.isi.edu/in-notes/rfc2595.txt
RFC2632 (1999) 'S/MIME Version 3 Certificate Handling' Internet Engineering Task Force of The Internet Society, June 1999, at ftp://ftp.isi.edu/in-notes/rfc2632.txt
RFC2633 (1999) 'S/MIME Version 3 Message Specification' Internet Engineering Task Force of The Internet Society, June 1999, at ftp://ftp.isi.edu/in-notes/rfc2633.txt
RFC2692 (1999) 'SPKI Requirements' Internet Engineering Task Force of The Internet Society, September 1999, at ftp://ftp.isi.edu/in-notes/rfc2692.txt
RFC2693 (1999) 'SPKI Certificate Theory' Internet Engineering Task Force of The Internet Society, September 1999, at ftp://ftp.isi.edu/in-notes/rfc2693.txt
RFC2704 (1999) 'The KeyNote Trust-Management System Version 2' Internet Engineering Task Force of The Internet Society, September 1999, at http://www.crypto.com/papers/rfc2704.txt
RFC2828 (2000) `Internet Security Glossary' Internet Engineering Task Force of The Internet Society, 2000, at ftp://ftp.isi.edu/in-notes/rfc2828.txt
Rivest R. 'Cryptography and Security Resource Page', at http://theory.lcs.mit.edu/~rivest/crypto-security.html
Rivest R.L. & Lampson B. (1996) 'SDSI - A Simple Distributed Security Infrastructure', 15 Sep 1996, at http://theory.lcs.mit.edu/~rivest/sdsi10.html
Ruvin A., Geer D. & Ranum M. (1997) `Web Security Sourcebook' Wiley, 1997
Schneier B. (1996) 'Applied Cryptography' Wiley, 2nd Ed., 1996
SDSI (1996-) 'A Simple Distributed Security Infrastructure (SDSI)', 1996-, at http://theory.lcs.mit.edu/~cis/sdsi.html
Shaw P.D. (1998) 'Managing Legal and Security Risks in Computing and Communications' Butterworth-Heinemann, 1998
S/MIME (2001) 'S/MIME Mail Security (smime)' Internet Engineering Task Force of The Internet Society, at http://www.ietf.org/html.charters/smime-charter.html
Smith G.E. (1999) `Network Auditing: A Control Assesment Approach' Wiley, 1999
SSH (2001) 'Secure Shell (secsh)', Working Group of the Internet Engineering Task Force of The Internet Society, at http://www.ietf.org/html.charters/secsh-charter.html
SSL (1996) 'The SSL Protocol, Version 3.0', Draft Internet Standard of the Transport Layer Security Working Group, Internet Engineering Task Force of The Internet Society, November 1996, at http://home.netscape.com/eng/ssl3/draft302.txt
Stallings W. (1995) 'Network and Internetwork Security : Principles and Practice' Prentice Hall, 1995
Stallings W. (1995) 'Protect Your Privacy: The PGP User's Guide' Prentice Hall, 1995
Summers R.C. (1997) 'Secure Computing: Threats and Safeguards' McGraw Hill, 1997
TCSEC (1985) 'Trusted Computer System Evaluation Criteria', U.S. Department of Defense, at http://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.html
TPEP (1999) `The Computer Security Evaluation Frequently Asked Questions', National Computer Security Center (NCSC), August 1999, at http://www.radium.ncsc.mil/tpep/process/faq.html
W3C (2000) 'Platform for Privacy Preferences (P3P) Project', at http://www.w3.org/Security/Overview.html
W3C (2000) 'P3P Brochure', at http://www.w3.org/P3P/brochure.html
W3C (2000) 'A P3P Preference Exchange Language (APPEL)', Working Draft, 20 April 2000, at http://www.w3.org/TR/P3P-preferences.html
W3C (2000) 'W3C Security Resources', at http://www.w3c.org/P3P/
W3C (2000) `The World Wide Web Security FAQ', at http://www.w3.org/Security/Faq/www-security-faq.html
W3C (2000) 'Public-Key Infrastructure (X.509) (pkix)', at http://www.ietf.org/html.charters/pkix-charter.html
Walker K.M. & Cavanaugh C. (1998) 'Computer Security Policies and Sunscreen Firewalls' Prentice Hall (1998)
Wang Y. (1998) 'SPKI' December 1998, at http://www.hut.fi/~yuwang/publications/SPKI/SPKI.html
Weber R. (1998) `Information Systems Control and Audit' Prentice Hall, 1998
Wheeler L. (1998) 'Account Authority Digital Signature Model (AADS)', at http://www.garlic.com/~lynn/aadsover.htm
Wheeler A. & Wheeler L. (1998) 'PKI Account Authority Digital Signature Infrastructure', November 1998, at http://www.garlic.com/~lynn/draft-wheeler-ipki-aads-01.txt
X.509 (1988, 1997) 'The Directory - Authentication Framework', Volume VIII of CCITT Blue Book, pp. 48-81, CCITT/ITU, 1988, 1997
Zimmermann P.R. (1995) 'PGP 5.0 User's Guide' MIT Press, 1995, at http://mitpress.mit.edu/book-home.tcl?isbn=0262740176
Personalia |
Photographs Presentations Videos |
Access Statistics |
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax. From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 75 million in late 2024. Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer |
Xamax Consultancy Pty Ltd ACN: 002 360 456 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 6916 |
Created: 23 January 2001 - Last Amended: 2 February 2001 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/EC/IntroSecyBibl.html
Mail to Webmaster - © Xamax Consultancy Pty Ltd, 1995-2024 - Privacy Policy