[And08] R. J. Anderson. Security Engineering: A guide to building dependable distributed systems. John Wiley & Sons Inc, New York, second edition, 2008. http://www.cl.cam.ac.uk/~rja14/book.html.
[And95a] R. J. Anderson and R. Needham. Programming satan's computer. In J. van Leeuwen, editor, Computer Science Today, volume 1000 of LNCS, pages 426-440. Springer, 1995. http://dx.doi.org/10.1007/BFb0015258.
[Hal08] J. A. Halderman, S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten. Lest we remember: Cold boot attacks on encryption keys. In 17th USENIX Security Symp., pages 45-60, San Jose, California, Jul 2008. USENIX Association. http://www.usenix.org/event/sec08/tech/full_papers/halderman/.
[ITSEC05] ITSEC. Information technology security techniques evaluation criteria for IT security part 1: Introduction and general model. Int. Standard ISO/IEC 15408-1, ISO/IEC, Oct 2005. http://standards.iso.org/ittf/PubliclyAvailableStandards/c040612_ISO_IEC_15408-1_2005(E).zip.
[Ker1883] A. Kerckhoffs. La cryptographie militaire. J. des Sciences Militaires, IX:5-38, Jan 1883. http://www.petitcolas.net/fabien/kerckhoffs/.
[Lam04] B. W. Lampson. Computer security in the real world. IEEE Computer, 37(6):37-46, Jun 2004. http://dx.doi.org/10.1109/MC.2004.17.
[Lev88] R. Levin and D. D. Redell. An evaluation of the ninth SOSP submissions or how (and how not) to write a good systems paper. SIGGRAPH Comput. Graph., 22(5):264-266, Oct 1988. http://dx.doi.org/10.1145/378267.378283.
[Low96] G. Lowe. Breaking and fixing the Needham-Schroeder Public-Key protocol using FDR. In 2nd Int. Workshop on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume 1055 of LNCS, pages 147-166, Passau, Germany, Mar 1996. Springer. http://dx.doi.org/10.1007/3-540-61042-1_43.
[Men01a] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of applied cryptography. CRC Press, 2001. http://www.cacr.math.uwaterloo.ca/hac/.
[Nao97] M. Naor and B. Pinkas. Visual authentication and identification. In Burton S. Kaliski Jr., editor, 17th Int. Conf. on Advances in Cryptology (CRYPTO), volume 1294 of LNCS, pages 322-336, Santa Barbara, California, Aug 1997. Springer. http://www.springerlink.com/content/ghv31wm0pexkd3kq/.
[Pey93b] S. L. Peyton Jones, R. J. M. Hughes, and J. Launchbury. How to give a good research talk. ACM SIGPLAN Notices, 28(11):9-12, Nov 1993. http://dx.doi.org/10.1145/165564.903972.
[Sch09a] S. E. Schechter. Common pitfalls in writing about security and privacy human subjects experiments, and how to avoid them. Technical report, Microsoft Research, 2009. http://cups.cs.cmu.edu/soups/2010/howtosoups.pdf.
[Sch04b] B. Schneier. Secrets and Lies: Digital Security in a Networked World. Wiley Publishing Inc, Indianapolis, Indiana, second edition, 2004. http://www.schneier.com/book-sandl.html.
[Buh07] I. R. Buhan, J. M. Doumen, P. H. Hartel, and R. N. J. Veldhuis. Secure ad-hoc pairing with biometrics: SAfE. In 1st Int. Workshop on Security for Spontaneous Interaction (Ubicomp 2007 Workshop Proceedings), pages 450-456, Innsbruck, Austria, Sep 2007. Lancaster University. http://www.comp.lancs.ac.uk/iwssi2007/papers/iwssi2007-02.pdf.
[Jai00] A. K. Jain, L. Hong, and S. Pankanti. Biometric identification. Commun. ACM, 43(2):90-98, Feb 2000. http://dx.doi.org/10.1145/328236.328110.
[Jai08] A. K. Jain, K. Nandakumar, and A. Nagar. Biometric template security. EURASIP J. on Advances in Signal Processing, 2008:579416, 2008. http://dx.doi.org/10.1155/2008/579416.
[Jue99a] A. Juels and M. Wattenberg. A fuzzy commitment scheme. In 6th ACM conf. on Computer and communications security (CCS), pages 28-36, Kent Ridge Digital Labs, Singapore, 1999. ACM, New York. http://dx.doi.org/10.1145/319709.319714.
[Rat06] N. Ratha, J. Connell, R. M. Bolle, and S. Chikkerur. Cancelable biometrics: A case study in fingerprints. In 18th Int. Conf. on Pattern Recognition (ICPR), volume 4, pages 370-373, Honkong, China, Aug 2006. IEEE Computer Society. http://dx.doi.org/10.1109/ICPR.2006.353.
[Put00] T. van der Putte and J. Keuning. Biometrical fingerprint recognition: Don't get your fingers burned. In J. Domingo-Ferrer, D. Chan, and A. Watson, editors, 4th Int. IFIP wg 8.8 Conf. Smart card research and advanced application (CARDIS), pages 289-303, Bristol, UK, Sep 2000. Kluwer Academic Publishers, Boston, Massachusetts. http://www.keuning.com/biometry/Biometrical_Fingerprint_Recognition.pdf.
[And97d] R. J. Anderson and M. Kuhn. Low cost attacks on tamper resistant devices. In 5th Int. Workshop on Security Protocols, volume 1361 of LNCS, pages 125-136, Paris, France, Apr 1997. Springer. http://dx.doi.org/10.1007/BFb0028165.
[And96] R. J. Anderson and M. G. Kuhn. Tamper resistance - A cautionary note. In 2nd Int. Usenix Workshop on Electronic Commerce, pages 1-11, Oakland, California, Nov 1996. USENIX Association. http://www.usenix.org/publications/library/proceedings/ec96/kuhn.html.
[Buc05] J. D. R. Buchanan, R. P. Cowburn, A.-V. Jausovec, D. Petit, P. Seem, G. Xiong, D. Atkinson, K. Fenton, D. A. Allwood, and M. T. Bryan. Forgery: 'fingerprinting' documents and packaging. Nature, 436(7050):475, Jul 2005. http://dx.doi.org/10.1038/436475a.
[Cla03b] R. Clayton and M. Bond. Experience using a Low-Cost FPGA design to crack DES keys. In 4th Int. Workshop on Cryptographic Hardware and Embedded Systems (CHES), volume 2523 of LNCS, pages 877-883, Redwood Shores, California, 2003. Springer. http://dx.doi.org/10.1007/3-540-36400-5_42.
[Kay92] P. H. Kaye, F. Micheli, M. Tracey, E. Hirst, and A. M. Gundlach. The production of precision silicon micromachined non-spherical particles for aerosol studies. J. of Aerosol Science, 23(Suppl 1):201-204, 1992. http://dx.doi.org/10.1016/0021-8502(92)90384-8.
[Pra01] D. Praca and C. Barral. From smart cards to smart objects: the road to new smart technologies. Computer Networks, 36(4):381-389, Jul 2001. http://dx.doi.org/10.1016/S1389-1286(01)00161-X.
[Rie06] M. R. Rieback, B. Crispo, and A. S. Tanenbaum. Is your cat infected with a computer virus? In 4th Annual IEEE Int. Conf. on Pervasive Computing and Communications (PerCom), pages 169-179, Pisa, Italy, Mar 2006. IEEE Computer Society. http://dx.doi.org/10.1109/PERCOM.2006.32.
[Vua09] M. Vuagnoux and S. Pasini. Compromising electromagnetic emanations of wired andWireless keyboards. In 18th USENIX Security Symp., pages 1-16, Montréal, Canada, Aug 2009. USENIX Association. http://www.usenix.org/events/sec09/tech/full_papers/vuagnoux.pdf.
[Wit02] M. Witteman. Advances in smartcard security. Information Security Bulletin, pages 11-22, Jul 2002. http://www.riscure.com/fileadmin/images/Docs/ISB0707MW.pdf.
[Che00] Z. Chen. Java Card Technology for Smart Cards: Architecture and programmer's guide. Addison Wesley, Reading, Massachusetts, 2000. http://developer.java.sun.com/developer/Books/consumerproducts/javacard/.
[Gov03] S. Govindavajhala and A. W. Appel. Using memory errors to attack a virtual machine. In 24th IEEE Symp. on Security and Privacy (S&P), pages 154-165, Berkeley, California, May 2003. IEEE Computer Society. http://dx.doi.org/10.1109/SECPRI.2003.1199334.
[Nec97] G. C. Necula. Proof-carrying code. In 24th Principles of programming languages (POPL), pages 106-119, Paris, France, Jan 1997. ACM, New York. http://dx.doi.org/10.1145/263699.263712.
[Tan06a] A. S. Tanenbaum, J. N. Herder, and H. Bos. Can we make operating systems reliable and secure? IEEE Computer, 39(5):44-51, 2006. http://dx.doi.org/10.1109/MC.2006.156.
[Bri04b] R. Brinkman, J. M. Doumen, and W. Jonker. Using secret sharing for searching in encrypted data. In W. Jonker and M. Petkovic, editors, 1st VLDB Workshop on Secure Data Management in a Connected World (SDM), volume 3178 of LNCS, pages 18-27, Toronto, Canada, Aug 2004. Springer. http://springerlink.metapress.com/content/ub0pn70v1tv3lud5/.
[Cze08] A. Czeskis, D. J. St. Hilaire, K. Koscher, S. D. Gribble, T. Kohno, and B. Schneier. Defeating encrypted and deniable file systems: TrueCrypt v5.1a and the case of the tattling OS and applications. In 3rd USENIX Workshop on Hot Topics in Security (HotSec), page paper 7, San Jose, California, Jul 2008. USENIX Association. http://www.usenix.org/events/hotsec08/tech/full_papers/czeskis/.
[Har08] P. H. Hartel, L. Abelmann, and M. G. Khatib. Towards Tamper-Evident storage on patterned media. In M. Baker and E. Riedel, editors, 6th USENIX Conf. on File and Storage Technologies (FAST), pages 283-296. USENIX Association, Feb 2008. http://www.usenix.org/events/fast08/tech/hartel.html.
[Mol06] D. Molnar, T. Kohno, N. Sastry, and D. Wagner. Tamper-evident, history-independent, subliminal-free data structures on PROM storage -or- how to store ballots on a voting machine (extended abstract). In 27th IEEE Symp. on Security and Privacy (S&P), pages 365-370, Berkeley, California, May 2006. IEEE Computer Society. http://dx.doi.org/10.1109/SP.2006.39.
[Qui02] S. Quinlan and S. Dorward. Venti: A new approach to archival data storage. In 1st USENIX Conf. on File and Storage Technologies (FAST), pages 89-101, Monterey, California, Jan 2002. USENIX Association. http://www.usenix.org/publications/library/proceedings/fast02/quinlan.html.
[Zhu05] Q. Zhu and W. W. Hsu. Fossilized index: the linchpin of trustworthy non-alterable electronic records. In ACM Int. Conf. on Management of Data (SIGMOD), pages 395-406, Baltimore, Maryland, Jun 2005. ACM, New York. http://dx.doi.org/10.1145/1066157.1066203.
[Su07] X. Su, D. Bolzoni, and P. A. T. van Eck. Understanding and specifying information security needs to support the delivery of high quality security services. In Int. Conf. on Emerging Security Information, Systems, and Technologies (SECURWARE), pages 107-114, Valencia, Spain, Oct 2007. IEEE Computer Society. http://dx.doi.org/10.1109/SECUREWARE.2007.42.
[Zam07a] E. Zambon, D. Bolzoni, S. Etall, and M. Salvato. Model-Based mitigation of availability risks. In 2nd IEEE/IFIP International Workshop on Business-Driven IT Management, pages 75-83, Munich, Germany, 2007. IEEE Computer Society Press. http://dx.doi.org/10.1109/BDIM.2007.375014.
[Bat06] M. Bateson, D. Nettle, and G. Roberts. Cues of being watched enhance cooperation in a real-world setting. Biology Letters, 2(3):412-414, Sep 2006. http://dx.doi.org/10.1098/rsbl.2006.0509.
[Cla99b] R. V. Clarke. Hot products: understanding, anticipating and reducing demand for stolen goods. Police Research Series Paper 112, Home Office, Policing and Reducing Crime Unit, London, 1999. http://www.crimereduction.homeoffice.gov.uk/stolengoods/stolengoods1.htm.
[Cla88b] R. V. Clarke and P. Mayhew. The British gas suicide story and its criminological implications. Crime and Justice, 10:79-116, 1988. http://www.jstor.org/stable/1147403.
[Den99] D. E. Denning. Information Warfare and Security. Addison Wesley, Reading, Massachusetts, 1999.
[Gaj08] S. Gajek and A.-R. Sadeghi. A forensic framework for tracing phishers. In 3rd IFIP WG 9.2, 9.6/ 11.6, 11.7/FIDIS Int. Summer School on The Future of Identity in the Information Society, volume IFIP Int. Federation for Information Processing 262, pages 23-35, Karlstad, Sweden, Aug 2007. Springer, Boston. http://dx.doi.org/10.1007/978-0-387-79026-8_2.
[Har10] P. H. Hartel, M. Junger, and R. J. Wieringa. Cyber-crime science = crime science + information security. Technical Report TR-CTIT-10-34, CTIT, University of Twente, Oct 2010. http://eprints.eemcs.utwente.nl/18500/.
[Hec06] J. J. Heckman. Skill formation and the economics of investing in disadvantaged children. Science, 312(5782):1900-1902, 2006. http://dx.doi.org/10.1038/428598a.
[Kum09] P. Kumaraguru, J. Cranshaw, A. Acquisti, L. Cranor, J. Hong, M. Blair, and T. Pham. School of phish: a real-word evaluation of anti-phishing training. In 5th Symp. on Usable Privacy and Security (SOUPS), pages 1-12, Mountain View, California, Jul 2009. ACM, New York. http://dx.doi.org/10.1145/1572532.1572536.
[New09] G. R. Newman. Cybercrime. In M. D. Krohn, A. J. Lizotte, and G. Penly Hall, editors, Handbook on Crime and Deviance, pages 551-584. Springer, Nov 2009. http://www.springer.com/978-1-4419-0244-3.
[Pea04] H. Pearson. Public health: The demon drink. Nature, 428:598-600, Apr 2004. http://dx.doi.org/10.1038/428598a.
[Whi08b] S. Whitehead and G. Farrell. Anticipating mobile phone smart wallet crime: Policing and corporate social responsibility. Policing, 2(2):210-217, 2008. http://dx.doi.org/10.1093/police/pan024.
[All06] M. Allen. Social engineering: A means to violate A computer system. White Paper 529, SANS Institute, Jun 2006. http://www.sans.org/reading_room/whitepapers/engineering/social-engineering-means-violate-computer-system_529.
[Gra02b] D. Gragg. A Multi-Level defense against social engineering. White Paper 920, SANS Institute, Dec 2002. http://www.sans.org/reading_room/whitepapers/engineering/multi-level-defense-social-engineering_920.
[Cic03] Information Technology Advisory Committee. Using an ethical hacking technique to assess information security risk. White paper, The Canadian Institute of Chartered Accountants, 2003. http://www.cica.ca/research-and-guidance/documents/it-advisory-committee/item12038.pdf.
[Wai02] Chan Tuck Wai. Conducting a penetration test on an organization. White Paper 67, SANS Institute, Jun 2002. http://www.sans.org/reading_room/whitepapers/auditing/conducting-penetration-test-organization_67.
[Ros07] T. Roscoe. Writing reviews for systems conferences. Technical report, ETH Zürich, Mar 2007. http://www.inf.ethz.ch/personal/troscoe/pubs/review-writing.pdf.