Roger Clarke's Web-Site

© Xamax Consultancy Pty Ltd,  1995-2024
Photo of Roger Clarke

Roger Clarke's 'Info Security Bibliography'

Information Security Bibliography

Roger Clarke

Principal, Xamax Consultancy Pty Ltd, Canberra

Visiting Fellow, Department of Computer Science, Australian National University

Version of 2 February 2001

© Xamax Consultancy Pty Ltd, 2001

This document is at http://www.rogerclarke.com/EC/IntroSecyBibl.html


This list of references was prepared to accompany my paper 'Introduction to Information Security'.


ACSI 33 (2000) `Security Guidelines for Australian Government IT Systems', Australian Communications Security Instruction No. 33, April 1998, rev. 2000, Defence Signals Directorate, at http://www.dsd.gov.au/infosec/acsi33/acsi_index.html

ACSI 37 (1999) `Australian Government Standards for the Protection of information Technology Systems Processing Non-National Security Information at the Highly Protected Classification', Australian Communications Security Instruction No. 37, Defence Signals Directorate

Adams C. & Lloyd S. (1999) 'Understanding the Public-Key Infrastructure' New Riders Publishing, 1999

AGS 1056 (2000) 'Electronic Commerce: Audit Risk Assessments and Control Considerations' Australian Accounting Research Foundation, August 2000

Anderson R. (2001) `Security Engineering: A Comprehensive Guide to Building Dependable Distributed Systems' Wiley, 2001, from http://www.cl.cam.ac.uk/~rja14/book.html

AS/NZS 3931 (1998) `Risk Analysis of Technological Systems - Application Guide' Standards Australia, 1998

AS/NZS 4360 (1999) `Risk Management' Standards Australia, 1995, 1999

AS 4390 (1996) `Records management' comprising 1 - General, 2 - Responsibilities, 3 - Strategies, 4 - Control, 5 - Appraisal and disposal, 6 - Storage, Standards Australia, 1996

AS/NZS 4444.1 (1999) `Information security management - Code of practice for information security management' Standards Australia, 1999

AS/NZS 4444.2 (2000) `Information security management - Specification for information security management systems' Standards Australia, 2000

AusCERT 'Australian Computer Emergency Response Team', at http://www.auscert.org.au/

Austin T., Huaman D. & Austin T.W. (2000) 'Public Key Infrastructure Essentials', John Wiley & Sons, 2000

Bacard A. (1995) 'The Computer Privacy Handbook: A Practical Guide to E-Mail Encryption, Data Protection, and PGP Privacy Software', Peachpit Press 1995, at http://www.andrebacard.com/press.html

Birman K.P. (1997) 'Building Secure and Reliable Network Applications', Prentice Hall, 1997

Blaze M. (1999) 'Using the KeyNote Trust Management System', November 1999, at http://www.crypto.com/trustmgt/kn.html

Branchaud, M. (1997) 'A Survey of Public Key Infrastructures', Master's Thesis, Department of Computer Science, McGill University, Montreal, March 1997, at http://www.xcert.com/~marcnarc/PKI/thesis/

Brands S.A. (2000) 'Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy' MIT Press, 2000

BS 7799-1 (1999) `Code of practice for information security management' British Standards Institute, 1995, 1999

BS 7799-2 (1999) `Specification for information security management systems' British Standards Institute, 1995, 1999

Caelli W., Longley D. & Shain M. (1989) 'Information Security for Managers' Macmillan, New York, 1989

CERT (2000) 'Security Resources' (originally 'Computer Emergency Response Team'), Carnegie-Mellon University, at http://www.cert.org/nav/other_sources.html

Clarke R. (1994) 'Human Identification in Information Systems: Management Challenges and Public Policy Issues' Info. Technology & People 7,4 (December 1994). At http://www.rogerclarke.com/DV/HumanID.html

Clarke R. (1996) 'Cryptography in Plain Text', Privacy Law & Policy Reporter 3, 2 (May 1996) 24-27, 30-33, at http://www.rogerclarke.com/II/CryptoSecy.html

Clarke R. (1997a) 'Introduction to Dataveillance and Information Privacy, and Definitions of Terms', at http://www.rogerclarke.com/DV/Intro.html

Clarke R. (1997b) 'Chip-Based ID: Promise and Peril' Proc. Int'l Conf. on Privacy, Montreal, 23-26 September 1997, at http://www.rogerclarke.com/DV/IDCards97.html

Clarke R. (1998a) 'Platform for Privacy Preferences: An Overview' (April 1998), Privacy Law & Policy Reporter 5, 2 (July 1998) 35-39, at http://www.rogerclarke.com/DV/P3POview.html

Clarke R. (1998b) 'Platform for Privacy Preferences: Critique' (April 1998), Privacy Law & Policy Reporter 5, 3 (August 1998) at 46-48, at http://www.rogerclarke.com/DV/P3PCrit.html

Clarke R. (1998c) 'Public Key Infrastructure: Position Statement', May 1998, at http://www.rogerclarke.com/DV/PKIPosn.html

Clarke R. (1999a) 'Privacy-Enhancing and Privacy-Sympathetic Technologies: Resources', April 1999, at http://www.rogerclarke.com/DV/PEPST.html

Clarke R. (1999b) 'Identified, Anonymous and Pseudonymous Transactions: The Spectrum of Choice' Proc. User Identification & Privacy Protection Conf., Stockholm, 14-15 June 1999, at http://www.rogerclarke.com/DV/UIPP99.html

Clarke R. (2000a) 'Privacy Requirements of Public Key Infrastructure' Internet Law Bulletin 3, 1 (April 2000) 2-6. Republished in 'Global Electronic Commerce', published by the World Markets Research Centre in collaboration with the UN/ECE's e-Commerce Forum on 'Electronic Commerce for Transition Economies in the Digital Age', 19-20 June 2000, at http://www.rogerclarke.com/DV/PKI2000.html

Clarke R. (2000) 'An Artefact Ill-Fitted to the Needs of the Information Society', November 2000, http://www.rogerclarke.com/II/PKIMisFit.html

Cobb S. (1996) 'The NCSA Guide to PC and LAN Security', McGraw Hill, 1996

CCIB (1998) 'Common Criteria for Information Technology Security Evaluation', Common Criteria Implementation Board, Version 2, 1998, at http://www.cse.dnd.ca/cse/english/cc2dwnld.html

COAST 'Internet Archive of Security-Related Resources', at http://www.cs.purdue.edu/coast/hotlist/

Corcoran D., Sims D. & Hillhouse B. (1999) 'Smart Cards and Biometrics: Your Key to PKI', Linux Journal (March 1999), at http://www2.linuxjournal.com/lj-issues/issue59/3013.html

Diffie W. & Hellman M. (1976) 'New directions in cryptography' IEEE Transactions on Information Theory, pp. 644-654, November 1976

Ellison C. (1996) 'Establishing Identity Without Certification Authorities', Proc. 6th USENIX Security Symposium, San Jose CA, July 22-25, 1996, at http://world.std.com/~cme/usenix.html

Ellison C. (2000b) 'SPKI/SDSI and the Web of Trust' September 2000, at http://world.std.com/~cme/html/web.html

Ellison C. & Schneier B. (2000a) 'Risks of PKI: Electronic Commerce' Inside Risks 116, Commun. ACM 43, 2 (February 2000), at http://www.counterpane.com/insiderisks5.html

Ellison C. & Schneier B. (2000b) 'Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure' Computer Security Journal, v 16, n 1, 2000, pp. 1-7, at http://www.counterpane.com/pki-risks.html

EPIC (1997-) 'EPIC Online Guide to Practical Privacy Tools', at http://www.epic.org/privacy/tools.html

Ennals R. (1996) 'Executive Guide to Preventing Information Technology Disasters' Springer Verlag, 1996

Ford W. & Baum M.S. (1997) 'Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption', Prentice Hall, 1997

Froomkin A.M. (1996) 'The Essential Role of Trusted Third Parties in Electronic Commerce' Oregon L. Rev. 75,1 (Spring, 1996) 49-115

Garfinkel S. (1995) `PGP: Pretty Good Privacy' O'Reilly, 1995

Garfinkel S. & Spafford G. (1996) `Practical Unix and Internet Security, O'Reilly, 1996

Garfinkel S. & Spafford G. (1997) 'Web Security & Commerce' O'Reilly, 1997

Gerck E. (1998) 'Overview of Certification Systems: X.509, CA, PGP and SKIP', August 1998, at http://www.mcg.org.br/cert.htm

GMITS (1996-2000) `Guidelines for the management of IT Security (GMITS)' comprising 1: Concepts and models for IT Security, 2: Managing and planning IT Security, 3: Techniques for the management of IT Security, 4: Selection of safeguards, 5: Management guidance on network security, ISO/IEC TR 13335, 1996-2000

Gollmann D. (1999) `Computer Security' Wiley-Liss, 1999

Greenleaf G.W. & Clarke R. (1997) `Privacy Implications of Digital Signatures', IBC Conference on Digital Signatures, Sydney (March 1997), at http://www.rogerclarke.com/DV/DigSig.html

Grossman W. (2000) 'Circles of Trust', Scientific American, August 2000, at http://www.sciam.com/2000/0800issue/0800cyber.html

Guttman B. & Roback E. (1995) 'An Introduction to Computer Security: The NIST Handbook' U.S. National Institute of Standards and Technology, NIST Special Publication 800-12, October 1995

Gutmann P. (2000) 'X.509 Style Guide', at http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt

Housley R., Ford W., Polk W. and Solo D. (1999) 'Internet X.509 Public Key Infrastructure Certificate and CRL Profile', RFC 2459, January 1999, at http://www.ietf.org/rfc/rfc2459.txt

Hutt A.E., Bosworth S. & Hoyt D.B. (1995) 'Computer Security Handbook' John Wiley, 3rd edition, 1995

IETF (1997-) 'Simple Public Key Infrastructure (SPKI)', at http://www.ietf.org/html.charters/spki-charter.html

IMC (1999) 'S/MIME and OpenPGP', Internet Mail Consortium, July 1999, at http://www.imc.org/smime-pgpmime.html

ISS (2000) `Creating, Implementing and Managing the Information Security Lifecycle', Internet Security Systems, 2000, at http://documents.iss.net/whitepapers/securityCycle.pdf

ISS (2000) `Security Architecture and Incident Management for E-business', Internet Security Systems, 2000, at http://documents.iss.net/whitepapers/secarch.pdf

ITSEC (1991) 'Information Technology Security Evaluation Criteria (ITSEC): Harmonised Criteria of France, Germany, the Netherlands and the United Kingdom', Version 1.2, Commission of the European Communities, June 1991, at http://www.itsec.gov.uk/docs/

Khare R. & Rifkin A. (1997) 'Weaving a Web of Trust' Revised version of a paper World Wide Web Journal 2 3 (Summer 1997) 77-112, at http://www.cs.caltech.edu/~adam/local/trust.html

Kohnfelder, L. M. (1978) 'Towards a Practical Public-key Cryptosystem' MIT S.B. Thesis, May 1978

Krause M. & Tipton H.F. (Eds.) (1998) 'Handbook of Information Security Management, CRC, 1998

Lampson B., Abadi M., Burrows M. & Wobber E. (1992) 'Authentication in distributed systems: theory and practice' ACM Transactions on Computer Systems, 10(4):265-310, November 1992, at http://gatekeeper.dec.com/pub/DEC/SRC/research-reports/abstracts/src-rr-083.html

Lundblade L (1997) 'A Review of E-mail Security Standards' Proc. Conf. INET'97, at http://www.isoc.org/inet97/proceedings/A4/A4_1.HTM

McCullagh D. (1996-) 'Nym', at http://www.well.com/user/declan/nym/

Maurer U. (1996) 'Modelling a Public-Key Infrastructure' Proc. 1996 European Symposium on Research in Computer Security (ESORICS' 96), Lecture Notes in Computer Science, Springer-Verlag, vol. 1146, pp. 325-350, 1996, at ftp://ftp.inf.ethz.ch/pub/publications/papers/ti/isc/wwwisc/Maurer96b.pdf

Menezes A.J., van Oorschot P.C. & Vanstone S.A. (1997) `Handbook of Applied Cryptography', CRC Press, Boca Raton, 1997

Neumann P. (1995) `Computer-Related Risks' Addison-Wesley, 1995

NIST 'Computer Security Resource Clearinghouse', National Institute of Standards and Technology, at http://csrc.nist.gov/

OECD (1992) 'Guidelines for the Security of Information Systems' Organisation for Economic Cooperation and Development, Paris, 1992, at http://www.oecd.org/dsti/sti/it/secur/news/

OpenPGP (2001) 'An Open Specification for Pretty Good Privacy (openpgp)' Internet Engineering Task Force of The Internet Society, at http://www.ietf.org/html.charters/openpgp-charter.html

PSM (1991) 'Protective Security Manual', Protective Security Coordination Centre, Attorney-General's Department, 1991

RFC1847 (1995) 'Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted' Internet Engineering Task Force of The Internet Society, October 1995, at ftp://ftp.isi.edu/in-notes/rfc1847.txt

RFC2015 (1996) 'MIME Security with Pretty Good Privacy (PGP)' Internet Engineering Task Force of The Internet Society, October 1996, at ftp://ftp.isi.edu/in-notes/rfc2015.txt

RFC2246 (1999) 'The TLS Protocol' Internet Engineering Task Force of The Internet Society, January 1999, at ftp://ftp.isi.edu/in-notes/rfc2246.txt

RFC2409 (1998) 'The Internet Key Exchange (IKE)' Internet Engineering Task Force of The Internet Society, November 1998, at ftp://ftp.isi.edu/in-notes/rfc2409.txt

RFC2411 (1998) 'IP Security Document Roadmap', Internet Engineering Task Force of The Internet Society, November 1998, at ftp://ftp.isi.edu/in-notes/rfc2411.txt

RFC2440 (1998) 'OpenPGP Message Format', Internet Engineering Task Force of The Internet Society, November 1998, at ftp://ftp.isi.edu/in-notes/rfc2440.txt

RFC2487 (1999) 'SMTP Service Extension for Secure SMTP over TLS' Internet Engineering Task Force of The Internet Society, January 1999, at ftp://ftp.isi.edu/in-notes/rfc2487.txt

RFC2560 (1999) 'X.509 Internet Public Key Infrastructure: Online Certificate Status Protocol - OCSP' Internet Engineering Task Force of The Internet Society, June 1999, at ftp://ftp.isi.edu/in-notes/rfc2560.txt

RFC2595 (1999) 'Using TLS with IMAP, POP3 and ACAP' Internet Engineering Task Force of The Internet Society, June 1999, at ftp://ftp.isi.edu/in-notes/rfc2595.txt

RFC2632 (1999) 'S/MIME Version 3 Certificate Handling' Internet Engineering Task Force of The Internet Society, June 1999, at ftp://ftp.isi.edu/in-notes/rfc2632.txt

RFC2633 (1999) 'S/MIME Version 3 Message Specification' Internet Engineering Task Force of The Internet Society, June 1999, at ftp://ftp.isi.edu/in-notes/rfc2633.txt

RFC2692 (1999) 'SPKI Requirements' Internet Engineering Task Force of The Internet Society, September 1999, at ftp://ftp.isi.edu/in-notes/rfc2692.txt

RFC2693 (1999) 'SPKI Certificate Theory' Internet Engineering Task Force of The Internet Society, September 1999, at ftp://ftp.isi.edu/in-notes/rfc2693.txt

RFC2704 (1999) 'The KeyNote Trust-Management System Version 2' Internet Engineering Task Force of The Internet Society, September 1999, at http://www.crypto.com/papers/rfc2704.txt

RFC2828 (2000) `Internet Security Glossary' Internet Engineering Task Force of The Internet Society, 2000, at ftp://ftp.isi.edu/in-notes/rfc2828.txt

Rivest R. 'Cryptography and Security Resource Page', at http://theory.lcs.mit.edu/~rivest/crypto-security.html

Rivest R.L. & Lampson B. (1996) 'SDSI - A Simple Distributed Security Infrastructure', 15 Sep 1996, at http://theory.lcs.mit.edu/~rivest/sdsi10.html

Ruvin A., Geer D. & Ranum M. (1997) `Web Security Sourcebook' Wiley, 1997

Schneier B. (1996) 'Applied Cryptography' Wiley, 2nd Ed., 1996

SDSI (1996-) 'A Simple Distributed Security Infrastructure (SDSI)', 1996-, at http://theory.lcs.mit.edu/~cis/sdsi.html

Shaw P.D. (1998) 'Managing Legal and Security Risks in Computing and Communications' Butterworth-Heinemann, 1998

S/MIME (2001) 'S/MIME Mail Security (smime)' Internet Engineering Task Force of The Internet Society, at http://www.ietf.org/html.charters/smime-charter.html

Smith G.E. (1999) `Network Auditing: A Control Assesment Approach' Wiley, 1999

SSH (2001) 'Secure Shell (secsh)', Working Group of the Internet Engineering Task Force of The Internet Society, at http://www.ietf.org/html.charters/secsh-charter.html

SSL (1996) 'The SSL Protocol, Version 3.0', Draft Internet Standard of the Transport Layer Security Working Group, Internet Engineering Task Force of The Internet Society, November 1996, at http://home.netscape.com/eng/ssl3/draft302.txt

Stallings W. (1995) 'Network and Internetwork Security : Principles and Practice' Prentice Hall, 1995

Stallings W. (1995) 'Protect Your Privacy: The PGP User's Guide' Prentice Hall, 1995

Summers R.C. (1997) 'Secure Computing: Threats and Safeguards' McGraw Hill, 1997

TCSEC (1985) 'Trusted Computer System Evaluation Criteria', U.S. Department of Defense, at http://www.radium.ncsc.mil/tpep/library/rainbow/5200.28-STD.html

TPEP (1999) `The Computer Security Evaluation Frequently Asked Questions', National Computer Security Center (NCSC), August 1999, at http://www.radium.ncsc.mil/tpep/process/faq.html

W3C (2000) 'Platform for Privacy Preferences (P3P) Project', at http://www.w3.org/Security/Overview.html

W3C (2000) 'P3P Brochure', at http://www.w3.org/P3P/brochure.html

W3C (2000) 'A P3P Preference Exchange Language (APPEL)', Working Draft, 20 April 2000, at http://www.w3.org/TR/P3P-preferences.html

W3C (2000) 'W3C Security Resources', at http://www.w3c.org/P3P/

W3C (2000) `The World Wide Web Security FAQ', at http://www.w3.org/Security/Faq/www-security-faq.html

W3C (2000) 'Public-Key Infrastructure (X.509) (pkix)', at http://www.ietf.org/html.charters/pkix-charter.html

Walker K.M. & Cavanaugh C. (1998) 'Computer Security Policies and Sunscreen Firewalls' Prentice Hall (1998)

Wang Y. (1998) 'SPKI' December 1998, at http://www.hut.fi/~yuwang/publications/SPKI/SPKI.html

Weber R. (1998) `Information Systems Control and Audit' Prentice Hall, 1998

Wheeler L. (1998) 'Account Authority Digital Signature Model (AADS)', at http://www.garlic.com/~lynn/aadsover.htm

Wheeler A. & Wheeler L. (1998) 'PKI Account Authority Digital Signature Infrastructure', November 1998, at http://www.garlic.com/~lynn/draft-wheeler-ipki-aads-01.txt

X.509 (1988, 1997) 'The Directory - Authentication Framework', Volume VIII of CCITT Blue Book, pp. 48-81, CCITT/ITU, 1988, 1997

Zimmermann P.R. (1995) 'PGP 5.0 User's Guide' MIT Press, 1995, at http://mitpress.mit.edu/book-home.tcl?isbn=0262740176



xamaxsmall.gif missing
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.

From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 65 million in early 2021.

Sponsored by the Gallery, Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916

Created: 23 January 2001 - Last Amended: 2 February 2001 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/EC/IntroSecyBibl.html
Mail to Webmaster   -    © Xamax Consultancy Pty Ltd, 1995-2022   -    Privacy Policy