Skip to content

Latest commit

 

History

History
74 lines (37 loc) · 6.28 KB

wot-security-references.md

File metadata and controls

74 lines (37 loc) · 6.28 KB

[Bel89] Bellovin, S.: [https://cseweb.ucsd.edu/classes/sp99/cse227/ipext.pdf Security Problems in the TCP-IP Protocol Suite]. Computer Communication Review, Vol. 19, No. 2, pp. 32-48, April 1989

[Bel13] Bellovin, S.: [http://csrc.nist.gov/groups/ST/ca-workshop-2013/presentations/Bellovin_ca-workshop2013.pdf Web Security in the Real World]. Workshop on Improving Trust in the Online Marketplace, NIST, April 2013

[Ber14] Bertocci, V.: [http://www.cloudidentity.com/blog/2014/04/22/authentication-protocols-web-ux-and-web-api/ Authentication Protocols, Web UX and Web API]. Blog, April 2014

[Bor14] Bormann, C. et al.: [https://tools.ietf.org/rfc/rfc7228.txt Terminology for Constrained-Node Networks]. IETF RFC 7228, May 2014

[Bru14] Brubaker, C. et al.: [https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations]. IEEE Security Privacy, 2014, pp. 114-129

[Coo13] Cooper, A. et al: [https://tools.ietf.org/html/rfc6973 Privacy Considerations for Internet Protocols]. IETF RFC 6973 (IAB Guideline), July 2013.

[Dur13] Durumeric, Z. et al.: [http://conferences.sigcomm.org/imc/2013/papers/imc257-durumericAemb.pdf Analysis of the HTTPS Certificate Ecosystem]. Proc. of the 2013 conference on Internet measurement conference. October 2013

[Ell00] Ellison, C.; Schneier, B.: [https://www.schneier.com/paper-pki.pdf Ten Risks of PKI: What You’re not Being Told about Public Key Infrastructure]. Computer Security Journal, v 16, n 1, 2000, pp. 1-7

[Fu01] Fu, K. et al.: [http://pdos.csail.mit.edu/papers/webauth:sec10.pdf Dos and Don’ts of Client Authentication on the Web]. Proc. 10th USENIX Security Symposium August 2001

[Geo12] Georgiev, M. et al.: [http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software]. Proc. of the 2012 ACM conference on Computer and communications security pp. 38-49

[Gol03] Goldreich, O.: [http://www.wisdom.weizmann.ac.il/~oded/foc-sur01.html Cryptography and Cryptographic Protocols]. Distributed Computing, 2003, vol. 16, pp. 177-199

[Gre14] Green, M.: [http://blog.cryptographyengineering.com/2014/03/how-do-you-know-if-rng-is-working.html How do you know if an RNG is working?] Blog March 2014

[Gut02] Gutman, P.: [https://www.cs.auckland.ac.nz/~pgut001/pubs/notdead.pdf PKI: It’s Not Dead, Just Resting]. IEEE Computer, vol. 35, no. 8, Aug. 2002, pp. 41-49

[Hea13] Hearn, M.: [http://googleblog.blogspot.de/2013/02/an-update-on-our-war-against-account.html An update on our war against account hijackers]. Blog Feb 2013

[IETFACE] IETF Authentication and Authorization for Constrained Environments (ACE) WG: [https://tools.ietf.org/wg/ace/].

[Iic15] Industrial Internet Consortium: [http://www.iiconsortium.org/IIRA.htm Industrial Internet Reference Architecture] (registration required), June 2015

[IicRA17] Industrial Internet Consortium: [http://www.iiconsortium.org/IIRA.htm The Industrial Internet of Things Volume G1: Reference Architecture IIC:PUB:G1:V1.80:20170131] (registration required), Jan 2017

[IicSF16] Industrial Internet Consortium: [http://www.iiconsortium.org/IISF.htm The Industrial Internet of Things Volume G4: Security Framework IIC:PUB:G4:V1.0:PB:20160926] (registration required), Sept 2016

[ISF17] IoT Security Foundation: [https://iotsecurityfoundation.org/best-practice-guidelines/ IoT Security Foundation Best Practice Guidelines]. Web page May 17.

[Jon14] Jones, M.: [http://www.niso.org/apps/group_public/download.php/14003/SP_Jones_JSON_isqv26no3.pdf A JSON-Based Identity Protocol Suite]. Information Standards Quarterly, vol. 26, no. 3, 2014, pp. 19–22

[Ken03] Kent, S.; Millet, L. (eds): [http://www.nap.edu/openbook.php?isbn=0309088968 Who Goes There? Authentication Through the Lens of Privacy]. The National Academies Press, Washington D.C., 2003

[Lam04] Lampson, B.: [http://research.microsoft.com/en-us/um/people/blampson/69-SecurityRealIEEE/69-SecurityRealIEEE.htm Computer Security in the Real World]. IEEE Computer, vol. 37, no. 6, June 2004, pp 37-46

[Loc05] Lockhart, H.: [http://www.oracle.com/au/products/database/saml-084342.html Demystifying SAML]. Web page May 2005

[Mel15] Melzer, D.: [http://c.ymcdn.com/sites/www.issa.org/resource/resmgr/journalpdfs/feature0615.pdf Securing the Industrial Internet of Things]. June 2015

[Mic17] Microsoft: [https://docs.microsoft.com/en-us/azure/iot-suite/iot-security-architecture Internet of Things security architecture]. STRIDE threat model for IoT. Web page Jan 2017.

[Moo02] Moors, T.: [http://www.csd.uoc.gr/~hy435/material/moors.pdf A critical review of “End-to-end arguments in system design”]. Proc. of the IEEE International Conference on Communications, 2002

[Nis15] NIST: Guide to Industrial Control Systems (ICS) Security. NIST Special Publication 800-82

[Oos10] Oosdijk, M. et al.: [https://tnc2011.terena.org/getfile/696 Provisioning scenarios in identity federations]. Surfnet Research Paper, 2010

[Owa17] OWASP: [https://www.owasp.org/index.php/Threat_Risk_Modeling Threat Risk Modeling]. Web page Jan 2017.

[Res03] E. Rescorla, E. et al.: [https://tools.ietf.org/html/rfc3552 Guidelines for Writing RFC Text on Security Considerations]. IETF RFC 3552 (IAB Guideline), 2003.

[Sch14] Schneier, B.: [http://www.wired.com/2014/01/theres-no-good-way-to-patch-the-internet-of-things-and-thats-a-huge-problem/ The Internet of Things Is Wildly Insecure — And Often Unpatchable]. Wired Jan. 2014

[Sch99] Scheier, B.; Shostack, A.: [https://www.schneier.com/paper-smart-card-threats.pdf Breaking Up Is Hard To Do: Modeling Security Threats for Smart Cards]. USENIX Workshop on Smart Card Technology, USENIX Press, 1999, pp. 175-185

[She14] Shelby Z. et al.: [https://tools.ietf.org/rfc/rfc7252.txt The Constrained Application Protocol (CoAP)]. IETF RFC 7252, June 2014

[Vol00] Vollbrecht, J. et al.: [https://tools.ietf.org/rfc/rfc2904.txt AAA Authorization Framework]. IETF RFC 2904, Aug. 2000

[Yeg11] Yegge, S.: [https://plus.google.com/+RipRowan/posts/eVeouesvaVX Stevey's Google Platforms Rant]. Blog Oct. 2011

[Ocf17] OCF: [https://openconnectivity.org/specs/OCF_Security_Specification_v1.0.0.pdf The OCF Security Specification, version 1.0.0]. Jun. 2017

[JWT15] M. Jones, E. et al.: [https://tools.ietf.org/html/rfc7519 JSON Web Token (JWT)]. IETF RFC 7519, 2015.