Optional readings

Books

(These books are available at the Telecom ParisTech library. Some are also available online for personal use. Note that these are quite heavyweight books – over 4K pages if you read them all. As such they are optional references for the course, but nevertheless useful references for your technical culture.)

Research papers

(For 2017-2018, these research papers are just listed for the interested readers; we will likely not use them as reding assigment throughout the course)

Firewall

• Wool A. A quantitative study of firewall configuration errors. Computer. 2004 Jun;37(6):62-7.

Certificates

• Matthias Wachs, Quirin Scheitle, Georg Carle, Push Away Your Privacy: Precise User Tracking Based on TLS Client Certificate Authentication, in Network Traffic Measurement and Analysis Conference (TMA), Best Paper Award, Jun. 2017. [Pdf] [Slides] [Recording] [Bib]

• Oliver Gasser, Benjamin Hof, Max Helm, Maciej Korczynski, Ralph Holz, Georg Carle, In Log We Trust: Revealing Poor Security Practices with Certificate Transparency Logs and Internet Measurements, in Proceedings of the Passive and Active Measurement Conference (PAM 2018), Best Paper Award, Berlin, Germany, Mar. 2018.

• Mustafa Emre Acer, Emily Stark, Adrienne Porter Felt, Sascha Fahl, Radhika Bhargava, Bhanu Dev, Matt Braithwaite, Ryan Sleevi, and Parisa Tabriz. 2017. https://acmccs.github.io/papers/p1407-acerA.pdf. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS ‘17). ACM, New York, NY, USA, 1407-1420. DOI: https://doi.org/10.1145/3133956.3134007

• Doowon Kim, Bum Jun Kwon, and Tudor Dumitraş. 2017. Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS ‘17). ACM, New York, NY, USA, 1435-1448. DOI: https://doi.org/10.1145/3133956.3133958

TLS

• Cas Cremers, Marko Horvat, Jonathan Hoyland, Sam Scott, and Thyla van der Merwe. 2017. A Comprehensive Symbolic Analysis of TLS 1.3. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS ‘17). ACM, New York, NY, USA, 1773-1788. DOI: https://doi.org/10.1145/3133956.3134063

• Benjamin Beurdouche, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Cédric Fournet, Markulf Kohlweiss, Alfredo Pironti, Pierre-Yves Strub, Jean Karim Zinzindohoue A Messy State of the Union: Taming the Composite State Machines of TLS Communications of the ACM, Vol. 60 No. 2, Fev. 2017 Pages 99-107 10.1145/3023357

Passwords

• Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, and Alain Forget. 2017. https://acmccs.github.io/papers/p295-pearmanA.pdf. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS ‘17). https://doi.org/10.1145/3133956.3133973

• Kurt Thomas, Frank Li, Ali Zand, Jacob Barrett, Juri Ranieri, Luca Invernizzi, Yarik Markov, Oxana Comanescu, Vijay Eranti, Angelika Moscicki, Daniel Margolis, Vern Paxson, and Elie Bursztein. 2017. Data Breaches, Phishing, or Malware?: Understanding the Risks of Stolen Credentials. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security (CCS ‘17). ACM, New York, NY, USA, 1421-1434. DOI: https://doi.org/10.1145/3133956.3134067