Preparation
Principles:
-
The Protection of Information in Computer Systems, by Saltzer & Schroeder, up-to-and-including Section 1A (6 pages)
Mechanisms:
-
Book, by Fred B. Schneider, Chapter 1, section 1.3 and forward (17 pages)
-
Static Analysis for Finding Bugs, by Bill Pugh et al. (7 pages)
-
note: today, tools like this that focus on security bugs are called Static Application Security Testing (SAST) tools.
-
Requirements:
-
Security Requirements Engineering, by Haley et al., up-to-and-including Section 3 (7 pages)
-
note: the rest of this paper is not syllabus, yet is an interesting read (e.g. Section 5 contains an example).
-
-
Attack Trees, by Schneier (3 pages of text, light read)
-
STRIDE (Threat Modeling at Microsoft), by Shostack up-to-and-including Section 3 (6 pages, light read)
Evaluation
-
Security Product Evaluation Methods and Criteria, by QuiteUnusual (Neil) (6 pages, light read)
Exercise
Further Reading
-
Perspectives on Protection and Security, by Butler Lampson (29:50)
-
Avoiding Fatal Flaws with Formal Methods, by Fred B. Schneider (35:50)
-
Static Analysis for Finding Bugs (FindBugs, talk at Google) (1:00:00)
-
Look! There’s a Threat Model in my DevOps, talk by Alyssa Miller at BSidesATL 2020 (50:43)
-
Foundations of Attack Trees, by Mauw et al. (13 pages)
-
The Birth and Death of the Orange Book (13 pages)
-
NSA books (aka. the "Rainbow Series") on evaluating "Trusted Computer Systems"