Resources

Conference Ranking and Deadlines

• Upcoming Call for Papers maintained by Carrie Gates
• Acceptance Rates for Selected Computer-Security Conferences maintained by Mihai Christodorescu
• Computer Security Conference Ranking and Statistic maintained by Guofei Gu

Writing and Reviewing Academic Papers

• “How to write a good research paper,”
• “The Science of Scientific Writing“, American Scientist, November-December? 1990
• Bourne PE (2005) “Ten Simple Rules for Getting Published,” PLoS Computational Biology 1(5): e57
• Smith, A.J., “The task of the referee” IEEE Computer, 23(4), pp. 65-71, Apr 1990. This paper provides a framework for critically reviewing publications in computing, including computer security.
• S. Keshav, “How to Read a Paper“
• Robert A. Day, How to Write & Publish a Scientific Paper, Oryx Press, 1998, 5th Edition, ISBN 7-57356-164-9
• Herbert B. Michaelson, How to Write & Publish Engineering Papers and Reports, Oryx Press, 3rd Edition, 1990, ISBN 0-89774-650-3.
• Standard Editing Symbols used by copy editors and proof readers.
• Advice on designing scientific posters
• Bourne PE, Korngreen A (2006) “Ten Simple Rules for Reviewers,” PLoS Comput Biol 2(9): e110

Creating and Presenting Scientific Posters

• Bourne PE (2007) “Ten Simple Rules for Making Good Oral Presentations,” PLoS Comput Biol 3(4): e77
• Erren TC, Bourne PE (2007) “Ten Simple Rules for a Good Poster Presentation,” PLoS Comput Biol 3(5): e102
• Wolcott TG (1997) “Mortal sins in poster presentations or how to give the poster no one remembers,” Newsletter Soc Integr Compar Biol Fall 10–11
• A Periodic Table of Visualization Methods
• Colin Purrington, “Advice on designing scientific posters“, Department of Biology, Swarthmore College, Pennsylvania.
• Design of Scientific Posters

Academic Research in General

• Erren TC, Cullen P, Erren M, Bourne “Ten Simple Rules for Doing Your Best Research, According to Hamming” PE PLoS Computational Biology Vol. 3, No. 10, e213
• List of resources on how to do research in computing
• Wayne C. Booth, Gregory G. Colomb, Joseph M. Williams, “The Craft of Research,” The University of Chicago Press, 2nd Edition, ISBN 0-226-06568-5.
• Bourne PE, Chalupa LM (2006) “Ten Simple Rules for Getting Grants,” PLoS Comput Biol 2(2): e12
• Bourne PE, Friedberg I (2006) “Ten Simple Rules for Selecting a Postdoctoral Position,” PLoS Comput Biol 2(11): e121
• Vicens Q, Bourne PE (2007) “Ten Simple Rules for a Successful Collaboration,” PLoS Comput Biol 3(3): e44
• Hamming R (1986) “You and your research,” In: Kaiser JF Transcription of the Bell Communications Research Colloquium Seminar; 7 March 1986; Morristown, New Jersey, United States

Databases for finding specific papers and books on computer security

Most of them are protected and need to be accessed from the UBC network. See the UBC library site for instructions how to access them from other networks.

• Books 24X7 is an excellent source of information for all areas of computer science including security, programming languages such as C++, operating systems, computer hardward, software engineering, and game programming. Access Instructions.
• Google Scholar search service for research publications.
• The COMPENDEX database, produced by Engineering Information, Inc., covers the core literature of the engineering field, including related specialties and technologies. Citations are drawn from approximately 5000 journals; key conference proceedings. Abstracts are included.
• The INSPEC database, produced by the Institution of Electrical Engineers is an excellent database for information in physics, electrical engineering, computers and control engineering, and information technology. INSPEC indexes 3,500 journals and 1,500 conferences. Note, you should be able to figure out how to search in both COMPENDEX and INSPEC at same time.
• Web of Science
• Formerly known as Dissertation Abstracts, the ProQuest Digital Dissertations database contains over 1.6 million records. Doctoral dissertations: 1861-present; masters theses: 1988-present (selective coverage, since many institutions do not submit masters theses for inclusion). Online abstracts for dissertations provided only since July 1980. PQDD covers more than 90% of North American doctoral dissertations plus some international coverage.
• UBC Library collection of the above and other links used for finding security-related publications.
• Computer Science Bibliographies.
• The Computing Research Repository (CoRR) .

Computer Security Periodic Publications

Most of them are protected and need to be accessed from the UBC network. See the UBC library site for instructions how to access them from other networks.

• IEEE Transactions on Dependable and Secure Computing (quarterly)
• ACM Transactions on Information and System Security (TISSEC) (quarterly)
• Journal of Computer Security
• IEE Proceedings Information Security (quarterly)
• IEEE Security & Privacy Magazine (bimonthly)
• Computers and Security (8 issues per year) by Elsevier
• Computer Fraud and Security (8 issues per year) by Elsevier
• Computer Law and Security Report (bimonthly) by Elsevier
• Access Control & Security Systems Integration by Access Intelligence LLC
• Many other e-journals that have something to do with “security” (only few of them are about “computer security”)

Relevant Conferences and Workshops

• New Security Paradigms Workshop (NSPW)
• Annual Computer Security Applications Conference (ACSAC)
• USENIX Security Symposium
• ACM Computer and Communications Security (CCS) conference
• Symposium on Access Control Models and Technologies (SACMAT)
• CRYPTO
• IEEE Symposium on Security and Privacy
• Network and Distributed System Security Symposium (NDSS)
• Financial Crypto

Reference styles

• Harvard Style guide, especially the PDF version of it.

References on Security Engineering

The following list is an extension of the corresponding list from 6.857 Network and Computer Security, Fall 2003 at MIT.
Gasser, Morrie. Building a secure computer system. Van Nostrand Reinhold, 1988.
Anderson, Ross. Security Engineering — A Guide to Building Dependable Distributed Systems. John Wiley & Sons, 2001.
An excellent book on security in real world systems.
Blakley, Bob. CORBA Security: an Introduction to Safe Computing with Objects. Addison-Wesley?, Reading, 1999.
A very elegant introduction to the complex subject of distributed objects security. Bob’s writing style is simple and yet engaging.
Hartman, Bret, Flinn, Don and Beznosov, Konstantin. Enterprise Security With EJB and CORBA. John Wiley & Sons, Inc., New York, 2001.
In this book, we explain the challenges of securing EJB and CORBA enterprises and ways of addressing them. The book shows how all different pieces of security technology can play together.
Hartman, Bret, Flinn, Don, Beznosov, Konstantin and Kawamoto, Shirley. Mastering Web Services Security. John Wiley & Sons, Inc., New York, 2003.
This is kind of a continuation of the book on EJB and CORBA security, but now it explains how to secure web service enterprises.
David F. Ferraiolo, D. Richard Kuhn, and Ramaswamy Chandramouli. Role-Based Access Control. Artech House, Computer Security Series, 2003.
Menezes, Alfred J., Paul C. van Oorschot, and Scott A. Vanstone. Handbook of Applied Cryptography. CRC Press, October, 1996. Pages: 816. Reprinted (5th printing) in August 2001.
This is a very comprehensive book. The best part is that you can download this book online! The hardcopy is very convenient though.
Schneier, Bruce. Applied Cryptography. 2nd ed. John Wiley & Sons, 1996. Pages: 784.
This is the best book to read for an introduction to applied security and cryptography. There is much less math than the book by Menezes et al. Sometimes statements are made without much justification, but no other book even compares to this comprehensive introduction to cryptography. The bibliography alone is worth buying the book.
Stinson, Douglas R. Cryptography Theory and Practice. CRC Press, Inc., March 1995. Reprinted in 1996.
Schneier, Bruce. Secrets and Lies — Digital Security in a Networked World. John Wiley & Sons, 2000. Pages: 432.
Schneier used to advocate good cryptography as the solution to security problems. He has since changed his mind. Now he talks about risk management and cost-benefit analysis.
Rescorla, Eric. SSL and TLS: Designing and Building Secure Systems. Addison-Wesley?, 2001.
The only book you need to read to learn about the evolution, politics, and bugs in the development of SSL.
Neumann, Peter. Computer Related Risks. ACM Press / Addison-Wesley?, 1995. SRI International Computer Science Laboratory.
Power grid failures. Train collisions. Primary and backup power lines blowing up simultaneously. These events aren’t supposed to happen! Neumann offers a plethora of stories about the risks and consequences of technology, gathered from his Risks mailing list. On a side note, Neumann is also responsible for coming up with the pun/name, “Unix®.”
Kaufman, Charlie, Radia Perlman, and Mike Speciner. Network Security: Private Communication in a Public World. 2nd Ed. Prentice Hall, 2002.
The authors discuss network security from a very applied approach. There is a lot of discussion about real systems, all the way down to the IETF RFCs and the on-the-wire bit representations. The authors also have a fun, informal style.
Garfinkel, Simson, and Gene Spafford. Web Security, Privacy & Commerce. 2nd ed. O’Reilly, November 2001.
It’s hard to keep up with all the security software out there. But these authors do a good job documenting it all.
Kahn, David. The Codebreakers. Simon & Schuster, 1996.