Appendix D. References

ANDE72 Computer Security Technology Planning Study, EDS-TR-73-51, Vol. 1, Anderson, J.P., Hanscom AFB, Massachusetts, 1972.
CC Common Criteria for Information Technology Security Evaluation (aligned with ISO/IEC International Standard (IS) 15408), Version 2.1, August 1999.  The CC consists of four volumes available at, e.g., http://www.radium.ncsc.mil/tpep/library/ccitse/, and at http://csrc.nist.gov/cc/ccv20/ccv2list.htm#CCV21.
DoD88 Security Requirements for Automated Information Systems, DOD Directive 5200.28, 21 March 1988. 
Howard 97 Howard, J. D., An Analysis of Security Incidents on the Internet:  1989-1995, Ph.D. Theses, Carnegie Mellon University, 1997. 
IETF99 R. Shirey, Internet Security Glossary, Internet Engineering Task Force, 17 October 1999.  Available at
http://www.ietf.org/internet-drafts/draft-shirey-security-glossary-02.txt
ITSEC Information Technology Security Evaluation Criteria (ITSEC), Version 1.2, 1991. 
Krsul 98 Krsul, I.V., Software Vulnerability Analysis, Ph.D. Thesis, Purdue University, 1998. 
Longstaff 97 Longstaff, T., Update:  CERT/CC Vulnerability Knowledgebase, DARPA Workshop, Savannah, Georgia, 1997. 
NCSC87 Trusted Network Interpretation, NCSC-TG-005, National Computer Security Center, July 1987.  Available at http://www.radium.ncsc.mil/tpep/library/rainbow/index.html#TG005
NCSC88 Glossary of Computer Security Terms, National Computer Security Center, NCSC-TG-004.  Available at http://www.radium.ncsc.mil/tpep/library/rainbow/index.html#TG004. 
NCSC92 A Guide to Understanding Security Modeling in Trusted Systems, National Computer Security Center, NCSC-TG-004, October 1992.  Available at http://www.radium.ncsc.mil/tpep/library/rainbow/index.html#TG010
Neumann 89 Neumann, P.G., and D.B. Parker, "A Survey of Computer Abuse Techniques," Proceedings of the 12th National Computer Security Conference, Pages 396-407, 1989. 
NIST74 Guidelines for Automatic Data Processing Physical Security and Risk Management, National Institute of Standards and Technology (NIST), Federal Information Processing Standards Publication (FIPS PUB) 31, June 1974. 
Perry 84 Perry, T., and P. Wallich, Can Computer Crime be Stopped?, IEEE Spectrum, No. 21, Vol. 5, 1984. 
Power 96 Power, R., Current and Future Danger: A CSI Primer of Computer Crime and Information Warfare, CSI Bulletin, 1996. 
TCSEC Trusted Computer System Evaluation Criteria (TCSEC), December 1985, DOD 5200.28-STD.  Available at http://www.radium.ncsc.mil/tpep/library/rainbow/index.html#STD520028