Readings will be updated during the semester.

  1. Wearables Are Totally Failing the People Who Need Them Most, by J.C. Herz, 11.06.14.
  2. Ronald Azuma, “A Survey of Augmented Reality.” Presence: Teleoperators and Virtual Environments 6, 4 (August 1997), 355-385. File: Augmented Reality/1997 Azuma.pdf
  3. R.L. Rutledge, A.K. Massey, A.I. Antón, and P.P. Swire, “Clarifying the Internet of Things by Defining the Internet of Devices,” ACM Computing Surveys, Currently under review.  (Do not cite or circulate.) (pages 1 to 4, 28 to 30)  File: iod-survey-akm-15dec2014 copy.pdf
  4. Mark Weiser, “The Computer for the 21st Century.” Scientific American. Sep91, Vol. 265 Issue 3, p94. 8p. File: Argumented Reality/weiser-orig.pdf
  5. Federal Trade Commission, “Financial Institutions and Customer Information: Complying with the Safeguards Rule.”  File: FISMA GLBA HIPAA/GLBA safeguarding-customers-personal-information-requirement-financial-institutions copy
  6. University of Minnesota, “GLBA Safeguards Rule Reference Guide.”  File: FISMA GLBA HIPAA/glba_reference.uminn
  7. Federal Financial Institutions Examination Council, “Authentication in an Internet Environment” (read text plus appendix).  File: FISMA GLBA HIPAA/FFIEC authentication_guidance copy
  8. Federal Financial Institutions Examination Council, “Supplement to Authentication in an Internet Banking Environment.”  File: FISMA GLBA HIPAA/FFIEC Supplement
  9. D.J. Solove, “HIPAA Turns 10: Analyzing the Past, Present, and Future Impact.” File: FISMA GLBA HIPAA/HIPAA Turns 10.pdf
  10. C.J. Wang & D.J. Huang, “The HIPAA Conundrum in the Era of Mobile Health and Communications.” File: FISMA GLBA HIPAA/The HIPAA Conundrum in the Era of Mobile Health and Com.pdf
  11. Gikas, “Information Systems Security: A General Comparison of FISMA, HIPAA, ISO 27000 and PCI-DSS Standards.” File : FISMA GLBA HIPAA/Information_Security_White_Paper.pdf
  12. (Optional reading) M. Butler, “Top HITECH-HIPAA Compliance Obstacles Emerge.” File: FISMA GLBA HIPAA/Top HITECH-HIPAA Compliance Obstacles Emerge.pdf
  13. Z.A. Collier, D. DiMase, S. Walters, M. Tehranipoor, J.H. Lambert, I. Linkov, “Risk-Based Cybersecurity Standards: Policy Challenges and Opportunities.” File: Risk-Based Cybersecurity Standards – Policy Challenges and Opportunities.pdf
  14. National Institute of Standards and Technology, “Framework for Improving Critical Infrastructure Cybersecurity.” URL:
  15. T. Denning, Z. Dehlawi, & T. Kohno, “In Situ with Bystanders of Augmented Reality Glasses: Perspectives on Recording and Privacy Technologies.”  File:  augmented reality/denning-chi2014-pn2112.pdf
  16. F. Roesner, T. Kohno, & D. Molnar, Security and Privacy for Augmented Reality Systems.”  File: augmented reality/ p88-roesner.pdf
  17. July 2014 Letter to President Obama from Civil Society Groups on information sharing legislation.  File: Cyber Security Information Sharing/CISA – Letter to President – coalition-ltr-cisa-20140715.pdf
  18. “All Bill Information for S. 2588, Cybersecurity Information Sharing Act of 2014.”  File: Cyber Security Information Sharing/CISA Bill Details.pdf
  19. Center for Democracy and Technology,  “Analysis of Feinstein-Chambliss Cybersecurity information Sharing Act of 2014 Discussion Draft Released June 17, 2014” File: Cyber Security Information Sharing/CISA-Analysis-Final.pdf
  20. Steven Norton, “Former NSA Director: Better Information Sharing Needed on Cybersecurity” Dec. 1, 2014.  File: Cyber Security Information Sharing/Former NSA Director_ Better Information Sharing Needed on Cybersecurity – The CIO Report – WSJ.pdf
  21. Global Internet Policy Initiative, “Trust And Security In Cyberspace:
The Legal And Policy Framework for Addressing Cybercrime” (2005).  File: cybercrime/ Trust and Security in Cyberspace.pdf
  22. R. Clarke, “Securing Cyberspace Through International Norms Recommendations for Policymakers and the Private Sector.”  File: SecuringCyberspace_web
  23. (Optional)  Brian Harley, “A Global Convention on Cybercrime?”  Columbia Science & Technology Law Review (2010).  File: cybercrime/ A Global Convention on Cybercrime?
  24. B. Elgin & M. Riley, “Now at the Sands Casino: An Iranian Hacker in Every Server”  Bloomberg, Dec. 11, 2014.  File: cyberwar/ Iranian Hackers Hit Sheldon Adelson’s Sands Casino in Las Vegas – Businessweek.pdf
  25. J. Lewis, “Thresholds for Cyberwar” (2010).  File: cyberwar/ Thresholds for Cyberwar – Kinetic Effects of Cyberwar.pdf
  26. (Optional) T. Rid, “End the Phony Cyberwar” (2013).  File: cyberwar/ End the Phony Cyber War.pdf
  27. Richard Stallman, “The GNU Manifesto” (1993).  File:The GNU Manifesto
  28. P. Swire, “A Theory of Disclosure for Security and Competitive Reasons:
Open Source, Proprietary Software, and Government Systems.” (read except for p. 37-40; p. 69- 74). File: Open Source vs Proprietary/A Theory of Disclosure for Security and Competitive Reasons.pdf
  29. T. Wang, K. Luy, L. Luy, S. Chung, W. Lee, “Jekyll∗ on iOS: When Benign Apps Become Evil” File: Open Source vs Proprietary/When Benign Apps Become Evil.pdf
  30. N. Heath, “Why Open Source Development Is Getting More Secure.” TechRepublic. N.p., 03 June 2014. URL:
  31. B. Kepes, “Hating on Open Source, A Perennial Business Development Strategy” Forbes 2014.  File: Open Source vs Proprietary/Hating On Open Source, A Perennial Business Development Strategy – Forbes.pdf
  32. Ernst & Young, “Bring your own device: Security and risk considerations for your mobile device program” (2013).  File: security vs usability/ Bring_your_own_device.pdf
  33. D. Norman, “When Security Gets in the Way”  (2009).  File:  security vs usability/When Security Gets In the Way.pdf
  34. R. Kainda, I. Flechais, A.W. Roscoe, “Security and Usability: Analysis and Evaluation”  (2010).  File: security vs usability/Security and Usability Analysis and Evaluation.pdf
  35. T. Gonen, “Why Security Without Usability Leads To Failure” Forbes 2014.  File: security vs usability/ Why Security Without Usability Leads To Failure – Forbes.pdf
  36. Swire, “A Theory of Disclosure for Security and Competitive Reasons:
Open Source, Proprietary Software, and Government Systems” (p. 37 to 40 only, about data breaches)  File: Open Source vs Proprietary/A Theory of Disclosure for Security and Competitive Reasons.pdf
  37. Cardholder Data Discovery Blog, “Not yet PCI compliant? The fines begin January 1, 2015.”  File: PCI-DSS/Not yet PCI compliant_ The fines begin January 1, 2015.pdf
  38. A. Plato, “The Failure of the PCI-DSS?” (2014).  File: PCI-DSS/The Failure of PCI-DSS.pdf
  39., “The history of the PCI DSS standard: A visual timeline” (2014).  File: PCI-DSS/The history of the PCI DSS standard_ A visual timeline.pdf
  40. Reference Resource: “Payment Card Industry (PCI) Data Security Standard: Requirements and Security Assessment Procedures Version 3.0” (2013).  File: PCI-DSS/PCI-DSS v3.pdf
  41. Vilk, Molnar, Ofek, Rossbach, Livshits, Moshchuk, Wang, and Gal. “Least Privilege Rendering in a 3D Web Browser”, MSR Tech Report.  URLs (paper:, video:
  42. (same as 3 above, different pages to read)   R.L. Rutledge, A.K. Massey, A.I.Antón,  and P.P. Swire, “Clarifying the Internet of Things by Defining the Internet of Devices,” ACM Computing Surveys, Currently under review. (Do not cite or circulate.) (pages 4 to 8, 18 to 31; optional 8-18] File: iod-survey-akm-15dec2014 copy
  43. Paul Brody and Veena Pureswaran. “Device Democracy: Saving the future of the Internet of Things.”  IBM Global Business Services Executive Report.  URL:
  44. Burstein, “Conducting Cybersecurity Research Legally and Ethically” file: security ethics/Conducting Cybersecurity Research Legally and Ethically.pdf
  45. IEEE-USA Committee on Communications Policy, “Risking It All: Unlocking the Backdoor to the Nation’s Cybersecurity.” (2014).  File: Future of Security/backdoors.IEEE.pdf
  46. P. Swire, “Going Dark vs. the Golden Age of Surveillance” (2011).  URL:‘going-dark’-versus-a-‘golden-age-for-surveillance’/
  47. National Science Foundation Cybersecurity Ideas Lab, “Interdisciplinary Pathways Toward a More Secure Internet” (2014) (focus on p. 20-41). File: future of security/CybersecurityIdeasLab_July2014.pdf
  48. J. Yang, W.K. Edwards, and D. Haslem, “Eden: Supporting Home Network Management Through Interactive Visual Tools.” In Proceedings of the 23rd ACM Symposium on User Interface Software and Technology (UIST), New York, NY. October 3-6, 2010. URL:
  49. Franziska Roesner, David Molnar, Alexander Moshchuk, Tadayoshi Kohno, and Helen J. Wang. 2014. World-Driven Access Control for Continuous Sensing. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security (CCS ’14). wdac-ccs2014.pdf
  50. Schaefer, M., “If A1 is the answer, what was the question? An Edgy Naif’s retrospective on promulgating the trusted computer systems evaluation criteria,” Computer Security Applications Conference, 2004. 20th Annual , vol., no., pp.204,228, 6-10 Dec. 2004,
    URL: (t-square download)
  51. Murdoch, Steven J., Mike Bond, and Ross Anderson. “How Certification Systems Fail: Lessons from the Ware Report.” IEEE Security & Privacy 10, no. 6 (2012): 40-44. (t-square download)
  52. Konstantin Beznosov and Philippe Kruchten. 2004. Towards agile security assurance. In Proceedings of the 2004 workshop on New security paradigms (NSPW ’04). ACM, New York, NY, USA, 47-54. DOI=10.1145/1065907.1066034 (t-square download)
  53. Bitcoin.