The lists are referenced from many famous educator in security and database area such as Ravi Sandhu, Sushil Jajodia, Ninghui Li, Lingyu Wang, etc. The list of basic papers are recommended for graduate student who plan to conduct research in database or security.  The list of advanced papers are recommended for Ph.D candidate who wish to do creative works in these areas. Widely readling is  a key to excellent .works.

Basic Papers

1. W. Diffie and M.E. Hellman. New directions in cryptography.  IEEE Transactions on Information Theory, Volume 22, Number 6, November 1976, pp. 644 - 654.
   
2. S. Goldwasser and S. Micali.  Probabilistic encryption.   Journal of Computer & System Sciences, Volume 28, Number 2,  April 1984, pp. 270-299.
   Copy available in REC 217.
   Conference version appeared in STOC 1982 under the title "Probabilistic encryption & how to play mental poker keeping secret all partial information"
   
   
3. K. Thompson. Reflections on Trusting Trust.  Communication of the ACM, Vol. 27, No. 8, August 1984, pp. 761-763.
   
4. J.H. Saltzer and M.D. Schroeder. Part I-A of The Protection of Information in Computer Systems. Proceedings of the IEEE, 63(9):1278-1308, 1975.
   The eight principles in Part I-A are as relevant today as they were back then.
   
   
5. L. Lamport, R. Shostak, and M. Pease. The Byzantine Generals Problem ACM Transactions on Programming Languages and Systems 4(3):382-401, July 1982.
   Technically, this is not a security paper. However, it is a fundamental paper of distributed computing, which is closely related to security.
   
   
6. D.D. Clark and D.R. Wilson. "A Comparison of Commercial and Military Computer Security Policies" In Proceedings of the 1987 IEEE Symposium on Security and Privacy.
   
7. R.S. Sandhu, E.J. Coyne, H.L. Feinstein, and C.E. Youman. Role-Based Access Control Models. IEEE Computer, 29(2):38--47, February 1996.
   
   
8. E. Spafford. "The Internet Worm Program: An Analysis". Purdue Technical Report CSD-TR-823.
   
9. S.M. Bellovin. "Security Problems in the TCP/IP Protocol Suite" ACM Computer Communication Review, Volume 19 , Issue 2 (April 1989).
10. D. Denning. "An Intrusion-Detection Model". IEEE Transactions on Software Engineering, Volume. SE-13,  Number 2, February1987, pp. 222-232.
    
11. V. Paxson. "Bro: A System for Detecting Network Intruders in Real-Time, Computer Networks, 31(23-24), pp. 2435-2463, 14 Dec. 1999.
    
12. M. Abadi and R. Needham. Prudent Engineering Practice for Cryptographic Protocols". IEEE Transactions on Software Engineering. January 1996 (Vol. 22, No. 1)
    
13. R. Anderson. "Why Cryptosystems Fail". Communications of the ACM, 37(11):32-40, November 1994.
    
14. N. Borisov, I. Goldberg, D. Wagner.  Intercepting Mobile Communications: The Insecurity of 802.11, MOBICOM 2001.

Advanced Papers

Cryptography

1. M. Blum and S. Micali. "How to generate cryptographically strong sequences of pseudo-random bits". SIAM Journal on Computing, Volume 13, Issue 4 (November 1984), pages 850--864. Conference version in FOCS 1982.
   Copy available in REC 217.

2. S. Goldwasser, S. Micali, and C. Rackoff. "Knowledge complexity of Interactive Proof Systems". SIAM Journal on Computing, Volume 18, Issue 1 (February 1989), pages 186--208. Conference version in STOC 1985.
   
3. M. Bellare and P. Rogaway. Random oracles are practical: a paradigm for designing efficient protocols. In Proceedings of First ACM Conference on Computer and Communications Security (CCS), 1993.
   Full version of the conference version available from the author's page for the paper.
   
   
4. M. Bellare, A. Desai, D. Pointcheval and P. Rogaway. Relations among notions of security for public-key encryption schemes. Extended abstract in Advances in Cryptology - Crypto 98.
   
   
5. Matt Franklin and Moti Yung. "Varieties of secure distributed computing".
   
   
6. P. Paillier. Public-Key Cryptosystems Based on Composite Degree Residuosity Classes, EUROCRYPT 1999.
   
7. A. Herzberg, S. Jarecki, H. Krawczyk, and M. Yung. Proactive secret sharing or: How to cope with perpetual leakage. In Crypto'95.
   
8. D. Boneh and M. Franklin. "Identity-based encryption from the Weil pairing" SIAM J. of Computing, Vol. 32, No. 3, pp. 586-615, 2003.
   Extended abstract in proceedings of Crypto '2001, Lecture Notes in Computer Science, Vol. 2139, Springer-Verlag, pp. 213-229, 2001.
   
   
9. M. Bellare and O. Goldreich. "On defining proofs of knowledge". In CRYPTO 1992.
   

Access Control

1. Michael A. Harrison and Walter L. Ruzzo and Jeffrey D. Ullman. "Protection in Operating Systems". CACM, August 1976.
   
   
2. M. Abadi, M. Burrows, B. Lampson, and G. Plotkin. "A calculus for access control in distributed systems". ACM Transactions on Programming Languages and Systems (TOPLAS). Volume 15, Issue 4 (September 1993), Pages: 706 - 734.
   
   
3. M. Blaze, J. Feigenbaum, and J. Lacy. Decentralized Trust Management. In Proc. of IEEE Symposium on Security and Privacy, 1996.
   
   
4. R. L. Rivest and B. Lampson. SDSI --- A Simple Distributed Security Infrastructure. Version 1.1.
   
5. F.B. Schneider. Enforceable security policies. ACM Transactions on Information and System Security (TISSEC). Volume 3, Issue 1 (February 2000). Pages: 30 - 50
   

   Other candidates

   • E Bertino, E Ferrari, V Atluri. "The specification and enforcement of authorization constraints in workflow management systems".
   • R.S. Sandhu.  "Lattice-based access control models".
   • D. Sutherland.  "A Model of Information"
   • Goguen and Meseguer.  "Unwinding and Inference Control" 
   • Goguen and Meseguer.  "Security Policies and Security Models"

Database Security


1. P.P. Griffiths and B.W. Wade. "An authorization mechanism for a relational database system" ACM Transactions on Database Systems (TODS), Volume 1 , Issue 3 (September 1976), Pages: 242 - 255.
2. Nabil R. Adam, John C. Wortmann. "Security-control methods for statistical databases: a comparative study"
3. F Rabitti, E Bertino, W Kim, D Woelk. "A model of authorization for next-generation database systems".
   
4. P. Ammann, S. Jajodia, P. Liu, Recovery from Malicious Transactions, IEEE Transactions on Knowledge and Data Engineering, Vol. 15, No. 5, September 2002, pages 1167-1185.

Network Security and Intrusion Detection

1. J.G. Steiner, B.C. Neuman, J.I. Schiller. "Kerberos: An Authentication Service for Open Network Systems" In Usenix Conference Proceedings, pp. 191--202, Mar. 1988.
   
2. S.M. Bellovin, M Merritt.  "Limitations of the Kerberos Authentication System, ACM Computer Communications Review, 1991.
3. B. Lampson, M. Abadi, M. Burrows, and E. Wobber. Authentication in Distributed Systems: Theory and Practice ACM Transactions on Computer Systems (TOCS). Volume 10, Issue 4 (November 1992). Pages: 265 - 310.
4. Practical Network Support for IP Traceback. Stefan Savage, David Wetherall, Anna Karlin and Tom Anderson. SIGCOMM 2000.
5. On the Effectiveness of Route-Based Packet Filtering for Distributed DoS Attack Prevention in Power-Law Internets. Kihong Park, Heejo Lee. SIGCOMM 2001
6. S. Forrest, A.S. Perelson, L. Allen, and R. Cherukuri Self-nonself discrimination in a computer In 1994 IEEE Symposium on Security and Privacy.
7. S. Forrest, S.A. Hofmeyr, A. Somayaji, T.A. Longstaff A sense of self for Unix processes
8. T. Ptacek and T. Newsham Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection

Systems Security

1. M. Castro and B. Liskov. Practical Byzantine Fault Tolerance. In Proceedings of the Third Symposium on Operating Systems Design and Implementation (OSDI '99), New Orleans, USA, February 1999.
2. R. Wahbe, S. Lucco, T.E. Anderson, and S.L. Graham. Efficient software-based fault isolation Proceedings of the fourteenth ACM symposium on Operating systems principles, Pages: 203 - 216, 1994.

Analysis of Cryptographic Protocols

1. D. Dolev and A. Yao. "On the security of public key protocols"
2. M Burrows, M Abadi, R Needham. "A logic of authentication"
3. Gavin Lowe. "Breaking and fixing the Needham-Schroeder public-key protocol using FDR"
4. FJT Fabrega, JC Herzog, JD Guttman. "Strand spaces: Proving security protocols correct"

Privacy and Anonymity

1. Anonymous Connections and Onion Routing
2. Freenet: A distributed anonymous information storage and retrieval system
3. Crowds: Anonymity for web transactions

Defining Privacy 

1. Protecting respondents' identities in microdata release. P. Samarati. IEEE Transactions on Knowledge and Data Engineering, 13:1010-1027 (2001).
2. k-anonymity: a model for protecting privacy. L. Sweeney. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10 (2002).
3. Achieving k-anonymity privacy protection using generalization and suppression. L. Sweeney. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10 (2002).
4. Towards a theory of variable privacy. P. Vora. 2003. (slides in PDF)

Databases and Data Integration 

1. Database Encryption in Oracle 9i. Oracle Corporation (2001). 
2. Replacing Personally-Identifying Information in Medical Records, the Scrub System. L. Sweeney. In: Cimino, JJ, ed. Proceedings, Journal of the American Medical Informatics Association. Washington, DC: Hanley & Belfus, Inc., 1996.
3. Cryptography and Relational Database Management Systems. J. He and M. Wang. IDEAS 2001.
4. Practical Techniques for Searches on Encrypted Data. D.X. Song, D. Wagner, and A. Perrig. IEEE Symposium on Research in Security and Privacy 2002.
5. Executing SQL over Encrypted Data in the Database-Service-Provider Model. H. Hacigumus, B. Iyer, C. Li, and S. Mehrotra. SIGMOD 2002.
6. Providing Database as a Service. H. Hacigumus, B. Iyer, and S. Mehrotra. ICDE 2002.
7. Hippocratic Databases. R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. VLDB 2002.
8. Information Sharing across Private Databases. R. Agrawal, A. Evfimievski, and R. Srikant. SIGMOD 2003. 
9. Implementing P3P Using Database Technology. R.Agrawal, J.  Kiernan, R. Srikant, and Y. Xu. ICDE 2003.
10. Server Centric P3P. R. Agrawal, J. Kiernan, R. Srikant, and Y. Xu. W3C Workshop on the Future of P3P (2002)
11. Cardinality-based Inference Control in Data Cubes. L. Wang, D. Wijesekera, and S. Jajodia. Journal of Computer Security (to appear).
12. OLAP Means On-line Anti-Privacy. L. Wang, D. Wijesekera, and S. Jajodia. ISE Technical Report (2003).
13. Precisely Answering Multi-dimensional Range Queries Without Privacy Breaches. L. Wang, Y.J. Li, D. Wijesekera, and S. Jajodia. ESORICS 2003.
14.  Cardinality-based Inference Control in Sum-only Data Cubes. L. Wang, D. Wijesekera, and S. Jajodia. ESORICS 2002.
15. Towards Secure XML Federations. L. Wang, D. Wijesekera, and S. Jajodia. IFIP Working Conference on Database and Application Security.
16. A privacy enhanced microaggregation method, Y.J. Li, S.C. Zhu, L. Wang, and S. Jajodia. Second International Symposium on Foundations of Information and Knowledge Systems 2002.
17. Auditing Interval Based Inference. Y.J. Li, L. Wang, S. Wang, and S. Jajodia. The Fourteenth International Conference on Advanced Information Systems Engineering 2002.
18. Preventing Interval Based Inferece By Random Data Perturbation. Y.J. Li, L. Wang, and S. Jajodia. The Second Workshop on Privacy Enhancing Technologies 2002.
19. A Cryptography-Flavored Approach to Privacy in Public Databases (abstract) (pdf) C. Dwork. ALADDIN Workshop on Privacy in Data, 2003.
20. Privacy-protecting statistic computation: theory and practice (abstract) (ppt) (pdf) R. Wright. ALADDIN Workshop on Privacy in Data, 2003.
21. Querying Databases Privately. E. Kushilevitz. IBM Almaden Institute on Privacy in Data Systems, 2003.
22. Searchable Public Key Encryption. D. Boneh, G. Di Crescenzo, R. Ostrovsky, and Giuseppe Persiano. Cryptology ePrint Archive: Report 2003/195.

Data Mining 

1. Privacy-Preserving Data Mining: A Randomization Approach. R. Srikant. IBM Almaden Institute on Privacy in Data Systems, 2003.
2. Privacy-Preserving Data Mining: A Cryptographic Approach. B. Pinkas. IBM Almaden Institute on Privacy in Data Systems, 2003.
3. Privacy preserving learning of decision trees (abstract) (ppt) (pdf) B. Pinkas. ALADDIN Workshop on Privacy in Data, 2003.
4. On Privacy Breaches in Privacy-Preserving Data Mining (abstract) (pdf) J. Gehrke. ALADDIN Workshop on Privacy in Data, 2003.
5. Privacy-Preserving Data Mining, R. Agrawal and R. Srikant. SIGMOD 2000.
6. Privacy Preserving Clustering By Data Transformation. Stanley R. M. Oliveira.
7. Privacy Preserving Mining of Association Rules, A. Evfimievski, R. Srikant, R. Agrawal, and J. Gehrke. SIGKDD 2002.
8. Maintaining Data Privacy in Association Rule Mining. S.J. Rizvi and J.R. Haritsa. VLDB 2002.
9. Limiting Privacy Breaches in Privacy Preserving Data Mining. A. Evfimievski, J. Gehrke, and R. Srikant. PODS 2003.
10. <Privacy Preserving Data Mining, Y. Lindell and B. Pinkas, Journal of Cryptology 13 (2002).
11. Tools for Privacy Preserving Distributed Data Mining, C. Clifton, M. Kantarcioglu, J. Vaidya, X. Lin, and M. Zhu. ACM SIGKDD Explorations 4 (2003).
12. Randomization in Privacy-Preserving Data Mining A. Evfimievski. ACM SIGKDD Explorations 4 (2003).
13. Database Privacy. M. Olivier. ACM SIGKDD Explorations 4 (2003).
14. Cryptographic Techniques for Privacy-Preserving Data Mining. B. Pinkas. ACM SIGKDD Explorations 4 (2003).
15. Approaches to distributed privacy protecting data mining (pdf) B. Prydatek. ALADDIN Workshop on Privacy in Data, 2003.
16. On the Design and Quantification of Privacy Preserving Data Mining Algorithms. D. Agrawal and C.C. Aggarwal. PODS 2001.
17. A Methodology for Hiding Knowledge in Databases. T. Johnsten and Vijay V. Raghavan. Workshop on Privacy, Security, and Data Mining 2002.
18. Building Decision Tree Classifier on Private Data. W, Du and Zhijun Zhan. Workshop on Privacy, Security, and Data Mining 2002.
19. Foundations for an Access Control Model for Privacy Preservation in Multi-Relational Association Rule Mining. S.R.M. Oliveira. Workshop on Privacy, Security, and Data Mining 2002.
20. Privacy Preserving Frequent Itemset Mining. S.R.M. Oliveira. Workshop on Privacy, Security, and Data Mining 2002.
21. Security and Privacy Implications of Data Mining, C. Clifton and D. Marks, DMKD 1996.
22. Developing Custom Intrusion Detection Filters Using Data Mining. C. Clifton and G. Gengo. MILCOM 2000.
23. Using Sample Size to Limit Exposure to Data Mining. C. Clifton. Journal of Computer Security 8 (2000).
24. Using Unknowns to Prevent Discovery of Association Rules. Y. Saygin, V.S. Verykios, and C. Clifton. ACM SIGMOD Record 30 (2001).
25. Privacy Preserving Association Rule Mining in Vertically Partitioned Data. J. Vaidya and C. Clifton. KDD 2002.
26. Privacy-Preserving K-Means Clustering over Vertically Partitioned Data. J. Vaidya and C. Clifton. KDD 2003.
27. Assuring Privacy when Big Brother is Watching. M. Kantarcioglu and C. Clifton. DMKD 2003.
28. Privacy Preserving Data Mining over Vertically Partitioned Data. J. Vaidya. PhD Thesis, 2003.
29. A new architecture for Privacy Preserving Data Mining. M. Kantarcioglu and J. Vaidya. Privacy, Security and Data Mining, vol. 14, ACS Series Conferences in Research and Practice in Information Technology.
30. Secure Set Intersection Cardinality with Application to Association Rule Mining, C. Clifton and J. Vaidya. Under Review (Notes on use).
31. Privacy Preserving Data Mining of Association Rules on Horizontally Partitioned Data. M. Kantarcioglu and C. Clifton. IEEE TKDE (to appear).

Statistical Databases

1. Controlled data-swapping techniques for masking public use microdata sets. R.A. Moore, Jr.  SRD Report RR 96-04, U.S. Bureau of the Census, 1996.
2. Census Confidentiality and Privacy: 1790 - 2002. U.S. Bureau of the Census, 2002.
3. The U.S. Census Bureau Respects Your Privacy and Keeps Your Personal Information Confidential. U.S. Bureau of the Census, 2001.
4. Security and Disclosure for Statistical Information. A. Westlake. IBM Almaden Institute on Privacy in Data Systems, 2003.
5. Preserving Confidentiality AND Providing Adequate Data for Statistical Modeling: The Role of Partial and Perturbed Data(abstract) (ppt) (html) (pdf) S. Fienberg. ALADDIN Workshop on Privacy in Data, 2003.
6. Protecting data through 'Perturbation' Techniques: Impact on the knowledge discovery process.  R.L. Wilson and P. A. Rosen. Journal of Database Management, 14(2), 14-26, April-June 2003.
7. Revealing information while preserving privacy (abstract) (ppt) (html) (pdf) K Nissim. ALADDIN Workshop on Privacy in Data, 2003.
8. On the Privacy of Statistical Databases. I. Dinur and K. Nissim.
9. Revealing Information while Preserving Privacy. I. Dinur and K. Nissim, PODS 2003.
10. Security of Random Data Perturbation Methods. K. Muralidhar and R. Sarathy. ACM TODS 24 (1999).
11. OLAP and statistical databases: similarities and differences. A. Shoshani. SIGMOD 1997.
12. Security-Control Methods for Statistical Databases: A Comparative Study. N.R. Adam and J.C. Wortmann. ACM Computing Surveys 21(1989).
13. A data distortion by probability distribution. C.K. Liew, U.J. Choi, and C.J. Liew. TODS 10 (1985).
14. The statistical security of a statistical database. J.F. Traub, Y. Yemini, and H. Woʦniakowski.  TODS 9 (1984).
15. Statistical databases: Characteristics, problems and some solutions. A. Shoshani. VLDB 82.
16. Statistical Database Design. F. Chin and G. Ozsoyoglu. TODS 6 (1981).
17. Auditing for secure statistical databases. F. Chin and G. Ozsoyoglu. ACM 81 Conference (1981).
18. Suppression methodology and statistical disclosure control. L.H. Cox. JASA 75 (1980).
19. A Security Model for the Statistical Database Problem. D.E. Denning. TODS 5 (1980).
20. Secure statistical databases with random sample queries. D.E. Denning. TODS 5 (1980).
21. A fast procedure for finding a tracker in a statistical database. D.E.Denning. TODS 5 (1980).
22. The tracker: a threat to statistical database security. D.E Denning, P.J. Denning, and M. Schwartz. TODS 4 (1979).
23. Privacy in Statistical Databases (PSD 2004) Conference

Private Information Retrieval

1. Survey Talk: Private Information Retrieval. A. Beimal (2003). 
2. Private Information Retrieval - An overview and current trends. D. Asonov. INDOCRYPT 2001.
3. Private Information Retrieval. B. Chor, O. Goldreich, E. Kushilevitz, and M. Sudan, FOCS 95.
4. Computationally private information retrieval. B. Chor and N. Gilboa. STOC 97.
5. Replication Is Not Needed: Single Database, Computationally-Private Information Retrieval, E. Kushilevitz and R. Ostrovsky. FOCS 97.
6. Protecting Data Privacy in Private Information Retrieval Schemes. Y. Gertner, Y. Ishai, E. Kushilevitz, and T. Malkin. STOC 98.
7. Private information retrieval by keywords. B. Chor, N. Gilboa, and M. Naor. Report 98-03, Theory of Cryptography Library, 1998.
8. One-way Functions are Essential for Single-Server Private Information Retrieval. A. Beimel, Y. Ishai, E. Kushilevitz, and T. Malkin. STOC 99.
9. Improved Upper Bounds on Information-Theoretic Private Information Retrieval. Y. Ishai and E. Kushilevitz. STOC 99.
10. Computationally private information retrieval with polylogarithmic communication. C. Cachin, S. Micali, and M. Stadler. Computationally private information retrieval with polylogarithmic communication. EUROCRYPT 1999.
11. One-way Trapdoor Permutations Are Sufficient for Non-Trivial Single-Server Private Information Retrieval. E. Kushilevitz and R. Ostrovsky. EuroCrypt 2000.
12. Reducing the Servers Computation in Private Information Retrieval: PIR with Preprocessing. A. Beimel, Y. Ishai, and T. Malkin. CRYPTO 2000,
13. On symmetrically private information retrieval. S.K. Mishra. Master's Thesis, Indian Statistical Institute (2000).
14. Information-Theoretic Private Information Retrieval: A Unified Construction. A. Beimel and Y. Ishai. ICALP 2001.
15. Breaking the O(n^{1/(2k-1)}) Barrier for Information-Theoretic Private Information. A. Beimel, Y. Ishai, E. Kushilevitz, and J.F. Raymond. FOCS 2002.
16. Robust Information-Theoretic Private Information Retrieval. A. Beimel and Y. Stahl.  3rd Conference on Security in Communication Networks, 2002.
17. Privacy-Preserving Indexing of Documents on the Network. M. Bawa, R.J. Bayardo Jr., and R. Agrawal. VLDB 2003.
18. Building Secure Indexes for Searching Efficiently on Encrypted Compressed Data. Eu-Jin Goh (2003).