This is the reading list for CSCI E45a. Do not be put off by the amount of material. The first thing to do is to read the first required reading for Module 01 and from it understand why we feel that it is not only OK but important to assign so much reading. The real world has far more reading that could be done when researching any particular topic than can reasonably be done so selective reading and remembering where a topic was discussed is more important than memorizing the details in a particular document.

This reading list and the weekly NYCU include many readings from online sources, some of which limit readers to a certain number of free articles per day, week, or month. To overcome that obstacle:

1. If you do not already subscribe to the New York Times, Washington Post and the Wall Street Journal, take advantage of the free digital subscriptions offered to Harvard students by the Harvard Library. You will need a Harvard email account to subscribe, so sign up for a Harvard Gmail account if you don't already have one, then follow the library's instructions to sign up for New York Times, Washington Post, and Wall Street Journal accounts.
2. If you can, support independent journalism by purchasing digital subscriptions to publications and websites you read regularly. Wired is one source frequently used in CSCI E-45.
3. If all else fails, follow the instructions at RefreshYourCache.com to delete saved files in your web browser. This should allow you to see additional articles.

Module Reading: 1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16

Module 01 - Introduction

Required Reading

How the mind works in the age of Google and why giving you so much reading is OK

• Google Effects on Memory: Cognitive Consequences of Having Information at Our Fingertips - Sparrow et al (2011)

Why some technologies succeed and some do not

• Diffusion of innovation in healthcare  - Mary Cain and Robert Mittman, Institute for the Future (2002)

Internet philosophy, the last two from a time when people thought the Internet was a different place

• The Laws of Cyberspace - Larry Lessig (1998)
• A statement of principle  - Bruce Sterling, EFF (1992)
• Declaration of the Independence of Cyberspace - John Perry Barlow (1996)

One view on 'does anyone control the Internet?'

• Who controls the Internet?  And should they? - Bert Hubert (2021)

Looking back to understand the present - a way to look at the impact of the Internet

• Notre-dame de Paris  Victor Hugo (1831) - Book V, Chapters i & II

A view of the current Cyberworld

• A Map of the Online World in Incredible Detail - Carmen Ang (2021)

Maybe the shape of things to come, legally

• Carpenter v. United States, U.S. Supreme Court (2018) - Syllabus (summary of the Opinion) and Justice Gorsuch dissent opinion

Optional Reading

• RFC 825 - Request for Comments on Requests for Comments - John Postel  (1982)
• Hacker’s Manifesto   - The Mentor (1986)
• NPR's coverage of Who Controls the Internet?  (2006)
• The NSA is commandeering the Internet  - The Atlantic - Bruce Schneier (2013)
• NSA secrets kill our trust - CNN - Bruce Schneier (2013)

Module 02 - Digital Technologies and Computing Devices

Required Reading

Moore’s Law from the original document:

• Cramming more components onto integrated circuits  - Moore (1965)

Exploring some of important concepts, terms:

• Interop - Palfrey, Gasser (2012).
• The reincarnation of virtual machines - Rosenblum (2004)

Interesting predictions from one of the important figures of computing:

• Man-computer symbiosis - J.C.R. Licklider (1960)
• Memorandum For Members and Affiliates of the Intergalactic Computer Network – J.C.R. Licklider (1963)

A view of what personal computing might mean before it actually happened

• Personal Computing  . - Alan Kay - In: Meeting on 20 Years of Computing Science, Instituto di Elaborazione della Informazione, Pisa, Italy, (1975)

And we are still pushing the limits of physics to keep Moore’s Law alive, including dinner-plate sized chips for computing hungry AI:

• TSMC update 2nm in development 3nm 4nm on track for 2022 – AnandTech (2021)
• Cerebras just built a big chip that could democratize AI – Max Cherney (2022)

Optional Reading

• A Turing machine  - Mike Davey (2010)
• Timeline of computing hardware 2400 BC to 1949 - Wikipedia
• Timeline of computing 1950 to 1979 - Wikipedia
• Timeline of computing 1980 to 1989 - Wikipedia
• Timeline of computing 1990 to 1999 - Wikipedia
• Timeline of computing 2000 - 2009 - Wikipedia
• Timeline of computing 2010 - 2019 - Wikipedia

Module 03 - Internet History and Concepts

Required Reading

The paper that introduced the concept of packet-switched networking (even if he did not call it a “packet”).

• On Distributed Communications - Baran (1962)

An introduction to the work of Louis Pouzin, the developer of the concept of the datagram, the most important single feature of Internet protocol.  The author has strong views, not all of which are universally shared, about the technology underpinning the Internet and the correctness of the path chosen.  See, especially, Mike O’Dell’s summary of the importance of datagrams - starting on page xiv.

• The Inventions of Louis Pouzin – Day (2020), pages v-xix.

Insider’s views on the underpinnings of what got us the Internet

• The Design Philosophy of the DARPA Internet Protocols   - Clark (1988)
• Architectural Principles of the Internet  - RFC 1958 - Carpenter (1996)

A restating of some of the design principles for a general audience and some pushback

• End-to-End Arguments in System Design  - Saltzer, Reed, & Clark (1981)
• The Rise of the Stupid Network  - Isenberg (1997)
• The stupid network: Essential yet unattainable  - Odlyzko (1999)

A history of the Internet written by those who where there and who made it happen

• A Brief History of the Internet  - Leiner, et al  (2000) - (skim)

Economic theory but it applies to TCP

• Tragedy of the Commons -  Hardin (1968)

An opinion piece from one of the authors of the end to end principle

• What The Internet Is, and Should Continue To Be  Reed 2013

On the ongoing disagreement between the telephone companies and Internet engineers:

• Netheads vs Bellheads  Wired, Issue 4.10 | Oct 1996

Scott’s reviews of how we got to today’s Internet:

• Forks: Decisions that got us the Internet we have - Bradner 2020
• Death of the Internet, GIF at 11 – Bradner 2020

Optional Reading

• Treaty of Westphalia   (1648)
• 1999 A.D. , a film produced by the Philco-Ford corporation in the 1960s as a vision of future technology.
• Other papers by Paul Baran 
• Other papers by Andrew Odlyzko 
• The ARPA Network Design Decisions   - McQuillan and Walden (1977)
• SIGCOM 25th Anniversary Issue  reprints of many very important Internet research papers (1995)
• How the 'Net works: an introduction to peering and transit  -  Rudolph Van Der Berg (2008)
• Carterphone: My Story - Nicholas Johnson (2009)
• OSI protocols  - Wikipedia
• Network 2030 and New IP – Li (2019)

Oral history interviews from the Charles Babbage Institute Center for History of Information Technology, University of Minnesota:

• Paul Baran 
• Vinton G. Cerf 
• Donald W. Davies 
• Robert E. Kahn 
• Louis Pouzin 
• Lawrence G. Roberts 
• Ivan Sutherland 
• R. W. Taylor 

Oral history interviews by James L. Pelkey at the Computer History Museum:

• Paul Baran 
• Vinton G. Cerf 
• Donald W. Davies 
• Robert E. Kahn 
• Louis Pouzin 
• Lawrence G. Roberts 
• R. W. Taylor 

Module 04 - Internet Protocol

Required Reading

The Internet Protocol specifications

• Internet Protocol  - Postel - RFC 791 (1981) - - Sec 1,2, 3.1 & 3.2
• Internet Protocol, Version 6 (IPv6) Specification  - Deering and Hinden - RFC 2460 (1998) - Sections 1-8

Private IPv4 Addresses

• Address Allocation for Private Internets  RFC 1918 - Rekhter et al. (1996)

UDP specifications

• User Datagram Protocol  - Postel - RFC 768 (1980)

TCP specifications and articles on congestion control

• Transmission Control Protocol  - Postel - RFC 793 (1981), Sections 1, 2, 3-3.7
• Congestion Control Principles - Floyd - RFC 2914 (2000)
• Congestion Avoidance and Control - Jacobson and Karels (1988), Sections 1 - 4

QUIC 

• QUIC: A UDP-Based Multiplexed and Secure Transport - J. Iyengar, et al – RFC 9000 (2021) Overview through 2.1 (inclusive), 5 through 5.1 (inclusive), and 21.1

Optional Reading

• The Recommendation for the IP Next Generation Protocol  - Bradner & Mankin - RFC 1752 (1995)

Module 05 - Software - Simple Software

Required Reading

Learning about programming

• How to Think Like a Computer Scientist – Ch. 1 The way of the program  – (note: you do not have to do the exercises) - Jeffrey Elkner, Allen B. Downey, and Chris Meyers (2012)
• Compiler Basics - File 2 - Language Theory - James Alan Farrell (1995)

Learning about programming languages

• Dartmouth BASIC version 2 Manual  - Kemeny, John G. & Kurtz, Thomas E. (1964) - Chapter I Introduction

Hypercard was a major departure from how people thought of programming until then.  Programming with Hypercard was as much about writing code as it was about visually developing the interface.  And its language HyperTalk tried to bring programming as close as it could to natural language, making as easy as possible for non-programmers to build programs.  Many of these concepts live on in modern visual programming environments (e.g., native mobile applications development)

• The Hypercard Legacy - Jer Thorp (2009)

Lean thinking and its manifestation in the software development world: Agile

• Principles of lean thinking - Mary Poppendieck (2002)

One example of an all-too-common software bug (and means of compromise), and a discussion of the seminal paper “trusting trust” (see optional reading).

• Buffer overflow – Wikipedia
• Countering "Trusting Trust" - Schneier (2006)

Ethics in the technology space (and particularly in software development) is becoming more and more important and thus is more in the news these days.

• Being an Ethical Software Engineer – Rotem Hermon (2019)

Optional Reading

• The UNIX System: Making Computers Easier to Use  - AT&T Archives (1982)
• The Development of the C Language  – D. Ritchie (1993)
• Reflections on Trusting Trust – Ken Thompson (1984) 
• How security flaws work: The buffer overflow  – Ars Technica – Peter Bright (2015)

Module 06 - Network Technologies

Required Reading

A milestone in the history of Ethernet, the most ubiquitous wired networking technology

• Ethernet still going strong at 40 years – Nicholas Ilyadis (2023)

Descriptions of some of the other common networking technologies

• What Is Ethernet & How Does It Work? – Cody Miller (2020)
• Router (computing)  Wikipedia
• MultiProtocol Label Switching Architecture   RFC 3031 (2001) - Sections 1-3
• The Disappointment of 5G – Doug Dawson (2023)

Optional Reading

• A lighthouse as a metaphor  - Bradner (1998)
• The Lighthouse at the End of the World  - Jules Verne (1905) – starts at page 427, continues on page 497, 559, 627, 680 and finishes on page 745.
• Isla de los Estados Journal; Dream Fulfilled at End of the World - Calvin Sims, New YorkTimes (1998)
• Secret Communications System  - Hedy Kiesler Markey and George Antheil - US Patent No. 2,292,387 (1942)
• What is 5G– Sascha Segan (2021)

Module 07 - Distributed Software

Required Reading

Remote Procedure Calls is the underlying technology for distributed computing

• RPC is Not Dead: Rise, Fall, and the Rise of Remote Procedure Calls – Muzammil Abdul Rehman, Paul Grosu (likely 2016) – up to but not including “The Heir to the Throne: gRPC or Thrift”

An example of what you have to go through to design a complex distributed system

• Designing an Authentication System: a Dialogue in Four Scenes - Bill Bryant (1988)

Blockchain is being touted as a unique, general purpose technology of the future... maybe it’s not.

• There's No Good Reason to Trust Blockchain Technology– Bruce Schneier (2019)
• A Hitchhiker's Guide to the Blockchain Universe – Jim Waldo (2019)

Optional Reading

• LOCUS A network transparent, high reliability distributed system  - Popek, et al (1981)
• The Enterprise Integration Act of 2002   - Public Law 107-277, 107th Congress (2002)

Module 08 - Middleware

Required Reading

Technical specifications of, and worries about middleboxes

• Middleboxes: Taxonomy and Issues (RFC 3234)  - Carpenter & Brim (2002)
• Middleboxes No Longer Considered Harmful  - Walfish et al (2004)
• Report of the IAB Workshop on Security in the Internet Architecture  - RFC 1636 - Braden et al (1994) - Section 3
• The IP Network Address Translator (NAT)  - RFC 1631 - Egevang & Francis (1994) - Sections 1, 2, and 3.3
• Should you deploy a TLS 1.3 middlebox? – J.M. Porup (2020)

Technical specifications of middleware

• Dynamic Host Configuration Protocol  - RFC 1531 - Droms (1993) - Sections 1-3 and 7
• Domain Names - Concepts and Facilities  - RFC 882 - Mockapetris (1983) - Pages 1-19
• Shibboleth/SAML: Info & Flows - Erdos (2014)

Optional Reading

• System and method for selection and retrieval of diverse types of video data on a computer network  - 6,421,726 - U.S. Patent No. Kenner et al (1998)

Module 09 - Designing and Building the Infrastructure

Required Reading

Designing and building enterprise networks and data centers:

• TIA-942 Data Center Standards Overview   – ADC (2006)
• Cisco Networking Academy Connecting Networks Companion Guide: Hierarchical Network Design  – CISCO Press (2014)

Module 10 - The Cloud

Required Reading

A generic model for looking at cloud services

• The NIST definition of cloud computing  - NIST (2011)

Security and privacy considerations in public cloud services

• Guidelines on Security and Privacy in Public Cloud Computing  – NIST (2011) – Sections 1 through 4
• Six steps toward more secure cloud computing - Elisa Jillson and Andy Hasty (2020)

One vendor’s views and offerings for cloud services

• Overview of Amazon Web Services - Amazon (2023)

Module 11 - Routing

Required Reading

Routing issues

• Routing in a Multi-provider Internet  - RFC 1787 - Rekhter (1995)
• Report from the IAB Workshop on Routing and Addressing  - RFC 4984 - Meyer et al (2007)
• How Secure are Secure Interdomain Routing Protocols?  - Goldberg et al, abstract & Introduction

Technical descriptions of routing protocols

• RIPv1 Applicability Statement for Historic Status  - RFC 1923 - Halpern and Bradner (1996)
• RIP Version 2  - RFC 2453 - Malkin (1998) - Section 3.1 through Section 3.5
• OSPF Version 2  - RFC 2328 - Moy (1998) - Section 1.2 and Section 1.3
• A Border Gateway Protocol 4 (BGP-4)  - RFC 4271 - Rekhter et al (2006) - Sections 1 & 3

A sample ISP peering policy

• Verizon Business Peering Policy 

Optional Reading

• Policy routing in Internet protocols  - RFC 1102 - Clark (1989)
• NBMA Next Hop Resolution Protocol (NHRP)  - RFC 2332 - Luciani et all (1998)
• A Framework for QoS-based Routing in the Internet  - RFC 2386 - Crawley et al. (1998)

Module 12 - Security Fundamentals

Required Reading

Securing the Internet

• RFC 1948 - Defending Against Sequence Number Attacks - Bellovin (1996)
• RFC 4301 - Security Architecture for the Internet Protocol - Kent and Seo (2005) sections 1-3 

A market in badness

• The zero day vulnerability trade remains lucrative but risky – Matthew Gooding (2023)

The human in the loop

• 10 Ways We Get The Odds Wrong  - Psychology Today (2008)
• Why the two man rule is only the begining.-  FCW, Chiu (2013)

An approach to understanding risk

• Attack Trees - Schneier (1999)

An old but valuable guide

• The Protection of Information in Computer Systems - Saltzer & Schroeder (1974)

What the feds say (and sometimes do)

• National Industrial Security Program Operating Manual (DoD 5220.22-M)   - Department of Defense (DoD) (2016) - chapter 5 section 7

An examination of one of the more devastating cyber attacks

• A 'Worst Nightmare' Cyberattack: The Untold Story Of The SolarWinds Hack - Dina Temple-Raston (2021)

Fed plans – (skim to understand the topics/goals)

• Executive Order on Improving the Nation’s Cybersecurity – White House (2021)

Optional Reading

• Notes on Picking Pin Tumbler Locks  - Matt Blaze (2003, revised 2016)

 

Module 12b - Advanced Security Tools

Optional Reading

• Understand the evolution of firewalls  - Smith (2002)
• Firewall  - Wikipedia
• Deep Packet Inspection  - Wikipedia
• Antivirus  - Wikipedia
• Sandbox  - Wikipedia
• Know your Enemy: Honeynets - Honeynet Project (2001)
• Intrusion Detection FAQ - SANS - skim basics
• Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection  - Ptacek (1998)
• Sniffing FAQ - Grahm (2000)
• The AIDE manual - Haber - sections 3 & 9
• Top 125 Network Security Tools  - sectools.org (2011) - skim
• Nmap man page  - nmap.org - Description & Port Scanning Techniques
• Framework for Improving Critical Infrastructure Cybersecurity - NIST (2018) Executive Summary and Sections 1-3

Module 13 - Encryption

Required Reading

Why good encryption is good, sayeth the IETF

• RFC 1984 - IAB and IESG Statement on Cryptographic Technology and the Internet - IAB & IESG (1996)

When good enough security is OK

• RFC 4270 - Attacks on Cryptographic Hashes in Internet Protocols - Hoffman & Schneier (2005)

Technology standards for security

• RFC 5280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile - Cooper et al, (2008) - Sections 1, 2, 3 & 8  
• What is a Certificate Revocation List (CRL) vs OCSP? – Ryan Sanders (2020)
• Randomness Requirements for Security  - RFC 4086 -Eastlake, Schiller & Crocker (2005) - Sections 1, 2 & 8  

Why security is hard

• Microsoft, VeriSign, and Certificate Revocation  - Guerin - (2001)
• Why Cryptography Is Harder Than It Looks  - Schneier (1997)

A look at some bad history

• White House statement on comprehensive inter-agency review of encryption technology - (includes rationale for Clipper chip) - Office of the Press Secretary (1994)
• Did NSA Put a Secret Backdoor in New Encryption Standard?  - Schneier (2007)
• Nine Epic Failures Of Regulating Cryptography  - Cindy Cohn, EFF (2014)

An approach to thinking about the conflict between encryption and law enforcement

• Moving the Encryption Policy Conversation Forward - Carnegie Endowment for International Peace (2019)

An attack method

• Rainbow tables - Wikipedia

Optional Reading

• Export Administration Regulation - category 5, part 2 - U.S. Department of Commerce (2023)

Module 14 - Managing the Infrastructure

Required Reading

• RFC 1213 - Management Information Base for Network Management of TCP/IP-based internets: MIB-II - McCloghrie (1991) - sections 1 - 5 
• RFC 3410 - Introduction and Applicability Statements for Internet-Standard Management Framework - Case, et al (2002) - sections 1 – 6
• RFC 3414- User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) - Blumenthal/Wuijnen (2002) - section 1 
• RFC 3635 - Definitions of Managed Objects for the Ethernet-like Interface Types - Flick (2003)
• RFC 6241 - NETCONF Configuration Protocol - Enns, et al (2011) - section 1
• ITIL (Information Technology Infrastructure Library) – Bigelow & Montgomery (2022)

Module 15 - Internet Regulation and Governance

Required Reading

International approaches

• Tunis Agenda for the Information Society - WSIS (2005)
• Committed to connecting the world  - ITU (2015)
• ISOC WCIT web site 

Key U.S. legal or regulatory decisions

• Griswold v. Connecticut - U.S. Supreme Court (1965)
• Katz v. U.S.   - U.S. Supreme Court (1967)
• FCC Policy Statement  (2005) [PDF]
• FCC Releases Restoring Internet Freedom Order  (2018)  
• The Supreme Court Rules in Carpenter v. United States – Lawfare (2021) (read through “Majority Decision”)
•  Dobbs v. Jackson Women’s Health Organization - U.S. Supreme Court (2022) – Justice Thomas concurring opinion (page 117 of the pdf)
• What Clarence Thomas Said – Judith Butler (2022)

One columnist’s opinion

• Eyes in their ankles: The congressional view of network neutrality 

Optional Reading

• Privacy  William L Prosser - California Law Review (1960)

Module 16 - Technical Standards

Required Reading

• RFC 2026 - The Internet Standards Process - Revision 3 - Bradner (1996) - not section 10
• RFC 5378 - Rights Contributors Provide to the IETF Trust  - Bradner & Contreras (2008)
• RFC 8179 - Intellectual Property Rights in IETF Technology  - Bradner & Contreras (2017)
• Common Patent Policy for ITU-T/ITU-R/ISO/IEC