==Peer Review/Paper Writing== * [http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.108.2376 The Task of the Referee] * [http://portal.acm.org/citation.cfm?id=1519122 How Not to Review a Paper] * [https://cups.cs.cmu.edu/soups/2010/howtosoups.pdf Common Pitfalls in Writing about Security and Privacy Human Subjects Experiments, and How to Avoid Them] * [http://portal.acm.org/citation.cfm?id=378267.378283 How (Not) to Write a Good Systems Paper] 30 questions to help you write a better technical paper * [http://www.iam.unibe.ch/~oscar/Champion/champion.pdf Identify the Champion] ==Speaking== * [http://www.cs.berkeley.edu/~pattrsn/talks/BadTalk.pdf How to Give a Bad Talk] ==Plagiarism== * [http://www.tamiu.edu/~nedkock/Pubs/1999JournalCACM/Kock1999.pdf A Case of Academic Plagiarism] * [http://infolab.stanford.edu/~shiva/p29-denning.pdf Plagiarism in the Web] * [http://portal.acm.org/citation.cfm?id=1053291.1053293 Self-Plagiarism in Computer Science] * [http://ieeexplore.ieee.org/iel5/34/16576/00765651.pdf Multiple Submission] * [http://www.blackwell-synergy.com/doi/pdf/10.1111/j.1745-6584.2006.00246.x Plagiarism, Copyright Violation, and Dual Publication: Are You Guilty] ==Writing== * [http://www.bartleby.com/141/ Elements of Style] * [http://www.utoronto.ca/writing/annotatebib.html Writing an Annotated Bibliography] * [http://www.library.cornell.edu/olinuris/ref/research/skill28.htm How to Prepare an Annotated Bibliography] * [http://www.wsu.edu/~brians/errors/errors.html Common Errors in English] * [http://www.ps2pdf.com/convert/convert.htm Postscript to PDF conversion] * [http://www.m-w.com/ Online Dictionary] * [http://computing-dictionary.thefreedictionary.com/ Online Dictionary/Thesaurus] ==How To Choose A Research Topic== * [http://isrl.byu.edu/wp-content/uploads/2015/05/How-to-Choose-a-Research-Topic.pdf How to Choose a Research Topic] Kent Seamons. Panel presentation at Sandia National Labs TITANS, 2013 with additions from Gene Spafford. ==Learning == * [http://media.ldscdn.org/pdf/magazines/ensign-september-2007/2007-09-16-seek-learning-by-faith-eng.pdf Learning By Faith] David Bednar, 2006 * [https://www.youtube.com/watch?v=Z9orbxoRofI Peer Instruction for Active Learning] ==Papers== A list of candidate papers to read this semester. ===Secure Email=== * [ Johnny and Jane - CHI 2016] * [http://cseweb.ucsd.edu/~snoeren/papers/smtpsec-ccs15.pdf Security by Any Other Name ] * [http://conferences2.sigcomm.org/imc/2015/papers/p27.pdf Neither Snow nor Rain nor MITM ...]* === Key Management === * [http://dl.acm.org/citation.cfm?id=2488448 Accountable Key Infrastructure] * [http://dl.acm.org/citation.cfm?id=2660355 PoliCert: Secure and Flexible TLS Certificate Management] * [http://conferences2.sigcomm.org/imc/2015/papers/p183.pdf Certificate Revocation in the Web's PKI] * [https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-melara.pdf CONIKS] === Passwords === * The Quest to Replace Passwords * [http://research.microsoft.com/apps/pubs/?id=227130 An Administrator's Guide to Internet Password Research] * [http://dl.acm.org/citation.cfm?id=2818015 ErsatzPasswords: Ending Password Cracking and Detecting Password Leakage] * [http://ieeexplore.ieee.org/document/6381399/ Authentication at Scale] === Revocation === * [http://www.netsec.ethz.ch/publications/papers/RITM2016.pdf RITM: Revocation in the Middle] * [https://arxiv.org/abs/1608.06592 Application of Public Ledgers to Revocation in Distributed Access Control] === Blockchain === * [https://bitcoin.org/bitcoin.pdf Bitcoin] * [http://www.michaelnielsen.org/ddi/how-the-bitcoin-protocol-actually-works/ How Bitcoin Works] * [https://www.usenix.org/conference/atc16/technical-sessions/presentation/ali Blockstack] * [https://www.usenix.org/system/files/conference/nsdi16/nsdi16-paper-eyal.pdf Bitcoin-NG] * [https://acmccs.github.io/papers/p473-greenA.pdf Bolt] * [https://obj.umiacs.umd.edu/papers_for_stories/Hawk%20blockchain.pdf Hawk] * [http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_09-1_Kalra_paper.pdf Zeus: Analyzing Safety of Smart Contracts] * [https://thehydra.io/paper.pdf Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts] * [https://dl.acm.org/citation.cfm?id=2978326 Town Crier: An Authenticated Data Feed for Smart Contracts] === Certificate & Key Transparency === * [https://certificate-transparency.org Certificate Transparency] * [https://tools.ietf.org/html/draft-ietf-trans-threat-analysis-10 Attack and Threat Model for Certificate Transparency] * [https://security.googleblog.com/2017/01/security-through-transparency.html Key Transparency (Google Blog)] * [https://github.com/google/keytransparency/blob/master/docs/overview.md Key Transparency Overview (Github)] * [http://www.internetsociety.org/sites/default/files/12_2_1.pdf Enhanced Certificate Transparency (optional)] === TLS === * [http://conferences.sigcomm.org/sigcomm/2015/pdf/papers/p199.pdf Multi-Context TLS] === Secure Messaging === * SoK: SSL and HTTPS * OTR * [https://hal.inria.fr/hal-01184171/document Imperfect Forward Secrecy: How Diffie Hellman Fails in Practice] * [https://cyber.law.harvard.edu/pubrelease/dont-panic/Dont_Panic_Making_Progress_on_Going_Dark_Debate.pdf Going Dark Debate] ===Winter 2016=== * [http://conferences2.sigcomm.org/imc/2015/papers/p183.pdf An End-to-End Measurement of Certificate Revocation in the Web’s PKI] * [http://cseweb.ucsd.edu/~snoeren/papers/smtpsec-ccs15.pdf Security by Any Other Name ] * [http://conferences2.sigcomm.org/imc/2015/papers/p27.pdf Neither Snow Nor Rain Nor MITM ] * [https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43346.pdf Ad Injection at Scale: Assessing Deceptive Advertisement Modifications] * [http://cseweb.ucsd.edu/~savage/papers/WEIS15.pdf Framing Dependencies Introduced by Underground Commoditization] * [https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/zheng Cookies Lack Integrity] * [https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/oltrogge To Pin or Not to Pin ] * [http://dl.acm.org/citation.cfm?id=2818015 Ersatz Passwords] * [https://hal.inria.fr/hal-01184171/document Imperfect Forward Secrecy] * [https://www.internetsociety.org/sites/default/files/blogs-media/transcript-collision-attacks-breaking-authentication-tls-ike-ssh.pdf Transcript Collision Attacks: Breaking Authentication in TLS, IKE, and SSH] * [https://www.internetsociety.org/sites/default/files/blogs-media/spiffy-inducing-cost-detectability-tradeoffs-persistent-link-flooding-attacks.pdf SPIFFY: Inducing Cost-Detectability Tradeoffs for Persistent Link-Flooding Attacks] * [https://www.internetsociety.org/sites/default/files/blogs-media/sibra-scalable-internet-bandwidth-reservation-architecture.pdf SIBRA: Scalable Internet Bandwidth Reservation Architecture ] * [https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/sun RAPTOR: Routing Attacks on Privacy in Tor] * [https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/kwon Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services] * [https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/asghari Post-Mortem of a Zombie: Conficker Cleanup After Six Years] * [https://www.internetsociety.org/sites/default/files/blogs-media/forwarding-loop-attacks-content-delivery-networks.pdf Forwarding-Loop Attacks in Content Delivery Networks] * [https://www.internetsociety.org/sites/default/files/blogs-media/centrally-banked-cryptocurrencies.pdf Centrally Banked Cryptocurrencies] * ===Winter 2015=== * [http://android-ssl.org/files/p49.pdf Rethinking SSL in an Appified World ] * [https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/akhawe Alice in Warningland] * [http://www.cs.berkeley.edu/~dawnsong/papers/shadowcrypt-ccs14.pdf ShadowCrypt: Encrypted Web Applications for Everyone] * [http://dl.acm.org/citation.cfm?id=2382204 The Most Dangerous Code in the World] * [http://dl.acm.org/citation.cfm?id=2660338 Securing SSL Certificate Verificaion through Dynamic Linking] * [http://dl.acm.org/citation.cfm?id=2660323 OAuth Demystified for Mobile Application Developers] * [https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-silver.pdf Password Managers: Attacks and Defenses] * [https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-li-zhiwei.pdf The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers] * [https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations] * [http://www.jbonneau.com/doc/KB15-NDSS-hsts_pinning_survey.pdf Upgrading HTTPS in Mid-Air: An Empirical Study of Strict Tranport Security and Key Pinning] * [https://eprint.iacr.org/2013/538.pdf Practical Issues with TLS Client Certificate Authentication]