• The Task of the Referee
• How Not to Review a Paper
• Common Pitfalls in Writing about Security and Privacy Human Subjects Experiments, and How to Avoid Them
• How (Not) to Write a Good Systems Paper 30 questions to help you write a better technical paper
• Identify the Champion

• How to Give a Bad Talk

• A Case of Academic Plagiarism
• Plagiarism in the Web
• Self-Plagiarism in Computer Science
• Multiple Submission
• Plagiarism, Copyright Violation, and Dual Publication: Are You Guilty

• Elements of Style
• Writing an Annotated Bibliography
• How to Prepare an Annotated Bibliography
• Common Errors in English
• Postscript to PDF conversion
• Online Dictionary
• Online Dictionary/Thesaurus

• How to Choose a Research Topic Kent Seamons. Panel presentation at Sandia National Labs TITANS, 2013 with additions from Gene Spafford.

• Learning By Faith David Bednar, 2006
• Peer Instruction for Active Learning

A list of candidate papers to read this semester.

• [ Johnny and Jane - CHI 2016]
• Security by Any Other Name
• Neither Snow nor Rain nor MITM ...*

• Accountable Key Infrastructure
• PoliCert: Secure and Flexible TLS Certificate Management
• Certificate Revocation in the Web's PKI
• CONIKS

• The Quest to Replace Passwords
• An Administrator's Guide to Internet Password Research
• ErsatzPasswords: Ending Password Cracking and Detecting Password Leakage
• Authentication at Scale

• RITM: Revocation in the Middle
• Application of Public Ledgers to Revocation in Distributed Access Control

• Bitcoin
• How Bitcoin Works
• Blockstack
• Bitcoin-NG
• Bolt
• Hawk
• Zeus: Analyzing Safety of Smart Contracts
• Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts
• Town Crier: An Authenticated Data Feed for Smart Contracts

• Certificate Transparency
• Attack and Threat Model for Certificate Transparency
• Key Transparency (Google Blog)
• Key Transparency Overview (Github)
• Enhanced Certificate Transparency (optional)

• Multi-Context TLS

• SoK: SSL and HTTPS
• OTR
• Imperfect Forward Secrecy: How Diffie Hellman Fails in Practice
• Going Dark Debate

• An End-to-End Measurement of Certificate Revocation in the Web’s PKI
• Security by Any Other Name
• Neither Snow Nor Rain Nor MITM
• Ad Injection at Scale: Assessing Deceptive Advertisement Modifications
• Framing Dependencies Introduced by Underground Commoditization
• Cookies Lack Integrity
• To Pin or Not to Pin
• Ersatz Passwords
• Imperfect Forward Secrecy
• Transcript Collision Attacks: Breaking Authentication in TLS, IKE, and SSH
• SPIFFY: Inducing Cost-Detectability Tradeoffs for Persistent Link-Flooding Attacks
• SIBRA: Scalable Internet Bandwidth Reservation Architecture
• RAPTOR: Routing Attacks on Privacy in Tor
• Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services
• Post-Mortem of a Zombie: Conficker Cleanup After Six Years
• Forwarding-Loop Attacks in Content Delivery Networks
• Centrally Banked Cryptocurrencies

• Rethinking SSL in an Appified World
• Alice in Warningland
• ShadowCrypt: Encrypted Web Applications for Everyone
• The Most Dangerous Code in the World
• Securing SSL Certificate Verificaion through Dynamic Linking
• OAuth Demystified for Mobile Application Developers
• Password Managers: Attacks and Defenses
• The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers
• Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations
• Upgrading HTTPS in Mid-Air: An Empirical Study of Strict Tranport Security and Key Pinning
• Practical Issues with TLS Client Certificate Authentication