Table of Contents
Peer Review/Paper Writing
Speaking
Plagiarism
Writing
How To Choose A Research Topic
Learning
Papers
Secure Email
Key Management
Passwords
Revocation
Blockchain
Certificate & Key Transparency
TLS
Secure Messaging
Winter 2016
Winter 2015
Peer Review/Paper Writing
The Task of the Referee
How Not to Review a Paper
Common Pitfalls in Writing about Security and Privacy Human Subjects Experiments, and How to Avoid Them
How (Not) to Write a Good Systems Paper
30 questions to help you write a better technical paper
Identify the Champion
Speaking
How to Give a Bad Talk
Plagiarism
A Case of Academic Plagiarism
Plagiarism in the Web
Self-Plagiarism in Computer Science
Multiple Submission
Plagiarism, Copyright Violation, and Dual Publication: Are You Guilty
Writing
Elements of Style
Writing an Annotated Bibliography
How to Prepare an Annotated Bibliography
Common Errors in English
Postscript to PDF conversion
Online Dictionary
Online Dictionary/Thesaurus
How To Choose A Research Topic
How to Choose a Research Topic
Kent Seamons. Panel presentation at Sandia National Labs TITANS, 2013 with additions from Gene Spafford.
Learning
Learning By Faith
David Bednar, 2006
Peer Instruction for Active Learning
Papers
A list of candidate papers to read this semester.
Secure Email
[ Johnny and Jane - CHI 2016]
Security by Any Other Name
Neither Snow nor Rain nor MITM ...
*
Key Management
Accountable Key Infrastructure
PoliCert: Secure and Flexible TLS Certificate Management
Certificate Revocation in the Web's PKI
CONIKS
Passwords
The Quest to Replace Passwords
An Administrator's Guide to Internet Password Research
ErsatzPasswords: Ending Password Cracking and Detecting Password Leakage
Authentication at Scale
Revocation
RITM: Revocation in the Middle
Application of Public Ledgers to Revocation in Distributed Access Control
Blockchain
Bitcoin
How Bitcoin Works
Blockstack
Bitcoin-NG
Bolt
Hawk
Zeus: Analyzing Safety of Smart Contracts
Enter the Hydra: Towards Principled Bug Bounties and Exploit-Resistant Smart Contracts
Town Crier: An Authenticated Data Feed for Smart Contracts
Certificate & Key Transparency
Certificate Transparency
Attack and Threat Model for Certificate Transparency
Key Transparency (Google Blog)
Key Transparency Overview (Github)
Enhanced Certificate Transparency (optional)
TLS
Multi-Context TLS
Secure Messaging
SoK: SSL and HTTPS
OTR
Imperfect Forward Secrecy: How Diffie Hellman Fails in Practice
Going Dark Debate
Winter 2016
An End-to-End Measurement of Certificate Revocation in the Web’s PKI
Security by Any Other Name
Neither Snow Nor Rain Nor MITM
Ad Injection at Scale: Assessing Deceptive Advertisement Modifications
Framing Dependencies Introduced by Underground Commoditization
Cookies Lack Integrity
To Pin or Not to Pin
Ersatz Passwords
Imperfect Forward Secrecy
Transcript Collision Attacks: Breaking Authentication in TLS, IKE, and SSH
SPIFFY: Inducing Cost-Detectability Tradeoffs for Persistent Link-Flooding Attacks
SIBRA: Scalable Internet Bandwidth Reservation Architecture
RAPTOR: Routing Attacks on Privacy in Tor
Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services
Post-Mortem of a Zombie: Conficker Cleanup After Six Years
Forwarding-Loop Attacks in Content Delivery Networks
Centrally Banked Cryptocurrencies
Winter 2015
Rethinking SSL in an Appified World
Alice in Warningland
ShadowCrypt: Encrypted Web Applications for Everyone
The Most Dangerous Code in the World
Securing SSL Certificate Verificaion through Dynamic Linking
OAuth Demystified for Mobile Application Developers
Password Managers: Attacks and Defenses
The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers
Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations
Upgrading HTTPS in Mid-Air: An Empirical Study of Strict Tranport Security and Key Pinning
Practical Issues with TLS Client Certificate Authentication