In the first half of the semester, students will read, analyze, and discuss foundational and recent research papers on systems security. Papers should be selected from the below list, but additional suggestions are welcome. Topic coverage will be based on student interest. Asterisks indicate a special interest in the paper by the instructor.

Paper selections should be made via the Google Form. Please login using your NCSU Google Account.

Mini-review forms can be found here.


  • Google: BeyondCorp Design Documents
  • NDSS '17: WireGuard: Next Generation Kernel Network Tunnel
  • NDSS '17: Are We There Yet? On RPKI’s Deployment and Security
  • S&P '16: High-Speed Inter-domain Fault Localization
  • NDSS '15: Mind Your Blocks: On the Stealthiness of Malicious BGP Hijacks
  • CCS '15: Walls Have Ears! Opportunistically Communicating Secret Messages Over the Wiretap Channel: from Theory to Practice
  • IMC '15: Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery
  • IMC '14: Taming the 800 Pound Gorilla: The Rise and Decline of NTP DDoS Attacks
  • EuroS&P '16: How Secure is TextSecure?

Wireless, Cellular, and Telephone Security

  • CCS '17: Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 (KRACK)
  • *CCS '17: CCCP: Closed Caption Crypto Phones to Resist MITM Attacks, Human Errors and Click-Through
  • * NDSS '17: Dial One for Scam: A Large-Scale Analysis of Technical Support Scams
  • NDSS '17: FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild
  • S&P '16: SoK: Everyone Hates Robocalls: A Survey of Techniques against Telephone Spam
  • NDSS '16: Practical Attacks Against Privacy and Availability in 4G/LTE Mobile Communication Systems
  • S&P '13: Ally Friendly Jamming: How to Jam Your Enemy and Maintain Your Own Wireless Connectivity at the Same Time

Hidden Networks

  • Usenix Security '17: USB Snooping Made Easy: Crosstalk Leakage Attacks on USB Hubs
  • Logic, Rewriting, and Concurrency: Network-on-Chip Firewall: Countering Defective and Malicious System-on-Chip Hardware
  • S&P '10: Chip and PIN is Broken
  • Usenix '07: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks
  • S&P '14: SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks

Anonymity and Censorship

  • * USENIX Security'04: Tor: The Second-Generation Onion Router
  • CCS '17: How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services
  • * SIGCOMM '15: Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests
  • * Usenix Security '17: The Loopix Anonymity System
  • Usenix Security '11: Telex: Anticensorship in the network infrastructure
  • S&P '13: The Parrot Is Dead: Observing Unobservable Network Communications

Cool Attacks

  • Usenix 17: Beauty and the Burst: Remote Identification of Encrypted Video Streams
  • Usenix 16: Off-Path TCP Exploits: Global Rate Limit Considered Dangerous
  • S&P '17: The Password Reset MitM Attack
  • S&P '16: Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf
  • NDSS '16: Attacking the Network Time Protocol
  • CCS '15: Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
  • CCS '16: When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals
  • EuroS&P '17: 9-1-1 DDoS: Attacks, Analysis and Mitigation


  • CCS '17: Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors
  • CCS '17: A Comprehensive Symbolic Analysis of TLS 1.3
  • S&P '17: Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate
  • NDSS '17: The Security Impact of HTTPS Interception
  • NDSS '16: TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication
  • IMC '14: The Matter of Heartbleed
  • Euro S&P: Content delivery over TLS: a cryptographic analysis of Keyless SSL


  • CCS 17: Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse
  • CCS 17: Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study
  • CCS 17: The Wolf of Name Street: Hijacking Domains Through Their Nameservers
  • CCS '16: All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records


  • * Whitepaper: Bitcoin: A Peer-to-Peer Electronic Cash System
  • Whitepaper: Ethereum
  • CCS '17: Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin
  • CCS '17: Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing
  • CCS '16: Making Smart Contracts Smarter
  • FC '13: Quantitative Analysis of the Full Bitcoin Transaction Graph
  • IMC '13: A fistful of bitcoins: Characterizing payments among men with no names.
  • S&P '13: Zerocoin: Anonymous Distributed E-Cash from Bitcoin
  • NDSS '17: TumbleBit: An Untrusted Bitcoin-Compatible Anonymous Payment Hub
  • *S&P '17: Hijacking Bitcoin: Routing Attacks on Cryptocurrencies
  • NDSS '17: SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks


  • CCS 17: POISED: Spotting Twitter Spam Off the Beaten Paths
  • CCS 17: Automated Crowdturfing Attacks and Defenses in Online Review Systems
  • CCS 17: Economic Factors of Vulnerability Trade and Exploitation: Empirical evidence from a prominent Russian cybercrime market
  • S&P '17: Under the Shadow of Sunshine: Understanding and Detecting Bulletproof Hosting on Legitimate Service Provider Networks.
  • S&P '17: To Catch a Ratter: Monitoring the Behavior of Amateur DarkComet RAT Operators in the Wild.
  • CCS '16: Identifying the Scanners and Attack Infrastructure behind Amplification DDoS attacks
  • S&P '17: A Lustrum of Malware Network Communication: Evolution and Insights
  • Usenix '16: Website-Targeted False Content Injection by Network Operators


  • * Usenix '13: ZMap: Fast Internet-wide Scanning and Its Security Applications
  • CCS 17: Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting
  • Usenix '16: Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016


  • CCS 17: Data breaches, phishing, or malware? Understanding the risks of stolen credentials
  • Usenix '17: HELP: Helper-Enabled In-Band Device Pairing Resistant Against Signal Cancellation
  • Usenix '16: Authenticated Network Time Synchronization
  • IMC '17: Measuring and Mitigating OAuth Access Token Abuse by Collusion Networks
  • CCS '14: VoIP Fraud: Identifying a Wolf in Sheep's Clothing
  • Euro S&P '17:SoK: Single Sign-On Security — An Evaluation of OpenID Connect
  • CCS '16: A Comprehensive Formal Security Analysis of OAuth 2.0
  • Euro S&P '16: ZETA - Zero-Trust Authentication: Relying on Innate Human Ability, not Technology
  • Usenix '14: SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities

Web Security

  • Usenix '17: Same-Origin Policy: Evaluation in Modern Browsers
  • Rewriting History: Changing the Archived Web from the Present


  • S&P '17: IoT Goes Nuclear: Creating a Zigbee Chain Reaction
  • NDSS '17: Internet-scale Probing of CPS: Inference, Characterization and Orchestration Analysis

Software Defined Networking

  • Usenix '17: Identifier Binding Attacks and Defenses in Software-Defined Networks
  • NDSS '15: SPHINX: Detecting Security Attacks in Software-Defined Networks
  • NDSS '16: Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security
  • NDSS '15: Securing the Software Defined Network Control Layer
  • NDSS '17: DELTA: A Security Assessment Framework for Software-Defined Networks
  • SOSR '15: SDNRacer: detecting concurrency violations in software-defined networks
  • NDSS '15: Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures
  • NDSS '17: On the Safety and Efficiency of Virtual Firewall Elasticity Control
  • Euro S&P 17: Outsmarting Network Security with SDN Teleportation