In the first half of the semester, students will read, analyze, and discuss foundational and recent research papers on systems security. Papers should be selected from the below list, but additional suggestions are welcome. Topic coverage will be based on student and instructor interest. Asterisks indicate a special interest in the paper by the instructor.

Paper selections should be made via the Google Form. Please login using your NCSU Google Account.

Mini-review forms can be found here.


  • NDSS '17: WireGuard: Next Generation Kernel Network Tunnel
  • CCS 17: Faulds: A Non-Parametric Iterative Classifier for Internet-Wide OS Fingerprinting
  • S&P '17: IoT Goes Nuclear: Creating a Zigbee Chain Reaction
  • Usenix '13: ZMap: Fast Internet-wide Scanning and Its Security Applications
  • SIGCOMM '15: Encore: Lightweight Measurement of Web Censorship with Cross-Origin Requests
  • Whitepaper: The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research


  • Google: BeyondCorp Design Documents
  • S&P '16: High-Speed Inter-domain Fault Localization
  • NDSS '15: Mind Your Blocks: On the Stealthiness of Malicious BGP Hijacks
  • CCS '15: Walls Have Ears! Opportunistically Communicating Secret Messages Over the Wiretap Channel: from Theory to Practice
  • IMC '15: Neither Snow Nor Rain Nor MITM... An Empirical Analysis of Email Delivery
  • IMC '14: Taming the 800 Pound Gorilla: The Rise and Decline of NTP DDoS Attacks
  • EuroS&P '16: How Secure is TextSecure?
  • S&P 18: Routing Around Congestion: Defeating DDoS Attacks and Adverse Network Conditions via Reactive BGP Routing
  • Uesnix 19: Reading the Tea leaves: A Comparative Analysis of Threat Intelligence
  • CCS 19: Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues
  • CCS 19: Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices

Wireless, Cellular, and Telephone Security

  • NDSS '17: Dial One for Scam: A Large-Scale Analysis of Technical Support Scams
  • NDSS '17: FBS-Radar: Uncovering Fake Base Stations at Scale in the Wild
  • CCS '17: Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 (KRACK)
  • S&P '13: Ally Friendly Jamming: How to Jam Your Enemy and Maintain Your Own Wireless Connectivity at the Same Time
  • Usenix Security '19: UWB-ED: Distance Enlargement Attack Detection in Ultra-Wideband
  • S&P '16: SoK: Everyone Hates Robocalls: A Survey of Techniques against Telephone Spam
  • S&P '19: Breaking LTE on Layer Two

Hidden Networks

  • Usenix Security '17: USB Snooping Made Easy: Crosstalk Leakage Attacks on USB Hubs
  • Logic, Rewriting, and Concurrency: Network-on-Chip Firewall: Countering Defective and Malicious System-on-Chip Hardware
  • S&P '10: Chip and PIN is Broken
  • Usenix '07: Keep Your Enemies Close: Distance Bounding Against Smartcard Relay Attacks
  • S&P '14: SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks

Anonymity and Censorship

  • * USENIX Security'04: Tor: The Second-Generation Onion Router
  • CCS '17: How Unique is Your .onion? An Analysis of the Fingerprintability of Tor Onion Services
  • * Usenix Security '17: The Loopix Anonymity System
  • Usenix Security '11: Telex: Anticensorship in the network infrastructure
  • S&P '13: The Parrot Is Dead: Observing Unobservable Network Communications
  • NDSS 18: A Large-scale Analysis of Content Modification by Open HTTP Proxies
  • S&P 18: Anonymity Trilemma: Strong Anonymity, Low Bandwidth Overhead, Low Latency --- Choose Two
  • Usenix Security '18: How Do Tor Users Interact With Onion Services?

Cool Attacks

  • Usenix 19: Wireless Attacks on Aircraft Instrument Landing Systems
  • Usenix 17: Beauty and the Burst: Remote Identification of Encrypted Video Streams
  • Usenix 16: Off-Path TCP Exploits: Global Rate Limit Considered Dangerous
  • S&P '17: The Password Reset MitM Attack
  • S&P '16: Staying Secure and Unprepared: Understanding and Mitigating the Security Risks of Apple ZeroConf
  • NDSS '16: Attacking the Network Time Protocol
  • CCS '15: Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
  • CCS '16: When CSI Meets Public WiFi: Inferring Your Mobile Phone Password via WiFi Signals
  • EuroS&P '17: 9-1-1 DDoS: Attacks, Analysis and Mitigation


  • NDSS '19: maTLS: How to Make TLS middlebox-aware?
  • CCS '17: Where the Wild Warnings Are: Root Causes of Chrome HTTPS Certificate Errors
  • S&P '17: Verified Models and Reference Implementations for the TLS 1.3 Standard Candidate
  • NDSS '17: The Security Impact of HTTPS Interception
  • NDSS '16: TLS in the Wild: An Internet-wide Analysis of TLS-based Protocols for Electronic Communication
  • IMC '14: The Matter of Heartbleed
  • Euro S&P: Content delivery over TLS: a cryptographic analysis of Keyless SSL
  • S&P 19: 'If HTTPS Were Secure, I Wouldn't Need 2FA' - End User and Administrator Mental Models of HTTPS
  • CCS '19: A Usability Evaluation of Let’s Encrypt and Certbot – Usable Security Done Right?


  • CCS 17: Hiding in Plain Sight: A Longitudinal Study of Combosquatting Abuse
  • CCS 17: Client-side Name Collision Vulnerability in the New gTLD Era: A Systematic Study
  • CCS 17: The Wolf of Name Street: Hijacking Domains Through Their Nameservers
  • CCS '16: All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records


  • * Whitepaper: Bitcoin: A Peer-to-Peer Electronic Cash System
  • Whitepaper: Ethereum
  • CCS '17: Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin
  • CCS '17: Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing
  • CCS '16: Making Smart Contracts Smarter
  • FC '13: Quantitative Analysis of the Full Bitcoin Transaction Graph
  • IMC '13: A fistful of bitcoins: Characterizing payments among men with no names.
  • S&P '13: Zerocoin: Anonymous Distributed E-Cash from Bitcoin
  • NDSS '17: TumbleBit: An Untrusted Bitcoin-Compatible Anonymous Payment Hub
  • *S&P '17: Hijacking Bitcoin: Routing Attacks on Cryptocurrencies
  • NDSS '17: SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks


  • CCS 17: POISED: Spotting Twitter Spam Off the Beaten Paths
  • CCS 17: Automated Crowdturfing Attacks and Defenses in Online Review Systems
  • CCS 17: Economic Factors of Vulnerability Trade and Exploitation: Empirical evidence from a prominent Russian cybercrime market
  • S&P '17: Under the Shadow of Sunshine: Understanding and Detecting Bulletproof Hosting on Legitimate Service Provider Networks.
  • S&P '17: To Catch a Ratter: Monitoring the Behavior of Amateur DarkComet RAT Operators in the Wild.
  • CCS '16: Identifying the Scanners and Attack Infrastructure behind Amplification DDoS attacks
  • S&P '17: A Lustrum of Malware Network Communication: Evolution and Insights
  • Usenix '16: Website-Targeted False Content Injection by Network Operators
  • NDSS '19: Cybercriminal Minds: An investigative study of cryptocurrency abuses in the Dark Web
  • S&P 19: Resident Evil: Understanding Residential IP Proxy as a Dark Service


  • Usenix '16: Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016
  • NDSS '18: A Large-scale Analysis of Content Modification by Open HTTP Proxies.
  • NDSS '17: Are We There Yet? On RPKI’s Deployment and Security
  • NDSS '19: Don’t Trust The Locals: Investigating the Prevalence of Persistent Client-Side Cross-Site Scripting in the Wild
  • S&P 18: Enumerating Active IPv6 Hosts for Large-scale Security Scans via DNSSEC-signed Reverse Zones


  • CCS 17: Data breaches, phishing, or malware? Understanding the risks of stolen credentials
  • Usenix '17: HELP: Helper-Enabled In-Band Device Pairing Resistant Against Signal Cancellation
  • Usenix '16: Authenticated Network Time Synchronization
  • IMC '17: Measuring and Mitigating OAuth Access Token Abuse by Collusion Networks
  • CCS '14: VoIP Fraud: Identifying a Wolf in Sheep's Clothing
  • Euro S&P '17:SoK: Single Sign-On Security — An Evaluation of OpenID Connect
  • CCS '16: A Comprehensive Formal Security Analysis of OAuth 2.0
  • Euro S&P '16: ZETA - Zero-Trust Authentication: Relying on Innate Human Ability, not Technology
  • Usenix '14: SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities

Web Security

  • Usenix '17: Same-Origin Policy: Evaluation in Modern Browsers
  • Rewriting History: Changing the Archived Web from the Present


  • NDSS '17: Internet-scale Probing of CPS: Inference, Characterization and Orchestration Analysis
  • NDSS '18: Exposing Congestion Attack on Emerging Connected Vehicle based Traffic Signal Control
  • NDSS '19: Cleaning Up the Internet of Evil Things: Real-World Evidence on ISP and Consumer Efforts to Remove Mirai
  • S&P '19: Security of GPS/INS based On-road Location Tracking Systems
  • Usenix '19: All Things Considered: An Analysis of IoT Devices on Home Networks
  • Usenix '19: JEDI: Many-to-Many End-to-End Encryption and Key Delegation for IoT
  • CCS 18: HoMonit: Monitoring Smart Home Apps from Encrypted Traffic
  • CCS '19: Automatic Fingerprinting of Vulnerable BLE IoT Devices with Static UUIDs from Mobile Apps

Software Defined Networking

  • CCS 18: vNIDS: Towards Elastic Security with Safe and Efficient Virtualization of Network Intrusion Detection Systems
  • Usenix '17: Identifier Binding Attacks and Defenses in Software-Defined Networks
  • NDSS '15: SPHINX: Detecting Security Attacks in Software-Defined Networks
  • NDSS '16: Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security
  • NDSS '15: Securing the Software Defined Network Control Layer
  • NDSS '17: DELTA: A Security Assessment Framework for Software-Defined Networks
  • SOSR '15: SDNRacer: detecting concurrency violations in software-defined networks
  • NDSS '15: Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures
  • NDSS '17: On the Safety and Efficiency of Virtual Firewall Elasticity Control
  • Euro S&P 17: Outsmarting Network Security with SDN Teleportation

Formal Techniques for Network Security

  • NDSS '18: Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach
  • NDSS '19: Component-Based Formal Analysis of 5G-AKA: Channel Assumptions and Session Confusion
  • CCS '19: Seems Legit: Automated Analysis of Subtle Attacks on Protocols that Use Signatures
  • CCS '17: A Comprehensive Symbolic Analysis of TLS 1.3
  • S&P 18: A Formal Treatment of Accountable Proxying over TLS
  • CCS '19: 5GReasoner: A Property-Directed Security and Privacy Analysis Framework for 5G Cellular Network Protocol