Here I keep track a list of papers that won Test of Time award at Top 4 security conferences. Last updated 2022/6

USENIX Security Oakland CCS NDSS

USENIX Security

A Secure Environment for Untrusted Helper Applications
Ian Goldberg, David Wagner, Randi Thomas, and Eric Brewer
Published 1996 | ToT 2019

Evaluating SFI for a CISC Architecture
Stephen McCamant and Greg Morrisett
Published 2006 | ToT 2018

Inferring Internet Denial-of-Service Activity
David Moore, Geoffrey M. Voelker, and Stefan Savage
Published 2001 | ToT 2017

Preventing Privilege Escalation
Niels Provos, Markus Friedl, and Peter Honeyman
Published 2003 | ToT 2016

Why Johnny Can’t Encrypt: A Usability Evaluation of PGP 5.0
Alma Whitten and J. D. Tygar
Published 1999 | ToT 2015

Tor: The Second-Generation Onion Router
Roger Dingledine, Nick Mathewson, and Paul Syverson
Published 2004 | ToT 2014

StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks
Crispin Cowan, Calton Pu, Dave Maier, Jonathan Walpole, Peat Bakke, Steve Beattie, Aaron Grier, Perry Wagle, Qian Zhang, and Heather Hinton
Published 1998 | ToT 2013


SCION: Scalability, Control, and Isolation On Next-Generation Networks
Xin Zhang, Hsu-Chun Hsiao, Geoffrey Hasker, Haowen Chan, Adrian Perrig and David G. Andersen
Published 2011 | ToT 2022

Click Trajectories: End-to-End Analysis of the Spam Value Chain
Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, Mark Felegyhazi, Chris Grier, Tristan Halvorson, Chris Kanich, Christian Kreibich, He Liu, Damon McCoy, Nicholas Weaver, Vern Paxson, Geoffrey M. Voelker, Stefan Savage
Published 2011 | ToT 2022

Unleashing Mayhem on Binary Code
Sang Kil Cha; Thanassis Avgerinos; Alexandre Rebert; David Brumley
Published 2012 | ToT 2022

A Senseof Self for Unix Processes
Stephanie Forrest, Steven A. Hofmeyr, Anil Somayaji and Thomas A. Longstaff
Published 1996 | ToT 2020

Cryptovirology: extortion-based security threats and countermeasures
Adam Young and Moti Yung
Published 1996 | ToT 2020

Decentralized trust management
Matt Blaze, Joan Feigenbaum and Jack Lacy
Published 1996 | ToT 2020

Analysis of a denial of service attack on TCP
C.L. Schuba; I.V. Krsul; M.G. Kuhn; E.H. Spafford; A. Sundaram; D. Zamboni
Published 1997 | ToT 2020

Anonymous Connections and Onion Routing
Michael G. Reed, Paul F. Syverson, and David M. Goldschlag
Published 1998 | ToT 2020

Efficient authentication and signing of multicast streams over lossy channels
A. Perrig; R. Canetti; J.D. Tygar; Dawn Song
Published 2000 | ToT 2020

Practical Techniques for Searches on Encrypted Data
Dawn Xiaodong Song, David Wagner and Adrian Perrig
Published 2000 | ToT 2020

Random key predistribution schemes for sensor networks
Haowen Chan, Adrian Perrig and Dawn Xiaodong Song
Published 2003 | ToT 2020

Distributed detection of node replication attacks in sensor networks
B. Parno; A. Perrig; V. Gligor
Published 2005 | ToT 2020

Robust De-anonymization of Large Sparse Datasets
Arvind Narayanan and Vitaly Shmatikov.
Published 2008 | ToT 2019

Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses
Daniel Halperin, Thomas S. Benjamin, Benjamin Ransford, Shane S. Clark, Benessa Defend, Will Morgan, Kevin Fu, Tadayoshi Kohno and William H. Maisel
Published 2008 | ToT 2019

Protocols for Public Key Cryptosystems
Ralph Merkle
Published 1980 | ToT 2018

Verification of Treaty Compliance Revisited
Gustavus J. Simmons
Published 1983 | ToT 2018

The Interrogator: A Tool for Cryptographic Protocol Security
Jonathan K. Millen
Published 1984 | ToT 2018

A Global Authentication Service without Global Trust
Andrew Birrell, Butler W. Lampson, Roger M. Needham, Michael D. Schroeder
Published 1986 | ToT 2018

An Intrusion-Detection Model
Dorothy E. Denning
Published 1987 | ToT 2018

Reasoning About Security Models
John McLean
Published 1987 | ToT 2018

Encrypted key exchange: password-based protocols secure against dictionary attacks
Steven M. Bellovin, Michael Merritt
Published 1992 | ToT 2018

Prudent engineering practice for cryptographic protocols
Martín Abadi, Roger M. Needham
Published 1994 | ToT 2018

A Practical Approach to Identifying Storage and Timing Channels
Richard Kemmerer
Published 1982 | ToT 2018

Security Policies and Security Models
Joseph Goguen and Jose Meseguer
Published 1982 | ToT 2018


PinDr0p: using single-ended audio features to determine call provenance
Vijay A. Balasubramaniyan, Aamir Poonawalla, Mustaque Ahamad, Michael T. Hunter, Patrick Traynor
Published 2010 | ToT 2020

Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Thomas Ristenpart, Eran Tromer, Hovav Shacham, and Stefan Savage
Published 2009 | ToT 2019

False data injection attacks against state estimation in electric power grid
False data injection attacks against state estimation in electric power grid
Published 2009 | ToT 2019

Ether: Malware Analysis via Hardware Virtualization Extensions
Artem Dinaburg, Paul Royal, Monirul Sharif, and Wenke Lee
Published 2008 | ToT 2018

The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)
Hovav Shacham
Published 2007 | ToT 2017

Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data
Vipul Goyal, Omkant Pandey, Amit Sahai and Brent Waters
Published 2006 | ToT 2016

EXE: Automatically Generating Inputs of Death
Cristian Cadar, Vijay Ganesh, Peter M. Pawlowski, David L. Dill and Dawson R. Engler
Published 2006 | ToT 2016

Control-flow integrity
Martín Abadi, Mihai Budiu, Úlfar Erlingsson, Jay Ligatti
Published 2005 | ToT 2015

Dynamic and efficient key management for access hierarchies
Mikhail J. Atallah, Keith B. Frikken, Marina Blanton
Published 2005 | ToT 2015

Privacy and security in library RFID: issues, practices, and architectures
David Molnar and David Wagner
Published 2004 | ToT 2014

Direct anonymous attestation
Ernest F. Brickell, Jan Camenisch, and Liqun Chen
Published 2004 | ToT 2014

Countering Code-Injection Attacks With Instruction-Set Randomization
Gaurav S. Kc, Angelos D. Keromytis, and Vassilis Prevelakis
Published 2003 | ToT 2013

A Pairwise Key Pre-distribution Scheme for Wireless Sensor Networks
Wenliang Du, Yunghsiang S. Han, Jing Deng, and Pramod K. Varshney
Published 2003 | ToT 2013

Design and implementation of the idemix anonymous credential system
Jan Camenisch and Els Van Herreweghen
Published 2002 | ToT 2012

Mimicry attacks on host-based intrusion detection systems
David Wagner and Paolo Soto
Published 2002 | ToT 2012


Automated Whitebox Fuzz Testing
Patrice Godefroid, Michael Y. Levin, and David Molnar
Published 2008 | ToT 2022

Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software
James Newsome and Dawn Song
Published 2005 | ToT 2020

The Design and Implementation of Datagram TLS
Nagendra Modadugu and Eric Rescorla
Published 2004 | ToT 2020

A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities
David Wagner, Jeffrey S. Foster, Eric A. Brewer, Alexander Aiken
Published 2000 | ToT 2020

Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks
Ari Juels and John Brainard
Published 1999 | ToT 2019

SKEME: A Versatile Secure Key Exchange Mechanism for Internet
Hugo Krawczyk
Published 1996 | ToT 2019

A Virtual Machine Introspection Based Architecture for Intrusion Detection
Tal Garfinkel and Mendel Rosenblum
Published 2003 | ToT 2019

Blog Archive
Archive of all previous blog posts
Blog Archive
Archive of all previous blog posts