It was some time ago that I read a post somewhere (really can’t remember where) with a simple question. What are the top papers which one should read from conferences every year in order to keep up to date with the latest and most important developments. This was an interesting and yet challenging question. Nevertheless, we (i.e. our research team) decided to review papers from the top4 security conferences in our regular weekly meetings and through a process select the top 5 papers from each conference.
How did we go about it?
This was our first try on the issue, so not much of a scientific approach! We started studying papers as they were presented from the first session and on. In every meeting we selected the top papers from the sessions reviewed, and then argued if they should be kept in a top 10 list, and if the top 10 list was full, if any papers should be removed from the list to make room for the new paper selected. At the end of the process, we were left with 10 papers for the whole conference, from which we argued and selected the top 5.
What is considered “TOP”?
“Top” is a subjective matter, and to make matters worse security is a very wide field with very different topics which require very different expertise. Over the sessions, it became clear that there were biases. For example if a topic was new for everyone, they would argue that it should be included in the “top” list, where as there may have been previous research on the topic that the students where unaware of. There was also bias on topic which everyone was more familiar with. In such cases the argument was that a major problem was solved(i.e. although the scope of the work was very narrow). So again, top is a subjective matter. But I believe that as time goes on, and we keep doing this for a few more conferences, this bias would be less of an issue as everyone would have seen more papers to compare with.
Was the process useful?
Most definitely. Although we did not cover every detail in the papers we read, but we did study current day problems which is are being addressed by researchers and the approach taken to tackle the problem. In fact as papers were reviewed from different sessions, students were exposed to different problems and solutions; Where the subject was very different from what the are researching on. I find this to be extremely important. Students usually get too focused on a specific topic, and they lose sight as to the bigger picture. In other words, such exercise is great in providing “breadth” to the student, in addition to the “depth” obtained as part of research on a specific topic.
Here are the Top5 selected papers from NDSS’18:
1- Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics. Erick Bauman (University of Texas at Dallas), Zhiqiang Lin (University of Texas at Dallas), and Kevin Hamlen (University of Texas at Dallas).
2- Face Flashing: a Secure Liveness Detection Protocol based on Light Reflections. Di Tang (Chinese University of Hong Kong), Zhe Zhou (Fudan University), Yinqian Zhang (Ohio State University), and Kehuan Zhang (Chinese University of Hong Kong).
3- Cloud Strife: Mitigating the Security Risks of Domain-Validated Certificates. Kevin Borgolte (UC Santa Barbara), Tobias Fiebig (TU Delft), Shuang Hao (UT Dallas), Christopher Kruegel (UC Santa Barbara), and Giovanni Vigna (UC Santa Barbara).
4- Device Pairing at the Touch of an Electrode. Marc Roeschlin (University of Oxford), Ivan Martinovic (University of Oxford), and Kasper B. Rasmussen (University of Oxford).
5- Settling Payments Fast and Private: Efficient Decentralized Routing for Path-Based Transactions. Stefanie Roos (University of Waterloo), Pedro Moreno-Sanchez (Purdue University), Aniket Kate (Purdue University), and Ian Goldberg (University of Waterloo).
Last but not least, we are always happy if we could get more people in the room arguing on the papers. So if you like to participate in the process for the next conference review please drop me an email.
Post by: Mehdi Kharrazi