Systematizing Systematization of Knowledge
Since 2010, the IEEE Symposium on Security and Privacy ("Oakland"
conference) has included papers on Systematization of Knowledge
(SoK). This paper track grew out of discussions at the NSF/IARPA/NSA Workshop on the
Science of Security held at the Claremont Resort in November
2008. This site collects all the Oakland SoK papers, as well as SoK papers in IEEE European Symposium on Security and Privacy (EuroS&P).
SoK Authors · Frequently Asked Questions· Other Conferences with SoK
The very first ever SoK paper, presented at the 31st IEEE Symposium on Security and Privacy (Oakland 2010), was Outside the Closed World: On Using Machine Learning For Network Intrusion Detection by Robin Sommer and Vern Paxson. At the 41st IEEE Symposium on Security and Privacy, this paper was recognized with a Test-of-Time Award. Congratulations to Robin Sommer and Vern Paxson for the lasting impact of the first SoK paper!
| 2021 | |
| SoK: Security and Privacy in the Age of Commercial Drones | Ben Nassi, Ron Bitton, Ryusuke Masuoka, Asaf Shabtai, Yuval Elovici |
| SoK: Computer-Aided Cryptography | Manuel Barbosa, Gilles Barthe, Karthik Bhargavan, Bruno Blanchet, Cas Cremers, Kevin Liao, Bryan Parno |
| SoK: All You Ever Wanted to Know About x86/x64 Binary Disassembly but Were Afraid to Ask | Chengbin Pang, Ruotong Yu, Yaohui Chen, Eric Koskinen, Georgios Portokalidis, Bing Mao, Jun Xu |
| SoK: The Faults in our ASRs: An Overview of Attacks against Automatic Speech Recognition and Speaker Identification Systems | Hadi Abdullah, Kevin Warren, Vincent Bindschaedler, Nicolas Papernot, Patrick Traynor |
| SoK: Quantifying Cyber Risk | Daniel W. Woods, Rainer Böhme |
| SoK: Hate, Harassment, and the Changing Landscape of Online Abuse | Kurt Thomas, Devdatta Akhawe, Michael Bailey, Dan Boneh, Elie Bursztein, Sunny Consolvo, Nicola Dell, Zakir Durumeric, Patrick Gage Kelley, Deepak Kumar, Damon McCoy, Sarah Meiklejohn, Thomas Ristenpart, Gianluca Stringhini |
| SoK: An Overview of FHE Compilers and Tools | Alexander Viand, Patrick Jattke, Anwar Hithnawi |
| 2020 | |
| SoK: Differential Privacy as a Causal Property | Michael C. Tschantz, Shayak Sen, Anupam Datta |
| SoK: Cyber Insurance - Technical Challenges and a System Security Roadmap | Savino Dambra, Leyla Bilge, Davide Balzarotti |
| SoK: A Minimalist Approach to Formalizing Analog Sensor Security | Chen Yan, Hocheol Shin, Connor Bolton, Wenyuan Xu, Yongdae Kim, Kevin Fu |
| SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-Assisted TEE Systems | David Cerdeira, Nuno Santos, Pedro Fonseca, Sandro Pinto |
| SoK: Delegation and Revocation, the Missing Links in the Web's Chain of Trust (EuroS&P) | Laurent Chuat, AbdelRahman Abdou, Ralf Sasse, Christoph Sprenger, David Basin, Adrian Perrig |
| 2019 | |
| SoK: Sanitizing for Security | Dokyung Song, Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, Michael Franz |
| SoK: Security Evaluation of Home-Based IoT Deployments | Omar Alrawi, Chaz Lever, Manos Antonakakis, Fabian Monrose |
| SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for Security | Sanjeev Das, Jan Werner, Manos Antonakakis, Michalis Polychronakis, Fabian Monrose |
| SoK: General Purpose Compilers for Secure Multi-Party Computation | Marcella Hastings, Brett Hemenway, Daniel Noble, Steve Zdancewic |
| SoK: Shining Light on Shadow Stacks | Nathan Burow, Xinping Zhang, Mathias Payer |
| SoK: Benchmarking Flaws in Systems Security (EuroS&P) | Erik van der Kouwe, Gernot Heiser, Dennis Andriesse, Herbert Bos, Cristiano Giuffrida |
| 2018 | |
| SoK: Keylogging Side Channels | John V. Monaco |
| SoK: "Plug & Pray" Today - Understanding USB Insecurity in Versions 1 through C | Jing Tian, Nolen Scaife, Deepak Kumar, Michael Bailey, Adam Bates, Kevin Butler |
| SoK: Security and Privacy in Machine Learning (EuroS&P) | Nicolas Papernot, Patrick McDaniel, Arunesh Sinha, Michael P. Wellman |
| 2017 | |
| SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit | Cormac Herley, Paul C. van Oorschot |
| SoK: Cryptographically Protected Database Search | Benjamin Fuller, Mayank Varia, Arkady Yerukhimovich, Emily Shen, Ariel Hamlin, Vijay Gadepally, Richard Shay, John Darby Mitchell, Robert K. Cunningham |
| SoK: Exploiting Network Printers | Jens Müller, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk |
| SoK: Fraud in Telephony Networks (EuroS&P) | Merve Sahin, Aurélien Francillon, Payas Gupta, Mustaque Ahamad |
| SoK: Single Sign-On Security — An Evaluation of OpenID Connect (EuroS&P) | Christian Mainka, Vladislav Mladenov, Jörg Schwenk, Tobias Wich |
| 2016 | |
| SoK: (State of) The Art of War: Offensive Techniques in Binary Analysis | Yan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, Giovanni Vigna |
| SoK: Everyone Hates Robocalls: A Survey of Techniques against Telephone Spam | Huahong Tu, Adam Doupé, Ziming Zhao, Gail-Joon Ahn |
| SoK: Lessons Learned From Android Security Research For Appified Software Platforms | Yasemin Acar, Michael Backes, Sven Bugiel, Sascha Fahl, Patrick McDaniel, Matthew Smith |
| SoK: Verifiability Notions for E-Voting Protocols | Véronique Cortier, David Galindo, Ralf Kuesters, Johannes Mueller, Tomasz Truderung |
| SoK: Towards Grounding Censorship Circumvention in Empiricism | Michael C. Tschantz, Sadia Afroz, Anonymous, Vern Paxson |
| 2015 | |
| SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies | Joseph Bonneau, Andrew Miller, Jeremy Clark, Arvind Narayanan, Joshua A. Kroll, Edward W. Felten |
| SoK: Secure Messaging | Nik Unger, Sergej Dechand, Joseph Bonneau, Sascha Fahl, Henning Perl, Ian Goldberg, Matthew Smith |
| SoK: A comprehensive analysis of game-based ballot privacy definitions | David Bernhard, Véronique Cortier, David Galindo, Olivier Pereira, Bogdan Warinschi |
| SoK: Deep Packer Inspection: A Longitudinal Study of the Complexity of Run-Time Packers | Xabier Ugarte-Pedrero, Davide Balzarotti, Igor Santos Grueiro, Pablo Garcia Bringas |
| 2014 | |
| SoK: Automated Software Diversity | Per Larsen, Andrei Homescu, Stefan Brunthaler, Michael Franz |
| SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks | Michael Rushanan, Colleen Swanson, Denis Foo Kune, Aviel D. Rubin |
| SoK: Introspections on Trust and the Semantic Gap | Bhushan Jain, Mirza Basim Baig, Dongli Zhang, Donald E. Porter, Radu Sion |
| 2013 | |
| SoK: Eternal War in Memory | Laszlo Szekeres, Mathias Payer, Tao Wei, Dawn Song |
| SoK: P2PWNED — Modeling and Evaluating the Resilience of Peer-to-Peer Botnets | Christian Rossow, Dennis Andriesse, Tillmann Werner, Brett Stone-Gross, Daniel Plohmann, Christian J. Dietrich, Herbert Bos |
| SoK: Secure Data Deletion | Joel Reardon, David Basin, Srdjan Capkun |
| SoK: The Evolution of Sybil Defense via Social Networks | Lorenzo Alvisi, Allen Clement, Alessandro Epasto, Silvio Lattanzi, Alessandro Panconesi |
| SoK: SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model Enhancements | Jeremy Clark, Paul C. van Oorschot |
| 2012 | |
| Prudent Practices for Designing Malware Experiments: Status Quo and Outlook | Christian Rossow, Christian J. Dietrich, Chris Grier, Christian Kreibich, Vern Paxson, Norbert Pohlmann, Herbert Bos, Maarten van Steen |
| Dissecting Android Malware: Characterization and Evolution | Yajin Zhou, Xuxian Jiang |
| The Psychology of Security for the Home Computer User | Adele Howe, Indrajit Ray, Mark Roberts, Malgorzata Urbanska, Zinta Byrne |
| Peek-a-Boo, I Still See you: Why Efficient Traffic Analysis Countermeasures Fail | Kevin P. Dyer, Scott E. Coull, Thomas Ristenpart, Thomas Shrimpton |
| Third-Party Web Tracking Policy and Technology | Jonathan R. Mayer, John C. Mitchell |
| OB-PWS: Obfuscation-Based Private Web Search | Ero Balsa, Carmela Troncoso, Claudia Diaz |
| The quest to replace passwords: A framework for comparative evaluation of web authentication schemes | Joseph Bonneau, Cormac Herley, Paul C. van Oorschot, Frank Stajano |
| 2011 | |
| Formalizing Anonymous Blacklisting Systems | Ryan Henry, Ian Goldberg |
| Mobile Security Catching Up? - Revealing the nuts and bolts of the security of mobile devices | Michael Becher, Felix C. Freiling, Johannes Hoffmann, Thorsten Holz, Sebastian Uellenbeck, Christopher Wolf |
| A Formal Foundation for the Security Features of Physical Functions | Frederik Armknecht, Roel Maes, Ahmad-Reza Sadeghi, Francois-Xavier Standaert, Christian Wachsmann |
| Timing- and Termination-Sensitive Secure Information Flow: Exploring a New Approach | Vineeth Kashyap, Ben Wiedermann, Ben Hardekopf |
| 2010 | |
| Outside the Closed World: On Using Machine Learning For Network Intrusion Detection | Robin Sommer, Vern Paxson |
| All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask) | Thanassis Avgerinos, Edward Schwartz, David Brumley |
| State of the Art: Automated Black-Box Web Application Vulnerability Testing | Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell |
| How Good are Humans at Solving CAPTCHAs? A Large Scale Evaluation | Elie Bursztein, Steven Bethard, John C. Mitchell, Dan Jurafsky, Céline Fabry |
| Bootstrapping Trust in Commodity Computers | Bryan Parno, Jonathan M. McCune, Adrian Perrig |