Systematizing Systematization of Knowledge

Oakland Horse

Since 2010, the IEEE Symposium on Security and Privacy ("Oakland" conference) has included papers on Systematization of Knowledge (SoK). This paper track grew out of discussions at the NSF/IARPA/NSA Workshop on the Science of Security held at the Claremont Resort in November 2008. This site collects all the Oakland SoK papers, as well as SoK papers in IEEE European Symposium on Security and Privacy (EuroS&P).

SoK Authors · Frequently Asked Questions· Other Conferences with SoK

The very first ever SoK paper, presented at the 31st IEEE Symposium on Security and Privacy (Oakland 2010), was Outside the Closed World: On Using Machine Learning For Network Intrusion Detection by Robin Sommer and Vern Paxson. At the 41st IEEE Symposium on Security and Privacy, this paper was recognized with a Test-of-Time Award. Congratulations to Robin Sommer and Vern Paxson for the lasting impact of the first SoK paper!

SoK: Security and Privacy in the Age of Commercial DronesBen Nassi, Ron Bitton, Ryusuke Masuoka, Asaf Shabtai, Yuval Elovici
SoK: Computer-Aided CryptographyManuel Barbosa, Gilles Barthe, Karthik Bhargavan, Bruno Blanchet, Cas Cremers, Kevin Liao, Bryan Parno
SoK: All You Ever Wanted to Know About x86/x64 Binary Disassembly but Were Afraid to AskChengbin Pang, Ruotong Yu, Yaohui Chen, Eric Koskinen, Georgios Portokalidis, Bing Mao, Jun Xu
SoK: The Faults in our ASRs: An Overview of Attacks against Automatic Speech Recognition and Speaker Identification SystemsHadi Abdullah, Kevin Warren, Vincent Bindschaedler, Nicolas Papernot, Patrick Traynor
SoK: Quantifying Cyber RiskDaniel W. Woods, Rainer Böhme
SoK: Hate, Harassment, and the Changing Landscape of Online AbuseKurt Thomas, Devdatta Akhawe, Michael Bailey, Dan Boneh, Elie Bursztein, Sunny Consolvo, Nicola Dell, Zakir Durumeric, Patrick Gage Kelley, Deepak Kumar, Damon McCoy, Sarah Meiklejohn, Thomas Ristenpart, Gianluca Stringhini
SoK: An Overview of FHE Compilers and ToolsAlexander Viand, Patrick Jattke, Anwar Hithnawi
SoK: Differential Privacy as a Causal PropertyMichael C. Tschantz, Shayak Sen, Anupam Datta
SoK: Cyber Insurance - Technical Challenges and a System Security RoadmapSavino Dambra, Leyla Bilge, Davide Balzarotti
SoK: A Minimalist Approach to Formalizing Analog Sensor SecurityChen Yan, Hocheol Shin, Connor Bolton, Wenyuan Xu, Yongdae Kim, Kevin Fu
SoK: Understanding the Prevailing Security Vulnerabilities in TrustZone-Assisted TEE SystemsDavid Cerdeira, Nuno Santos, Pedro Fonseca, Sandro Pinto
SoK: Delegation and Revocation, the Missing Links in the Web's Chain of Trust (EuroS&P)Laurent Chuat, AbdelRahman Abdou, Ralf Sasse, Christoph Sprenger, David Basin, Adrian Perrig
SoK: Sanitizing for SecurityDokyung Song, Julian Lettner, Prabhu Rajasekaran, Yeoul Na, Stijn Volckaert, Per Larsen, Michael Franz
SoK: Security Evaluation of Home-Based IoT DeploymentsOmar Alrawi, Chaz Lever, Manos Antonakakis, Fabian Monrose
SoK: The Challenges, Pitfalls, and Perils of Using Hardware Performance Counters for SecuritySanjeev Das, Jan Werner, Manos Antonakakis, Michalis Polychronakis, Fabian Monrose
SoK: General Purpose Compilers for Secure Multi-Party ComputationMarcella Hastings, Brett Hemenway, Daniel Noble, Steve Zdancewic
SoK: Shining Light on Shadow Stacks Nathan Burow, Xinping Zhang, Mathias Payer
SoK: Benchmarking Flaws in Systems Security (EuroS&P)Erik van der Kouwe, Gernot Heiser, Dennis Andriesse, Herbert Bos, Cristiano Giuffrida
SoK: Keylogging Side ChannelsJohn V. Monaco
SoK: "Plug & Pray" Today - Understanding USB Insecurity in Versions 1 through CJing Tian, Nolen Scaife, Deepak Kumar, Michael Bailey, Adam Bates, Kevin Butler
SoK: Security and Privacy in Machine Learning (EuroS&P)Nicolas Papernot, Patrick McDaniel, Arunesh Sinha, Michael P. Wellman
SoK: Science, Security, and the Elusive Goal of Security as a Scientific PursuitCormac Herley, Paul C. van Oorschot
SoK: Cryptographically Protected Database SearchBenjamin Fuller, Mayank Varia, Arkady Yerukhimovich, Emily Shen, Ariel Hamlin, Vijay Gadepally, Richard Shay, John Darby Mitchell, Robert K. Cunningham
SoK: Exploiting Network PrintersJens Müller, Vladislav Mladenov, Juraj Somorovsky, Jörg Schwenk
SoK: Fraud in Telephony Networks (EuroS&P)Merve Sahin, Aurélien Francillon, Payas Gupta, Mustaque Ahamad
SoK: Single Sign-On Security — An Evaluation of OpenID Connect (EuroS&P)Christian Mainka, Vladislav Mladenov, Jörg Schwenk, Tobias Wich
SoK: (State of) The Art of War: Offensive Techniques in Binary AnalysisYan Shoshitaishvili, Ruoyu Wang, Christopher Salls, Nick Stephens, Mario Polino, Andrew Dutcher, John Grosen, Siji Feng, Christophe Hauser, Christopher Kruegel, Giovanni Vigna
SoK: Everyone Hates Robocalls: A Survey of Techniques against Telephone SpamHuahong Tu, Adam Doupé, Ziming Zhao, Gail-Joon Ahn
SoK: Lessons Learned From Android Security Research For Appified Software PlatformsYasemin Acar, Michael Backes, Sven Bugiel, Sascha Fahl, Patrick McDaniel, Matthew Smith
SoK: Verifiability Notions for E-Voting ProtocolsVéronique Cortier, David Galindo, Ralf Kuesters, Johannes Mueller, Tomasz Truderung
SoK: Towards Grounding Censorship Circumvention in EmpiricismMichael C. Tschantz, Sadia Afroz, Anonymous, Vern Paxson
SoK: Research Perspectives and Challenges for Bitcoin and CryptocurrenciesJoseph Bonneau, Andrew Miller, Jeremy Clark, Arvind Narayanan, Joshua A. Kroll, Edward W. Felten
SoK: Secure MessagingNik Unger, Sergej Dechand, Joseph Bonneau, Sascha Fahl, Henning Perl, Ian Goldberg, Matthew Smith
SoK: A comprehensive analysis of game-based ballot privacy definitionsDavid Bernhard, Véronique Cortier, David Galindo, Olivier Pereira, Bogdan Warinschi
SoK: Deep Packer Inspection: A Longitudinal Study of the Complexity of Run-Time PackersXabier Ugarte-Pedrero, Davide Balzarotti, Igor Santos Grueiro, Pablo Garcia Bringas
SoK: Automated Software DiversityPer Larsen, Andrei Homescu, Stefan Brunthaler, Michael Franz
SoK: Security and Privacy in Implantable Medical Devices and Body Area NetworksMichael Rushanan, Colleen Swanson, Denis Foo Kune, Aviel D. Rubin
SoK: Introspections on Trust and the Semantic GapBhushan Jain, Mirza Basim Baig, Dongli Zhang, Donald E. Porter, Radu Sion
SoK: Eternal War in MemoryLaszlo Szekeres, Mathias Payer, Tao Wei, Dawn Song
SoK: P2PWNED — Modeling and Evaluating the Resilience of Peer-to-Peer BotnetsChristian Rossow, Dennis Andriesse, Tillmann Werner, Brett Stone-Gross, Daniel Plohmann, Christian J. Dietrich, Herbert Bos
SoK: Secure Data DeletionJoel Reardon, David Basin, Srdjan Capkun
SoK: The Evolution of Sybil Defense via Social NetworksLorenzo Alvisi, Allen Clement, Alessandro Epasto, Silvio Lattanzi, Alessandro Panconesi
SoK: SSL and HTTPS: Revisiting Past Challenges and Evaluating Certificate Trust Model EnhancementsJeremy Clark, Paul C. van Oorschot
Prudent Practices for Designing Malware Experiments: Status Quo and OutlookChristian Rossow, Christian J. Dietrich, Chris Grier, Christian Kreibich, Vern Paxson, Norbert Pohlmann, Herbert Bos, Maarten van Steen
Dissecting Android Malware: Characterization and EvolutionYajin Zhou, Xuxian Jiang
The Psychology of Security for the Home Computer UserAdele Howe, Indrajit Ray, Mark Roberts, Malgorzata Urbanska, Zinta Byrne
Peek-a-Boo, I Still See you: Why Efficient Traffic Analysis Countermeasures FailKevin P. Dyer, Scott E. Coull, Thomas Ristenpart, Thomas Shrimpton
Third-Party Web Tracking Policy and TechnologyJonathan R. Mayer, John C. Mitchell
OB-PWS: Obfuscation-Based Private Web SearchEro Balsa, Carmela Troncoso, Claudia Diaz
The quest to replace passwords: A framework for comparative evaluation of web authentication schemesJoseph Bonneau, Cormac Herley, Paul C. van Oorschot, Frank Stajano
Formalizing Anonymous Blacklisting SystemsRyan Henry, Ian Goldberg
Mobile Security Catching Up? - Revealing the nuts and bolts of the security of mobile devicesMichael Becher, Felix C. Freiling, Johannes Hoffmann, Thorsten Holz, Sebastian Uellenbeck, Christopher Wolf
A Formal Foundation for the Security Features of Physical FunctionsFrederik Armknecht, Roel Maes, Ahmad-Reza Sadeghi, Francois-Xavier Standaert, Christian Wachsmann
Timing- and Termination-Sensitive Secure Information Flow: Exploring a New ApproachVineeth Kashyap, Ben Wiedermann, Ben Hardekopf
Outside the Closed World: On Using Machine Learning For Network Intrusion DetectionRobin Sommer, Vern Paxson
All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask)Thanassis Avgerinos, Edward Schwartz, David Brumley
State of the Art: Automated Black-Box Web Application Vulnerability TestingJason Bau, Elie Bursztein, Divij Gupta, John Mitchell
How Good are Humans at Solving CAPTCHAs? A Large Scale EvaluationElie Bursztein, Steven Bethard, John C. Mitchell, Dan Jurafsky, Céline Fabry
Bootstrapping Trust in Commodity ComputersBryan Parno, Jonathan M. McCune, Adrian Perrig