February 11, 2005
Top 18 Security Papers - add "the 3 laws of security"
Adam found a "top 18 security papers" list. My suggestion is to add Adi Shamir's recent Turing Award Lecture to the list. I recorded the important slides here, and at least once a week I find myself coping one or other of the components from it for posting somewhere on the net. And I'm writing an entire paper on just one line...
Adam reports the list is already up to 28, perhaps what the list keeper needs is some sort of market determined mechanism. Perhaps every security blog could trackback to their top 3 selections,and thus create a voting circle? (Hmmm, scanning the list, I see some ones that I wouldn't vote for, so how about some negative votes as well?)
To be fair, I'm not sure I've read any of them, which either augers badly for me or badly for the list :-) Which brings up another point. If someone is going to promote some paper or other, far*&%$ake put the URL of the HTML up there... If it ain't in HTML it can't reach an audience and it can't then be in any top 18. So there! That's it from me this week.
Posted by iang at February 11, 2005 03:14 PM
You haven't read Diffie&Hellman, the paper that invented public key cryptography? Chaum's ACM paper? Ken Thompson's infamous ACM lecture, on invisibly backdooring the Unix login?
Having said that, I think the list is poorly chosen and inconsistently presented. Do they really want Rivest on micropayments but leave off RSA???
I am not sure I've read any of them directly. I've read Chaum's Scientific American article, which was I thought pretty influentual, in that it was the starting point for the last decade of work that I did...
I'm certainly aware of the Ken Thompson backdooring, but really, how relevant is that? As a display of the limits of security, sure, but oh so esoteric! If anything, it's a demonstration that if that's all we have to worry about, that's good news.
(I was also confused by the choice of the paper on micropayments. I'm trying to think of an important paper on payments and so forth, and I can't ... most of the action was done by people who wouldn't publish their results as they were hoping to patent up and strike it rich.)
I'm no listkeeper. It is a list we have collected to choose from when giving 18 papers to students in a seminar. Every member of the lab contributed some papers - ac can bee quite easily seen in the different quotation stiles.
But I agree with you: who contributes a paper to such a list should also contribute a link.