Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ
Ξ We've updated our CA certificate. All members need to be using the latest ones by Dec 22. See this page for more infoΞ

Let's do this: a library of technical security papers

Freewheeling spot to chew the fat on anything cryptostorm-related that doesn't fit elsewhere (i.e. support, howto, &c.). Criticism & praise & brainstorming & requests for explanation... this is where it goes when it's hot & ready for action! :-)
User avatar

Topic Author
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am

Let's do this: a library of technical security papers

Postby Pattern_Juggled » Tue Apr 07, 2015 8:23 pm

{direct link: cryptostorm.org/paperchase}

Last week, some of our friends in twitter provided an excellent suggestion: why don't we put together a collection of academic papers on network security & cryptography? Having pondered that over the holiday weekend, I concur 100%.

As is true for every cog in the wheels of academica, I struggle with the flow of papers - papers I'm working on myself and with colleagues, papers I've been asked to formally review prior to publication, papers I really want to read as they are hot stuff, papers I need to read because currency, papers I know I should read and if stuck on a desert island for a few years surely would "catch up" on, papers I feel obligated to have a copy of around despite knowing that I'll never get past the abstract (if that), papers sent to me randomly (often the best ones, by far)... and so on. Some folks reading this will be chucking now, as it's a universal issue in academia. We all have different strategies for handling; most of those strategies fail, in the sense of not keeping the papers well-prioritised and well-organised and accessible - and we take that failure as a fact of life, more or less. So it goes.

I'm in an odd role of carrying (part of) that academic load whilst also engaging in real-life work on the team with cryptostorm. Not surprisingly, I tend to veer towards theoretical areas on this team - and thus I collect an entirely new set of papers that I duly manage poorly as I have for decades elsewhere. And I bore dinner guests to death with references to "the {insert lead author name}" paper - such usage serving as a permanent scar of academic hard time far better than any formal credentials ever could. ;-)

Anyway, the paper-management issue with cstorm is less of a micro-scale private Woody Allen skit, and more relevant because many of the papers we see on the team here are really important in practical terms - life and death, in more than a few cases - for cryptostorm members, and the community more broadly. Research library denizens such as myself develop a creepy ability to recall and digest a flow of papers spanning decades - actual humans who see the light fo day aren't stuffing their minds with obscrure paper cites that may or may not (likely not) ever prove useful in any practical sense. So having this big pile of papers sitting around, inaccessible, sucks. To put it bluntly.

I personally have hundreds of wonderful netsec papers squirreled away in repositories here and there. In the past, I tried to post them here in forum threads - but it's tedious, monotonous, hard-to-automate work to do so in volume. Because, yes, almost all papers are .pdf even in today's day and age. Sure, we stick DOIs on our output and yes DOIs are handy in their own way... but they don't in themselves do anything to solve the archiving problem.

Which, in fact, is largely a solved problem.

There's half a dozen software toolsets of reasonably high repute that automate various parts of the keeping track of papers task. I've a favourite, but it's really better aligned with small-scale collaboration (with co-authors, basically, and journal editors/reviewers) than to this task... although I think a couple of the others look quite strong as candidates. So my tendency is to lean into that space - not surprising, given that it's home terrain for me.

Conversely, there's been suggestions to do a simple wiki: flexible, extensible, de-structured & thus encouraging structuring, and so on. The collaborative tech side of me thinks this all sounds like catnip for info-ecstatic rapture... but the academic in me quails at the disorganised, floppy, student-style sense of it. (I could claim otherwise, but I'd be lying - why do that?)

Thus, opening the question to the community.

Ideas? Advice? Feedback? Suggestions? Tools to recommend? Tools to avoid at all costs & burn with waves of zero-g fire if possible?

Worst-case, I'll just import in an academic tool and use it to essentially open a public portal into my personal paper-queuing methodology... so at least the papers are there and can be found in some sort of taxonomic structuring, for those seeking them. And also pagerank, of course ;-)

Best-case, we can seed the creation of a resource for paper archiving, access, and commentary that will vastly improve the accessability of and thus real-world impact achieved by these excellent research write-ups.

As an example to stir the pot, here's a great piece that I'd not even heard of until it was pointed out to me recently by a colleague in twitter DMs. That might seem banal, but this is a topic that's something of an obsession of mine (one of many, admittedly) in terms of cstorm's security roadmap... but I'd never seen this one. Blame me for being lax in staying abreast of the literature, or see it as a harbinger of what's not really working in current form:


(170.97 KiB) Downloaded 343 times


~ pj
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github

User avatar

Posts: 505
Joined: Mon Aug 05, 2013 11:39 am

Re: Let's do this: a library of technical security papers

Postby marzametal » Wed Apr 08, 2015 6:15 am

Wow... the ultimate remote connection tool...


Re: Let's do this: a library of technical security papers

Postby Zsn1s » Thu May 21, 2015 1:41 pm


i only saw this thread of yours after posting a comment on two of your CNI specific threads

imagine my surprise

Return to “general chat, suggestions, industry news”

Who is online

Users browsing this forum: Google [Bot] and 14 guests