Best Scientific Cybersecurity Paper Competition
NSA AWARD FOR THE BEST SCIENTIFIC CYBERSECURITY PAPER
This year's winning paper, "Memory Trace Oblivious Program Execution," was originally presented at the 2013 IEEE Computer Security Foundation by Chang Liu, Dr. Michael Hicks, and Dr. Elaine Shi. Their research centered on the development of a scientific foundation for the use of Oblivious RAM (ORAM) in programs. Two aspects of this work were especially compelling to the reviewers: First, it builds a bridge between cryptographic research and information flow research, and shows how the latter can help one apply cryptographic advances in a principled and secure manner. Second, it establishes a scientific foundation for the use of ORAM in programs and provides a valuable and exciting direction toward making ORAM practical.
Chang Liu is a second year doctoral student at the University of Maryland in the Department of Computer Science.
Dr. Michael Hicks is a professor in the Computer Science Department and University of Maryland Institute for Advanced Computer Studies (UMIACS) at the University of Maryland, College Park.
Dr. Elaine Shi is an assistant professor in the Computer Science Department at University of Maryland, College Park.
Of the 35 papers nominated one received honorable mention in this year's competition - "Rethinking SSL Development in an Appified World" by Sascha Fahl, Marian Harbach, Henning Perl, Markus Koetter, and Dr. Matthew Smith from the Distributed Computing and Security Group at Leibniz University in Hannover, Germany. This paper was originally presented at the 2013 ACM Conference on Computer and Communications Security. The authors studied the possible causes of SSL problems on "appified" platforms, and their results showed that the root cause is not simply careless developers, but also the limitations and issues of the current SSL development paradigm. The authors took an unusual but important step - they systematically contacted developers who had produced insecure code in order to better understand the problem and craft a more effective solution.
The authors designed and implemented a framework that allows them to protect SSL network connections via configuration options. The honorable mention paper provides good signposting for how security research should be done: starting with evidence and a careful analysis of the problem, assessing its causes, consulting with the various stakeholders involved, and developing a thorough understanding of why existing solutions are not working.
Chang Liu, Dr. Michael Hicks, and Dr. Elaine Shi were honored on September 18th at an award ceremony, hosted by the NSA's Director of Research, where their paper was presented before an audience of cybersecurity experts. Sascha Fahl and Dr. Matthew Smith were also honored during the ceremony for their research as this year's honorable mention.
About the Paper Competition
The Best Scientific Cybersecurity Paper Competition is sponsored yearly by NSA's Research Directorate and reflects the Agency's desire to increase scientific rigor in the field. This competition was established to recognize current research that exemplifies the development of scientific rigor in cybersecurity research. SoS is a broad enterprise, involving both theoretical and empirical work across a diverse set of topics. While there can only be one best paper, no single paper can span the full breadth of SoS topics. Nevertheless, work in all facets of security science is both needed and encouraged.
Details on the competition can be found here.