Visible to the public Best Scientific Cybersecurity Paper Competition

Visible to the public 

4th Annual Best Scientific Cybersecurity Paper Competition

Winning Paper | Honorable Mention | Award Ceremony | Review Team

The fourth Annual NSA Competition for Best Scientific Cybersecurity Paper recognized the best scientific cybersecurity paper published in 2015. Papers were nominated between December 1, 2015 through March 31, 2016 and 54 nominations were received. Three papers were selected for recognition, a winning paper and two papers for an honorable mention.

Winning Paper

The winning paper is Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration by Soo-Jin Moon, Vyas Sekar and Michael Reiter from Carnegie Mellon University and University of North Carolina. It was presented at Association for Computer Machinery (ACM) Conference on Computer and Communications Security (CCS 15).

The paper discusses a new system called Nomad which demonstrates a general and immediate defense against side-channel attacks as opposed to the current method of developing attack-specific fixes. This side-channel defense applies to attacks that come from another co-resident virtual machine. Conceptually; computers can simulate the appearance of multiple physical computers but in reality be just one computer. These simulated computers should be completely separated and be as if they were two physically different devices, but side-channel attacks break this separation. This is particularly relevant to cloud service providers where each virtual machine could be under the control of different people.

This paper was selected as the winning paper because it provided several scientific advances and tests its conclusions. It develops a threat model and information leakage model. It also develops and test several algorithms for how to move around the virtual machines within the cloud as to reach its goals. In summary, the paper's proposed defense is very simple and yet very powerful. It combines a relevant problem with a pragmatic solutions with the science to support it.

Michael Reiter is the Lawrence M. Slifkin Distinguished Professor in the Department of Computer Science at the University of North Carolina at Chapel Hill (UNC). He received the B.S. degree in mathematical sciences from UNC in 1989, and the M.S.(1991) and Ph.D.(1993) degrees in Computer Science from Cornell University. In 2001, Dr. Reiter joined Carnegie Mellon University as a Professor of Electrical & Computer Engineering and Computer Science, where he was also the founding Technical Director of CyLab. He joined the faculty at UNC in 2007. Dr. Reiter's research interests include all areas of computer and communications security and distributed computing. He regularly publishes and serves on conference organizing committees in these fields. Dr. Reiter was named an ACM Fellow in 2008 and an IEEE Fellow in 2014.

Vyas Sekar is an Assistant Professor in the ECE Department at Carnegie Mellon University, where he is part of CyLab. His research interests lie at the intersection of networking, security, and systems. He received his Ph.D. from the Computer Science Department at Carnegie Mellon University. He earned his bachelor's degree from the Indian Institute of Technology Madras,
where he was awarded the President of India Gold Medal. His work has been recognized with the NSF CAREER award, the ACM SIGCOMM Rising Star Award, the NSA Best Scientific Cybersecurity Paper Award, the CSAW Applied Security Research Prize, and multiple best paper awards (ACM SIGCOMM, ACM CoNext, and ACM Multimedia).

Soo-Jin Moon is a Ph.D. student at the Electrical and Computer Engineering at Carnegie Mellon University, where she is part of Cylab. She holds a bachelors degree (2014) in Electrical Engineering from University of Waterloo, Canada. Her research interests are broadly in the space of Network and Systems Security. Specifically, her research vision is to build practical systems, but also grounded in formal foundations from adjoining disciplines such as software engineering and algorithms. Her work has been recognized with the CSAW Applied Security Research prize (2015).

Honorable Mention Papers

Two papers are being recognized as honorable mentions. The first honorable mention paper is Quantum-Secure Covert Communication on Bosonic Channels. This paper in Nature Communications was written by a team of researchers at University of Massachusetts, Amherst and Raytheon. The researchers are: Boulat A. Bash, Andrei H. Gheorghe, Monika Patel, Jonathan L. Habif, Dennis Goeckel, Don Towsley, and Saikat Guha.

This paper explorers the limits of how much information can be transmitted on a Bosonic Channel where an attacker cannot determine that the transmission has even occurred. This paper presents quantum communications and also presents real world examples and proofs of concept.

The paper is receiving an honorable mention recognition because its a strong and impactful paper with fresh ideas. Most importantly, the paper is being held up as an example of how effective scientific exposition should be organized in scientific and engineering disciplines that employ heavy mathematical analysis.

Boulat A. Bash holds a BA (2001) in Economics from Dartmouth College (Hanover, NH), and an MS (2008) and PhD (2015) in Computer Science from the University of Massachusetts (Amherst, MA). He received the University Of Massachusetts School Of Computer Science Outstanding Doctoral Dissertation Award (2015) for his thesis on the "Fundamental Limits of Covert Communication." He is currently a Scientist in the Quantum Information Processing (QuIP) group at Raytheon BBN Technologies. His research interests include security, privacy, communications, signal processing, and information theory. He is a member of IEEE and ACM.

Dennis Goeckel received his BS from Purdue University in 1992, and his MS and PhD from the University of Michigan in 1993 and 1996, respectively. Since 1996, he has been with the Electrical and Computer Engineering Department at the University of Massachusetts at Amherst, where he is currently a Professor. Prof. Goeckel has been a Lilly Teaching Fellow (2000-2001) and received the University of Massachusetts Distinguished Teaching Award in 2007. He has served on the Editorial Board of a number of international journals in communications and networking: IEEE Transactions on Networking, IEEE Transactions on Mobile Computing, IEEE Transaction on Wireless Communications, and the IEEE Transactions on Communications. He received the NSF CAREER Award in 1999 and is an IEEE Fellow.

Jonathan L. Habif leads the experimental optics laboratory at BBN. The technologies under investigation in the laboratory include photon-starved, classical communication and imaging, quantum-secured optical communications in free-space and fiber, and integrated nano-photonic for both classical and non-classical applications. At BBN, Dr. Habif has served as principal investigator for a number of DARPA-sponsored research programs, partnering with university collaborators to demonstrate revolutionary optical technologies impacting traditional communications, sensing and computation systems. Dr. Habif earned a Ph.D. from the University of Rochester in the field of superconducting quantum computing and continued this course of research as a postdoctoral associate at MIT, before moving to BBN.

Donald Towsley has been a Distinguished Professor at the College of Information & Computer Sciences University of Massachusetts, Amherst since 1998. Dr Towsley earned a BA in Physics (1971) and a Ph.D. in Computer Science (1976) at the University of Texas. His main areas of interest include the design, modeling, analysis, optimization, control, and security of large-scale communication networks and systems. His current areas of research include: understanding the fundamental limits of and trade-offs between performance and security; and harnessing

Saikat Guha is Lead Scientist with the Quantum Information Processing (QuIP) group at BBN Technologies in Cambridge, MA. He received his Bachelor of Technology (B.Tech.) degree in Electrical Engineering from Indian Institute of Technology (IIT) Kanpur in May 2002, his S.M. in Electrical Engineering (2004), and Ph.D. in Computer Science (2008) from Massachusetts Institute of Technology (MIT). Dr. Guha's research interests include investigating fundamental quantum limits on optics-based information processing with applications to communications, imaging and computation, with specific attention to structured realizations of optical systems that can approach those performance limits. He is also interested in network science, network communication theory, and percolation theory.

The other honorable mention paper is Increasing Cybersecurity Investments in Private Sector Firms. It was written by a research group at the University of Maryland, College Park. The team members are Lawrence Gordon, Martin Loeb, William Lucyshyn and Lei Zhou. It was published in a fairly new journal on cross discipline cybersecurity issues, the Journal of Cybersecurity.

This paper develops an economics-based framework for evaluating governmental approaches to increase private sector investment in cybersecurity. Increased cybersecurity investment is needed because of the cost of externalities, the effects on others. This paper helps informs policy makers impact of policies.

This paper was chosen for recognition as it has meticulous methodology and its produces insight that can apply in teh real world to improve security.

Martin P. Loeb is a Professor of Accounting and Information Assurance and a Deloitte & Touche Faculty Fellow at the Robert H. Smith School of Business, University of Maryland, College Park. He is also an affiliate professor in the University of Maryland Institute for Advanced Computer Studies, as well as in the University of Maryland's Center for Public Policy and Private Enterprise and a researcher in the Maryland Cybersecurity Center. Dr. Loeb earned his Ph.D. in Managerial Economics and Decision Sciences from the Kellogg School of Management, Northwestern University in 1975. Loeb's current research deals with economic aspects of information security and the interface between managerial accounting and information technology.

Lei Zhou is a visiting assistant professor at the R.H. Smith School of Business at University of Maryland. Her research interest s focus on economics of information security, security investments, managerial accounting and accounting analytics. She obtained a B.S. in Economics and Management from Tsinghua University in 1998 and Ph.D. in Accounting and Information Assurance in 2004 from the University of Maryland, College Park. She taught at McGill University before joining the University of Maryland.

Dr. Lawrence A. Gordon is the EY Alumni Professor of Managerial Accounting and Information Assurance at the University of Maryland's Robert H. Smith School of Business. He is also an Affiliate Professor in the University of Maryland Institute for Advanced Computer Studies and the School of Public Policy's research Center for Public Policy and Private Enterprise. Dr. Gordon earned his Ph.D. in Managerial Economics from Rensselaer Polytechnic Institute, and his BS and MBA from the University at Albany. His research focuses on economic aspects of cybersecurity, corporate performance measures, cost management systems, and capital investments. For more information about Dr. Gordon, go to his university website at: http://scholar.rhsmith.umd.edu/lgordon.

William Lucyshyn, M.S., is a Research Director at the Defense Advanced Research Projects Agency (DARPA) and a Visiting Senior Research Scholar at the Center for Public Policy and Private Enterprise in the School of Public Affairs at the University of Maryland. In this position, he conducts research into the public policy challenges posed by the increasing role information technologies play in improving government operations and their relationships with the private sector. Previously, Mr. Lucyshyn served as a program manager and the principal technical advisor to the Director, DARPA, on the identification, selection, research, development, and prototype production of advanced technology projects. Prior to this appointment, Mr. Lucyshyn completed a distinguished 25-year career in the U.S. Air Force serving various operations, staff, and acquisition positions. Mr. Lucyshyn received his Bachelor Degree in Engineering Science from the City University of New York in 1971. In 1985 he earned his Master's Degree in Nuclear Engineering from the Air Force Institute of Technology. He was certified Level III, as an Acquisition Professional in Program Management in 1994.

Awards Ceremony

The authors from all three papers are invited to present their work at NSA and be recognized on November 2nd.

Review Team

NSA Competition Leads

Dr. Deborah Frincke - Director of Research, NSA
Dr. Adam Tagert - Science of Security, NSA Information Assurance Research

Distinguished Expert Reviewers

  • Dr. Whitfield Diffie - Cybersecurity Advisor
  • Dr. Daniel Earl Geer Jc., Sc.D. - Chief Information Security Officer at In-Q-Tel
  • John D. McLean - Superintendent of the Naval Research Laboratory's Information Technology Division (ITD)
  • M. Angela Sasse - Professor of Human-Centered Technology and Head of Information Security Research in the Department of Computer Science at University College London (UCL), UK
  • Fred B. Schneider - Samuel B. Eckert Professor of Computer Science at Cornell University
  • Phil Venables - Chief Information Risk Officer at Goldman Sachs
  • David A. Wagner - Assistant Professor in the Computer Science Division at the University of California, Berkeley
  • Jeannette Wing - Vice President, head of Microsoft Research International

NSA Reviwers

The papers were reviewed by a team of experts drawn from various backgrounds across NSA.

About the 4th Annual Paper Competition

The Best Scientific Cybersecurity Paper Competition is sponsored yearly by NSA's Research Directorate and reflects the Agency's desire to increase scientific rigor in the cybersecurity field. This competition was established to recognize current research that exemplifies the development of scientific rigor in cybersecurity research. SoS is a broad enterprise, involving both theoretical and empirical work across a diverse set of topics. While there can only be one best paper, no single paper can span the full breadth of SoS topics. Nevertheless, work in all facets of security science is both needed and encouraged.

Links