Visible to the public SoS Paper Competition 2013 - Winner Bios

2nd Annual Best Scientific Cybersecurity Paper Competition

Winning Paper | Honorable Mention | Award Ceremony | Review Team

The second NSA Competition for Best Scientific Cybersecurity Paper invited nominations of papers published between October 1, 2012 and December 31, 2013.

Winning Paper

The 2nd annual paper competition winning paper, "Memory Trace Oblivious Program Execution," was originally presented at the 2013 IEEE Computer Security Foundation by Chang Lui, Dr. Michael Hicks, and Dr. Elaine Shi. Their research centered on the development of a scientific foundation for the use of Oblivious RAM (ORAM) in programs. Two aspects of this work were especially compelling to the reviewers: first, it builds a bridge between cryptographic research and information flow research, and shows how the latter can help one apply cryptographic advances in a principled and secure manner. Second, it established a scientific foundation for the use of ORAM in programs and provides a valuable and exciting direction toward making ORAM practical.

Chang Liu is a PhD student in the Department of Computer Science at the University of Maryland. His research interest lies at the intersection of security and programming languages. Chang Liu obtained his M.S. and B.Eng degrees in 2012 and 2009 respectively, both from Shanghai Jiaotong University. Chang was an intern at Microsoft Research, Redmond (2013 summer), Microsoft Research Asia (2011-2012), and IBM China Research Lab (2008 summer). Chang is the recipient of several awards, including a UMD Outstanding Early Graduate Student Award (2014), a Du Shuwu Scholarship (2008), a Microsoft Young Fellowship (2008) and an Irving T. Ho Fellowship (2005). He was also a finalist for Symantec Graduate Fellowship (2014).  His research interests include programming languages, security, knowledge representation, semantic web, database, distributed system, uncertainty reasoning, and information retrieval.

Michael W. Hicks is a Professor in the Computer Science department and UMIACS at the University of Maryland and is the former Director of the Maryland Cybersecurity Center (MC2). His research focuses on using programming languages and analyses to improve the security, reliability, and availability of software. He is perhaps best known for his work exploring dynamic software updating, which is a technique by which software can be updated without shutting it down. He has explored the design of new programming languages and analysis tools for helping programmers find bugs and software vulnerabilities, and for identifying suspicious or incorrect program executions. He has recently been exploring new approaches to authenticated and privacy-preserving computation, combining techniques from cryptography and automated program analysis.

Elaine Shi is an Assistant Professor in the Department of Computer Science at the University of Maryland. She is also part of the Maryland Cybersecurity Center (MC2) and UMIACS. Her research vision is to bridge the theory and practice of security and cryptography. In particular, she combines systems security, cryptography, and programming languages to create systems that are provably secure, efficient, and usable by non-security-experts. Elaine obtained her Ph.D. from Carnegie Mellon University in 2008. Before joining Maryland, she was a research scientist at the Palo Alto Research Center and University of California, Berkeley. She is the recipient of several awards, including a Sloan Research Fellowship (2014), a Google Research Award (2013), a UMD Invention of the Year Award (2014), and an ACM CCS Best Student Paper Award (2013). She is also the winner of the IJCNN/Kaggle Social Network Contest (2011).

Honorable Mention

Of the 35 papers nominated one received honorable mention in this year's competition - "Rethinking SSL Development in an Appified World" by Sascha Fahl, Marian Harbach, Henning Perl, Markus Koetter, and Dr. Matthew Smith from the Distributed Computing and Security Group at Leibniz University in Hannover, Germany. This paper was originally presented at the 2013 ACM Conference on Computer and Communications Security. The authors studied the possible causes of SSL problems on "appified" platforms, and their results showed that the root cause is not simply careless developers, but also the limitations and issues of the current SSL development paradigm.

The authors took an unusual but important step - they systematically contacted developers who had produced insecure code in order to better understand the problem and craft a more effective solution. The authors designed and implemented a framework that allows them to protect SSL network connections via configuration options. The honorable mention paper provides good signposting for how security research should be done: starting with evidence and a careful analysis of the problem, assessing its causes, consulting with the various stakeholders involved, and developing a thorough understanding of why existing solutions are not working.

Sascha Fahl is a PhD student and research assistant at the Distributed Computing & Security Group at Leibniz University Hannover, Germany. He studied Computer Science at Philipps University Marburg where he received his Diplom in 2011. His current research is focused on usability challenges for security and privacy technologies in the context of Mobile Computing and SSL. He also works towards understanding and improving the usability of password based authentication mechanisms.


Marian Harbach is a PhD at the Distributed Computing and Security Group at Leibniz Universität Hannover. He graduated from Philipps Universität Marburg, Germany, in 2010. He has completed his PhD thesis, entitled “On The Adoption of End-User IT Security Measures” and will defend his work in October 2014. His research interests comprise human factors in IT security and usable security measures for both users and developers. He is currently working on alternative forms of applying passwords to protect online assets and options to improve the efficacy of warning messages. In his free-time, Marian is a passionate rock climber, slackliner, and photographer. 

Henning Perl received his Master's degree in computer science in December 2011 from the Leibniz University Hanover, Germany and joined the university's Distributed Computing & Security Group in January 2012 as a doctorate student. While he was still a graduate student he developed the first open-source homomorphic cryptography library. His research interest include cryptography, cryptographic protocols and security.


Matthew Smith is a Professor of Computer Science at Leibniz University Hannover, Germany where he leads the Distributed Computing & Security Group. He studied Computer Science at the University of Siegen and received a PhD from Philipps University Marburg in 2008. His current research is focused on the usability aspects of security and privacy mechanisms with a wide range of application areas. These areas include Mobile and Cloud computing, e-Research infrastructures and Social Networking. He is a member of IEEE and ACM SIGSAC.



Award Ceremony  


Chang Liu, Dr. Michael Hicks, and Dr. Elaine Shi were honored on September 18th at an award ceremony, hosted by the NSA's Director of Research, Dr. Deborah Frincke, where their paper was presented before an audience of cybersecurity experts. Sascha Fahl and Dr. Matthew Smith were also honored during the ceremony for their research as this year's honorable mention.





From Left to Right: NSA's Deputy Director Reseach Mr. Christopher Green, Chang Liu, Dr. Dan Geer, Dr. Michael Hicks, Dr. Mattew Smith, Sascha Fahl, Dr. Elaine Shi, and Dr. Deborah Frincke

Review Team

NSA Competition Leads

  • Dr. Deborah Frincke - Director of Research, NSA
  • Stuart Krohn - Science of Security Technical Director, NSA Trusted Systems Research Group

Distinguished Expert Reviewers

  • Dr. Whitfield Diffie - Cybersecurity Advisor
  • Dr. Daniel Earl Greer Jc., Sc.D. - Chief Information Security Officer at In-Q-Tel
  • John D. McLeanSuperintendent of the Naval Research Laboratory's Information Technology Division (ITD)
  • M. Angela SasseProfessor of Human-Centered Technology and Head of Information Security Research in the Department of Computer Science at University College London (UCL), UK
  • Fred B. SchneiderSamuel B. Eckert Professor of Computer Science at Cornell University
  • Phil Venables - Chief Information Risk Officer at Goldman Sachs
  • David A. WagnerAssistant Professor in the Computer Science Division at the University of California, Berkeley
  • Jeannette WingVice President, head of Microsoft Research International



About the 2nd Annual Paper Competition

The Best Scientific Cybersecurity Paper Competition is sponsored yearly by NSA's Research Directorate and reflects the Agency's desire to increase scientific rigor in the field. This competition was established to recognize current research that exemplifies the development of scientific rigor in cybersecurity research. SoS is a broad enterprise, involving both theoretical and empirical work across a diverse set of topics. While there can only be one best paper, no single paper can span the full breadth of SoS topics. Nevertheless, work in all facets of security science is both needed and encouraged.