2nd Annual Best Scientific Cybersecurity Paper Competition

Winning Paper | Honorable Mention | Award Ceremony | Review Team

The second NSA Competition for Best Scientific Cybersecurity Paper invited nominations of papers published between October 1, 2012 and December 31, 2013.

Winning Paper

The 2nd annual paper competition winning paper, "Memory Trace Oblivious Program Execution," was originally presented at the 2013 IEEE Computer Security Foundation by Chang Lui, Dr. Michael Hicks, and Dr. Elaine Shi. Their research centered on the development of a scientific foundation for the use of Oblivious RAM (ORAM) in programs. Two aspects of this work were especially compelling to the reviewers: first, it builds a bridge between cryptographic research and information flow research, and shows how the latter can help one apply cryptographic advances in a principled and secure manner. Second, it established a scientific foundation for the use of ORAM in programs and provides a valuable and exciting direction toward making ORAM practical.

Chang Liu is a PhD student in the Department of Computer Science at the University of Maryland. His research interest lies at the intersection of security and programming languages. Chang Liu obtained his M.S. and B.Eng degrees in 2012 and 2009 respectively, both from Shanghai Jiaotong University. Chang was an intern at Microsoft Research, Redmond (2013 summer), Microsoft Research Asia (2011-2012), and IBM China Research Lab (2008 summer). Chang is the recipient of several awards, including a UMD Outstanding Early Graduate Student Award (2014), a Du Shuwu Scholarship (2008), a Microsoft Young Fellowship (2008) and an Irving T. Ho Fellowship (2005). He was also a finalist for Symantec Graduate Fellowship (2014).  His research interests include programming languages, security, knowledge representation, semantic web, database, distributed system, uncertainty reasoning, and information retrieval. 
 

Michael W. Hicks is a Professor in the Computer Science department and UMIACS at the University of Maryland and is the former Director of the Maryland Cybersecurity Center (MC2). His research focuses on using programming languages and analyses to improve the security, reliability, and availability of software. He is perhaps best known for his work exploring dynamic software updating, which is a technique by which software can be updated without shutting it down. He has explored the design of new programming languages and analysis tools for helping programmers find bugs and software vulnerabilities, and for identifying suspicious or incorrect program executions. He has recently been exploring new approaches to authenticated and privacy-preserving computation, combining techniques from cryptography and automated program analysis. 
 

Elaine Shi is an Assistant Professor in the Department of Computer Science at the University of Maryland. She is also part of the Maryland Cybersecurity Center (MC2) and UMIACS. Her research vision is to bridge the theory and practice of security and cryptography. In particular, she combines systems security, cryptography, and programming languages to create systems that are provably secure, efficient, and usable by non-security-experts. Elaine obtained her Ph.D. from Carnegie Mellon University in 2008. Before joining Maryland, she was a research scientist at the Palo Alto Research Center and University of California, Berkeley. She is the recipient of several awards, including a Sloan Research Fellowship (2014), a Google Research Award (2013), a UMD Invention of the Year Award (2014), and an ACM CCS Best Student Paper Award (2013). She is also the winner of the IJCNN/Kaggle Social Network Contest (2011).

Honorable Mention

Of the 35 papers nominated one received honorable mention in this year's competition - "Rethinking SSL Development in an Appified World" by Sascha Fahl, Marian Harbach, Henning Perl, Markus Koetter, and Dr. Matthew Smith from the Distributed Computing and Security Group at Leibniz University in Hannover, Germany. This paper was originally presented at the 2013 ACM Conference on Computer and Communications Security. The authors studied the possible causes of SSL problems on "appified" platforms, and their results showed that the root cause is not simply careless developers, but also the limitations and issues of the current SSL development paradigm.

The authors took an unusual but important step - they systematically contacted developers who had produced insecure code in order to better understand the problem and craft a more effective solution. The authors designed and implemented a framework that allows them to protect SSL network connections via configuration options. The honorable mention paper provides good signposting for how security research should be done: starting with evidence and a careful analysis of the problem, assessing its causes, consulting with the various stakeholders involved, and developing a thorough understanding of why existing solutions are not working.

Sascha Fahl is a PhD student and research assistant at the Distributed Computing & Security Group at Leibniz University Hannover, Germany. He studied Computer Science at Philipps University Marburg where he received his Diplom in 2011. His current research is focused on usability challenges for security and privacy technologies in the context of Mobile Computing and SSL. He also works towards understanding and improving the usability of password based authentication mechanisms.

Marian Harbach is a PhD at the Distributed Computing and Security Group at Leibniz Universität Hannover. He graduated from Philipps Universität Marburg, Germany, in 2010. He has completed his PhD thesis, entitled “On The Adoption of End-User IT Security Measures” and will defend his work in October 2014. His research interests comprise human factors in IT security and usable security measures for both users and developers. He is currently working on alternative forms of applying passwords to protect online assets and options to improve the efficacy of warning messages. In his free-time, Marian is a passionate rock climber, slackliner, and photographer. 

Henning Perl received his Master's degree in computer science in December 2011 from the Leibniz University Hanover, Germany and joined the university's Distributed Computing & Security Group in January 2012 as a doctorate student. While he was still a graduate student he developed the first open-source homomorphic cryptography library. His research interest include cryptography, cryptographic protocols and security.

Matthew Smith is a Professor of Computer Science at Leibniz University Hannover, Germany where he leads the Distributed Computing & Security Group. He studied Computer Science at the University of Siegen and received a PhD from Philipps University Marburg in 2008. His current research is focused on the usability aspects of security and privacy mechanisms with a wide range of application areas. These areas include Mobile and Cloud computing, e-Research infrastructures and Social Networking. He is a member of IEEE and ACM SIGSAC.

About the 2nd Annual Paper Competition

The Best Scientific Cybersecurity Paper Competition is sponsored yearly by NSA's Research Directorate and reflects the Agency's desire to increase scientific rigor in the field. This competition was established to recognize current research that exemplifies the development of scientific rigor in cybersecurity research. SoS is a broad enterprise, involving both theoretical and empirical work across a diverse set of topics. While there can only be one best paper, no single paper can span the full breadth of SoS topics. Nevertheless, work in all facets of security science is both needed and encouraged.