Winning Paper | Authors | Award Ceremony | Review Team

The eighth NSA Competition for Best Scientific Cybersecurity Paper recognizes the best scientific cybersecurity paper published in 2019. Papers were nominated between December 16, 2019 through April 15, 2020 and 52 nominations were received for 49 papers.

Winning Paper

The winning paper selected is Spectre Attacks: Exploiting Speculative Execution by Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. Originally published at the 2019 IEEE Security & Privacy Symposium, the winning paper, in combination with Meltdown, another award-winning paper released earlier by the same researchers, launched a global effort to mitigate critical vulnerabilities in processors.  

The landmark Spectre research uncovered how a performance feature of modern computer and mobile device processors is vulnerable to leaking private and sensitive data. Specifically, when idle, modern processors predict what will be needed to be computed next and then use this predictive result if the prediction is correct and discard the result if incorrect. The researchers found an opportunity to leak data when they tricked the processor in computing a prediction that would be found to be incorrect and a violation of security protections — a vulnerability internationally known as Spectre. 

The winning research team demonstrated that a long-held bedrock assumption about computing security was not valid. Their efforts visibly displayed key tenets of science including the importance of reviewing past results, testing assumptions, employing rigorous methodologies, and verifying and documenting results. Already having been cited in 1,000+ subsequent research papers, this study is spawning a review of previous research and launching new inquiries. Additionally, the paper had broad scope because the researchers tested many platforms to understand the nature of the issue. This research will have a profound impact on how future processors and computers are built. 

 
The twelve researchers and their institutions are:

Paul Kocher is an entrepreneur and researcher focused on cryptography and data security. He founded Cryptography Research, Inc. and served as its president and chief scientist. In parallel to his work at Cryptography Reseach, he co-founded ValiCert, Inc. which developed solutions for managing digital certificates. He was elected to the National Academy of Engineering in 2009 for contributions to cryptography and Internet security. He's a member of the Forum on Cyber Resilience and was inducted into the Cybersecurity Hall of Fame in 2014. He holds a B.S. degree from Stanford University.  

Jann Horn is a computer security researcher at Google Project Zero. He was part of a team that discovered flaws in CPUs called Meltdown and Spectre. He previously worked with Berlin-based cybesecurity consultancy Cure53. He was educated at Cäcilienschule Oldenburg.  

Anders Fogh is a security researcher at Intel Corporation. He has been intimately involved in software development since 1992. He has an extensive track record of innovation and development in information security, optical media and reverse engineering. Notable contributions to the field of information security includes the first open source packer and co-authoring the first public generic unpacker for executables in the windows environment. More resonantly he was the first to suggest a software only solution to the infamous row hammer hardware exploit and this work was presented at the Black Hat USA conference. In the optical media segment Mr. Fogh among other things invented the first copy protection for DVD-video that can be applied to recordable media and was instrumental in the development of patented video encoding technology.  

Daniel Genkin is an Assistant Professor at the Department of Electrical Engineering and Computer Science at the University Of Michigan. Before that, he was a Postdoctoral Fellow at the University of Pennsylvania and the University of Maryland, where he was hosted by Prof. Nadia Heninger and Prof. Jonathan Katz. Previously he has been a Ph.D student at the Computer Science Department in the Technion — Israel's Institute of Technology where he was co-advised by Prof. Yuval Ishai and Prof. Eran Tromer. His research interests are in cryptography and system security, including both theory and practice with particular interests in side-channel attacks, hardware security, cryptanalysis, secure multiparty computation (MPC), verifiable computation and SNARKS  

Daniel Gruss is an assistant professor in the Secure Systems group (Team Gruss/CoreSec) at the Graz University of Technology, Institute of Applied Information Processing and Communications. In his research, he explores software-based microarchitectural attacks and operating system features. He teaches undergraduate courses such as Operating Systems (see Hall of Fame), and System-Level Programming, and graduate courses such as Embedded Security, and Security Aspects in Software Development.  

Werner Haas is the Chief Technology Officer of Cyberus Technology, devising leading solutions to secure our digital era. Since disclosing the Meltdown vulnerability to Intel, educating people on the basic principles of operation and mitigation options has become a regular occupation, be it at international conferences, workshops, or in dedicated training courses.  
His expertise stems from working 10+ years at Intel in the Germany Microprocessor Lab and the Systems Architecture Lab in Hillsboro, USA.  

Mike Hamburg is a researcher at Rambus, where he researches cryptography, side channels, and secure cores. He designed several cryptographic algorithms: the STROBE lightweight protocol, the Ed448-Goldilocks elliptic curve and the ThreeBears postquantum encryption algorithm. He also helped find the Spectre vulnerability. He received a Ph.D. in cryptography from Stanford.   

Moritz Lipp is a PhD Candidate at the CoreSec group at the Institute of Applied Information Processing and Communications at Graz University of Technology. He is the founder of pwmt.org, an open-source community creating functional and simplistic applications and libraries. He is interested in microarchitectural side-channel attacks and apiculture.  

Stefan Mangard is professor and head of the Institute of Applied Information Processing and Communications at Graz University of Technology. His research interests include hardware security, side channels, cryptographic implementations, security verification, and secure system architectures for application domains ranging from small embedded and IoT devices to cloud solutions. He holds an ERC consolidator grant for research on the side-channel security of processors, and he is author of a textbook on power analysis attacks and more than 90 scientific publications. Before joining Graz University of Technology as a professor, he was working as leading security architect at the Chip Card and Security division of Infineon Technologies in Munich. He received his PhD and MSc degree in computer engineering from Graz University of Technology in 2004 and 2002, respectively.  

Thomas Prescher is the chief architect at Cyberus Technology. He is a former Intel engineer. He is a graduate of Brandenburg Technical University Cottbus-Senftenber.   

Michael Schwarz is faculty at the Helmholtz Center for Information Security (CISPA) in Saarbrücken, Germany, with a focus on microarchitectural side-channel attacks and system security. He obtained his PhD with the title "Software-based Side-Channel Attacks and Defenses in Restricted Environments" in 2019 from Graz University of Technology (advised by Daniel Gruss). He holds two master's degrees, one in computer science and one in software engineering with a strong focus on security. He is a regular speaker at both academic and hacker conferences (7 times Black Hat, CCC, Blue Hat, etc.). He was part of one of the research teams that found the Meltdown, Spectre, Fallout, and LVI vulnerabilities, as well as the ZombieLoad vulnerability. He was also part of the KAISER patch, the basis for Meltdown countermeasures now deployed in every modern operating system under names such as KPTI or KVA Shadow.  

Yuval Yarom is a Senior Lecturer (Australian for Assistant Professor) at the School of Computer Science at the University of Adelaide, and a Researcher in the Trustworthy Systems group at Data61, CSIRO. He earned his Ph.D. in Computer Science from the University of Adelaide in 2014, and his M.Sc. in Computer Science and B.Sc. in Mathematics and Computer Science from the Hebrew University of Jerusalem in 1993 and 1990, respectively. In between, he served as the Vice President of Research in Memco Software and a co-founder and Chief Technology Officer of Girafa.com. His research explores the security of the interface between the software and the hardware. In particular, he is interested in the discrepancy between the way that programmers think about software execution and the concrete execution in modern processors. He works on identifying micro-architectural vulnerabilities, and on exploitation and mitigation techniques.

Award Ceremony

Due to Covid travel and gathering restrictions, the recognition ceremony was not held.

Review Team

NSA Competition Leads:

The following individuals served as distinguished experts for the 7th annual competition:

About the Competition

The Best Scientific Cybersecurity Paper Competition is sponsored yearly by NSA's Research Directorate and reflects the Agency's desire to increase scientific rigor in the cybersecurity field. This competition was established to recognize current research that exemplifies the development of scientific rigor in cybersecurity research. SoS is a broad enterprise, involving both theoretical and empirical work across a diverse set of topics. While there can only be one best paper, no single paper can span the full breadth of SoS topics. Nevertheless, work in all facets of security science is both needed and encouraged.