2nd Annual Best Scientific Cybersecurity Paper Competition
The second NSA Competition for Best Scientific Cybersecurity Paper invited nominations of papers published between October 1, 2012 and December 31, 2013. Nominated papers must show an oustanding contribution to cybersecurity science.
Winning Paper
This 2nd annual paper competition winning paper, "Memory Trace Oblivious Program Execution," was originally presented at the 2013 IEEE Computer Security Foundation by Chang Liu, Dr. Michael Hicks, and Dr. Elaine Shi.Their research centered on the development of a scientific foundation for the use of Oblivious RAM (ORAM) in programs. Two aspects of this work were especially compelling to the reviewers: First, it builds a bridge between cryptographic research and information flow research, and shows how the latter can help one apply cryptographic advances in a principled and secure manner. Second, it establishes a scientific foundation for the use of ORAM in programs and provides a valuable and exciting direction toward making ORAM practical.
Chang Liu is a second year doctoral student at the University of Maryland in the Department of Computer Science.
Dr. Michael Hicks is a professor in the Computer Science Department and University of Maryland Institute for Advanced Computer Studies (UMIACS) at the University of Maryland, College Park.
Dr. Elaine Shi is an assistant professor in the Computer Science Department at University of Maryland, College Park.
Honorable Mention
Of the 35 papers nominated one received honorable mention in this year's competition - “Rethinking SSL Development in an Appified World" by Sascha Fahl, Marian Harbach, Henning Perl, Markus Koetter, and Dr. Matthew Smith from the Distributed Computing and Security Group at Leibniz University in Hannover, Germany. This paper was originally presented at the 2013 ACM Conference on Computer and Communications Security. The authors studied the possible causes of SSL problems on “appified” platforms, and their results showed that the root cause is not simply careless developers, but also the limitations and issues of the current SSL development paradigm. The authors took an unusual but important step - they systematically contacted developers who had produced insecure code in order to better understand the problem and craft a more effective solution.
The authors designed and implemented a framework that allows them to protect SSL network connections via configuration options. The honorable mention paper provides good signposting for how security research should be done: starting with evidence and a careful analysis of the problem, assessing its causes, consulting with the various stakeholders involved, and developing a thorough understanding of why existing solutions are not working.
Award Ceremony
Chang Liu, Dr. Michael Hicks, and Dr. Elaine Shi were honored on September 18th at an award ceremony, hosted by the NSA's Director of Research, where their paper was presented before an audience of cybersecurity experts. Sascha Fahl and Dr. Matthew Smith were also honored during the ceremony for their research as this year's honorable mention.
Review Team
NSA Competition Leads
Dr. Michael Wertheimer - Director of Research, NSA
Stuart Krohn - Science of Security Technical Director, NSA Trusted Systems Research Group
Distinguished Expert Reviewers
Dr. Whitefield Diffie - Cybersecurity Advisor
Dr. Daniel Earl Geer Jr., Sc. D. - Chief Information Security Officer at In-Q-Tel
John D. McLean - Superintendent of the Naval Research Laboratory's Information Technology Division (ITD)
M. Angela Sasse - Professor of Human-Centered Technology and Head of Information Security Research in the Department of Computer Science at University College London (UCL), UK
Fred B. Schneider - Samuel B. Eckert Professor of Computer Science at Cornell University
Phil Venables - Chief Information Risk Officer at Goldman Sachs
David A. Wagner - Assistant Professor in the Computer Science Division at the University of California, Berkeley
Jeannette Wing - Vice President, head of Microsoft Research International
About the 2nd Annual Paper Competition
The Best Scientific Cybersecurity Paper Competition is sponsored yearly by NSA's Research Directorate and reflects the Agency’s desire to increase scientific rigor in the field. This competition was established to recognize current research that exemplifies the development of scientific rigor in cybersecurity research. SoS is a broad enterprise, involving both theoretical and empirical work across a diverse set of topics. While there can only be one best paper, no single paper can span the full breadth of SoS topics. Nevertheless, work in all facets of security science is both needed and encouraged.