Best Scientific Cybersecurity Paper

 

Image removed.

NSA AWARD FOR THE BEST SCIENTIFIC CYBERSECURITY PAPER

Laurel, MD—19 September 2014.

Presentations by and to five academic researchers from the Universities of Maryland, Bonn, and Leibniz were the order of the day at a special ceremony in Emerson Cafe. The scholars were recognized as the winners of the Best Paper of 2013 in Cybersecurity and the runner up.

Dr. Deborah Fincke, NSA Director of Research, welcomed and thanked them for their contribution to the evolving Science of Security. Dr. Michael Hicks of the University of Maryland led the winning team which included Dr. Elaine Shi and graduate student Chang Liu. Their work, “Memory Trace Oblivious Program Execution” showed that combing Programming Languages (PL) and cryptography can yield memory trace obliviousness (MTO). Their goal was to address the problem when, in the Cloud, data encryption can mask content, but not header information. Using Oblivious RAM, around as a “curiosity” since the 1980’s, they demonstrated a hybrid system that allows a relatively small overhead while masking both headers and content.

Dr. William Smith, now at the University of Bonn, and his colleague Sascha Fahl, University of Leibniz, presented the Honorable Mention paper, “Rethinking SSL Development in an Applied World.” Dr. Smith told the audience about the problem of SSL certificate failure on Android and I-Phones. Their research showed that 14% to 18% of the applications they looked at were subject to Man in the Middle Attacks (MITMA ) because SSL certificates were invalid or bypassed. To find the reasons for this security failure, they interviewed developers and looked at the nature of the specific problem with the certificate. Their conclusions indicate that developers often inadvertently shut down and leave off the certificates for SSL when they develop apps, including one antivirus software that was used as an example.

Following the presentation, a lively group discussion and question and answer period ensued, moderated by longtime cybersecurity expert Dr. Carl Landwehr.

Stuart Krohn, Technical Director for the Science of Security, closed the session with praise for the research and the researchers’ contribution to the advancement of the science of security. Copies of the papers and a short description of the researchers is available on the CPS-VO website at: http://cps-vo.org/group/sos/papercompetition

(ID: 14-2283)

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.