Research that resulted in a novel system to prevent information from being siphoned out of computer clouds is the winner of the National Security Agency's 4th Annual Best Scientific Cybersecurity Paper Competition. Such "extractions" are a real and growing threat. The agency also recognized, with honorable mentions, two stellar papers that make outstanding contributions to the cybersecurity research base.
"These scholars, through skillful scientific approaches and piercing explorations, raised the bar of foundational cybersecurity knowledge," said NSA Research Director, Dr. Deborah Frincke.
This year's selection process was "extremely difficult," she added. "The top papers all excelled in different and important aspects of scientific accomplishment - and reflect outstanding scholarship. This work truly matters. At NSA, we conduct cutting-edge research and develop new techniques and technologies to ensure mission success in a changing world. We benefit - as does the nation at large - from each and every leap in the science of security."
The authors of all three papers were invited to present their work at NSA.
The winning paper, Nomad: Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration, discusses the "Nomad" system's defense against certain attacks that remove private information from cloud clients. This problem has typically required detailed fixes to computer hardware and configurations. Nomad offers a general and immediately deployable defense against these "side channel attacks." The paper, one of 54 total submissions, was written by Soo-Jin Moon and Vyas Sekar, of Carnegie Mellon University, and Michael K. Reiter from the University of North Carolina-Chapel Hill. They first presented their work last year at the Association for Computing Machinery SIGSAC Conference on Computer and Communications Security.
Two papers received an honorable mention:
- Increasing Cybersecurity Investments in Private Sector Firms was written by Lawrence Gordon, Martin Loeb, William Lucyshyn and Lei Zhou and was published in the Journal of Cybersecurity. This paper develops an economics-based framework for evaluating governmental approaches to increase private sector investment in cybersecurity.
- Quantum-Secure Covert Communication on Bosonic Channels was written by Boulat Bash, Andrei H. Gheorghe, Monika Patel, Jonathan L. Habif, Dennis Goeckel, Don Towsley, and Saikat Guha. It was published last year in Nature Communications. This research adds critical information to the exploration of "covert communications," which the authors define as the "transmission of information without detection by watchful adversaries."
The Annual Best Scientific Cybersecurity Paper Competition is hosted by NSA's Science of Security Initiative. Papers are publicly nominated each year between December 1st and March 31st. Submissions are reviewed by a team of independent, external experts - as well as researchers from NSA's Research, Capabilities, and Operations directorates. After the papers are evaluated, members of the review team send recommendations to Dr. Frincke, who makes the final decision.
Eight distinguished experts were among the external reviewers:
- Dr. Whitfield Diffie, cybersecurity advisor
- Dr. Dan Geer, In-Q-Tel
- Dr. John McLean, Naval Research Laboratory
- Professor Angela Sasse, University College London
- Professor Fred Schneider, Cornell University
- Phil Venables, Goldman Sachs
- Professor David Wagner, University of California-Berkeley
- Dr. Jeannette Wing, Microsoft Research
NSA's Research Directorate consistently creates breakthroughs in science, technology, engineering, and mathematics. Additional details about the directorate and the competition are available online at www.nsa.gov/research and at the SoS Best Scientific Cybersecurity Paper Competition website.