A research paper about a technique that measures the vulnerability of computer systems by the amount of information they mistakenly spill is the winner of the National Security Agency's third annual Best Scientific Cybersecurity Paper Competition.
The authors showed that a specific application of advanced mathematics in this area - known as "quantitative information flow" - can play a critical role in sizing up weaknesses in security defenses. Their international team hails from Brazil, France, Australia, and the United States.
"Their work is a stellar example of scholarship and it provides fascinating insights into security defenses from an information-flow perspective," said Dr. Deborah Frincke, who leads NSA's Research Directorate. "Our competition aims to mature the discipline of cybersecurity by highlighting exemplary papers that use science to underpin advances in cyber defense, with the intent of improving our understanding of how to better protect critical U.S. networks and the information on those networks."
The winning paper was written by professor Mario S. Alvim, Dr. Konstantinos Chatzikokolakis, professors Annabelle McIver and Carroll Morgan, Dr. Catuscia Palamidessi, and professor Geoffrey Smith. NSA will recognize them, as well as authors of papers that received honorable mentions, at a special in-house ceremony.
Titled "Additive and Multiplicative Notions of Leakage and Their Capacities," the winning submission was one of 50 this year. The news was also shared on August 13 at the USENIX Security Symposium in Washington, D.C. The paper was originally presented last year at the IEEE Computer Security Foundations Symposium.
Entries, which may cover theoretical or empirical research, were judged on methodology, impact, and communication style.
Two papers received honorable mentions.
One, "Increasing Security Sensitivity with Social Proof: A Large-Scale Experimental Confirmation," was written by Sauvik Das, Dr. Adam D.I. Kramer, and professors Laura Dabbish and Jason I. Hong. The authors' work clearly reflects scientific rigor in an examination of ways to motivate people to adopt security features by sharing information about their friends' use of such tools. This paper was originally presented at the 2014 ACM Computer and Communications Security Conference.
In the other paper, "Quantitative Evaluation of Dynamic Platform Techniques as a Defensive Mechanism," Drs. Hamed Okhravi, James Riordan, and Kevin Carter explored an approach that measures systems' resistance to compromise. This paper was originally presented at the 17th Annual International Symposium on Research in Attacks, Intrusions, and Defenses.
Eight distinguished experts were among the reviewers:
- Dr. Whitfield Diffie, cybersecurity advisor
- Dr. Dan Geer, In-Q-Tel
- Dr. John McLean, Naval Research Laboratory
- Professor Angela Sasse, University College London
- Professor Fred Schneider, Cornell University
- Phil Venables, Goldman Sachs
- Professor David Wagner, University of California-Berkeley
- Dr. Jeannette Wing, Microsoft Research
After evaluating the papers in an open nomination process, these experts, along with researchers from NSA's Trusted Systems Research Group and Information Assurance Directorate, provided individual recommendations to Dr. Frincke, who read all of the finalists' submissions before making the final decision and personally notifying the winners.
"Our Science of Security (SoS) Initiative works by engaging researchers around the globe, promoting rigorous scientific principles, and growing the SoS community itself," she said. "It is a pleasure to recognize high achievement and scientific results that advance our capacity to work toward a safer and more secure cyberspace."
The Best Scientific Cybersecurity Paper Competition will begin soliciting papers in February for next year's contest.
NSA's Research Directorate consistently creates breakthroughs in science, technology, engineering, and mathematics. Additional details about the directorate and the competition - officially known as the "Science of Security (SoS) Best Scientific Cybersecurity Paper Competition" - are available online: /what-we-do/research/ and http://cps-vo.org/group/sos/papercompetition.