A paper on a technique that measures the vulnerability of computer systems by the amount of information they mistakenly spill won the National Security Agency’s (NSA) third annual Best Scientific Cybersecurity Paper Competition on Friday.
“Their work is a stellar example of scholarship and it provides fascinating insights into security defenses from an information-flow perspective,” Deborah Frincke, head of NSA’s Research Directorate, said in a statement.
The competition is sponsored annually by the Research Directorate. “Our competition aims to mature the discipline of cybersecurity by highlighting exemplary papers that use science to underpin advances in cyber defense, with the intent of improving our understanding of how to better protect critical U.S. networks and the information on those networks,” Frincke said.
The winning paper, “Additive and Multiplicative Notions of Leakage and Their Capacities,” revealed a specific application of advanced mathematics in this area – “quantitative information flow” – can play a critical role in measuring weaknesses in cyber security defenses, the agency said.
It was written by an international team from Brazil, France, Australia, and the United States.: Mario Alvim, Konstantinos Chatzikokolakis, Annabelle McIver and Carroll Morgan, Catuscia Palamidessi, and Geoffrey Smith.
The paper was originally presented last year at the IEEE Computer Security Foundations Symposium.
The NSA will recognize the winners and authors of papers that received honorable mentions at a special in-house ceremony in the fall, the agency said.
Competition reviewers included eight distinguished experts: Whitfield Diffie, cybersecurity adviser; Dan Geer of In-Q-Tel, John McLean of the Naval Research Laboratory, Angela Sasse of the University College London, Fred Schneider of Cornell University, Phil Venables of Goldman Sachs, David Wagner of the University of California-Berkeley, and Jeannette Wing of Microsoft Research.
The experts joined with researchers from NSA’s Trusted Systems Research Group and Information Assurance Directorate to evaluate entries in an open nominating process. All of the reviewers then provided individual recommendations to Frincke, who read the finalists’ submissions before making the final decision.
Entries may cover theoretical or empirical research and were judged on methodology, impact, and communication style.
Two papers received honorable mentions: “Increasing Security Sensitivity with Social Proof: A Large-Scale Experimental Confirmation,” written by Sauvik Das, Adam D.I. Kramer, Laura Dabbish and Jason I. Hong; and “Quantitative Evaluation of Dynamic Platform Techniques as a Defensive Mechanism,” written by Hamed Okhravi, James Riordan, and Kevin Carter.
The former honorable mention examined ways to motivate people to adopt security features by sharing information about their friends’ use of such tools. The latter explored an approach that measures systems’ resistance to compromise.
The competition will begin soliciting papers for next year’s contest in February 2016, the NSA said.