Fb and USENIX announce the winners of the 2021 Web Protection Prize

Today Facebook and USENIX awarded a total of $ 200,000 to the top three Internet Defense Prize winners. The award, financed by Facebook and awarded in cooperation with USENIX, recognizes contributions made by security research to the protection and defense of the Internet. In this post, we share details about the research we honored today and also the upcoming changes to how the award will work in the future.

Award winners

We awarded our US $ 100,000 first place prize to winners Ofek Kirzner and Adam Morrison from Tel Aviv University for their work entitled “An analysis of speculative type confusion vulnerabilities in the wild. “The paper defines” speculative type confusion, “a problem in which branch errors result in a victim program being executed with variables containing values ​​of the wrong type. The impact in this scenario is that the victim program loses sensitive memory contents.

Runner-up Nicholas Carlini from Google received $ 60,000 for his work “Poisoning the unmarked dataset of semi-supervised learning. ”The paper addresses the“ dataset poisoning ”problem: If an attacker can control (“ poison ”) part of the training set for a machine learning model, how hard can the attacker force the model to misclassify? Research shows that in the “semi-monitored” environment where models include training with unlabelled data, a poisoning of only 0.1% of the unlabelled training data enables control of the model output.

Third place award of $ 40,000 was awarded to a team of researchers including Kevin Bock (University of Maryland), Abdulrahman Alaraj (University of Colorado Boulder), Eric Wustrow (University of Colorado Boulder), Yair Fax (University of Maryland), Kyle Hurley (University of Maryland), and Dave Levin (University of Maryland). Your research “Weaponizing Middleboxes for TCP Reflected Amplification“Investigated the problem of an attacker amplifying network traffic to create a distributed denial of service attack previously thought of as a class called” reflective reinforcement “that would only work for UDP-based protocols. The authors showed that TCP-based protocols can indeed be used for reflective amplification. Then they scoured the entire IPv4 internet to show that there are hundreds of thousands of IP addresses hosting potential amplifiers.

We congratulate the winners of the Internet Defense Prize 2021 and thank them for their contribution to making the Internet safer. To be eligible for the 2022 award, submit a paper to USENIX Security 2022 here.

Starting in 2022, the USENIX Security Awards Committee will independently determine the award that will be distributed by USENIX. Facebook will continue to fund the Internet Defense Prize as a founding partner.

See the USENIX article here.

Comments are closed.