Wednesday, August 27, 2014

CMU CyLab Researchers Wins USENIX Security 2014 Best Student Paper Award; Seven Other CMU Papers Delivered



As with other leading conferences in the vital fields of cyber security and privacy, Carnegie Mellon University (CMU) CyLab researchers distinguished themselves at USENIX Security 2014, the 23rd USENIX Security Symposium, held in San Diego, California, 8/20/14-8/22/14.

Three hundred fifty papers were submitted to the USENIX program committee, and the ensuing process, which involved 1,340 reviews and 1,627 follow up comments, resulted in sixty-seven papers being accepted for publication, including several from CMU CyLab researchers.

Most notably, CMU's Kyle Soska won one of two Best Student Paper Awards for Automatically Detecting Vulnerable Websites Before They Turn Malicious co-authored with CyLab faculty member Nicolas Christin

Additionally, CyLab faculty member David Brumley co-authored three of the published papers:

BYTEWEIGHT: Learning to Recognize Functions in Binary Code, with Tiffany Bao, Jonathan Burket, and Maverick Woo of Carnegie Mellon University and Rafael Turner, University of Chicago.

Blanket Execution: Dynamic Similarity Testing for Program Binaries and Components, with Manuel Egele, Maverick Woo and Peter Chapman.

Optimizing Seed Selection for Fuzzing, with Alexandre Rebert, Carnegie Mellon University and ForAllSecure; Sang Kil Cha and Thanassis Avgerinos of Carnegie Mellon University; Jonathan Foote and David Warren of Software Engineering Institute CERT; Gustavo Grieco of Centro Internacional Franco Argentino de Ciencias de la Información y de Sistemas (CIFASIS) and Consejo Nacional de Investigaciones Científicas y Técnicas (CONICET).

Brumley also delivered a paper for one of the workshops that proceeded the main body of the Symposium itself, PicoCTF: A Game-Based Computer Security Competition for High School Students, co-authored with Peter Chapman and Jonathan Burket, also from CMU.

CyLab Usable Security and Privacy (CUPS) Lab director Lorrie Cranor teamed up with Cormac Herley, Principal Researcher in the Machine Learning Department at Microsoft Research, and several colleagues, Saranga Komanduri and Richard Shay of CMU and Stuart Schechter of Microsoft Research to co-author Telepathwords: Preventing Weak Passwords by Reading Users' Minds 

Two other CMU-authored papers were presented at USENIX Security 2014

The Long "Taile" of Typosquatting Domain Names co-authored by Janos Szurdi, Carnegie Mellon University; Balazs Kocso and Gabor Cseh, Budapest University of Technology and Economics; Jonathan Spring, Carnegie Mellon University; Mark Felegyhazi, Budapest University of Technology and Economics; and Chris Kanich, University of Illinois at Chicago. 

Password Managers: Attacks and Defenses co-authored by David Silver, Suman Jana, and Dan Boneh, Stanford University; Eric Chen and Collin Jackson, Carnegie Mellon University

Related Posts

Thursday, August 21, 2014

CMU CyLab PPP and CUPS teams win “Capture the Flag” and “Crack Me If You Can" contests at DEFCON 22

Members of CMU CyLab's Plaid Parliament of Pwning (PPP)
Carnegie Mellon University demonstrated its cyber prowess at DEFCON 22 by winning the “Capture the Flag” and “Crack Me If You Can” contests ...

Carnegie Mellon’s computer hacking team, the Plaid Parliament of Pwning (PPP), took first place for the second consecutive year in the Capture the Flag (CTF) contest. Globally, hundreds of teams battle throughout the year for one of 20 slots at DEFCON’s CTF competition, which has been called the “World Series of hacking.”

“Our team competed against universities and also against large defense contractors. This win is a huge accomplishment for our team,” says team advisor David Brumley, an associate professor of Electrical and Computer Engineering and the technical director of Carnegie Mellon CyLab.

The PPP team qualified for DEFCON for the last three years, and won first place in 2013 and again in 2014. The PPP team is part of CyLab’s Undergraduate Computer Security Research group, and it consists of 35 members from the College of Engineering and the School of Computer Science.

At DEFCON 22, the team was limited to eight members: George Hotz, Ryan Goulden, Tyler Nighswander, Brian Pak, Alex Reece, Max Serrano, Andrew Wesie, Ricky Zhou ...

A second team, this one from CyLab Usable Privacy and Security (CUPS) Lab, and simply named “cmu,” won the Street Division category in the “Crack Me If You Can” contest. In this two-day event sponsored by KoreLogic Security, teams exposed or “cracked” encrypted passwords.

"The students leveraged what they had learned from our research studies to develop their winning strategy," CUPS Director Lorrie Cranor says, "It is remarkable for a first-time team to win this competition." Cranor and fellow CyLab faculty members Lujo Bauer, Nicolas Christin, along with their team of students, are responsible for a growing body of work on passwords.


"Black Badge" bestowed upon CTF winners guarantees lifetime free entry to DEFCON
See Also


CyLab's David Brumley and His Student Hacker Team Featured on PBS NEWSHOUR and CNBC

Carnegie Mellon's Capture the Flag Team Excels in Hackjam Competition

CUPS Password Research Studies