At last month’s IEEE Symposium on Security and Privacy, two of three Test of Time Awards—among the most prestigious awards presented—were given to CyLab researchers. IEEE initiated the Test of Time Award in 2019 to recognize papers that have made a lasting impact on fields of security and privacy.
Brumley’s paper, “Unleashing Mayhem on Binary Code,” originally presented at the 2012 IEEE Symposium on Security and Privacy, outlined a new approach to automatically find new exploits in software.
“Github estimates there are only 200 security experts for every 100,000 developers,” Brumley says. “That means we’re shipping code faster than we can secure it. We must find a better way.”
We must find a better way.David Brumley, Professor, Electrical and Computer Engineering
The effect of the paper, Brumley says, along with others in the field, is that it ultimately led to the creation of the DARPA Cyber Grand Challenge, a $60 million effort to prove fully autonomous cybersecurity was possible. Brumley’s team went on to win that challenge.
Today, the tech behind Mayhem is available to anyone at forallsecure.com. It has been commercialized and is being used to protect everything from the popular Roblox games to critical Department of Defense weapons systems.
Building a secure internet architecture
Andersen and Perrig’s paper, “SCION: Scalability, Control, and Isolation on Next-Generation Networks,” originally presented at the 2011 IEEE Symposium on Security and Privacy, describes a secure next-generation Internet architecture that can be operated side-by-side with today’s Internet, but providing very strong availability properties—similar to a private network connection called a “leased line—on a public Internet run by Internet service providers (ISPs).
SCION promises to eradicate routing attacks and provide communication guarantees even in the presence of distributed denial-of-service attacks.Adrian Perrig, Fellow, CyLab
“SCION promises to eradicate routing attacks and provide communication guarantees even in the presence of distributed denial-of-service attacks,” says CyLab Fellow Adrian Perrig, a professor of computer science at ETH Zurich who was a professor and researcher in CyLab at the time of the paper’s publication. “Despite its design as a security architecture, SCION also enables optimization of communication performance thanks to multi-path routing offering a choice of a multitude of paths to the end host. SCION empowers ISPs and service providers to establish new products and services—even enabling completely new business models.”
Since 2009, Perrig says, SCION has matured from a purely academic project into a system with a production-grade implementation and global real-world deployment by ISPs, used for critical infrastructure communication by industry and governments. For example, the Secure Swiss Finance Network—a network that allows authorized participants working in the Swiss financial center to communicate securely with each other—is based on SCION. Today, 12 different ISPs offer SCION products and services.