[Ndss-tot-award] Let's vote
david.balenson at sri.com
Mon Jan 21 09:17:33 PST 2019
Here are my votes along with some supporting rationale:
1st: 1996, SKEME: A Versatile Secure Key Exchange Mechanism for Internet, Hugo Krawczyk
SKEME was an integral component of early versions of the Internet Key Exchange (IKE) protocol used with IPsec and is the basis for many of the cryptographic design choices in the current IKEv2 Internet Standard. IPsec and IKE are the de facto Internet standards for protection of IP communications including Virtual Private Networks (VPNs) and are widely deployed in numerous commercial products.
2nd: 2003, A Virtual Machine Introspection Based Architecture for Intrusion Detection, Tal Garfinkel and Mendel Rosenblum.
This paper introduced the use of VMI for cybersecurity and opened the floodgates on a tremendous amount of research and derivative tools that took VM technology beyond simple resource multiplexing and leveraged it for intrusion detection, intrusion prevention, forensics, isolation, and other cybersecurity protections. The paper is the most highly cited NDSS paper (1751) from the period 1995-2009.
3rd: 2001, Efficient and secure source authentication for multicast, Adrian Perrig, Ran Canetti, Dawn Song, J. D. Tygar
TESLA was published as an Informational RFC (RFC 4082) where it has contributed to IETF standardization and secure specifications for protocols in different contexts. Several current ongoing activities continue to leverage this early work. The paper is the 5th most highly cited NDSS paper (869) from the period 1995-2009.
4th: 2004, The Design and Implementation of Datagram TLS, Nagendra Modadugu and Eric Rescorla
This paper introduced the Datagram Transport Layer Protocol (DTLS), which is based on and provides equivalent security guarantees as TLS for datagram protocols. DTLS is defined as a Proposed Standard for use with User Datagram Protocol (UDP) as well as a number of other protocols, including Datagram Congestion Control Protocol (DCCP), Control And Provisioning of Wireless Access Points (CAPWAP), Stream Control Transmission Protocol (SCTP) encapsulation, and Secure Real-time Transport Protocol (SRTP). DTLS is implemented in and supported by many popular TLS implementations.
5th: 1999, Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks, Ari Juels and John Brainard
The paper introduced the use of “client puzzles” to protect against connection depletion attacks (a form of denial of service) in connection-oriented protocols, such as TCP Syn flooding. The paper led to a number of other efforts to develop different forms of client puzzles and to apply them to various other protocols and systems. The paper is the 6th most highly cited NDSS paper (792) from the period 1995-2009.
From: Ndss-tot-award <ndss-tot-award-bounces at elists.isoc.org> on behalf of "Jaeger, Trent Ray" <trj1 at psu.edu>
Reply-To: NDSS Test of Time Award <ndss-tot-award at elists.isoc.org>
Date: Thursday, January 17, 2019 at 9:02 PM
To: NDSS Test of Time Award <ndss-tot-award at elists.isoc.org>
Subject: [Ndss-tot-award] Let's vote
So, we have the following the collection of papers nominated below.
Let’s vote on these. Please submit your votes by 1159pm M Jan 21.
Each member of the committee has up to 5 votes to use.
Please order your votes : 1st (5pts), 2nd (4pts), 3rd (3pts), 4th (2pts), 5th (1pt). I should be able to handle ties if you have them.
Note that we do not have to award all of these this year. :->
SKEME: A Versatile Secure Key Exchange Mechanism for Internet
Client Puzzles: A Cryptographic Countermeasure Against Connection
Ari Juels and John Brainard
A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities
David Wagner, Jeffrey S. Foster, Eric A. Brewer, Alexander Aiken
Efficient and secure source authentication for multicast
Adrian Perrig, Ran Canetti, Dawn Song, J. D. Tygar
Implementing Pushback: Router-Based Defense Against DDoS Attacks
John Ioannidis, Steven M. Bellovin
An Analysis of the Degradation of Anonymous Protocols
Matthew Wright, Micah Adler, Brian N. Levine, Clay Shields
A Virtual Machine Introspection Based Architecture for Intrusion Detection.
Tal Garfinkel and Mendel Rosenblum.
The Design and Implementation of Datagram TLS
Nagendra Modadugu and Eric Rescorla
Building an Encrypted and Searchable Audit Log
Brent R. Waters, Dirk Balfanz, Glenn Durfee, D. K. Smetters
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software.
James Newsome and Dawn Song
Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority
D. Dagon, N. Provos, C. Lee, W. Lee
RAINBOW: A Robust and Invisible Non-Blind Watermark for Network Flows
Authors: A. Houmansadr, N. Kiyavash, N. Borisov
Professor, CSE Department
Pennsylvania State University
W359 Westgate Bldg, University Park, PA 16802
Email: tjaeger at cse.psu.edu
Ph: (814) 865-1042, Fax: (814) 865-3176
-------------- next part --------------
An HTML attachment was scrubbed...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4586 bytes
Desc: not available
More information about the Ndss-tot-award