[Ndss-tot-award] Let's vote

David Balenson david.balenson at sri.com
Mon Jan 21 09:17:33 PST 2019


Hi Trent,

 

Here are my votes along with some supporting rationale:

 

1st: 1996,  SKEME: A Versatile Secure Key Exchange Mechanism for Internet, Hugo Krawczyk

SKEME was an integral component of early versions of the Internet Key Exchange (IKE) protocol used with IPsec and is the basis for many of the cryptographic design choices in the current IKEv2 Internet Standard. IPsec and IKE are the de facto Internet standards for protection of IP communications including  Virtual Private Networks (VPNs) and are widely deployed in numerous commercial products.

 

2nd: 2003, A Virtual Machine Introspection Based Architecture for Intrusion Detection, Tal Garfinkel and Mendel Rosenblum.

This paper introduced the use of VMI for cybersecurity and opened the floodgates on a tremendous amount of research and derivative tools that took VM technology  beyond simple resource multiplexing and leveraged it for intrusion detection, intrusion prevention, forensics, isolation, and other cybersecurity protections. The paper is the most highly cited NDSS paper (1751) from the period 1995-2009.

 

3rd: 2001, Efficient and secure source authentication for multicast, Adrian Perrig, Ran Canetti, Dawn Song, J. D. Tygar

TESLA was published as an Informational RFC (RFC 4082) where it has contributed to IETF standardization and secure specifications for protocols in different contexts. Several current ongoing activities continue to leverage this early work. The paper is the 5th most highly cited NDSS paper (869) from the period 1995-2009.

 

4th: 2004, The Design and Implementation of Datagram TLS, Nagendra Modadugu and Eric Rescorla

This paper introduced the Datagram Transport Layer Protocol (DTLS), which is based on and provides equivalent security guarantees as TLS for datagram protocols. DTLS is defined as a Proposed Standard for use with User Datagram Protocol (UDP) as well as a number of other protocols, including Datagram Congestion Control Protocol (DCCP), Control And Provisioning of Wireless Access Points (CAPWAP), Stream Control Transmission Protocol (SCTP) encapsulation, and Secure Real-time Transport Protocol (SRTP). DTLS is implemented in and supported by many popular TLS implementations. 

 

5th: 1999, Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks, Ari Juels and John Brainard

The paper introduced the use of “client puzzles” to protect against connection depletion attacks (a form of denial of service) in connection-oriented protocols, such as TCP Syn flooding. The paper led to a number of other efforts to develop different forms of client puzzles and to apply them to various other protocols and systems. The paper is the 6th most highly cited NDSS paper (792) from the period 1995-2009.

 

Thanks,

-DB

 

 

From: Ndss-tot-award <ndss-tot-award-bounces at elists.isoc.org> on behalf of "Jaeger, Trent Ray" <trj1 at psu.edu>
Reply-To: NDSS Test of Time Award <ndss-tot-award at elists.isoc.org>
Date: Thursday, January 17, 2019 at 9:02 PM
To: NDSS Test of Time Award <ndss-tot-award at elists.isoc.org>
Subject: [Ndss-tot-award] Let's vote

 

Hi, 

 

So, we have the following the collection of papers nominated below.   

 

Let’s vote on these.  Please submit your votes by 1159pm M Jan 21.

 

Each member of the committee has up to 5 votes to use.  

 

Please order your votes : 1st (5pts), 2nd (4pts), 3rd (3pts), 4th (2pts), 5th (1pt).  I should be able to handle ties if you have them.

 

Note that we do not have to award all of these this year. :->

 

Regards,

Trent.

 

=========

 

(1) 1996
SKEME: A Versatile Secure Key Exchange Mechanism for Internet
Hugo Krawczyk

(2) 1999
Client Puzzles: A Cryptographic Countermeasure Against Connection
Depletion Attacks
Ari Juels and John Brainard

 

(3) 2000 

A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities

David Wagner, Jeffrey S. Foster, Eric A. Brewer, Alexander Aiken



(4) 2001 

Efficient and secure source authentication for multicast

Adrian Perrig, Ran Canetti, Dawn Song, J. D. Tygar


(5) 2002
Implementing Pushback: Router-Based Defense Against DDoS Attacks
John Ioannidis, Steven M. Bellovin

(6) 2002

An Analysis of the Degradation of Anonymous Protocols
Matthew Wright, Micah Adler, Brian N. Levine, Clay Shields

 

(7) 2003 

A Virtual Machine Introspection Based Architecture for Intrusion Detection.

Tal Garfinkel and Mendel Rosenblum.

(8) 2004

The Design and Implementation of Datagram TLS
Nagendra Modadugu and Eric Rescorla

(9) 2004
Building an Encrypted and Searchable Audit Log
Brent R. Waters, Dirk Balfanz, Glenn Durfee, D. K. Smetters

(10) 2005

Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software.

James Newsome and Dawn Song


(11) 2008
Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority
D. Dagon, N. Provos, C. Lee, W. Lee

(12) 2009
RAINBOW: A Robust and Invisible Non-Blind Watermark for Network Flows
Authors: A. Houmansadr, N. Kiyavash, N. Borisov

 

======

 

 

----------------------------------------------
Trent Jaeger
Professor, CSE Department
Pennsylvania State University
W359 Westgate Bldg, University Park, PA 16802
Email: tjaeger at cse.psu.edu
Ph: (814) 865-1042, Fax: (814) 865-3176
URL: http://www.trentjaeger.com




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://elists.isoc.org/pipermail/ndss-tot-award/attachments/20190121/e882a4c7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4586 bytes
Desc: not available
URL: <http://elists.isoc.org/pipermail/ndss-tot-award/attachments/20190121/e882a4c7/attachment-0001.p7s>


More information about the Ndss-tot-award mailing list