Building Trust Improving Technical Security Technology

NDSS 2019 Honors Timeless Papers

The papers and presentations are done, the awards and appreciation certificates have been handed out, and the boxes are packed and labeled for shipping. NDSS 2019 has come to a successful close. It was a record setting event with over 550 registrations, 89 papers, 36 posters, and four workshops. It was inspiring to see such energetic and passionate security research professionals gathered together in one place discussing their work. All of the highlights can be found at the NDSS 2019 website, including the Distinguished Paper and Distinguished Poster Awards for this year and the full program. It is worthwhile, however, to highlight a new award series initiated this year.

NDSS Test of Time Awards

This year, to kick off the second 25 years of NDSS, an NDSS Test of Time annual award was created. This award is for papers that were published more than ten years ago and have had a significant impact on both academia and industry in the years since. There were three awardees in the inaugural class.

The first Test of Time award is from 1996: SKEME: A Versatile Secure Key Exchange Mechanism for Internet by Hugo Krawczyk. SKEME was an integral component of early versions of the Internet Key Exchange (IKE) protocol used with Internet Protocol Security (IPsec) and is the basis for many of the cryptographic design choices in the current IKEv2 Internet Standard. IPsec and IKE are the de facto Internet standards for protection of Internet Protocol (IP) communications, including Virtual Private Networks (VPNs), and are widely deployed in numerous commercial products.

The second award is Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks by Ari Juels and John Brainard, published at NDSS 1999. The paper introduced the use of “client puzzles” to protect against connection depletion attacks (a form of denial of service) in connection-oriented protocols, such as TCP Syn flooding. The paper led to a number of other efforts to develop different forms of client puzzles and to apply them to various other protocols and systems.

The final NDSS Test of Time award is A Virtual Machine Introspection Based Architecture for Intrusion Detection by Tal Garfinkel and Mendel Rosenblum, published in 2003. This paper introduced the use of VMI for cybersecurity and opened the floodgates on a tremendous amount of research and derivative tools that took VM technology beyond simple resource multiplexing and leveraged it for intrusion detection, intrusion prevention, forensics, isolation, and other cybersecurity protections. The paper is the most highly cited NDSS paper (1751 citations) from the period 1995-2009.