NDSS Test of Time Award
The Network and Distributed System Security Symposium Test of Time (ToT) award recognizes the most influential papers published in past NDSS symposia with respect to research and/or industrial impact on computer and network security. Papers can be nominated throughout the year with winners awarded at an upcoming symposium.
NDSS Test of Time Award 2022
Automated Whitebox Fuzz Testing (NDSS 2008) is one of the seminal papers on program testing. The paper was an early demonstration of how to make symbolic execution practical and useful at scale. Building on previous advances in dynamic symbolic execution and in fuzz testing, this paper contributed both deep conceptual and practical insights and showed how to effectively achieve high code coverage when fuzzing real software. These insights were leveraged to create a tool, SAGE, that was used to find many bugs in Microsoft applications that couldn’t be found by previous tools. The paper has been enormously influential both in the design of practical tools and in inspiring follow-up research, as evidenced by its more than 1500 citations.
NDSS Test of Time Awards 2020
A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities, David Wagner, Jeffrey S. Foster, Eric A. Brewer, Alexander Aiken (2000)
This paper introduced the use of static analysis for finding potential buffer overrun vulnerabilities in security-critical C code before it is deployed. It spawned an entire industry of security testing tools and practices. Today, static analysis security testing is a cornerstone technique for automated testing and analysis of program source code to identify and resolve security flaws early in the software development life cycle and is an integral part of modern DevOps environments and AppSec programs. The paper is one of the most highly cited NDSS papers from the period 1995-2010.
This paper introduced the Datagram Transport Layer Protocol (DTLS), which is based on and provides equivalent security guarantees as TLS for datagram protocols. DTLS is defined as a Proposed Standard for use with User Datagram Protocol (UDP) as well as a number of other IETF protocols, and it is implemented in and supported by many popular TLS implementations. The IETF is actively updating DTLS and other IETF protocol efforts are looking to leverage it for their own security.
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software, James Newsome and Dawn Song (2005)
This paper introduced dynamic taint analysis, a new approach for the automatic detection, analysis, and signature generation of exploits on commodity software. The technique reliably detects overwrite attacks which cause a sensitive value (such a return addresses, function points, and format strings) to be overwritten with an attacker’s data. It has seen widespread application in many areas, including malware analysis, vulnerability discovery, and test case generation. The paper is the second most highly cited NDSS paper (1759) from the period 1995-2010.
NDSS Test of Time Awards 2019
SKEME was an integral component of early versions of the Internet Key Exchange (IKE) protocol used with IPsec and is the basis for many of the cryptographic design choices in the current IKEv2 Internet Standard. IPsec and IKE are the de facto Internet standards for protection of IP communications including Virtual Private Networks (VPNs) and are widely deployed in numerous commercial products.
Client Puzzles: A Cryptographic Countermeasure Against Connection Depletion Attacks, Ari Juels and John Brainard (1999)
The paper introduced the use of “client puzzles” to protect against connection depletion attacks (a form of denial of service) in connection-oriented protocols, such as TCP Syn flooding. The paper led to a number of other efforts to develop different forms of client puzzles and to apply them to various other protocols and systems. The paper is the 6th most highly cited NDSS paper (792) from the period 1995-2009.
A Virtual Machine Introspection Based Architecture for Intrusion Detection, Tal Garfinkel and Mendel Rosenblum (2003)
This paper introduced the use of VMI for cybersecurity and opened the floodgates on a tremendous amount of research and derivative tools that took VM technology beyond simple resource multiplexing and leveraged it for intrusion detection, intrusion prevention, forensics, isolation, and other cybersecurity protections. The paper is the most highly cited NDSS paper (1751) from the period 1995-2009.
Main image © Stonehouse Photographic