Microsoft Names Finalists In Contest For New Security Defenses

  /     /     /  
Publicated : 22/11/2024   Category : security


Microsoft Names Finalists In Contest For New Security Defenses


Three BlueHat Prize contestants invented ways to mitigate attacks exploiting memory-safety vulnerabilities



Microsoft today named the three finalists among 20 contestants for its first-ever BlueHat Prize for the most innovative defense technique against memory-safety exploitation attacks.
BlueHat is Microsofts alternative to bug bounties, instead challenging researchers to come up with new ways to mitigate exploits rather than find new bugs. Microsoft
first announced the contest at Black Hat 2011 in Las Vegas
, saying it would offer more than $250,000 in cash and prizes to contestants who came up with new ways to mitigate exploits specifically aimed at memory-safety vulnerabilities.
The top three contestants submitted entries to thwart attacks that leverage return-oriented programming (ROP), a method used by attackers to employ short snippets of benign code in a system for nefarious purposes. The grand prize winner will be named during Microsofts Researcher Appreciation Party on July 26 at Black Hat USA in Las Vegas.
Researcher Jared DeMott, who teaches a popular application security course at security conferences, came up with a method called /ROP, which vets the target addresses of the return instructions to ensure they arent malicious. Computer scientist and researcher Ivan Fratric of the University of Zagreb in Croatia submitted ROPGuard, which specifies a set of checks for detecting when certain functions are being called by ROP code. And Vasilis Pappas, a Ph.D. student at Columbia University in New York, created kBouncer, which detects abnormal control transfers using common hardware features, according to Microsoft.
Microsoft applauds these researchers who met the challenge and developed defensive solutions that go above and beyond conventional security practices focused on discovering individual issues, said Mike Reavey, senior director, Microsoft Security Response Center. We can’t wait to see how this initiative will inspire others to explore defensive technology research in order to potentially mitigate entire classes of vulnerabilities.
Critics argued that the contest was merely a way for Microsoft to get others to fix its vulnerability problems. But the winner retains ownership of the intellectual property and grants Microsoft a license to use it. Researchers whose technology isnt selected by Microsoft also still own their intellectual property.
The grand prize is $200,000; second place, $50,000; and third place, an MSDN Universal subscription valued at $10,000.
The Microsoft BlueHat contest has definitely encouraged my research into protection technologies, DeMott says.
Pappas concurs. [The BlueHat Prize] motivated me to implement/evaluate this project idea I had. It’s definitely a very good move, especially because it motivates research on practical defenses.
Microsoft will provide more details on the entries at Black Hat, but has posted
the abstracts here
.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Names Finalists In Contest For New Security Defenses