The Network and Distributed System Security (NDSS) Symposium kicked off earlier this week. Attendees—virtual and remote—have enjoyed a simply amazing set of workshops, symposia, papers, and posters. Take a look at my preview blog post from last week: “A Golden Age of Systems Security Research: What’s Happening at the NDSS Symposium 2022”.
Standing the Test of Time
Every year, the NDSS Symposium awards the “Test of Time” (ToT) award to particularly impactful papers that were presented at past NDSS symposia. These papers have ‘stood the test of time’ and have continued to be influential over many years. The NDSS ToT award recognizes the most influential papers presented at past NDSS symposia with respect to research and/or industrial impact on computer and network security. Papers can be nominated throughout the year with winners awarded at an upcoming symposium after careful deliberation by the volunteer Test of Time Award Committee.
Remaining Influential
Past ToT awards have been awarded to research that has motivated whole new areas of computer science and computer security, including automated detection of bugs, designing new secure communications protocols (DTLS), and clever techniques including taint analysis—injecting little bits of code to see what malware might do with them—and client puzzles—where a client-like a mobile device is forced by a server to complete a small “puzzle”, providing a significant speed bump to malicious attacks that would otherwise flood the server.
2022 Winner
This year, the winner of the 2022 ToT Award goes to “Automated Whitebox Fuzz Testing” authored by Patrice Godefroid, Michael Y. Levin, and David Molnar, which was presented at the NDSS Symposium in 2008.
This paper has one of the top citation counts of all papers presented at NDSS symposia, and it had the particular distinction of combining two important areas of computer security: fuzz testing—where random inputs are sent to a piece of hardware or software to see how it might fail given unpredictable inputs—and symbolic execution—where a computer program can be broken down symbolically into its various parts so that other programs can analyze and manipulate the program.
The Test of Time Award Committee described the worthiness of this piece of research:
Automated Whitebox Fuzz Testing (NDSS 2008) is one of the seminal papers on program testing. The paper was an early demonstration of how to make symbolic execution practical and useful at scale. Building on previous advances in dynamic symbolic execution and in fuzz testing, this paper contributed both deep conceptual and practical insights and showed how to effectively achieve high code coverage when fuzzing real software. These insights were leveraged to create a tool, SAGE (Scalable, Automated, Guided Execution), that was used to find many bugs in Microsoft applications that couldn’t be found by previous tools. The paper has been enormously influential both in the design of practical tools and in inspiring follow-up research, as evidenced by its more than 1500 citations.
We congratulate the authors for their impact and for winning the 2022 NDSS ToT Award. We hope they go on to produce even more influential results and inspire researchers around the world to break new ground in systems security research.
Image credit: Wes Hardaker