This account is pending registration confirmation. Please click on the link within the confirmation email previously sent you to complete registration. Need a new registration confirmation email? Click here
July 26, 2012 /PRNewswire/ -- Microsoft Corp.'s
Trustworthy Computing Group named
Vasilis Pappas the winner of the company's first-ever
BlueHat Prize contest, a competition that awards the development of new, innovative computer security defense technologies. The company presented Pappas, currently a Ph.D. student at
Columbia University in
New York, with
$200,000 at the Microsoft Researcher Appreciation Party.
"A year ago we posed a challenge to the researcher community and asked them to shift their focus from solely identifying and reporting individual vulnerabilities to investing in new lines of defensive research that could mitigate entire classes of attacks," said
Mike Reavey, senior director, Microsoft Security Response Center. "It's with great pleasure that we congratulate the winner of our inaugural BlueHat Prize contest, Vasilis, for his submission of a novel defensive technology that advances the challenging issue of exploit mitigation of some of the most popular attack techniques we're seeing today."
kBouncer, the winning entry among 20 submissions, detects abnormal control transfers using the Last Branch Recording feature of Intel processors to mitigate Return Oriented Programming (ROP). ROP is an advanced technique that attackers use to combine short pieces of benign code, already present in a system, for a malicious purpose. By using supported hardware features, kBouncer can be implemented with lower cost to performance and development time. All three BlueHat Prize finalists designed technologies to mitigate attacks that leverage ROP, underscoring how prominent the exploitation technique is today. Microsoft awarded first runner-up,
$50,000 for his submission, called ROPGuard, and a surprise
$10,000 cash reward was given to the second runner-up,
Jared DeMott, for /ROP. In addition to the monetary prizes, the company gave all three winners subscriptions to the Microsoft Developer Network valued at
"The Blue Hat prize is more than a competition; it's the future of security defense, where the community comes together to collectively take on some of the toughest problems we face and make the computing ecosystem safer," said
Matt Thomlinson, general manager, Trustworthy Computing Group, Microsoft. "The result is that in under a year, we went from challenge to creation to integration of some of the BlueHat Prize finalists' technologies into the Enhanced Mitigation Experience Toolkit 3.5 Technology Preview, to protect against known and unknown threats. We'll continue to evaluate additional integration as appropriate."
The BlueHat Prize competition was designed to challenge the security community to look beyond the norm of problems, such as vulnerabilities, and instead focus on developing innovative solutions to pressing security challenges. Microsoft accepted entries from
Aug. 3, 2011, until
April 1, 2012, and then a panel of Microsoft security engineers judged the submissions based on the following criteria: practicality and functionality (30 percent); robustness — how easy it would be to bypass the proposed solution (30 percent); and impact (40 percent). The official BlueHat Prize competition rules and guidelines are available at
Founded in 1975, Microsoft (Nasdaq "MSFT") is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.