Provo–Facebook awarded $200,000 in total to the top three winners of the Internet Defense Prize.
The award ceremony at the 27th USENIX Security Symposium in Baltimore, MD is the fifth annual iteration for award, and it has grown over time. When we started this in 2014, in partnership with USENIX, Facebook awarded $50,000 to a single winner, and in subsequent years, the award grew to $100,000 for the authors of one winning paper. This year, Facebook provided $200,000 in total prize money, and for the first time, we are awarding the authors of the top three papers:
- As in previous years, $100,000 to the authors of the winning paper;
- $60,000 for second place;
- $40,000 for third place.
This increase represents Facebook’s ongoing commitment to defensive security and privacy research, and also our observation that this year’s submissions were of very high quality.
The 2018 Internet Defense Prize winners are as follows:
1st Place ($100,000) to Gertjan Franken, Tom Van Goethem, and Wouter Joosen;
imec-Distrinet, KU Leuven;
for their work titled “Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies”
This work enables important improvements in the way browsers prevent cross-site attacks and third-party tracking through cookies. Facebook believes that improving these safeguards is critical to user privacy on the web.
2nd Place ($60,000) to Mark O’Neill, Scott Heidbrink, Jordan Whitehead, Tanner Perdue, Luke Dickinson, Torstein Collett, Matthew Martindale, Kent Seamons, and Daniel Zappala;
Brigham Young University;
for their work titled “The Secure Socket API: TLS as an Operating System Service”
This work provides a prototype implementation that makes it easier for application developers to make appropriate use of cryptography. Facebook believes safe-by-default libraries and frameworks are an important foundation for more secure software.
3rd Place ($40,000) to Ronghai Yang, Wing Cheong Lau, Jiongyi Chen, and Kehuan Zhang; The Chinese University of Hong Kong and Sangfor Technologies Inc.;
for their work titled “Vetting Single Sign-On SDK Implementations via Symbolic Reasoning”
This work takes a critical look at the implementation of single sign-on code. Single sign-on provides a partial solution to the internet’s over-reliance on passwords. This code is widely used, and ensuring its safety has direct implications for user safety online.
Facebook wants to congratulate the winners of this year’s Internet Defense Prize. They believe that defensive security research will be increasingly critical to the safety of computer systems in general, and consumer use of the internet in particular. Finally, Facebook thanks USENIX and the USENIX Security steering committee for their continued partnership.
For more information about the Internet Defense Prize, please visit: internetdefenseprize.org.
Today’s $200,000 investment came on the heels of last week’s Secure the Internet Grants, which awarded $800,000 to 10 grant proposals (https://research.fb.com/facebook-awards-more-than-800000-in-secure-the-internet-grants/). Together, Facebook’s rewards this month totaled a $1 million investment in defense-based research.