Who Will Protect Our Digital Future? A Woman, a High School Videographer, Student Hackers and Researchers

Xuehui Zhang, winner of the 2010 NYU-Poly CSAW Embedded Systems Challenge.

When 300 of the country’s best students of cyber security gather, the competitive spirit of hacking is inevitable.

But the 7th Annual Cyber Security Awareness Week (CSAW) challenges at Polytechnic Institute of New York University (NYU-Poly) yielded their share of surprises, too: The winner of the difficult Embedded Systems Challenge was a one-person team – a woman, one of only a handful who made it to the final rounds. A high school student won the Video Awareness Challenge. And while it came as no surprise that a team from Carnegie Mellon University took the top spot for a second year in the popular Capture the Flag Applications Challenge (CTF), the university’s dominance might not have been predicted — a second Carnegie Mellon team took the number two CTF spot, and the two teams also captured the top two positions in the Quiz Tournament.

The annual cyber security games organized by the students of NYU-Poly brought finalists from across the continental United States to the Brooklyn campus last week. They had been winnowed from a record 1,000 by top cyber security professionals acting as judges.

“CSAW has two goals,” said Nasir Memon, head of NYU-Poly’s cyber security program. “We want to encourage talented students to pursue research and careers in this field because it is vital to protect our personal security, our infrastructure and national defense. But from the beginning, we also wanted participants to build friendships with other students and professionals because it helps the students while advancing the cause of those working to protect digital security.”

Keynote speaker W. Baird McNaught, program manager-Control System Security Program of the U.S. Department of Homeland Security, outlined recent security breaches including $400 million annually in fraudulent energy meter readings, a water treatment plant with an easy-to-hack password, hackable automobile controls and the Stuxnet worm that reprograms industrial controls: “the most advanced and complex we have ever seen.” Homeland Security’s responses include a traveling team that applies forensic and preventive skills to protect business and institutions, he said.

Rounding out the winning field in the CTF competition was a team from Rensselaer Polytechnic Institute, and a team from NYU-Poly came in third in the Quiz Competition. Other winners of the Oct. 29 CSAW challenges:

High School Cyber Forensics Challenge

  1. Wellesley High School, Pun Intended; Wellesley, Massachusetts;
  2. Poolesville High School, Alpha PHS; Poolesville, Maryland;
  3. High Technology High School, md5 hash browns; Lincroft, New Jersey.

Embedded Systems

  1. Xuehui Zhang, University of Connecticut;
  2. David Graziano (captain), Jamin Hitchcock, Tim Meyer, Justin Rilling, Xinying Wang; Iowa State University;
  3. Aswin Krishna, Seetharam Narasimhan (captain), Xinmu Wang; Case Western Reserve University.

AT&T Award for Best Applied Security Research Paper

  1. Prateek Saxena, University of California, Berkeley, “A Symbolic Execution Framework for JavaScript;”
  2. Xin Hu, University of Michigan, “Large-Scale Malware Indexing Using Function-Call Graphs;”
  3. Abhinav Srivastava, Georgia Institute of Technology, “Automatic Discovery of Parasitic Malware.”

Security Awareness Video

  1. Untitled, Alexis Bargamin, Joe E. Newsome High School, Lithia, Florida;
  2. Scams, William Herman, Saginaw State University;
  3. That Was Easy, Nova Southeastern University, Michael Fitzpatrick, Ann-Marie Horcher, Joseph Johnson, Austin Kimmel, Dean Ouellette, Todd Schroeder, Devin Stinson and Ryan Woolever.

NYU-Poly was one of the earliest schools to introduce a cyber security program, receiving National Security Agency (NSA) approval nearly a decade ago. Designated as both a Center of Academic Excellence in Information Assurance Education and a Center of Academic Excellence in Research by the NSA, the school houses a National Science Foundation-funded Information Systems and Internet Security (ISIS) Laboratory, the nerve center of cyber security research. Under Memon, ISIS students create and run the annual CSAW games.

The ISIS students who led this year’s challenges were Julian Cohen, sophomore – Computer Science, CTF; Efstratios Gavas, doctoral candidate – Computer Science, High School Cyber Forensics Challenge; Luis E. Garcia II, graduate student – Computer Science, CTF; Michael J. Harris, graduate student – Computer Science, Awareness Video Challenge; Liyun Li, doctoral candidate – Computer Science, AT&T Best Student Research Paper; Sankar Ponnusamy, master’s degree – Management Science, CSAW oversight; Jeyavijayan Rajendran, graduate student – Electrical and Computer Engineering, Embedded Systems Challenge; and Sen Yang, graduate student – Computer Science, Quiz Tournament.

The CSAW challenges are sponsored by AccessData, BAE Systems, Center for Advanced Technology in Communications, LGS Innovations and AT&T, which underwrites the AT&T Award for Best Applied Security Research Paper. The National Science Foundation (NSF) and Xilinx sponsor the Embedded Systems Challenge.


About Polytechnic Institute of New York University

Polytechnic Institute of New York University (formerly Polytechnic University), an affiliate of New York University, is a comprehensive school of engineering, applied sciences, technology and research, and is rooted in a 156-year tradition of invention, innovation and entrepreneurship: i2e. The institution, founded in 1854, is the nation’s second-oldest private engineering school. In addition to its main campus in New York City at MetroTech Center in downtown Brooklyn, it also offers programs at sites throughout the region and around the globe. Globally, NYU-Poly has programs in Israel, China and is an integral part of NYU's campus in Abu Dhabi.