CSAW turns 21 ... with powerful partnerships and new programming

The most comprehensive student-run cybersecurity event in the world, CSAW 2024 engaged more than 3,000 students and professionals. Held November 6-9, CSAW involved more than 100 teams at five global academic centers.

The Sponsors

CSAW could simply not run without its many sponsors, both large and small.

One major industry sponsor was TIAA, a venerable retirement management firm whose CISO, Upendra Mardikar, sits on the NYU Cyber Fellows Advisory Council.

CSAW deepened an already strong partnership. For years, TIAA and Tandon have collaborated on an initiative that allows TIAA employees with bachelor’s degrees in science, technology, engineering or math to easily apply for a master’s degree program in cybersecurity, and, if accepted, attend for free. (Those without an undergraduate base in the sciences can earn an introductory certificate in the field.)

The program, which was spearheaded in 2019, was recently honored with a CSO50 award, given by the CSO news service to recognize outstanding security projects and initiatives.

Among this year’s sponsors were also Trail of Bits and Zellic, both notable for having CSAW alumni as founders. Dan Guido, the CEO and founder of Trail of Bits, earned his bachelor’s degree from NYU Tandon in 2008 and has also served as an adjunct professor and hacker-in-residence; he was involved in CSAW from its earliest inception, back in 2003, and has said: “CSAW played a large part in how I came to love cybersecurity, and I'm glad it still does to so many students.” Jasraj Bedi and Luna Tong, co-founders of Zellic, were the masterminds behind perfect blue, a top-performing international team in CSAW’s flagship Capture-the-Flag event.

A full list of generous sponsors also includes:

• ConEd
• CUBIC Defense
• DTCC
• Google
• HP
• Intel
• MTA
• NORDTECH
• NSF

The Games

Since 2003, when CSAW was launched as a small, local competition by the students of Professor Nasir Memon, co-founder of NYU Tandon’s cybersecurity program, it has expanded exponentially. Now involving not just New York City but sites in Europe, India, Mexico, and the Middle East-North Africa region, the event features an array of challenges that have kept pace with advancing technologies such as additive manufacturing, machine learning, and cloud-based AI.

The hotly contested games included:

• The AI Hardware Attack Challenge, which called upon participants to use generative AI to insert a hardware vulnerability, such as a trojan or backdoor, into an open-source digital design of their choice – with points awarded for subtle yet powerful exploits, such as those that allow system compromise from userspace.

  Winning teams: ParkerLink (third place), SystemsGenesis (second place), SEAL (first place)

• The Applied Research Competition, for published papers with practical application.

  Winner in the category of Most Notable Paper – Social Impact “Privacy Requirements and Realities of Digital Public Goods” (presented by Geetika Gopi of Carnegie Mellon)

  Winner in the category of Most Notable Paper – Technical Impact “Passive SSH Key Compromise vis Lattices” (presented by Kaiwen He of UCSD)

• BioHack 3D, which involved brainstorming ingenious attacks on biochips, cunningly designed to slip past post-manufacturing security checks unnoticed.

  Winning teams: University of Wollongong in Dubai (UAE competition) and National Institute of Technology (India competition)

• One of the oldest and largest Capture the Flag events in the world, routinely drawing well over 1,000 teams in its initial rounds.

  Winning teams: OreSec (third place), SigPwny (second place), Yellow Hackets (first place)

• The Embedded Security Challenge, first run in 2008 and the oldest hardware security competition in the world, with this year’s edition focusing on side channel attacks on critical cyber-physical systems.

  Winning teams: Squid Proxy Lovers (third place), PBR (second place), Shellphish (first place)

• Hack 3D, aimed at students interested in the security of additive manufacturing systems.

  Winning teams: Augmented Realm (third place), Tesseract (second place), Greeks for Geeks (first place)

• Hack My Robot, organized by the S.M.A.R.T. Construction Research Group with support and collaboration from the Center for Cybersecurity (CCS) at NYUAD and the Center for AI and Robotics (CAIR) at NYUAD.

• The LLM Attack Challenge, which recognized the burgeoning popularity of large language models (LLM) and their ability to pinpoint the vulnerabilities in software and generate code to attack it.

  Winning team: EGGG

• Logic Locking, which tested students’ facility with a revolutionary technique for protecting the intellectual property of integrated circuits from myriad security threats.

• Cyber Policy

  Winners: Eric Somogyi (third place), William Allen (second place), Kaleigh Kornfeld (first place)

Another Career Influenced by CSAW

Mo Satt keeps very busy as CSAW approaches. One of the planners of the Applied Research Competition, he helps sift through hundreds of papers written by Ph.D. students from around the country, in order to winnow the field down to 15 contenders. Those authors then come to Brooklyn to present their work to a panel of judges, who examine the originality of the research and its potential social impact.

That’s in addition to his own Ph.D. studies: Satt studies under Professor Danny Huang, who heads Tandon’s mLab, which is devoted to mitigating real-world security and privacy threats in healthcare and consumer technologies.

Before deciding to return for his doctoral degree, Satt had earned a master’s degree in cybersecurity from Tandon in 2020, thanks to the Bridge program, which was developed to build foundational skills in those without an engineering background.

While listing his academic progress might make him appear to be following a conventional path, but Satt’s has been anything but. He has embarked on his graduate studies while holding down full-time government positions of great responsibility, including serving as Chief Information Security Officer of the New York City Fire Department from 2018 to 2020 and of the New York City Department of Sanitation from 2020 on. And that’s not to mention his work as a Tandon adjunct, teaching topics like network security to hundreds of students each semester.

Like Dan Guido, he credits his involvement in CSAW with helping him forge a rewarding cybersecurity career. “I’ve been lucky enough to have been involved in many capacities over the years, from competitor to volunteer to judge,” he says. “I love interacting with the broader cybersecurity community, meeting students, doing research, and contributing to a very important field.”

A Gathering of Stakeholders

NYU Tandon is part of the Northeast Regional Defense Technology Hub (NORDTECH), a group launched in response to the U.S. Department of Defense’s call for a Microelectronics Commons Hub that would include semiconductor manufacturing companies, universities, and industry leaders in semiconductor device design, fabrication, and production.

Alongside the CSAW event, Professor Davood Shahrjerdi, the director of NanoFab, Tandon’s cleanroom, convened a large gathering of Nanofab managers at the Mid-Atlantic region to discuss important issues related to chip manufacturing, fab safety, and workforce development. (The semiconductor industry requires increasing numbers of skilled workers, and workforce development is an important component of the CHIPS and Science Act.)

Since the ribbon was cut on Tandon’s NanoFab cleanroom last year, the School has positioned itself as a regional leader in nanofabrication. The event drew dozens of attendees from top institutions such as the University of Pennsylvania and Carnegie Mellon, and the discussions ranged from how best to train the technicians needed to effectively run a cleanroom to how regional nanofab facilities can share workforce resources.