University Teams Win Berths at Prestigious Applied Research and Policy Competitions At NYU Cyber Security Awareness Week

Top university students in cybersecurity research and policy scholarship will present their papers at New York University Tandon School of Engineering’s Cyber Security Awareness Week (CSAW), the largest student-run cybersecurity competition in the world, November 10-12, 2016.

The Applied Research Competition is a prestigious contest for graduate and doctoral level security researchers who have published papers in the past year. The Policy Competition, in its third year, challenges students to propose public policy solutions to real-world computer security challenges. The CSAW Policy Competition is organized by the NYU Center for Cybersecurity.

As CSAW expands this year to include on-site competition hubs in the United Arab Emirates and the Indian Institute of Technology, Kanpur, finalists in the Applied Research Competition — one of six CSAW contests — will compete at NYU Tandon in Brooklyn and at NYU Abu Dhabi.

Ten papers on the application of security technology, the implementation of security systems, or lessons learned made the final round in the United States.

CSAW Applied Research finalists, listed with the student author presenting the work at CSAW, followed by other contributing authors are

Acing the IOC Game: Toward Automatic Discovery and Analysis of Open-Source Cyber Threat Intelligence
Student Presenter: Kan Yuan (Indiana University, Bloomington)
Xiaojing Liao (Georgia Institute of Technology), Xiaofeng Wang and Luyi Xing (Indiana University, Bloomington), Zhou Li (ACM member), and Raheem Beyah (Georgia Institute of Technology)

TrackMeOrNot: Enabling Flexible Control on Web Tracking
Student Presenter: Wei Meng (Georgia Institute of Technology)
Byoungyoung Lee and Wenke Lee (Georgia Institute of Technology), Xinyu Xing (Pennsylvania State University)

Measuring and Mitigating AS-level Adversaries Against Tor
Student Presenter: Oleksii Starov (Stony Brook University)
Risah Nithyanand (Stony Brook University), Adva Zair and Michael Schapira (Hebrew University Jerusalem), and Phillipa Gill (University of Massachusetts)

Trusted Browsers for Uncertain Times
Student Presenter: David Kohlbrenner (University of California San Diego)
Hovav Shacham (University of California San Diego)

Towards SDN-Defined Programmable BYOD (Bring Your Own Device) Security
Student Presenter: Sungmin Hong (Texas A&M University)
Robert Baykov, Lei Xu, Srinath Nadimpalli, and Guofei Gu (Texas A&M University)

Hidden Voice Commands
Student Presenter: Tavish Vaidya (Georgetown University)
Nicholas Carlini, Pratyush Mishra, and David Wagner (University of California, Berkeley), Yuankai Zhang, Micah Sherr, Clay Shields, and Wenchao Zhou (Georgetown University)

One Bit Flips, One Cloud Flops: Cross-VM Row Hammer Attacks and Privilege Escalation
Student Presenter: Yuan Xiao (The Ohio State University)
Xiaokuan Zhang, Yinqian Zhang, and Radu Teodorescu (The Ohio State University)

APISan: Sanitizing API Usages through Semantic Cross-Checking
Student Presenter: Insu Yun (Georgia Institute of Technology)
Yeongjin Jang, Taesoo Kim, and Changwoo Min (Georgia Institute of Technology), Xujie Si and Mayur Naik (University of Pennsylvania)

A Principled Approach for ROP Defense
Student Presenter: Rui Qiao (Stony Brook University)
R Sekar (Stony Brook University), Mingwei Zhang (Intel Labs)

SPIFFY: Inducing Cost-Detectability Tradeoffs for Persistent Link-Flooding Attacks
Student presenter: Min Suk Kang (Carnegie Mellon University)
Virgil D. Gligor and Vyas Sekar (Carnegie Mellon University)

“We chose research finalists based on innovative ideas that top industry security researchers thought might someday transform our approach to securing their systems,” said Damon McCoy, assistant professor in the Department of Computer Science and Engineering at NYU Tandon School of Engineering, and CSAW Applied Research Competition faculty mentor.

The five CSAW Policy Competition finalists are

George Mason University School of Law and George Washington University School of Law
Expanding FTC Authority to Seek Consumer Redress for Intangible Privacy Harms
Katie Morehead, Austin Mooney, and Julian Flamant

The Pennsylvania State University
Incentivizing the Free Market Protection of Consumer Information
Nicholas Pisciotta

University of Illinois College of Law
Correcting Market Failure Through the Expansion of Federal Trade Commission Authority
Magdala Boyer, Michael Burdi, Matthew Chang, Kathleen Kramer, Matthew Loar, Mark Nagel, and Bradley Williams

University of Illinois Urbana-Champaign
Improving Enterprise Security via a Secure Software Toolkit
Matthew Dyas, Ankur Sundara, Arianna Osar, Shao Yie Soh, Arshia Malkani, Eric Hennenfent, John Paul Smith, and Malachi Loviska

United States Naval Academy
Standardization, Certification, and Enforcement: Leveraging Market Effects to Incentivize Data Protection on a National Scale
Dennis Devey and Sydney Frankenberg

This year, students learned how market failures can lead to consumer data breaches, and responded with a government policy proposal to address these failures.

"The rapidly evolving cybersecurity landscape has raised questions about how much money companies should spend on data security,” said Kevin Kirby, a third-year student at the NYU School of Law and student leader of the CSAW Policy Competition. “We asked our competitors for policy proposals that would ensure that the true costs of data insecurity are allocated appropriately."

The University of Illinois and the United States Naval Academy will return as finalists once again this year after placing among the podium finishers in both 2014 and 2015. All finalists will present a revised and expanded version of their first-round proposal to a panel of experts who will evaluate feasibility, how well the authors understand the issues at play, and the creativity of their ideas.

Sponsors for CSAW 2016 are: Gold Level — Palo Alto Networks, Trend Micro, and U.S. Department of Homeland Security; Silver Level — Bridgewater, Google, IBM, and Kroll; Bronze Level — Bank of America, Facebook, Jefferies, Navy Civilian Careers, NCC Group, Raytheon, Two Sigma; Supporting Level — Bloomberg, Cubic, EY, Intel, National Security Agency, Optiv, The Ruth & Jerome A. Siegel Foundation, Sandia National Laboratories, and U.S. Secret Service; Contributing Level — ACSA, Altera, Carnegie Mellon University and Cigital.

For more information on CSAW, visit Follow @CSAW_NYUTandon.

About the NYU Tandon School of Engineering
The NYU Tandon School of Engineering dates to 1854, when the New York University School of Civil Engineering and Architecture as well as the Brooklyn Collegiate and Polytechnic Institute (widely known as Brooklyn Poly) were founded. Their successor institutions merged in January 2014 to create a comprehensive school of education and research in engineering and applied sciences, rooted in a tradition of invention, and entrepreneurship and dedicated to furthering technology in service to society. In addition to its main location in Brooklyn, NYU Tandon collaborates with other schools within the country’s largest private research university and is closely connected to engineering programs in NYU Abu Dhabi and NYU Shanghai. It operates business incubators in downtown Manhattan and Brooklyn and an award-winning online graduate program. For more information, visit

About the NYU Center for Cyber Security
The NYU Center for Cybersecurity (CCS) is an interdisciplinary research institute dedicated to training the current and future generations of cybersecurity professionals and to shaping the public discourse and policy, legal, and technological landscape on issues of cybersecurity. NYU CCS is collaboration between NYU School of Law, NYU Tandon School of Engineering, and other NYU schools and departments. For more information, visit