Microsoft Awards More Than $250,000 for Security Defense Innovations
July 26, 2012
Top BlueHat Prize winner takes home $200,000 for kBouncer, an exploit mitigation technology that helps defend against prominent cyberattack technique.

LAS VEGAS — July 26, 2012 — Microsoft Corp.’s Trustworthy Computing Group named Vasilis Pappas the winner of the company’s first-ever BlueHat Prize contest, a competition that awards the development of new, innovative computer security defense technologies. The company presented Pappas, currently a Ph.D. student at Columbia University in New York, with $200,000 at the Microsoft Researcher Appreciation Party.

“A year ago we posed a challenge to the researcher community and asked them to shift their focus from solely identifying and reporting individual vulnerabilities to investing in new lines of defensive research that could mitigate entire classes of attacks,” said Mike Reavey, senior director, Microsoft Security Response Center. “It’s with great pleasure that we congratulate the winner of our inaugural BlueHat Prize contest, Vasilis, for his submission of a novel defensive technology that advances the challenging issue of exploit mitigation of some of the most popular attack techniques we’re seeing today.”

kBouncer, the winning entry among 20 submissions, detects abnormal control transfers using the Last Branch Recording feature of Intel processors to mitigate Return Oriented Programming (ROP). ROP is an advanced technique that attackers use to combine short pieces of benign code, already present in a system, for a malicious purpose. By using supported hardware features, kBouncer can be implemented with lower cost to performance and development time. All three BlueHat Prize finalists designed technologies to mitigate attacks that leverage ROP, underscoring how prominent the exploitation technique is today. Microsoft awarded first runner-up, Ivan Fratric, $50,000 for his submission, called ROPGuard, and a surprise $10,000 cash reward was given to the second runner-up, Jared DeMott, for /ROP. In addition to the monetary prizes, the company gave all three winners subscriptions to the Microsoft Developer Network valued at $10,000 each.

“The Blue Hat prize is more than a competition; it’s the future of security defense, where the community comes together to collectively take on some of the toughest problems we face and make the computing ecosystem safer,” said Matt Thomlinson, general manager, Trustworthy Computing Group, Microsoft. “The result is that in under a year, we went from challenge to creation to integration of some of the BlueHat Prize finalists’ technologies into the Enhanced Mitigation Experience Toolkit 3.5 Technology Preview, to protect against known and unknown threats. We’ll continue to evaluate additional integration as appropriate.”

The BlueHat Prize competition was designed to challenge the security community to look beyond the norm of problems, such as vulnerabilities, and instead focus on developing innovative solutions to pressing security challenges. Microsoft accepted entries from Aug. 3, 2011, until April 1, 2012, and then a panel of Microsoft security engineers judged the submissions based on the following criteria: practicality and functionality (30 percent); robustness — how easy it would be to bypass the proposed solution (30 percent); and impact (40 percent). The official BlueHat Prize competition rules and guidelines are available at http://www.BlueHatPrize.com.

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

Note to editors: For more information, news and perspectives from Microsoft, please visit the Microsoft News Center at http://www.microsoft.com/news. Web links, telephone numbers and titles were correct at time of publication, but may have changed. For additional assistance, journalists and analysts may contact Microsoft’s Rapid Response Team or other appropriate contacts listed at http://www.microsoft.com/news/contactpr.mspx.

Read More: