native_client_sdk/src/doc/community/security-contest/index.rst - platform/external/chromium_org - Gitiles

 .. _contest_archive:

 ########################
 Security Contest Archive
 ########################

 .. contents::
   :local:
   :backlinks: none
   :depth: 2

 The Native Client team at Google has gone to exceptional measures to
 make Native Client a secure system, including holding a public
 security contest. This page archives information from that contest,
 including the list of contest winners and the lineup of security
 experts who served as judges.

 Although the security contest has ended, the Native Client team
 welcomes your continued involvement in the project. You can help by
 submitting bugs and participating in the Native Client discussion
 group.

 Contest overview
 ================

 The Native Client team held a contest in 2009 to test the security of
 Native Client and help make the system more secure. Participants were
 invited to discover security bugs in Native Client technology in order
 to compete for cash prizes.

 Here was the challenge put forth by the Native Client team:

   Do you think it is impossible to safely run untrusted x86 code on
   the web? Do you want a chance to impress a panel of some of the top
   security experts in the world? Then submit an exploit to the Native
   Client Security contest and you could also win cash prizes, not to
   mention bragging rights.

 The contest judges evaluated exploits designed to defeat Native Client
 security measures based on severity, scope, reliability, and
 style. The winning teams and entries are listed below.

 .. _contest_winners:

 Contest winners
 ===============

 The Native Client team thanks everyone who participated in the contest
 for their contributions to improving the quality and security of the
 Native Client system. The judges reviewed the submitted exploits and
 identified the following teams as winners:

 .. list-table::

    * - .. image:: /images/medal-64_1st.png
           :alt: First place medal

      - **Team**: Beached As

        **Members**: Mark Dowd, Ben Hawkes

        **Submitted issues**: 50, 51, 52, 53, 55, 56, 57, 58, 59, 60, 62, 63

        Mark Dowd and Ben Hawkes are application security specialists
        hailing from Australia and New Zealand, respectively. Mark
        works for IBM ISS X-Force R&D, whereas Ben currently performs
        independent research while simultaneously pursuing a
        mathematics and computing science degree. Both have uncovered
        major security flaws in ubiquitous Internet software, in terms
        of both exploitable bugs and weaknesses in system protection
        mechanisms. Both have spoken at numerous security conferences
        in recent years, including BlackHat, Ruxcon, KiwiCon, and
        Cansec West.

    * - .. image:: /images/medal-64_2nd.png
           :alt: Second place medal

      - **Team**: CJETM

        **Members**: Jason Carpenter, Eric Monti, Chris Rohlf

        **Submitted issues**: 42, 44, 49, 70

        Team CJETM is comprised of security vulnerability researchers
        Chris Rohlf, Jason Carpenter and Eric Monti. All three have
        abused software professionally for a long time.

    * - .. image:: /images/medal-64_3rd.png
           :alt: Third place medal

      - **Team**: 0xdead

        **Members**: Gabriel Campana

        **Submitted issues**: 45

        Gabriel Campana is a security researcher working at Sogeti ESEC
        R&D labs. His research interests are mainly focused on
        vulnerability research, exploitation methods, and Linux kernel
        security. Lately he has been working on automated vulnerability
        research, especially fuzzing. In his spare time, he plays with
        embedded network devices.

    * - .. image:: /images/medal-64_4th.png
           :alt: Fourth place medal

        (tie)

      - **Team**: teamfkmr

        **Members**: Daiki Fukumori

        **Submitted issues**: 66, 67

        Daiki Fukumori is a web security researcher. He has given talks
        at POC Korea and AVTokyo on Web 2.0 Hacking, and he introduced
        Native Client security at Shibuya.pm. He currently has an
        interest in cloud security.

    * - .. image:: /images/medal-64_4th.png
           :alt: Fourth place medal

        (tie)

      - **Team**: Alex Rad

        **Members**: Alex Radocea

        **Submitted issues**: 81

        Alex Radocea is a 20-year old student at Rensselaer Polytechnic
        Institute. In the realm of computer security he is really
        excited about proactively designed technology which can help
        wipe out entire bug classes. Currently he is helping improve
        Native Client through Google Summer of Code.

 .. _contest_judges:

 Panel of judges
 ===============

 Google recruited the following group of distinguished security experts
 to serve as judges for the Native Client security contest:

 Chair
 -----

 +----------------------------------------+
 | Edward Felten                          |
 +----------------------------------------+
 | Princeton University                   |
 +----------------------------------------+
 | http://www.cs.princeton.edu/~felten/   |
 +----------------------------------------+

 Judges
 ------

 .. list-table::

    * - Alex Halderman
      - Niels Provos
      - Bennet Yee

    * - University of Michigan
      - Google
      - Google

    * - http://www.cse.umich.edu/~jhalderm/
      - http://www.citi.umich.edu/u/provos/
      - http://www.bennetyee.org/

    * - Brad Karp
      - Stefan Savage
      - Nickolai Zeldovich

    * - University of College London
      - University of California San Diego
      - MIT

    * - http://www.cs.ucl.ac.uk/staff/B.Karp/
      - http://www.cs.ucsd.edu/~savage
      - http://people.csail.mit.edu/nickolai/

    * - Greg Morrisett
      - Dan Wallach
      - .. raw:: html

           &nbsp;

    * - Harvard University
      - Rice University
      - .. raw:: html

           &nbsp;

    * - http://www.eecs.harvard.edu/~greg/
      - http://www.cs.rice.edu/~dwallach/
      - .. raw:: html

           &nbsp;


 Additional information
 ======================

 For additional information about the Native Client security contest,
 see the archived
 :doc:`Contest Announcement <contest-announcement>`,
 :doc:`FAQ <contest-faq>` and
 :doc:`Terms & Conditions <contest-terms>`.

 If you'd like to get involved with Native Client, you can:

 * Use the
   `Native Client SDK <https://developers.google.com/native-client/sdk>`_
   to build Native Client web applications.
 * Submit `bugs <http://code.google.com/p/nativeclient/issues/list>`_
   and participate in the Native Client
   `discussion group <http://groups.google.com/group/native-client-discuss>`_.
 * Contribute to the
   `Native Client open-source project <http://code.google.com/p/nativeclient/>`_.
	.. _contest_archive:

	########################
	Security Contest Archive
	########################

	.. contents::
	:local:
	:backlinks: none
	:depth: 2

	The Native Client team at Google has gone to exceptional measures to
	make Native Client a secure system, including holding a public
	security contest. This page archives information from that contest,
	including the list of contest winners and the lineup of security
	experts who served as judges.

	Although the security contest has ended, the Native Client team
	welcomes your continued involvement in the project. You can help by
	submitting bugs and participating in the Native Client discussion
	group.

	Contest overview
	================

	The Native Client team held a contest in 2009 to test the security of
	Native Client and help make the system more secure. Participants were
	invited to discover security bugs in Native Client technology in order
	to compete for cash prizes.

	Here was the challenge put forth by the Native Client team:

	Do you think it is impossible to safely run untrusted x86 code on
	the web? Do you want a chance to impress a panel of some of the top
	security experts in the world? Then submit an exploit to the Native
	Client Security contest and you could also win cash prizes, not to
	mention bragging rights.

	The contest judges evaluated exploits designed to defeat Native Client
	security measures based on severity, scope, reliability, and
	style. The winning teams and entries are listed below.

	.. _contest_winners:

	Contest winners
	===============

	The Native Client team thanks everyone who participated in the contest
	for their contributions to improving the quality and security of the
	Native Client system. The judges reviewed the submitted exploits and
	identified the following teams as winners:

	.. list-table::

	* - .. image:: /images/medal-64_1st.png
	:alt: First place medal

	- Team: Beached As

	Members: Mark Dowd, Ben Hawkes

	Submitted issues: 50, 51, 52, 53, 55, 56, 57, 58, 59, 60, 62, 63

	Mark Dowd and Ben Hawkes are application security specialists
	hailing from Australia and New Zealand, respectively. Mark
	works for IBM ISS X-Force R&D, whereas Ben currently performs
	independent research while simultaneously pursuing a
	mathematics and computing science degree. Both have uncovered
	major security flaws in ubiquitous Internet software, in terms
	of both exploitable bugs and weaknesses in system protection
	mechanisms. Both have spoken at numerous security conferences
	in recent years, including BlackHat, Ruxcon, KiwiCon, and
	Cansec West.

	* - .. image:: /images/medal-64_2nd.png
	:alt: Second place medal

	- Team: CJETM

	Members: Jason Carpenter, Eric Monti, Chris Rohlf

	Submitted issues: 42, 44, 49, 70

	Team CJETM is comprised of security vulnerability researchers
	Chris Rohlf, Jason Carpenter and Eric Monti. All three have
	abused software professionally for a long time.

	* - .. image:: /images/medal-64_3rd.png
	:alt: Third place medal

	- Team: 0xdead

	Members: Gabriel Campana

	Submitted issues: 45

	Gabriel Campana is a security researcher working at Sogeti ESEC
	R&D labs. His research interests are mainly focused on
	vulnerability research, exploitation methods, and Linux kernel
	security. Lately he has been working on automated vulnerability
	research, especially fuzzing. In his spare time, he plays with
	embedded network devices.

	* - .. image:: /images/medal-64_4th.png
	:alt: Fourth place medal

	(tie)

	- Team: teamfkmr

	Members: Daiki Fukumori

	Submitted issues: 66, 67

	Daiki Fukumori is a web security researcher. He has given talks
	at POC Korea and AVTokyo on Web 2.0 Hacking, and he introduced
	Native Client security at Shibuya.pm. He currently has an
	interest in cloud security.

	* - .. image:: /images/medal-64_4th.png
	:alt: Fourth place medal

	(tie)

	- Team: Alex Rad

	Members: Alex Radocea

	Submitted issues: 81

	Alex Radocea is a 20-year old student at Rensselaer Polytechnic
	Institute. In the realm of computer security he is really
	excited about proactively designed technology which can help
	wipe out entire bug classes. Currently he is helping improve
	Native Client through Google Summer of Code.

	.. _contest_judges:

	Panel of judges
	===============

	Google recruited the following group of distinguished security experts
	to serve as judges for the Native Client security contest:

	Chair
	-----

	+----------------------------------------+
	\| Edward Felten \|
	+----------------------------------------+
	\| Princeton University \|
	+----------------------------------------+
	\| http://www.cs.princeton.edu/~felten/ \|
	+----------------------------------------+

	Judges
	------

	.. list-table::

	* - Alex Halderman
	- Niels Provos
	- Bennet Yee

	* - University of Michigan
	- Google
	- Google

	* - http://www.cse.umich.edu/~jhalderm/
	- http://www.citi.umich.edu/u/provos/
	- http://www.bennetyee.org/

	* - Brad Karp
	- Stefan Savage
	- Nickolai Zeldovich

	* - University of College London
	- University of California San Diego
	- MIT

	* - http://www.cs.ucl.ac.uk/staff/B.Karp/
	- http://www.cs.ucsd.edu/~savage
	- http://people.csail.mit.edu/nickolai/

	* - Greg Morrisett
	- Dan Wallach
	- .. raw:: html



	* - Harvard University
	- Rice University
	- .. raw:: html



	* - http://www.eecs.harvard.edu/~greg/
	- http://www.cs.rice.edu/~dwallach/
	- .. raw:: html




	Additional information
	======================

	For additional information about the Native Client security contest,
	see the archived
	:doc:`Contest Announcement <contest-announcement>`,
	:doc:`FAQ <contest-faq>` and
	:doc:`Terms & Conditions <contest-terms>`.

	If you'd like to get involved with Native Client, you can:

	* Use the
	`Native Client SDK <https://developers.google.com/native-client/sdk>`_
	to build Native Client web applications.
	* Submit `bugs <http://code.google.com/p/nativeclient/issues/list>`_
	and participate in the Native Client
	`discussion group <http://groups.google.com/group/native-client-discuss>`_.
	* Contribute to the
	`Native Client open-source project <http://code.google.com/p/nativeclient/>`_.