On 19 May, during a special session, part of the FUSION 2022 event, “TRRespass: Exploiting the Many Sides of Target Row Refresh” was proclaimed the best Dutch cybersecurity research paper of 2021 and the prize was handed over to professor Herbert Bos from the VUsec research group in Amsterdam.
The prize was awarded for the seventh time. The Dutch Cyber Security best Research Paper (DCSRP) Award was first introduced at ICT.OPEN 2015 to reward the best recent Dutch scientific cybersecurity research paper. In 2021 the Academic Cyber Security Society (ACCSS) together with the Special Interest Group Cyber Security took over the organization of this yearly contest from the former dcypher.
Originally the session would have been held in November 2021, but COVID-19 made a postponement necessary. Unfortunately, COVID-19 still played a role in the postponed event: Paper presenter Herbert Bos filled in for PhD student Emanuele Vannacci, who was tested positive for corona.
Before announcing the winning paper three research papers were presented. An international jury of well-respected cybersecurity scientists selected a Top Three and a winner out of nine paper nominations. The DCSRP 2021 jury members were: Prof. dr. Sascha Fahl, Prof. dr. Patrick Schaumont and Dr. Magnus Almgren. The Jury used three criteria for their assessment: (i) Quality and quantity of paper contributions; (ii) Real world impact; and (iii) Quality of the publication venue. The research paper Top Three for the DCSRP Award 2021, contains:
- “A Highly Accurate Query-Recovery Attack against Searchable Encryption using Non-Indexed Documents”
presented by Marc Damie on behalf of the author team consisting of Marc Damie, Florian Hahn, and Andreas Peter;
- “Blind Side: Speculative Probing: Hacking Blind in the Spectre Era”
presented by Enes Goktas on behalf of the author team consisting of Enes Goktas, Kaveh Razavi, Georgios Portokalidis, Herbert Bos, and Cristiano Giuffrida;
- “TRRespass: Exploiting the Many Sides of Target Row Refresh”
presented by Herbert Bos on behalf of the author team consisting of Pietro Frigo, Emanuele Vannacci, Hasan Hassan, Victor van der Veen, Onur Mutlu, Cristiano Giuffrida, Herbert Bos, and Kaveh Razavi.
To summarize the Jury Report:
- The Query-Recovery Attack paper is an excellent example of rigorous foundational research, and it achieves a real impact with real-world deployments. The authors have also put great effort into transparency and reproducibility of their research, which is very important for the community.
- The BlindSide paper provides an important generalization of the speculative attacks, bringing together many findings from the Spectre era and demonstrating new kinds of attacks. The authors have also made a very substantial effort to make the paper accessible to a wider audience, including students, by creating educational videos and artifacts.
- The TRRespass paper shows that RowHammer attacks still have not been satisfactorily addressed in practice. It also demonstrates the important role of security researchers today, who keep the industry claims in check. The paper sends the strong message that to achieve better security industry should be open to the research community.
The three presenters received a Certificate of Nomination, signed by the Jury members, from the session chairs Dr. Olga Gadyatskaya and Dr. Francesco Regazzoni. The presenter of the winning paper was awarded a Certificate of Excellence. In addition, the winner received a € 1,000,- bonus check sponsored by Compumatica Tesorion and KPN Security.
We are already thinking about the next edition of this great paper competition!