Microsoft Corp.’s Trustworthy Computing Group named Vasilis Pappas the winner of the company’s first-ever BlueHat Prize contest, a competition that awards the development of new, innovative computer security defense technologies. The company presented Pappas, currently a Ph.D. student at Columbia University in New York, with $200,000 at the Microsoft Researcher Appreciation Party.
kBouncer, the winning entry among 20 submissions, detects abnormal control transfers using the Last Branch Recording feature of Intel processors to mitigate Return Oriented Programming (ROP). ROP is an advanced technique that attackers use to combine short pieces of benign code, already present in a system, for a malicious purpose. By using supported hardware features, kBouncer can be implemented with lower cost to performance and development time.
All three BlueHat Prize finalists designed technologies to mitigate attacks that leverage ROP, underscoring how prominent the exploitation technique is today. Microsoft awarded first runner-up, Ivan Fratric, $50,000 for his submission, called ROPGuard, and a surprise $10,000 cash reward was given to the second runner-up, Jared DeMott, for /ROP. In addition to the monetary prizes, the company gave all three winners subscriptions to the Microsoft Developer Network valued at $10,000 each.
The BlueHat Prize competition was designed to challenge the security community to look beyond the norm of problems, such as vulnerabilities, and instead focus on developing innovative solutions to pressing security challenges.
Vassilis Pappas completed his bachelor studies at the University of Crete in 2007 and got his MA degree in 2009. “There are definitely more chances for everyone in the US, if you try hard enough, but many of my fellow students from the University of Crete, stayed in Greece and are doing well too. I always liked the idea of living abroad and especially in NY. You have to love what you are doing and you must work hard to reap the fruits of your labor,” noted the Greek PhD student, according to secnews.gr.