1.. _contest_archive:
2
3.. include:: /migration/deprecation.inc
4
5########################
6Security Contest Archive
7########################
8
9.. contents::
10  :local:
11  :backlinks: none
12  :depth: 2
13
14The Native Client team at Google has gone to exceptional measures to
15make Native Client a secure system, including holding a public
16security contest. This page archives information from that contest,
17including the list of contest winners and the lineup of security
18experts who served as judges.
19
20Although the security contest has ended, the Native Client team
21welcomes your continued involvement in the project. You can help by
22submitting bugs and participating in the Native Client discussion
23group.
24
25Contest overview
26================
27
28The Native Client team held a contest in 2009 to test the security of
29Native Client and help make the system more secure. Participants were
30invited to discover security bugs in Native Client technology in order
31to compete for cash prizes.
32
33Here was the challenge put forth by the Native Client team:
34
35  Do you think it is impossible to safely run untrusted x86 code on
36  the web? Do you want a chance to impress a panel of some of the top
37  security experts in the world? Then submit an exploit to the Native
38  Client Security contest and you could also win cash prizes, not to
39  mention bragging rights.
40
41The contest judges evaluated exploits designed to defeat Native Client
42security measures based on severity, scope, reliability, and
43style. The winning teams and entries are listed below.
44
45.. _contest_winners:
46
47Contest winners
48===============
49
50The Native Client team thanks everyone who participated in the contest
51for their contributions to improving the quality and security of the
52Native Client system. The judges reviewed the submitted exploits and
53identified the following teams as winners:
54
55.. list-table::
56
57   * - .. image:: /images/medal-64_1st.png
58          :alt: First place medal
59
60     - **Team**: Beached As
61
62       **Members**: Mark Dowd, Ben Hawkes
63
64       **Submitted issues**: 50, 51, 52, 53, 55, 56, 57, 58, 59, 60, 62, 63
65
66       Mark Dowd and Ben Hawkes are application security specialists
67       hailing from Australia and New Zealand, respectively. Mark
68       works for IBM ISS X-Force R&D, whereas Ben currently performs
69       independent research while simultaneously pursuing a
70       mathematics and computing science degree. Both have uncovered
71       major security flaws in ubiquitous Internet software, in terms
72       of both exploitable bugs and weaknesses in system protection
73       mechanisms. Both have spoken at numerous security conferences
74       in recent years, including BlackHat, Ruxcon, KiwiCon, and
75       Cansec West.
76
77   * - .. image:: /images/medal-64_2nd.png
78          :alt: Second place medal
79
80     - **Team**: CJETM
81
82       **Members**: Jason Carpenter, Eric Monti, Chris Rohlf
83
84       **Submitted issues**: 42, 44, 49, 70
85
86       Team CJETM is comprised of security vulnerability researchers
87       Chris Rohlf, Jason Carpenter and Eric Monti. All three have
88       abused software professionally for a long time.
89
90   * - .. image:: /images/medal-64_3rd.png
91          :alt: Third place medal
92
93     - **Team**: 0xdead
94
95       **Members**: Gabriel Campana
96
97       **Submitted issues**: 45
98
99       Gabriel Campana is a security researcher working at Sogeti ESEC
100       R&D labs. His research interests are mainly focused on
101       vulnerability research, exploitation methods, and Linux kernel
102       security. Lately he has been working on automated vulnerability
103       research, especially fuzzing. In his spare time, he plays with
104       embedded network devices.
105
106   * - .. image:: /images/medal-64_4th.png
107          :alt: Fourth place medal
108
109       (tie)
110
111     - **Team**: teamfkmr
112
113       **Members**: Daiki Fukumori
114
115       **Submitted issues**: 66, 67
116
117       Daiki Fukumori is a web security researcher. He has given talks
118       at POC Korea and AVTokyo on Web 2.0 Hacking, and he introduced
119       Native Client security at Shibuya.pm. He currently has an
120       interest in cloud security.
121
122   * - .. image:: /images/medal-64_4th.png
123          :alt: Fourth place medal
124
125       (tie)
126
127     - **Team**: Alex Rad
128
129       **Members**: Alex Radocea
130
131       **Submitted issues**: 81
132
133       Alex Radocea is a 20-year old student at Rensselaer Polytechnic
134       Institute. In the realm of computer security he is really
135       excited about proactively designed technology which can help
136       wipe out entire bug classes. Currently he is helping improve
137       Native Client through Google Summer of Code.
138
139.. _contest_judges:
140
141Panel of judges
142===============
143
144Google recruited the following group of distinguished security experts
145to serve as judges for the Native Client security contest:
146
147Chair
148-----
149
150+----------------------------------------+
151| Edward Felten                          |
152+----------------------------------------+
153| Princeton University                   |
154+----------------------------------------+
155| http://www.cs.princeton.edu/~felten/   |
156+----------------------------------------+
157
158Judges
159------
160
161.. list-table::
162
163   * - Alex Halderman
164     - Niels Provos
165     - Bennet Yee
166
167   * - University of Michigan
168     - Google
169     - Google
170
171   * - http://www.cse.umich.edu/~jhalderm/
172     - http://www.citi.umich.edu/u/provos/
173     - http://www.bennetyee.org/
174
175   * - Brad Karp
176     - Stefan Savage
177     - Nickolai Zeldovich
178
179   * - University of College London
180     - University of California San Diego
181     - MIT
182
183   * - http://www.cs.ucl.ac.uk/staff/B.Karp/
184     - http://www.cs.ucsd.edu/~savage
185     - http://people.csail.mit.edu/nickolai/
186
187   * - Greg Morrisett
188     - Dan Wallach
189     - .. raw:: html
190
191           
192
193   * - Harvard University
194     - Rice University
195     - .. raw:: html
196
197           
198
199   * - http://www.eecs.harvard.edu/~greg/
200     - http://www.cs.rice.edu/~dwallach/
201     - .. raw:: html
202
203           
204
205
206Additional information
207======================
208
209For additional information about the Native Client security contest,
210see the archived
211:doc:`Contest Announcement <contest-announcement>`,
212:doc:`FAQ <contest-faq>` and
213:doc:`Terms & Conditions <contest-terms>`.
214
215If you'd like to get involved with Native Client, you can:
216
217* Use the `Native Client SDK </native-client/sdk/download>`_ to build Native
218  Client web applications.
219* Submit `bugs <http://code.google.com/p/nativeclient/issues/list>`_
220  and participate in the Native Client
221  `discussion group <http://groups.google.com/group/native-client-discuss>`_.
222* Contribute to the
223  `Native Client open-source project <http://code.google.com/p/nativeclient/>`_.
224