Microsoft Announces BlueHat Prize Contest Winners

On Thursday, Microsoft announced that Vasilis Pappas was designated as the winner in its BlueHat Prize contest, which was aimed at awarding the development of new, innovative computer security defense technologies.

Pappas, who is at the moment a Ph.D. student at Columbia University in New York, received a $200,000 prize from Microsoft at the Researcher Appreciation Party.

The winning entry, kBouncer, was designed to detect abnormal control transfers using the Last Branch Recording feature of Intel processors to offer Return Oriented Programming (ROP) exploit mitigation.

ROP is a technique that attackers often use to combine short pieces of benign code that were already present on the target system for malicious purposes. kBouncer takes advantage of supported hardware features and can be implemented at low costs.

There were three BlueHat Prize finalists, all of which designed technologies to mitigate attacks that leverage ROP, Microsoft explains.

One of the solutions, coming from Ivan Fratric, was even integrated into Microsoft’s latest EMET release, made available for download earlier this week.

Called ROPGuard, the exploit mitigation brought Ivan Fratric a prize of $50,000. The second runner-up, Jared DeMott, received $10,000 in cash for its own submission, /ROP. All three received subscriptions to the Microsoft Developer Network valued at $10,000 each.

“A year ago we posed a challenge to the researcher community and asked them to shift their focus from solely identifying and reporting individual vulnerabilities to investing in new lines of defensive research that could mitigate entire classes of attacks,” said Mike Reavey, senior director, Microsoft Security Response Center.

“It’s with great pleasure that we congratulate the winner of our inaugural BlueHat Prize contest, Vasilis, for his submission of a novel defensive technology that advances the challenging issue of exploit mitigation of some of the most popular attack techniques we’re seeing today.”

According to Microsoft, the BlueHat Prize competition was aimed at challenging the security community to go beyond the norm of problems, so as to be able to focus on the designing of new solutions that would resolve pressing security challenges.

“The Blue Hat prize is more than a competition; it’s the future of security defense, where the community comes together to collectively take on some of the toughest problems we face and make the computing ecosystem safer,” said Matt Thomlinson, general manager, Trustworthy Computing Group, Microsoft.

“The result is that in under a year, we went from challenge to creation to integration of some of the BlueHat Prize finalists’ technologies into the Enhanced Mitigation Experience Toolkit 3.5 Technology Preview, to protect against known and unknown threats. We’ll continue to evaluate additional integration as appropriate.”