Microsoft Corp.’s Trustworthy Computing Group named Vasilis Pappas the winner of the company’s first-ever BlueHat Prize contest, a competition that awards the development of new, innovative computer security defense technologies. The company presented Pappas, currently a Ph.D. student at Columbia University in New York, with $200,000 at the Microsoft Researcher Appreciation Party.
kBouncer, the winning entry among 20 submissions, detects abnormal control transfers using the Last Branch Recording feature of Intel processors to mitigate Return Oriented Programming (ROP). ROP is an advanced technique that attackers use to combine short pieces of benign code, already present in a system, for a malicious purpose. By using supported hardware features, kBouncer can be implemented with lower cost to performance and development time.
All three BlueHat Prize finalists designed technologies to mitigate attacks that leverage ROP, underscoring how prominent the exploitation technique is today. Microsoft awarded first runner-up, Ivan Fratric, $50,000 for his submission, called ROPGuard, and a surprise $10,000 cash reward was given to the second runner-up, Jared DeMott, for /ROP. In addition to the monetary prizes, the company gave all three winners subscriptions to the Microsoft Developer Network valued at $10,000 each.