| OLD | NEW |
|---|
| (Empty) | |
| 1 {{+bindTo:partials.standard_nacl_article}} |
| 2 |
| 3 <section id="security-contest-archive"> |
| 4 <span id="contest-archive"></span><h1 id="security-contest-archive"><span id="co
ntest-archive"></span>Security Contest Archive</h1> |
| 5 <div class="contents local topic" id="contents"> |
| 6 <ul class="small-gap"> |
| 7 <li><a class="reference internal" href="#contest-overview" id="id2">Contest over
view</a></li> |
| 8 <li><a class="reference internal" href="#contest-winners" id="id3">Contest winne
rs</a></li> |
| 9 <li><p class="first"><a class="reference internal" href="#panel-of-judges" id="i
d4">Panel of judges</a></p> |
| 10 <ul class="small-gap"> |
| 11 <li><a class="reference internal" href="#chair" id="id5">Chair</a></li> |
| 12 <li><a class="reference internal" href="#judges" id="id6">Judges</a></li> |
| 13 </ul> |
| 14 </li> |
| 15 <li><a class="reference internal" href="#additional-information" id="id7">Additi
onal information</a></li> |
| 16 </ul> |
| 17 </div> |
| 18 <p>The Native Client team at Google has gone to exceptional measures to |
| 19 make Native Client a secure system, including holding a public |
| 20 security contest. This page archives information from that contest, |
| 21 including the list of contest winners and the lineup of security |
| 22 experts who served as judges.</p> |
| 23 <p>Although the security contest has ended, the Native Client team |
| 24 welcomes your continued involvement in the project. You can help by |
| 25 submitting bugs and participating in the Native Client discussion |
| 26 group.</p> |
| 27 <section id="contest-overview"> |
| 28 <h2 id="contest-overview">Contest overview</h2> |
| 29 <p>The Native Client team held a contest in 2009 to test the security of |
| 30 Native Client and help make the system more secure. Participants were |
| 31 invited to discover security bugs in Native Client technology in order |
| 32 to compete for cash prizes.</p> |
| 33 <p>Here was the challenge put forth by the Native Client team:</p> |
| 34 <blockquote> |
| 35 <div>Do you think it is impossible to safely run untrusted x86 code on |
| 36 the web? Do you want a chance to impress a panel of some of the top |
| 37 security experts in the world? Then submit an exploit to the Native |
| 38 Client Security contest and you could also win cash prizes, not to |
| 39 mention bragging rights.</div></blockquote> |
| 40 <p>The contest judges evaluated exploits designed to defeat Native Client |
| 41 security measures based on severity, scope, reliability, and |
| 42 style. The winning teams and entries are listed below.</p> |
| 43 </section><section id="contest-winners"> |
| 44 <span id="id1"></span><h2 id="contest-winners"><span id="id1"></span>Contest win
ners</h2> |
| 45 <p>The Native Client team thanks everyone who participated in the contest |
| 46 for their contributions to improving the quality and security of the |
| 47 Native Client system. The judges reviewed the submitted exploits and |
| 48 identified the following teams as winners:</p> |
| 49 <table border="1" class="docutils"> |
| 50 <colgroup> |
| 51 </colgroup> |
| 52 <tbody valign="top"> |
| 53 <tr class="row-odd"><td><img alt="First place medal" class="first last" src="/na
tive-client/images/medal-64_1st.png" /> |
| 54 </td> |
| 55 <td><p class="first"><strong>Team</strong>: Beached As</p> |
| 56 <p><strong>Members</strong>: Mark Dowd, Ben Hawkes</p> |
| 57 <p><strong>Submitted issues</strong>: 50, 51, 52, 53, 55, 56, 57, 58, 59, 60, 62
, 63</p> |
| 58 <p class="last">Mark Dowd and Ben Hawkes are application security specialists |
| 59 hailing from Australia and New Zealand, respectively. Mark |
| 60 works for IBM ISS X-Force R&D, whereas Ben currently performs |
| 61 independent research while simultaneously pursuing a |
| 62 mathematics and computing science degree. Both have uncovered |
| 63 major security flaws in ubiquitous Internet software, in terms |
| 64 of both exploitable bugs and weaknesses in system protection |
| 65 mechanisms. Both have spoken at numerous security conferences |
| 66 in recent years, including BlackHat, Ruxcon, KiwiCon, and |
| 67 Cansec West.</p> |
| 68 </td> |
| 69 </tr> |
| 70 <tr class="row-even"><td><img alt="Second place medal" class="first last" src="/
native-client/images/medal-64_2nd.png" /> |
| 71 </td> |
| 72 <td><p class="first"><strong>Team</strong>: CJETM</p> |
| 73 <p><strong>Members</strong>: Jason Carpenter, Eric Monti, Chris Rohlf</p> |
| 74 <p><strong>Submitted issues</strong>: 42, 44, 49, 70</p> |
| 75 <p class="last">Team CJETM is comprised of security vulnerability researchers |
| 76 Chris Rohlf, Jason Carpenter and Eric Monti. All three have |
| 77 abused software professionally for a long time.</p> |
| 78 </td> |
| 79 </tr> |
| 80 <tr class="row-odd"><td><img alt="Third place medal" class="first last" src="/na
tive-client/images/medal-64_3rd.png" /> |
| 81 </td> |
| 82 <td><p class="first"><strong>Team</strong>: 0xdead</p> |
| 83 <p><strong>Members</strong>: Gabriel Campana</p> |
| 84 <p><strong>Submitted issues</strong>: 45</p> |
| 85 <p class="last">Gabriel Campana is a security researcher working at Sogeti ESEC |
| 86 R&D labs. His research interests are mainly focused on |
| 87 vulnerability research, exploitation methods, and Linux kernel |
| 88 security. Lately he has been working on automated vulnerability |
| 89 research, especially fuzzing. In his spare time, he plays with |
| 90 embedded network devices.</p> |
| 91 </td> |
| 92 </tr> |
| 93 <tr class="row-even"><td><img alt="Fourth place medal" class="first" src="/nativ
e-client/images/medal-64_4th.png" /> |
| 94 <p class="last">(tie)</p> |
| 95 </td> |
| 96 <td><p class="first"><strong>Team</strong>: teamfkmr</p> |
| 97 <p><strong>Members</strong>: Daiki Fukumori</p> |
| 98 <p><strong>Submitted issues</strong>: 66, 67</p> |
| 99 <p class="last">Daiki Fukumori is a web security researcher. He has given talks |
| 100 at POC Korea and AVTokyo on Web 2.0 Hacking, and he introduced |
| 101 Native Client security at Shibuya.pm. He currently has an |
| 102 interest in cloud security.</p> |
| 103 </td> |
| 104 </tr> |
| 105 <tr class="row-odd"><td><img alt="Fourth place medal" class="first" src="/native
-client/images/medal-64_4th.png" /> |
| 106 <p class="last">(tie)</p> |
| 107 </td> |
| 108 <td><p class="first"><strong>Team</strong>: Alex Rad</p> |
| 109 <p><strong>Members</strong>: Alex Radocea</p> |
| 110 <p><strong>Submitted issues</strong>: 81</p> |
| 111 <p class="last">Alex Radocea is a 20-year old student at Rensselaer Polytechnic |
| 112 Institute. In the realm of computer security he is really |
| 113 excited about proactively designed technology which can help |
| 114 wipe out entire bug classes. Currently he is helping improve |
| 115 Native Client through Google Summer of Code.</p> |
| 116 </td> |
| 117 </tr> |
| 118 </tbody> |
| 119 </table> |
| 120 </section><section id="panel-of-judges"> |
| 121 <span id="contest-judges"></span><h2 id="panel-of-judges"><span id="contest-judg
es"></span>Panel of judges</h2> |
| 122 <p>Google recruited the following group of distinguished security experts |
| 123 to serve as judges for the Native Client security contest:</p> |
| 124 <section id="chair"> |
| 125 <h3 id="chair">Chair</h3> |
| 126 <table border="1" class="docutils"> |
| 127 <colgroup> |
| 128 </colgroup> |
| 129 <tbody valign="top"> |
| 130 <tr class="row-odd"><td>Edward Felten</td> |
| 131 </tr> |
| 132 <tr class="row-even"><td>Princeton University</td> |
| 133 </tr> |
| 134 <tr class="row-odd"><td><a class="reference external" href="http://www.cs.prince
ton.edu/~felten/">http://www.cs.princeton.edu/~felten/</a></td> |
| 135 </tr> |
| 136 </tbody> |
| 137 </table> |
| 138 </section><section id="judges"> |
| 139 <h3 id="judges">Judges</h3> |
| 140 <table border="1" class="docutils"> |
| 141 <colgroup> |
| 142 </colgroup> |
| 143 <tbody valign="top"> |
| 144 <tr class="row-odd"><td>Alex Halderman</td> |
| 145 <td>Niels Provos</td> |
| 146 <td>Bennet Yee</td> |
| 147 </tr> |
| 148 <tr class="row-even"><td>University of Michigan</td> |
| 149 <td>Google</td> |
| 150 <td>Google</td> |
| 151 </tr> |
| 152 <tr class="row-odd"><td><a class="reference external" href="http://www.cse.umich
.edu/~jhalderm/">http://www.cse.umich.edu/~jhalderm/</a></td> |
| 153 <td><a class="reference external" href="http://www.citi.umich.edu/u/provos/">htt
p://www.citi.umich.edu/u/provos/</a></td> |
| 154 <td><a class="reference external" href="http://www.bennetyee.org/">http://www.be
nnetyee.org/</a></td> |
| 155 </tr> |
| 156 <tr class="row-even"><td>Brad Karp</td> |
| 157 <td>Stefan Savage</td> |
| 158 <td>Nickolai Zeldovich</td> |
| 159 </tr> |
| 160 <tr class="row-odd"><td>University of College London</td> |
| 161 <td>University of California San Diego</td> |
| 162 <td>MIT</td> |
| 163 </tr> |
| 164 <tr class="row-even"><td><a class="reference external" href="http://www.cs.ucl.a
c.uk/staff/B.Karp/">http://www.cs.ucl.ac.uk/staff/B.Karp/</a></td> |
| 165 <td><a class="reference external" href="http://www.cs.ucsd.edu/~savage">http://w
ww.cs.ucsd.edu/~savage</a></td> |
| 166 <td><a class="reference external" href="http://people.csail.mit.edu/nickolai/">h
ttp://people.csail.mit.edu/nickolai/</a></td> |
| 167 </tr> |
| 168 <tr class="row-odd"><td>Greg Morrisett</td> |
| 169 <td>Dan Wallach</td> |
| 170 <td><div class="first last"> </div></td> |
| 171 </tr> |
| 172 <tr class="row-even"><td>Harvard University</td> |
| 173 <td>Rice University</td> |
| 174 <td><div class="first last"> </div></td> |
| 175 </tr> |
| 176 <tr class="row-odd"><td><a class="reference external" href="http://www.eecs.harv
ard.edu/~greg/">http://www.eecs.harvard.edu/~greg/</a></td> |
| 177 <td><a class="reference external" href="http://www.cs.rice.edu/~dwallach/">http:
//www.cs.rice.edu/~dwallach/</a></td> |
| 178 <td><div class="first last"> </div></td> |
| 179 </tr> |
| 180 </tbody> |
| 181 </table> |
| 182 </section></section><section id="additional-information"> |
| 183 <h2 id="additional-information">Additional information</h2> |
| 184 <p>For additional information about the Native Client security contest, |
| 185 see the archived |
| 186 <a class="reference internal" href="/native-client/community/security-contest/co
ntest-announcement.html"><em>Contest Announcement</em></a>, |
| 187 <a class="reference internal" href="/native-client/community/security-contest/co
ntest-faq.html"><em>FAQ</em></a> and |
| 188 <a class="reference internal" href="/native-client/community/security-contest/co
ntest-terms.html"><em>Terms & Conditions</em></a>.</p> |
| 189 <p>If you’d like to get involved with Native Client, you can:</p> |
| 190 <ul class="small-gap"> |
| 191 <li>Use the |
| 192 <a class="reference external" href="https://developers.google.com/native-client/
sdk">Native Client SDK</a> |
| 193 to build Native Client web applications.</li> |
| 194 <li>Submit <a class="reference external" href="http://code.google.com/p/nativecl
ient/issues/list">bugs</a> |
| 195 and participate in the Native Client |
| 196 <a class="reference external" href="http://groups.google.com/group/native-client
-discuss">discussion group</a>.</li> |
| 197 <li>Contribute to the |
| 198 <a class="reference external" href="http://code.google.com/p/nativeclient/">Nati
ve Client open-source project</a>.</li> |
| 199 </ul> |
| 200 </section></section> |
| 201 |
| 202 {{/partials.standard_nacl_article}} |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 140993006:
[NaCl SDK Docs] Check in the generated NaCl SDK Documentation. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src