| Index: native_client_sdk/src/doc/_developer.chrome.com_generated/community/security-contest/index.html
|
| diff --git a/native_client_sdk/src/doc/_developer.chrome.com_generated/community/security-contest/index.html b/native_client_sdk/src/doc/_developer.chrome.com_generated/community/security-contest/index.html
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..e4f65c17f83d971f33f32ea6828d526a13c01dce
|
| --- /dev/null
|
| +++ b/native_client_sdk/src/doc/_developer.chrome.com_generated/community/security-contest/index.html
|
| @@ -0,0 +1,202 @@
|
| +{{+bindTo:partials.standard_nacl_article}}
|
| +
|
| +<section id="security-contest-archive">
|
| +<span id="contest-archive"></span><h1 id="security-contest-archive"><span id="contest-archive"></span>Security Contest Archive</h1>
|
| +<div class="contents local topic" id="contents">
|
| +<ul class="small-gap">
|
| +<li><a class="reference internal" href="#contest-overview" id="id2">Contest overview</a></li>
|
| +<li><a class="reference internal" href="#contest-winners" id="id3">Contest winners</a></li>
|
| +<li><p class="first"><a class="reference internal" href="#panel-of-judges" id="id4">Panel of judges</a></p>
|
| +<ul class="small-gap">
|
| +<li><a class="reference internal" href="#chair" id="id5">Chair</a></li>
|
| +<li><a class="reference internal" href="#judges" id="id6">Judges</a></li>
|
| +</ul>
|
| +</li>
|
| +<li><a class="reference internal" href="#additional-information" id="id7">Additional information</a></li>
|
| +</ul>
|
| +</div>
|
| +<p>The Native Client team at Google has gone to exceptional measures to
|
| +make Native Client a secure system, including holding a public
|
| +security contest. This page archives information from that contest,
|
| +including the list of contest winners and the lineup of security
|
| +experts who served as judges.</p>
|
| +<p>Although the security contest has ended, the Native Client team
|
| +welcomes your continued involvement in the project. You can help by
|
| +submitting bugs and participating in the Native Client discussion
|
| +group.</p>
|
| +<section id="contest-overview">
|
| +<h2 id="contest-overview">Contest overview</h2>
|
| +<p>The Native Client team held a contest in 2009 to test the security of
|
| +Native Client and help make the system more secure. Participants were
|
| +invited to discover security bugs in Native Client technology in order
|
| +to compete for cash prizes.</p>
|
| +<p>Here was the challenge put forth by the Native Client team:</p>
|
| +<blockquote>
|
| +<div>Do you think it is impossible to safely run untrusted x86 code on
|
| +the web? Do you want a chance to impress a panel of some of the top
|
| +security experts in the world? Then submit an exploit to the Native
|
| +Client Security contest and you could also win cash prizes, not to
|
| +mention bragging rights.</div></blockquote>
|
| +<p>The contest judges evaluated exploits designed to defeat Native Client
|
| +security measures based on severity, scope, reliability, and
|
| +style. The winning teams and entries are listed below.</p>
|
| +</section><section id="contest-winners">
|
| +<span id="id1"></span><h2 id="contest-winners"><span id="id1"></span>Contest winners</h2>
|
| +<p>The Native Client team thanks everyone who participated in the contest
|
| +for their contributions to improving the quality and security of the
|
| +Native Client system. The judges reviewed the submitted exploits and
|
| +identified the following teams as winners:</p>
|
| +<table border="1" class="docutils">
|
| +<colgroup>
|
| +</colgroup>
|
| +<tbody valign="top">
|
| +<tr class="row-odd"><td><img alt="First place medal" class="first last" src="/native-client/images/medal-64_1st.png" />
|
| +</td>
|
| +<td><p class="first"><strong>Team</strong>: Beached As</p>
|
| +<p><strong>Members</strong>: Mark Dowd, Ben Hawkes</p>
|
| +<p><strong>Submitted issues</strong>: 50, 51, 52, 53, 55, 56, 57, 58, 59, 60, 62, 63</p>
|
| +<p class="last">Mark Dowd and Ben Hawkes are application security specialists
|
| +hailing from Australia and New Zealand, respectively. Mark
|
| +works for IBM ISS X-Force R&D, whereas Ben currently performs
|
| +independent research while simultaneously pursuing a
|
| +mathematics and computing science degree. Both have uncovered
|
| +major security flaws in ubiquitous Internet software, in terms
|
| +of both exploitable bugs and weaknesses in system protection
|
| +mechanisms. Both have spoken at numerous security conferences
|
| +in recent years, including BlackHat, Ruxcon, KiwiCon, and
|
| +Cansec West.</p>
|
| +</td>
|
| +</tr>
|
| +<tr class="row-even"><td><img alt="Second place medal" class="first last" src="/native-client/images/medal-64_2nd.png" />
|
| +</td>
|
| +<td><p class="first"><strong>Team</strong>: CJETM</p>
|
| +<p><strong>Members</strong>: Jason Carpenter, Eric Monti, Chris Rohlf</p>
|
| +<p><strong>Submitted issues</strong>: 42, 44, 49, 70</p>
|
| +<p class="last">Team CJETM is comprised of security vulnerability researchers
|
| +Chris Rohlf, Jason Carpenter and Eric Monti. All three have
|
| +abused software professionally for a long time.</p>
|
| +</td>
|
| +</tr>
|
| +<tr class="row-odd"><td><img alt="Third place medal" class="first last" src="/native-client/images/medal-64_3rd.png" />
|
| +</td>
|
| +<td><p class="first"><strong>Team</strong>: 0xdead</p>
|
| +<p><strong>Members</strong>: Gabriel Campana</p>
|
| +<p><strong>Submitted issues</strong>: 45</p>
|
| +<p class="last">Gabriel Campana is a security researcher working at Sogeti ESEC
|
| +R&D labs. His research interests are mainly focused on
|
| +vulnerability research, exploitation methods, and Linux kernel
|
| +security. Lately he has been working on automated vulnerability
|
| +research, especially fuzzing. In his spare time, he plays with
|
| +embedded network devices.</p>
|
| +</td>
|
| +</tr>
|
| +<tr class="row-even"><td><img alt="Fourth place medal" class="first" src="/native-client/images/medal-64_4th.png" />
|
| +<p class="last">(tie)</p>
|
| +</td>
|
| +<td><p class="first"><strong>Team</strong>: teamfkmr</p>
|
| +<p><strong>Members</strong>: Daiki Fukumori</p>
|
| +<p><strong>Submitted issues</strong>: 66, 67</p>
|
| +<p class="last">Daiki Fukumori is a web security researcher. He has given talks
|
| +at POC Korea and AVTokyo on Web 2.0 Hacking, and he introduced
|
| +Native Client security at Shibuya.pm. He currently has an
|
| +interest in cloud security.</p>
|
| +</td>
|
| +</tr>
|
| +<tr class="row-odd"><td><img alt="Fourth place medal" class="first" src="/native-client/images/medal-64_4th.png" />
|
| +<p class="last">(tie)</p>
|
| +</td>
|
| +<td><p class="first"><strong>Team</strong>: Alex Rad</p>
|
| +<p><strong>Members</strong>: Alex Radocea</p>
|
| +<p><strong>Submitted issues</strong>: 81</p>
|
| +<p class="last">Alex Radocea is a 20-year old student at Rensselaer Polytechnic
|
| +Institute. In the realm of computer security he is really
|
| +excited about proactively designed technology which can help
|
| +wipe out entire bug classes. Currently he is helping improve
|
| +Native Client through Google Summer of Code.</p>
|
| +</td>
|
| +</tr>
|
| +</tbody>
|
| +</table>
|
| +</section><section id="panel-of-judges">
|
| +<span id="contest-judges"></span><h2 id="panel-of-judges"><span id="contest-judges"></span>Panel of judges</h2>
|
| +<p>Google recruited the following group of distinguished security experts
|
| +to serve as judges for the Native Client security contest:</p>
|
| +<section id="chair">
|
| +<h3 id="chair">Chair</h3>
|
| +<table border="1" class="docutils">
|
| +<colgroup>
|
| +</colgroup>
|
| +<tbody valign="top">
|
| +<tr class="row-odd"><td>Edward Felten</td>
|
| +</tr>
|
| +<tr class="row-even"><td>Princeton University</td>
|
| +</tr>
|
| +<tr class="row-odd"><td><a class="reference external" href="http://www.cs.princeton.edu/~felten/">http://www.cs.princeton.edu/~felten/</a></td>
|
| +</tr>
|
| +</tbody>
|
| +</table>
|
| +</section><section id="judges">
|
| +<h3 id="judges">Judges</h3>
|
| +<table border="1" class="docutils">
|
| +<colgroup>
|
| +</colgroup>
|
| +<tbody valign="top">
|
| +<tr class="row-odd"><td>Alex Halderman</td>
|
| +<td>Niels Provos</td>
|
| +<td>Bennet Yee</td>
|
| +</tr>
|
| +<tr class="row-even"><td>University of Michigan</td>
|
| +<td>Google</td>
|
| +<td>Google</td>
|
| +</tr>
|
| +<tr class="row-odd"><td><a class="reference external" href="http://www.cse.umich.edu/~jhalderm/">http://www.cse.umich.edu/~jhalderm/</a></td>
|
| +<td><a class="reference external" href="http://www.citi.umich.edu/u/provos/">http://www.citi.umich.edu/u/provos/</a></td>
|
| +<td><a class="reference external" href="http://www.bennetyee.org/">http://www.bennetyee.org/</a></td>
|
| +</tr>
|
| +<tr class="row-even"><td>Brad Karp</td>
|
| +<td>Stefan Savage</td>
|
| +<td>Nickolai Zeldovich</td>
|
| +</tr>
|
| +<tr class="row-odd"><td>University of College London</td>
|
| +<td>University of California San Diego</td>
|
| +<td>MIT</td>
|
| +</tr>
|
| +<tr class="row-even"><td><a class="reference external" href="http://www.cs.ucl.ac.uk/staff/B.Karp/">http://www.cs.ucl.ac.uk/staff/B.Karp/</a></td>
|
| +<td><a class="reference external" href="http://www.cs.ucsd.edu/~savage">http://www.cs.ucsd.edu/~savage</a></td>
|
| +<td><a class="reference external" href="http://people.csail.mit.edu/nickolai/">http://people.csail.mit.edu/nickolai/</a></td>
|
| +</tr>
|
| +<tr class="row-odd"><td>Greg Morrisett</td>
|
| +<td>Dan Wallach</td>
|
| +<td><div class="first last"> </div></td>
|
| +</tr>
|
| +<tr class="row-even"><td>Harvard University</td>
|
| +<td>Rice University</td>
|
| +<td><div class="first last"> </div></td>
|
| +</tr>
|
| +<tr class="row-odd"><td><a class="reference external" href="http://www.eecs.harvard.edu/~greg/">http://www.eecs.harvard.edu/~greg/</a></td>
|
| +<td><a class="reference external" href="http://www.cs.rice.edu/~dwallach/">http://www.cs.rice.edu/~dwallach/</a></td>
|
| +<td><div class="first last"> </div></td>
|
| +</tr>
|
| +</tbody>
|
| +</table>
|
| +</section></section><section id="additional-information">
|
| +<h2 id="additional-information">Additional information</h2>
|
| +<p>For additional information about the Native Client security contest,
|
| +see the archived
|
| +<a class="reference internal" href="/native-client/community/security-contest/contest-announcement.html"><em>Contest Announcement</em></a>,
|
| +<a class="reference internal" href="/native-client/community/security-contest/contest-faq.html"><em>FAQ</em></a> and
|
| +<a class="reference internal" href="/native-client/community/security-contest/contest-terms.html"><em>Terms & Conditions</em></a>.</p>
|
| +<p>If you’d like to get involved with Native Client, you can:</p>
|
| +<ul class="small-gap">
|
| +<li>Use the
|
| +<a class="reference external" href="https://developers.google.com/native-client/sdk">Native Client SDK</a>
|
| +to build Native Client web applications.</li>
|
| +<li>Submit <a class="reference external" href="http://code.google.com/p/nativeclient/issues/list">bugs</a>
|
| +and participate in the Native Client
|
| +<a class="reference external" href="http://groups.google.com/group/native-client-discuss">discussion group</a>.</li>
|
| +<li>Contribute to the
|
| +<a class="reference external" href="http://code.google.com/p/nativeclient/">Native Client open-source project</a>.</li>
|
| +</ul>
|
| +</section></section>
|
| +
|
| +{{/partials.standard_nacl_article}}
|
|
|
Chromium Code Reviews
Issue 140993006:
[NaCl SDK Docs] Check in the generated NaCl SDK Documentation. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src