The PET Award is presented annually to researchers who have made an outstanding contribution to the theory, design, implementation, or deployment of privacy enhancing technology. It is awarded at the annual Privacy Enhancing Technologies Symposium (PETS).

The PET Award carries a prize of 3000 USD thanks to the generous support of Microsoft. The crystal prize itself is offered by the Office of the Information and Privacy Commissioner of Ontario, Canada.

Any paper by any author written in the area of privacy enhancing technologies is eligible for nomination. However, the paper must have appeared in a refereed journal, conference, or workshop with proceedings published in the period from August 8, 2009 until April 15, 2011.

The complete award rules including eligibility requirements can be found under the award rules section of the PET Symposium website.

Anyone can nominate a paper by sending an email message containing the following to award-chair11@petsymposium.org.

• Paper title
• Author(s)
• Author(s) contact information
• Publication venue and full reference
• Link to an available online version of the paper
• A nomination statement of no more than 500 words.

All nominations must be submitted by April 15th, 2011. The Award Committee will select one or two winners among the nominations received. Winners must be present at the PET Symposium in order to receive the Award. This requirement can be waived only at the discretion of the PET Advisory board.

More information about the PET award (including past winners) is available at http://petsymposium.org/award/

More information about the 2011 PET Symposium is available at http://petsymposium.org/2011.

Today, Jonathan Anderson, Ben Laurie, Kris Kennaway, and I presented Capsicum: practical capabilities for UNIX at the 19th USENIX Security Symposium in Washington, DC; the slides can be found on the Capsicum web site. We argue that capability design principles fill a gap left by discretionary access control (DAC) and mandatory access control (MAC) in operating systems when supporting security-critical and security-aware applications.

Capsicum responds to the trend of application compartmentalisation (sometimes called privilege separation) by providing strong and well-defined isolation primitives, and by facilitating rights delegation driven by the application (and eventually, user). These facilities prove invaluable, not just for traditional security-critical programs such as tcpdump and OpenSSH, but also complex security-aware applications that map distributed security policies into local primitives, such as Google’s Chromium web browser, which implement the same-origin policy when sandboxing JavaScript execution.

Capsicum extends POSIX with a new capability mode for processes, and capability file descriptor type, as well as supporting primitives such as process descriptors. Capability mode denies access to global operating system namespaces, such as the file system and IPC namespaces: only delegated rights (typically via file descriptors or more refined capabilities) are available to sandboxes. We prototyped Capsicum on FreeBSD 9.x, and have extended a variety of applications, including Google’s Chromium web browser, to use Capsicum for sandboxing. Our paper discusses design trade-offs, both in Capsicum and in applications, as well as a performance analysis. Capsicum is available under a BSD license.

Capsicum is collaborative research between the University of Cambridge and Google, and has been sponsored by Google, and will be a foundation for future work on application security, sandboxing, and security usability at Cambridge and Google. Capsicum has also been backported to FreeBSD 8.x, and Heradon Douglas at Google has an in-progress port to Linux.

We’re also pleased to report the Capsicum paper won Best Student Paper award at the conference!

Steven Murdoch, Saar Drimer, Mike Bond and I have just won the IEEE Security and Privacy Symposium’s Best Practical Paper award for our paper Chip and PIN is Broken. This was an unexpected pleasure, given the very strong competition this year (especially from this paper). We won this award once before, in 2008, for a paper on a similar topic.

Update (2010-05-28): The photo now includes the full team (original version)

At last year’s Privacy Enhancing Technologies Symposium (PETS), I presented the paper “Sampled Traffic Analysis by Internet-Exchange-Level Adversaries”, co-authored with Piotr Zieliński. In it, we discussed the risk of traffic-analysis at Internet exchanges (IXes). We then showed that given even a small fraction of the data passing through an IX it was still possible to track a substantial proportion of anonymous communications. Our results are summarized in a previous blog post and full details are in the paper.

Our paper has now been announced as a runner-up for the Privacy Enhancing Technologies Award. The prize is presented annually, for research which makes an outstanding contribution to the field. Microsoft, the sponsor of the award, have further details and summaries of the papers in their press release.

Congratulations to the winners, Arvind Narayanan and Vitaly Shmatikov, for “Robust De-Anonymization of Large Sparse Datasets”; and the other runner-ups, Mira Belenkiy, Melissa Chase, C. Chris Erway, John Jannotti, Alptekin Küpçü, Anna Lysyanskaya and Erich Rachlin, for “Making P2P Accountable without Losing Privacy”.

My PhD thesis “Covert channel vulnerabilities in anonymity systems” has been awarded this year’s best thesis prize by the ERCIM security and trust management working group. The announcement can be found on the working group homepage and I’ve been invited to give a talk at their upcoming workshop, STM 08, Trondheim, Norway, 16–17 June 2008.

Update 2007-07-07: ERCIM have also published a press release.

In February, Steven Murdoch, Ross Anderson and I reported our findings on system-level failures of widely deployed PIN Entry Devices (PED) and the Chip and PIN scheme as a whole. Steven is in Oakland presenting the work described in our paper at the IEEE Symposium on Security and Privacy (slides).

We are very pleased that we are the recipients of the new “Most Practical Paper” award of the conference, given to “the paper most likely to immediately improve the security of current environments and systems”. Thanks to everyone who supported this work!

Two years ago, almost exactly, I wrote:

Congratulations to Steven J. Murdoch and George Danezis who were recently awarded the Computer Laboratory Lab Ring (the local alumni association) award for the “most notable publication” (that’s notable as in jolly good) for the past year, written by anyone in the whole lab.

Well this year, it’s the turn of Tyler Moore and myself to win, for our APWG paper: Examining the Impact of Website Take-down on Phishing.

The obligatory posed photo, showing that we both own ties (!), is courtesy of the Science Editor of the Economist.

Tyler Moore and Richard Clayton, most notable publication 2008

When people are up for an award at the Oscars or some other prestigious event, they generally know all about it beforehand. So they turn up on the day with an impromptu speech tucked away in a pocket and they’ve a glassy smile to hand when it turns out that they’ve been overlooked for yet another year…

… LINX, the London Internet Exchange, doesn’t work that way, so I’d no previous inkling when they recently gave me their 2007 award for a “conspicuous contribution”.

This award was first given in 2006 to Nigel Titley, who was a LINX council member from its 1994 formation through to 2006, and his contribution is crystal clear to all. My own was perhaps a little less obvious. I have regularly attended LINX general meetings from 1998 onwards — even after I became an academic, because attending LINX meetings is one of the ways that I continue to consult for THUS plc (aka Demon Internet), my previous employer. I’ve often given talks at meetings, or just asked awkward questions of the LINX board from the floor.

But I suspect that the main reason that I got the award is because of my contribution to many of LINX’s Best Current Practice (BCP) documents, on everything from traceability to spam. These documents are hugely influential. They show the industry the best ways to do things — spreading knowledge to all of the companies, not keeping it within the largest and most competent. They show Government and the regulators that the industry is responsible and can explain why it works the way it does. They educate end-users to the best way of doing things and — when there’s a dispute with an abuse@ team — that other ISPs will take the same dim view of their spamming as their current provider (which reduces churn and helps everyone to work things out sensibly).

Of course I haven’t worked on these documents in isolation — the whole point is that they’re a distillation of Best Practice from across the whole industry, and so there’s been dozens of people from dozens of companies attending meetings, contributing text, reading drafts, and then eventually voting for their adoption at formal LINX meetings.

When you step back and think about it, it’s quite remarkable that so many companies from within a fiercely competitive industry are prepared, like THUS, to put their resources into co-operation in this way. I think it’s partly far-sightedness (a belief that self-regulation is much to be preferred to the imposition of standards from outside), and partly the inherent culture of the Internet, where you cannot stand alone but have to co-operate with other companies so that your customers can interwork.

Anyway, when I was given the award, I should have pulled out a neat little speech along the above lines, and said thank you to the whole industry, and thank you to THUS, and thank you to colleagues and particularly thank you to Phil Male who had faith that my consultancy would be of ongoing value… but it was all a surprise and I stammered out something far less eloquent. I’m really pleased to try and fix that now.

Richard Clayton and I have been tracking phishing sites for some time. Back in May, we reported on how quickly phishing websites are removed. Subsequently, we have also compared the performance of banks in removing websites and found evidence that ISPs and registrars are initially slow to remove malicious websites.

We have published our updated results at eCrime 2007, sponsored by the Anti-Phishing Working Group. The paper, ‘Examining the Impact of Website Take-down on Phishing’ (slides here), was selected for the ‘Best Paper Award’.

A high-level abridged description of this work also appeared in the September issue of Infosecurity Magazine.

In May 2007, Saar Drimer and Steven Murdoch posted about “Distance bounding against smartcard relay attacks”. Today their paper won the “Best Student Paper” award at USENIX Security 2007 and their slides are now online. You can read more about this work on the Security Group’s banking security web page.