Mazurek Part of Team Receiving Top Honors in NSA Cybersecurity Paper Competition

Wed Sep 27, 2017

A security expert in the Maryland Cybersecurity Center (MC2) is part of a multi-institutional team that won the National Security Agency’s (NSA) Fifth Annual Best Scientific Cybersecurity Paper Competition.

Michelle Mazurek, an assistant professor of computer science with joint appointments in MC2 and the Human-Computer Interaction Lab, co-authored the study that examines why software developers often write programs that have security vulnerabilities.

The team’s paper, “You Get Where You’re Looking For: The Impact of Information Sources on Code Security”—by Mazurek, UMD computer science doctoral student Doowon Kim, and researchers in the Center for IT-Security, Privacy and Accountability at Saarland University—was previously presented at the 2016 IEEE Symposium on Security and Privacy.

Teams from MC2 have either won or received honorable mention in the NSA competition three previous times. Last year, professors Larry Gordon, Martin Loeb and William Luchshyn received honorable mention. Professors Michael Hicks and Elaine Shi (now at Cornell University) won the award in 2013. Assistant professor Tudor Dumitras received honorable mention in 2012—the first year the competition was held.

“This consistent recognition over the years speaks volumes about the quality of work being done in MC2, especially in developing a foundational science of cybersecurity,” says Jonathan Katz, director of MC2. “It also serves to highlight the work done at MC2 as an NSA Science-of-Security Lablet.”

The University of Maryland was one of four universities designated as a science-of-security lablet by NSA.

The cybersecurity paper competition was established by the NSA to encourage more scientific work in the field of cybersecurity. Each year, the agency invites nominations of papers that show an outstanding contribution to cybersecurity science, which are then reviewed by a group of distinguished experts.

The judging panel wrote that this year’s winning paper “excelled at multiple attributes of high quality scientific work and reporting.”

Mazurek and her team surveyed 54 app developers in the United States and Germany, for the first time systematically analyzing how the developers’ use of information resources impacts the security of their code.

Their laboratory study allowed them to control various factors so that they could accurately determine the root cause of software vulnerabilities.

“The paper did a thorough job explaining the research method which helps other researchers duplicate and build upon this work,” the judges wrote. “The paper also has some actionable scientific-based advice on developing better materials to have developers write more secure programs. This paper adds scientific knowledge to our understanding of how developers rely on information sources and the impact to the introduction of insecure software code.”

Mazurek and her colleagues have been invited to NSA later this year to receive the award and present their winning paper to an audience of cybersecurity experts.

About MC2: The Maryland Cybersecurity Center is jointly supported by the College of Computer, Mathematical, and Natural Sciences and the A. James Clark School of Engineering. It is one of a number of labs and centers in the University of Maryland Institute for Advanced Computer Studies.