Professor Ian Goldberg, his colleagues David Wagner, Randi Thomas, and former PhD supervisor Eric Brewer have won the 2019 USENIX Security Test of Time Award for their research that also received the Best Paper Award at the Sixth USENIX Security Symposium in 1996.
Titled A Secure Environment for Untrusted Helper Applications: Confining the Wily Hacker, their paper made a significant contribution to computer security at a time when the Internet was expanding rapidly beyond its original users — researchers who shared trusted software and data with one another — to the diverse swath of institutional, commercial and public Internet users online today.
When the study was conducted, early web browsers, such as Netscape, were becoming increasingly popular applications to retrieve data from the Internet. These browsers often relied on helper applications to process information. As such, helper applications were critically important to security, because they processed untrusted data, but they were not trustworthy themselves. Many helper applications were designed with a friendly user in mind, not potential adversaries who could exploit a user’s files or system.
Professor Goldberg and his colleagues identified this vulnerability, so they created a secure environment to contain untrusted helper applications. To this end, they built a prototype called Janus, named after the Roman god who kept eternal vigilance over doorways and gateways. Janus was a security-enhancing system that served as a proof-of-concept that went onto have much wider application. In fact, the paper contributed to sandboxing in general — i.e., running unmodified programs in a restricted environment to limit the possible damage they could do, even if compromised.
“The 1996 paper by Ian Goldberg, David Wagner, Randi Thomas, and Eric Brewer introduced a fundamental and crucial technique for confining untrusted applications in computer systems,” wrote Dan Boneh, a member of the USENIX Security Test of Time Award Committee. “Beyond its strong academic impact — cited by 890 papers — the technique is now used to confine web pages in the Chrome browser, and to confine applications running on Android. As such, we are thrilled to award this seminal work with the USENIX Security Test of Time Award.”
“Congratulations to Ian and his colleagues for winning the 2019 USENIX Security Test of Time Award,” said Mark Giesbrecht, Director of the Cheriton School of Computer Science. “These awards truly reflect what has been transformative in computer science research over time. In their paper, they demonstrated the feasibility of building and enforcing practical security for untrusted helper applications, which was a critically important step toward improving security for the rapidly growing number of users of the World Wide Web.”
USENIX Security Test of Time Awards recognize outstanding work in security research that has had a lasting impact on the community. To qualify, a paper must have been presented at a USENIX conference at least 10 years earlier.