December 16, 2022
Ari Juels and Thomas Ristenpart were recognized for their co-authorship of a 2012 research paper that had a long-lasting influence and significant impact on security systems and privacy
New York, NY (December 15) – Cornell Tech faculty members Weill Family Foundation and Joan and Sanford I. Weill Professor Ari Juels and Associate Professor of Computer Science Thomas Ristenpart were the recipients of the Test of Time Award at the ACM Conference on Computer and Communications Security (CCS) for their co-authored 2012 paper, “Cross-VM side channels and their use to extract private keys.”
The CCS Test of Time Award recognizes papers that report research with long-lasting influence and significant impact on one or multiple subareas of systems security and privacy, through opening new research directions, proposing new technologies, or making new discoveries to create a better understanding of security risks.
The paper, co-authored by Yinqian Zhang and Michael K. Reiter, successfully demonstrated a novel cybersecurity attack method against virtualized computing environments. To do so, the research team examined a software-enabled process to divide a single physical computer into multiple virtual computers – called virtual machines – to add computing power and maximize cost-effectiveness. This is a common practice in almost all computing environments, from laptops to cloud servers.
The attack method used by the researchers and detailed in their paper is known as a “side-channel attack,” a technique that exploits sensitive information that is mistakenly leaked by poorly configured systems. In a first-of-its-kind demonstration, the team was able to construct a sophisticated side channel attack to gather sensitive data leaked by one virtual machine and weaponize it against another. The successful attack yielded a software key that unlocked encrypted files stored in that virtual environment and showcased the dangers involved with this type of software.
Juels is a Professor at the Jacobs Technion-Cornell Institute at Cornell Tech and the Technion. He is also a member of the Computer Science field at Cornell University. His interests span a broad range of topics in computer security, cryptography, and privacy, including cloud security, financial cryptography, cybersecurity, user authentication, medical-device security, biometrics, and security and privacy for the Internet of Things.
Ristenpart serves as an Associate Professor at Cornell Tech and in the Department of Computer Science at Cornell University. His research is in computer security, with recent topics including cloud computing security, applied and theoretical cryptography, and privacy.