Security Experts:

Facebook Announces 2018 Internet Defense Prize Winners

Facebook this week announced the winners of its 2018 Internet Defense Prize. Three teams earned a total of $200,000 this year for innovative defensive security and privacy research.

In the past years, Facebook awarded only one team a prize of $100,000 as part of the initiative. In 2016, the winning team presented research focusing on post-quantum security for TLS, and last year’s winners demonstrated a novel technique of detecting credential spear-phishing attacks in enterprise environments.

Facebook says this year’s submissions were of very high quality so the social media giant has decided to reward three teams instead of just one.Winners of Facebook Internet Defense Prize

The first prize, $100,000 as in the previous years, was won by a team from imec-DistriNet at Belgian university KU Leuven. Their paper, titled “Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies,” describes methods that browsers can employ to prevent cross-site attacks and third-party tracking via cookies.

It’s worth mentioning that a different team of researchers from KU Leuven has been credited for discovering the recently disclosed Foreshadow speculative execution vulnerabilities affecting Intel processors.

Second place, a team from Brigham Young University, earned $60,000 for a paper titled “The Secure Socket API: TLS as an Operating System Service.” The research focuses on a prototype implementation that makes it easier for app developers to use cryptography.

“We believe safe-by-default libraries and frameworks are an important foundation for more secure software,” Facebook said.

Third place, a group from the Chinese University of Hong Kong and Sangfor Technologies, earned $40,000 for “Vetting Single Sign-On SDK Implementations via Symbolic Reasoning.”

“This work takes a critical look at the implementation of single sign-on code. Single sign-on provides a partial solution to the internet’s over-reliance on passwords. This code is widely used, and ensuring its safety has direct implications for user safety online,” Facebook explained.

Last week, Facebook announced that it had awarded a total of more than $800,000 as part of its Secure the Internet Grants, which the company unveiled in January. Facebook has prepared a total of $1 million for original defensive research, offering grants of up to $100,000 per proposal.

Related: Facebook Details Election Security Improvements

Related: Facebook App Exposed Data of 120 Million Users

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.