The Security Grand Challenge

• Home
• Rules
• Organizers
• Registration
• Sponsors

Why a Grand Challenge?

Grand challenge competitions act to both spur the public imagination and produce valuable developments, as amateurs and professionals alike devote considerable time and effort to develop ingenious solutions to difficult problems. Grand Challenges also attract general interest, furthering the goals of both the sponsors and the participants by attracting outside interest and funding to solve important problems.

The 2009 Security Grand Challenge

As we rely on computers for a number of critical task in our everyday life, their ability to resist and sustain attacks from malicious hackers becomes more important. For this reason, the first of a series of Grand Challenges focused on building unhackable servers and was hosted by the USENIX Security conference (August 12-14, 2009, in Montreal, Canada).

The concept is very simple. The participant teams had to use their science and technical skill to create an environment where a server can function with integrity and minimum required service levels even when under attack.

On the day of the competition, each participant team received a virtualized server, with a number of services. The services were implemented in different languages (e.g., C, Java, or Python) and were both web-based and stand-alone. However, each service had a number of hidden security flaws, which were implanted by the organizers. These flaws might be used by an attacker to disrupt the service. The services were part of a system that handle sensitive health records (e.g., diagnoses of doctors) and need to be always functioning correctly or some private information would be disclosed to attackers.

The task of the participants was to modify and improve their servers so that they become resilient to attacks. The teams were able to operate on their servers for a limited amount of time, after which the only possible interaction with the server will be a reboot operation (that is, this was a "hands-off" competition).

During the competition, an automated scoring system kept track of what services are functional. At the same time, an automated attack system performed disruptive attacks against the services. At the end of the game, the team whose server was able to provide the highest service level won.

The top three teams were:

1. First prize, $5000: Team Ad hoc (Rice University, University of British Columbia, Vancouver, and UC Davis)
2. Second prize, $2000: Team Udub (University of Washington)
3. Third prize, $1000: Team An0nym0us (George Mason University)

The organizers partially supported the students participation to the competition (and to the USENIX conference).

The 2010 Security Grand Challenge

The 2010 Security Grand Challenge, will be carried out sometimes next year. If you are interesting in participating please subscribe to the mailing list: http://lists.cs.ucsb.edu/mailman/listinfo/grand-challenge.

Disclaimer

Even though the organization of the Grand Challenge is supported by grants from the National Science Foundation, this site is not under the control of the NSF, and is instead managed by the Grand Challenge organizers.