Hicks Wins NSA’s Best Scientific Cybersecurity Paper Award

Published October 2, 2019

Michael Hicks, a professor of computer science, helped lead a team of researchers to victory in the National Security Agency’s (NSA) 7th Annual Best Scientific Cybersecurity Paper Competition.

The research team’s winning paper, “Evaluating Fuzz Testing,” examines prior research on fuzz testing—a quality assurance technique used to discover coding errors and security loopholes in software—and evaluates whether that research produces trustworthy results. It was presented at ACM SIGSAC Conference on Computer and Communications Security (CCS '18) in Toronto.

The research was supervised by Hicks and conducted by George Klees, a sophomore majoring in computer science; Benji Cooper, a computer science alum now working as a software engineer at Audible; Andrew Ruef, who received his doctorate in computer science in 2018 and is now a research scientist at the Institute for Defense Analyses’ Center for Computing Sciences; and Shiyi Wei, an assistant professor of computer science at the University of Texas at Dallas and a former postdoctoral researcher at MC2.

According to the awards website, the paper was selected because it embodies the attributes of outstanding science and the criteria of the competition: rigorous research, generalizable results and clarity of presentation.

“This paper is a step forward in bringing scientific understanding to the security community,” the awards site states. “It is grounded to current understanding by its methodological survey of evaluation practices, then advances the science through quantitative analysis and proposes conclusions that apply broadly in the fuzzing community. This paper is already having tremendous impact on fuzzing research, setting the standard for how evaluations should be done.”

The purpose of the competition is to recognize security papers that “best reflect the conduct of good science” in the field of cybersecurity.

Hicks, in addition to his appointment in computer science, is part of the University of Maryland Institute for Advanced Computer Studies and the Maryland Cybersecurity Center.