Professor Hovav Shacham

The 26th ACM Conference on Computer and Communications Security (CCS) took place in London last week. Over the years, CCS has established itself as a high standard research conference in the field of information security, and is one of the "big four" security conferences in the world. Each year since 2012, CCS has recognized one or two papers from the conference a decade earlier with a test-of-time award. These are papers that have had the greatest impact on security research and practice over the decade.

In 2017, the award was given to a 2007 paper introducing return-oriented programming, authored by current Texas Computer Science professor, Dr. Hovav Shacham.

This year, Dr. Shacham has been presented with the award once again, for his 2009 team paper, "Hey, You, Get Off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds." The paper was a collaborative effort by researchers from UCSD and MIT, and has been very influential. According to Google Scholar, it has been cited over 2000 times, and has even changed the way Amazon thinks about securing their cloud infrastructure. It also introduced terms like “cloud cartography" and "placement vulnerability," which are now widely used.

The paper studied Amazon's EC2 service as an example of an "infrastructure-as-a-service" cloud computing system. It showed that it's possible to map out the hardware infrastructure behind EC2, that it's possible for an attacker to run their virtual machine (VM) on the same physical computer as a VM of interest, and that the isolation between VMs running on the same physical computer is insufficient, allowing some information to leak from target VM to attacker VM.