Spafford wins ACSAC Cybersecurity Artifacts Competition and Impact Award
12-13-2022
Professor Eugene H. Spafford
Congratulations to Professor Eugene H. Spafford for winning the ACSAC 2022 Cybersecurity Artifacts Competition Impactful System Award
Professor Eugene H. Spafford won the ACSAC 2022 Cybersecurity Artifacts Competition Impactful System Award for his artifact, Tripwire: Integrity Scanning as Intrusion Detection. Spafford’s work was selected for its significant impacts on cybersecurity research and practice.
Tripwire was an integrity checking program written for the UNIX environment. It allowed system administrators to monitor file systems for added, deleted, and modified files and directories.
Intended to aid intrusion detection, Tripwire was officially released on November 2, 1992, to beta test sites around the world. Several bugs were identified, and four updates were released in 1993. In December 1993, the first formal release of Tripwire was made. Gene Kim, then an undergraduate computer science major at Purdue, assisted with the coding and testing of the system. (Mr. Kim was named an Outstanding CS Alumnus in Spring 2007.)
BACKGROUND
As Professor Spafford’s ACSAC submission explained, in 1990, there was no Internet as we now know it. The proto-Internet (the NSFNet and regional networks) that existed at that time did not allow commercial traffic and was mainly composed of government and academic sites. The predominant operating system was UNIX, in its many variations. Most of the computers connected to the NSFnet and related were high-end workstations and minicomputers. The majority of PC-type computers in use ran MS-DOS.
At that time, there was no significant vendor community for security add-ons outside of those for specialized mainframe systems. There was a growing market for some small anti-virus companies, but they were mostly focused on products for MS-DOS: Computer virus incidents for PC-class computers were effectively doubling every year.
There was a growing presence of intrusions into systems by various parties, known and unknown. Proof of concept viruses were known for UNIX systems, and it was believed to be a matter of time before they appeared “in the wild.” The Internet Worm and Wank Worm, along with the intrusions described in Cliff Stoll’s book The Cuckoo’s Egg, had also raised concern about network-based threats.
TRIPWIRE
The Tripwire tool was designed to monitor files and directories on a UNIX system for changes that could come from unauthorized modifications, software failures, malware, or intrusions. Over time, several other uses were also identified, including verifying updates and ensuring consistency with a baseline.
The original tool was written to be adaptable for different versions of UNIX. Because of the heterogeneous nature of computer equipment at most sites, the design of Tripwire emphasized program and database portability.
IMPACT
Tripwire was (and is) incredibly widely used. As the first free publicly-available intrusion detection tool and the first integrity monitoring tool, it enjoyed great success and interest. There were download numbers in the thousands in the first year after its release, and based on sharing in other venues, it was likely used by tens of thousands. Subsequent releases saw even greater adoption. It was recommended by major CIRTs (Computer and Incident Response Teams) and several vendors for years, and it was present in all the common repositories.
Gene Kim and a business partner, Wyatt Starnes, obtained the rights to Tripwire from Purdue in 1997 and started a company. Tripwire, the company, continues to this day as a vendor of security tools, including a descendant of the first Tripwire system.
AWARD
The Artifacts Competition and Impact Award is described by ACSAC as intended to identify previously published applied security artifacts that have demonstrated meaningful impact for the security and privacy research communities. A demonstrable impact may be represented by an artifact that has been reused in multiple subsequent publications by different research groups, that has received multiple "stars" and/or "forks" on platforms such as GitHub, or that has been successfully transitioned to a commercial technology.
FINALISTS
Tripwire: Integrity Scanning as Intrusion Detection
Impactful System Award
Eugene Spafford (Purdue University) *WINNER
CUMUL & Co: High-Impact Artifacts for Website Fingerprinting Research
Jan Pennekamp (RWTH Aachen University), Martin Henze (RWTH Aachen University & Fraunhofer FKIE), Andreas Zinnen (Hochschule RheinMain), Fabian Lanze (Huf Group), Klaus Wehrle (RWTH Aachen University), Andriy Panchenko (Brandenburg Technical University)
libdft: Dynamic Data Flow Tracking for the Masses
Vasileios P. Kemerlis (Brown University)
Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation
Victor Le Pochat (imec-DistriNet, KU Leuven), Tom Van Goethem (imec-DistriNet, KU Leuven), Samaneh Tajalizadehkhoob (ICANN), Maciej Korczyński (Univ. Grenoble Alpes, CNRS, Grenoble INP, LIG), Wouter Joosen (imec-DistriNet, KU Leuven)
YourThings: A Comprehensive Annotated Dataset of Network Traffic from Deployed Home-based IoT Devices
Omar Alrawi (Georgia Institute of Technology), Aaron Faulkenberry (Georgia Institute of Technology), Fabian Monrose (Georgia Institute of Technology), Manos Antonakakis (Georgia Institute of Technology)
About the Department of Computer Science at Purdue University
Founded in 1962, the Department of Computer Science was created to be an innovative base of knowledge in the emerging field of computing as the first degree-awarding program in the United States. The department continues to advance the computer science industry through research. US News & Reports ranks Purdue CS #20 and #16 overall in graduate and undergraduate programs respectively, seventh in cybersecurity, 10th in software engineering, 13th in programming languages, data analytics, and computer systems, and 19th in artificial intelligence. Graduates of the program are able to solve complex and challenging problems in many fields. Our consistent success in an ever-changing landscape is reflected in the record undergraduate enrollment, increased faculty hiring, innovative research projects, and the creation of new academic programs. The increasing centrality of computer science in academic disciplines and society, and new research activities - centered around data science, artificial intelligence, programming languages, theoretical computer science, machine learning, and cybersecurity - are the future focus of the department. cs.purdue.edu
Writer: Emily Kinsell, emily@purdue.edu
Source: Eugene Spafford, spaf@purdue.edu