Security researcher and Ferris State University alumnus Jared DeMott is one of three finalists in Microsoft’s inaugural BlueHat Prize competition that will award $250,000 in cash and prizes for development of security protection against hackers.
Microsoft presented the challenge to the industry during the BlackHat USA conference last year in an effort to mitigate entire classes of vulnerabilities. The finalists were chosen from a field of 20 entries.
The winner will be announced on the final day of the BlackHat USA conference July 21-26 in Las Vegas. Microsoft will award $200,000 for the grand prize, $50,000 to the first runner-up and an MSDN Universal subscription valued at $10,000 to the second runner-up.
All three finalists focused on ways to block return-oriented programming (ROP), an advanced technique attackers used to defeat operating-system (OS) defenses.
DeMott, who earned a Bachelor of Science in Computer Networks and Systems from Ferris in 2000, said he entered the software giant’s contest “to make a difference in securing computers.”
His entry, “/ROP” (pronounced slash-ROP), is a compiler and Windows OS defense to help guard against ROP, and “therefore make all of our computers safer,” DeMott said.
The Battle Creek native, who grew up in Reed City, is a principal security researcher for Harris Corp., a Florida-based international communications and information technology company that serves government and commercial markets in more than 150 countries. He works from his Rockford home and occasionally travels to a Harris Corp. office in Chantilly, Va.
After he graduated from Ferris, DeMott continued his education at Johns Hopkins University, where he earned a master’s degree in Computer Science in 2003. He is a Ph.D. candidate at Michigan State University and has worked for the National Security Agency.
“Ferris gave me a good career starting point,” said DeMott, who was an assistant professor in Ferris’ CNS program for a year, and was an adjunct professor in subsequent years.
He is well-known for teaching a course titled “Application Security: For Hackers and Developers” at security conferences and directly to companies such as Boeing and Qualcomm. He will teach it in September at GrrCON in Grand Rapids.
The contest’s other two finalists are Ivan Fratric, a researcher at the University of Zagreb in Zagreb, Croatia, whose entry “ROPGuard” defines a set of checks that can be used to detect when certain functions are being called in the context of malicious ROP code; and Vasilis Pappas, a Ph.D. student at Columbia University in New York City, whose submission “kBouncer” is an ROP mitigation technique that detects abnormal control transfers using common hardware features.
Each submission was judged by Microsoft security engineers on impact, robustness, practicality and functionality.
“Microsoft applauds these researchers who met the challenge and developed defensive solutions that go above and beyond conventional security practices focused on discovering individual issues,” said Mike Reavey, senior director for Microsoft’s Security Response Center. “We can’t wait to see how this initiative will inspire others to explore defensive technology research in order to potentially mitigate entire classes of vulnerabilities.”