The team received $100,000 from Facebook to continue their research and increase its impact to make the internet safer.The research explored vulnerabilities in C++ programmes (such as Chrome and Firefox) that result from “bad casting” or “type confusion”. Bad casting enables an attacker to corrupt the memory in a browser so that it follows a malicious logic instead of proper instructions.
The researchers developed a new, proprietary detection tool called CAVER -- a run-time detection tool -- to catch them. The team has been honoured with the “Internet Defense Prize”, an award presented by Facebook in partnership with USENIX at the 24th “USENIX Security Symposium” this week.
“It is time for the internet community to start addressing the more difficult, deeper security problems,” said Lee, professor and an adviser to the team in a statement. Facebook's “Internet Defense Prize” award recognises superior-quality research that combines a working prototype with significant contributions to the security of the internet, particularly in the areas of protection and defense. The award is meant to recognise the direction of the research and to inspire researchers to focus on high-impact areas.