Marten van Dijk and co-authors win ACM CCS 2023 Test of Time Award

Marten van Dijk and his co-authors won the ACM CCS 2023 Test of Time Award for their research on Path ORAM – an algorithm to prevent adversaries from using access patterns to computer memory to infer confidential information.

Publication date
29 Jan 2024

This prize for Marten van Dijk and his co-authors was awarded at one of the two main annual international security conferences: CCS, the ACM Conference on Computer and Communications Security of the Special Interest Group on Security, Audit and Control (SIGSAC) of the Association for Computing Machinery (ACM). At CCS, information security researchers, practitioners, developers, and users from all over the world gather to explore cutting-edge ideas and results.

CCS Test of Time Award

CCS Test of Time Awards honour research with long-lasting influence, which have had significant impacts on systems security and privacy. The award winning paper of 2023 ‘Path ORAM: An Extremely Simple Oblivious RAM Protocol’ was first published on in 2012 and in 2013 at CCS. It was selected as a Top Pick in ‘Top Picks in Hardware and Embedded Security 2018' and in 2023 it was one of the two papers that led to the IEEE CS Edward J. McCluskey Technical Achievement Award for Marten van Dijk.


Marten van Dijks says: "I am extremely honoured with this award and the recognition of the relevance of this work to the security and cryptology research communities. At CWI, I continue working further on security and privacy research. In particular regarding the privacy aspect of training of machine learning models: can so-called ‘differential privacy enhanced’ training of these models lead to both meaningful privacy, and at the same time practical accuracy? We may need a new type of privacy metric – a new way of measuring privacy. This would impact how people will share data for training machine learning models in the future, and also how we can perform data analytics with privacy for citizens as a main objective".

He adds: "Another challenge is whether it is possible to design ‘remote attestation’ and ‘verifiable computation’ in such a way that it can withstand the strongest possible adversary who can observe all digital computation. By creating an economical low resource solution, we may be able to strengthen infrastructures that only need verifiable computation against this type of worst-case attacker, like water purification centers, Dutch water defense or industrial control systems".

Marten van Dijk is head of CWI’s Computer Security research group and a part-time full professor at VU Amsterdam. At the time of the research he was working at MIT. Apart from Marten van Dijk, the other award winners for the Path ORAM paper are: Emil Stefanov (passed away), Elaine Shi (CMU), Christopher Fletcher (UC Berkeley), Ling Ren (UIUC), Xiangyao Yu (University of Wisconsin) and Srinivas Devadas (MIT).

Marten van Dijk at CWI.

About Path ORAM

Data encryption alone is often not enough to protect users’ privacy in outsourced storage applications. The sequence of storage locations accessed by the client (the access pattern) can leak a significant amount of sensitive information about the unencrypted data through statistical inference. For example, it was demonstrated by others that by observing accesses to an encrypted email repository, an adversary can infer as much as 80% of the search queries.

Oblivious RAM (ORAM) algorithms, first proposed by Goldreich and Ostrovsky, allow a client to conceal this access pattern to the remote storage by continuously shuffling and re-encrypting data as they are accessed. An adversary can then observe the physical storage locations accessed, but the ORAM algorithm ensures that this adversary has negligible probability of learning anything about the true (logical) access pattern.

Since its proposal, the research community has strived to find an ORAM scheme that is also practical. In the now winning paper, the authors proposed a novel ORAM algorithm, which was at the time the most practical ORAM construction under small client storage. They proved theoretical bounds on its performance and also presented matching experimental results. The core of their construction is called Path ORAM because data on the server is always accessed in the form of tree paths.

Marten van Dijk with the 2023 ACM SIGSAC CCS Test of Time Award

About Marten van Dijk

Van Dijk heads the Computer Security research group at CWI, the national research institute for mathematics and computer science in the Netherlands, and is a professor at VU Amsterdam. He has more than 20 years of research experience in secure computation. He acquired this experience both in academia (MIT and the University of Connecticut in the USA) and in industry (Philips Research and RSA Laboratories). He received the A. Richard Newton Technical Impact Award in Electronic Design Automation in 2015 and the Most Frequently Cited Paper Award (2000-2009), Symposium on VLSI Circuits, for his collaboration on Physical Unclonable Functions.

Aegis, the first single-chip secure processor that encrypts and verifies the integrity of external memory and introduced the concept of secure containers, got a Test of Time Award from Intel in 2022. This concept is in widespread use in Trusted Execution Environments, such as the Intel SGX processor in industry.

The RAM protocol ‘Path ORAM’ received a best paper award at CCS 2013, was selected as a 2018 Top Pick in Hardware and Embedded Security and just received the ACM CCS 2023: Test of Time Award. Van Dijk further won the 2023 IEEE CS Edward J. McCluskey Technical Achievement Award.

Marten van Dijk is an IEEE Fellow for his contributions to secure processor design and encrypted calculations. He is also a member of the advisory council of ACCSS, the association of all scientists working in cybersecurity in the Netherlands and chair of the Special Interest Group Cyber Security (SIG-CS) of ICT Research Platform Nederland (IPN).

More information

Picture below: Ivar Pel.