David Brumley

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Template:Short description Template:Use mdy dates Script error: No such module "Template wrapper".Script error: No such module "Check for clobbered parameters".

David Brumley is a professor at Carnegie Mellon University. He is a well-known researcher in software security, network security, and applied cryptography. Brumley also previously worked as a Computer Security Officer at Stanford University.

Education

Brumley obtained a Bachelor of Arts in mathematics from the University of Northern Colorado in 1998.[1][2] In 2003 he obtained an MS degree in computer science from Stanford University.[1][3] In 2008 he obtained a PhD in computer science from Carnegie Mellon University, where his Advisor was Professor Dawn Song.[1][4]

Career

Brumley was previously the Assistant Computer Security Officer for Stanford University.[3][2] Brumley is the faculty advisor to the Plaid Parliament of Pwning (PPP), Carnegie Mellon University competitive security team.[5][6]

Some of his notable accomplishments include:

  • In 2008, he showed the counter-intuitive principle that patches can help attackers. In particular, he showed that given a patch for a bug and the originally buggy program, a working exploit can be automatically generated in as little as a few seconds. This result shows that current patch distribution architectures that distribute patches on time-scales larger than a few seconds are potentially insecure.[7] In particular, this work shows one of the first applications of constraint satisfaction to generating exploits.[8]
  • In 2007, he developed techniques for automatically inferring implementation bugs in protocol implementations. This work won the best paper award at the USENIX Security conference.
  • His work on a Timing attack against RSA. The work was able to recover the factors of a 1024-bit RSA private key over a network in about 2 hours. This work also won the USENIX Security [9] Best Paper award. As a result of this work, OpenSSL, stunnel,[10] and others now implement defenses such as RSA blinding.
  • His work on Rootkit analysis.[11]
  • His work on distributed denial of service attacks. In particular, he worked towards tracking down the attackers who brought down Yahoo in 2002.[12]
  • He was a major contributor towards the arrest of Dennis Moran[13]
  • US Patent 7373451, which is related to virtual appliance distribution and migration. This patent serves as part of the basis for founding moka5 [14] by his co-authors.

References

<templatestyles src="Reflist/styles.css" />

  1. a b c Script error: No such module "citation/CS1".
  2. a b Script error: No such module "citation/CS1".
  3. a b Script error: No such module "citation/CS1".
  4. Script error: No such module "citation/CS1".
  5. Script error: No such module "citation/CS1".
  6. Script error: No such module "citation/CS1".
  7. Script error: No such module "citation/CS1".
  8. Script error: No such module "citation/CS1".
  9. 2003
  10. Script error: No such module "citation/CS1".
  11. Script error: No such module "citation/CS1".
  12. Script error: No such module "citation/CS1".
  13. New York Times,
  14. http://www.moka5.com Template:Webarchive

Script error: No such module "Check for unknown parameters".

External links

Template:Authority control


Template:Asbox

Retrieved from "http://debianws.lexgopc.com/wiki143/index.php?title=David_Brumley&oldid=7272881"