David Brumley's Publications

Goto:

Peer Reviewed
Books & Chapters
Unreviewed/Articles
Patents

Peer Reviewed

Automatically Inferring the Evolution of Malicious Activity on the Internet.
Shobha Venkataraman, David Brumley, Subhabrata Sen, and Oliver Spatscheck. In the Proceedings of the Network and Distributed Systems Security Symposium, 2013.
GPS Software Attacks. PDF
Tyler Nighswander, Brent Ledvina, Jonathan Diamond, Robert Brumley, and David Brumley. In the Proceedings of the ACM Computer and Communication Security Symposium, 2012.
Tachyon: Tandem Execution for Efficient Live Patch Testing. PDF
Matthew Maurer and David Brumley. In the Proceedings of the USENIX Security Symposium, 2012.
Unleashing Mayhem on Binary Code. PDF
Sang Kil Cha, Thanassis Avgerinos, Alexandre Rebert, and David Brumley. In the Proceedings of the IEEE Security and Privacy Symposium, 2012.
ReDeBug: Finding Unpatched Code Clones in Entire OS Distributions. PDF
Jiyong Jang, Abeer Agrawal, and David Brumley. In the Proceedings of the IEEE Security and Privacy Symposium, 2012
BitShred: Feature Hashing Malware for Scalable Triage and Semantic Analysis. PDF
Jiyong Jang, David Brumley, and Shobha Venkataraman
In the Proceedings of the ACM Conference on Computer and Communication Security (CCS), 2011.
Q: Exploit Hardening Made Easy. PDF
Edward J. Schwartz, Thanassis Avgerinos, and David Brumley.
In the Proceedings of the 2011 USENIX Security Symposium, August, 2011.
BAP: The CMU Binary Analysis Platform. PDF
David Brumley, Ivan Jager, Thanassis Avgerinos, and Edward Schwartz.
Proceedings of the 20111 Conference on Computer Aided Verification (CAV '11), July 2011, Snowbird, UT.
AEG: Automatic Exploit Generation. Website (publication there)
Thanassis Avgerinos, Sang Kil Cha, Brent Lim Tze Hao, and David Brumley.
In the Proceedings of the 2011 Network and Distributed System Security Symposium (NDSS), 2011.
TIE: Principled Reverse Engineering of Types in Binary Programs PDF
JongHyup Lee, Thanassis Avgerinos and David Brumley.
In the Proceedings of the 2011 Network and Distributed System Security Symposium (NDSS), 2011
Platform-Independent Programs PDF
Sang Kil Cha, Brian Pak, David Brumley, and Richard J. Lipton.
In Proceedings of 17th ACM Conference on Computer and Communications Security (CCS 10), Oct. 2010
All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask). PDF
Edward J. Schwartz, Thanassis Avgerinos, and David Brumley
In the Proceedings of the IEEE Security and Privacy Symposium, 2010.
SplitScreen: Enabling Efficient, Distributed Malware Detection. PDF
Sang Kil Cha, Iulian Moraru, Jiyong Jang, John Truelove, David Brumley, and David Andersen.
In the Proceedings of USENIX Symposium on Networked Systems Design and Implementation (NSDI), 2010.
Contractual Anonymity. PDF
Edward J. Schwartz, David Brumley, and Jonathan M. McCune.
In the Proceedings of the Annual Network and Distributed System Security Symposium (NDSS), 2010.
Theory and Techniques for Automatic Generation of Vulnerability-Based Signatures.
David Brumley, James Newsome, Dawn Song, Hao Wang, and Somesh Jha.
IEEE Transactions on Dependable and Secure Computing, Volume 5, Issue 4. October 2008. Pages, 224-241.
Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications.PDF
David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng.
Proceedings of the IEEE Security and Privacy Symposium, May, 2008.
Towards Automatic Discovery of Deviations in Binary Implementations with Applications to Error Detection and Fingerprint Generation. PDF
David Brumley, Juan Caballero, Zhenkai Liang, James Newsome, Dawn Song
Proceedings of the 2007 USENIX Security Conference, 2007.
* Conference Best Paper Award
Creating Vulnerability Signatures Using Weakest Pre-conditions. PDF
David Brumley, Hao Wang, Somesh Jha, Dawn Song
Proceedings of the 2007 Computer Security Foundations Symposium, 2007.
Sweeper: A Lightweight End-to-End System for Defending Against Fast Worms. PDF
Joseph Tucek, James Newsome, Shan Lu, Chengdu Huang, Spiros Xanthos, David Brumley, Yuanyuan Zhou and Dawn Song
In the Proceedings of the 2007 EuroSys Conference, 2007.
A Generic Application-Level Protocol Analyzer and its Language. PDF
Nikita Borisov, David Brumley, Helen Wang, John Dunagan, Pallavi Joshi, and Chuanxiong Guo.
In the Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS 07)
Efficient and Accurate Detection of Integer-based Attacks. PDF
David Brumley, Tzi-cker Chiueh, Robert Johnson, Huijia Lin, and Dawn Song
In the Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS 07)
Replayer: Automatic Protocol Replay by Binary Analysis. PDF James Newsome and David Brumley and Jason Franklin and Dawn Song.
In the Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS 06)
Towards Attack-Agnostic Defenses. PDF
David Brumley and Dawn Song.
In the Proceedings of the First Workshop on Hot Topics in Security (HOTSEC 06)
Towards Automatic Generation of Vulnerability-Based Signatures. PDF
David Brumley, James Newsome, Dawn Song, Hao Wang, and Somesh Jha.
In the Proceedings of the 2006 IEEE Symposium on Security and Privacy.
* Selected by program committe for recommendation to IEEE Transactions on Dependable and Secure Computing
Vulnerability-Specific Execution Filtering for Exploit Prevention on Commodity Software. PDF
James Newsome, David Brumley, and Dawn Song.
In the Proceedings of the 13th Annual Network and Distributed Systems Security Symposium (NDSS 2006).
Design Space and Analysis of Worm Defense Strategies. PDF
David Brumley, Li-Hao Liu, Pongsin Poosankam, and Dawn Song.
In the Proceedings of the 2006 ACM Symposium on Information, Computer, and Communication Security (ASIACCS 2006).
Remote timing attacks are practical. PDF
David Brumley and Dan Boneh.
Journal of Computer Networks, 2005.
* This is the updated and more complete journal version of the 2003 USENIX Security paper.
Privtrans: Automatically Partitioning Programs for Privilege Separation. PDF
David Brumley and Dawn Song.
In the Proceedings of the 13th USENIX Security Symposium, August 2004.
Virtual appliances for deploying and maintaing software. PDF
C. Sapuntzakis, D. Brumley, R. Chandra, N. Zeldovich, J. Chow, M. S. Lam, and M. Rosenblum
In the Proceedings of the 17th Large Installation System Administration Conference (LISA 2003), October 2003.
Remote timing attacks are practical. PDF PS David Brumley and Dan Boneh
In the Proceedings of the 12th USENIX Security Symposium, August 2003.
* Conference Best Paper Award

Book Chapters

Automatically Identifying Trigger-Based Behavior in Malware. PDF
David Brumley, Cody Hartwig, Zhenkai Liang, James Newsome, Dawn Song, and Heng Yin. In Botnet Detection, Springer Publications, 2008.
Sting: An End-to-End Self-Healing System for Defending against Internet Worms. PDF
David Brumley, James Newsome, and Dawn Song.
In Malware Detection, Springer Publications, 2007.

Articles/Unreviewed

Alias analysis for assembly. PDF PS
David Brumley and James Newsome
Carnegie Mellon University School of Computer Science Technical Report. CMU-CS-06-180. December, 2006.
A Crash Course in Managing Security.PDF
USENIX ;login, 2001
Repeatable Security.PDF
USENIX ;login, 2000.
Rootkits - How Intruders Hide.HTML
USENIX ;login, 1999.
Tracking Hackers on IRC. HTML
In USENIX ;login, 1999.

Patents

Apparatuses, Systems, and Methods for Malware Detection and Analysis, and for Protection from Malware. 2006. (Patent Pending.)
Generic Application Level Protocol Analyzer. 2005. (Patent Pending)
A Cache-Based System Management Architecture with Virtual Appliances, Network Repositories, and Virtual Appliance Transceivers. With Monica Lam, Constantine Sapuntzakis, Ramesh Chandra, Nickolai Zeldovich, Mendel Rosenblum, and James Chow. Issued May 13, 2008. Patent #7373451
Licensed to Moka5