David Brumley


Goto:

Peer Reviewed

  1. Automatically Inferring the Evolution of Malicious Activity on the Internet.
    Shobha Venkataraman, David Brumley, Subhabrata Sen, and Oliver Spatscheck. In the Proceedings of the Network and Distributed Systems Security Symposium, 2013.
  2. GPS Software Attacks. PDF
    Tyler Nighswander, Brent Ledvina, Jonathan Diamond, Robert Brumley, and David Brumley. In the Proceedings of the ACM Computer and Communication Security Symposium, 2012.
  3. Tachyon: Tandem Execution for Efficient Live Patch Testing. PDF
    Matthew Maurer and David Brumley. In the Proceedings of the USENIX Security Symposium, 2012.
  4. Unleashing Mayhem on Binary Code. PDF
    Sang Kil Cha, Thanassis Avgerinos, Alexandre Rebert, and David Brumley. In the Proceedings of the IEEE Security and Privacy Symposium, 2012.
  5. ReDeBug: Finding Unpatched Code Clones in Entire OS Distributions. PDF
    Jiyong Jang, Abeer Agrawal, and David Brumley. In the Proceedings of USENIX Security, 2012
  6. BitShred: Feature Hashing Malware for Scalable Triage and Semantic Analysis. PDF
    Jiyong Jang, David Brumley, and Shobha Venkataraman
    In the Proceedings of the ACM Conference on Computer and Communication Security (CCS), 2011.
  7. Q: Exploit Hardening Made Easy. PDF
    Edward J. Schwartz, Thanassis Avgerinos, and David Brumley.
    In the Proceedings of the 2011 USENIX Security Symposium, August, 2011.
  8. BAP: The CMU Binary Analysis Platform. PDF
    David Brumley, Ivan Jager, Thanassis Avgerinos, and Edward Schwartz.
    Proceedings of the 20111 Conference on Computer Aided Verification (CAV '11), July 2011, Snowbird, UT.
  9. AEG: Automatic Exploit Generation. Website (publication there)
    Thanassis Avgerinos, Sang Kil Cha, Brent Lim Tze Hao, and David Brumley.
    In the Proceedings of the 2011 Network and Distributed System Security Symposium (NDSS), 2011.
  10. TIE: Principled Reverse Engineering of Types in Binary Programs PDF
    JongHyup Lee, Thanassis Avgerinos and David Brumley.
    In the Proceedings of the 2011 Network and Distributed System Security Symposium (NDSS), 2011
  11. Platform-Independent Programs PDF
    Sang Kil Cha, Brian Pak, David Brumley, and Richard J. Lipton.
    In Proceedings of 17th ACM Conference on Computer and Communications Security (CCS 10), Oct. 2010
  12. All You Ever Wanted to Know About Dynamic Taint Analysis and Forward Symbolic Execution (but might have been afraid to ask). PDF
    Edward J. Schwartz, Thanassis Avgerinos, and David Brumley
    In the Proceedings of the IEEE Security and Privacy Symposium, 2010.
  13. SplitScreen: Enabling Efficient, Distributed Malware Detection. PDF
    Sang Kil Cha, Iulian Moraru, Jiyong Jang, John Truelove, David Brumley, and David Andersen.
    In the Proceedings of USENIX Symposium on Networked Systems Design and Implementation (NSDI), 2010.
  14. Contractual Anonymity. PDF
    Edward J. Schwartz, David Brumley, and Jonathan M. McCune.
    In the Proceedings of the Annual Network and Distributed System Security Symposium (NDSS), 2010.
  15. Theory and Techniques for Automatic Generation of Vulnerability-Based Signatures.
    David Brumley, James Newsome, Dawn Song, Hao Wang, and Somesh Jha.
    IEEE Transactions on Dependable and Secure Computing, Volume 5, Issue 4. October 2008. Pages, 224-241.
  16. Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications.PDF
    David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng.
    Proceedings of the IEEE Security and Privacy Symposium, May, 2008.
  17. Towards Automatic Discovery of Deviations in Binary Implementations with Applications to Error Detection and Fingerprint Generation. PDF
    David Brumley, Juan Caballero, Zhenkai Liang, James Newsome, Dawn Song
    Proceedings of the 2007 USENIX Security Conference, 2007.
    * Conference Best Paper Award
  18. Creating Vulnerability Signatures Using Weakest Pre-conditions. PDF
    David Brumley, Hao Wang, Somesh Jha, Dawn Song
    Proceedings of the 2007 Computer Security Foundations Symposium, 2007.
  19. Sweeper: A Lightweight End-to-End System for Defending Against Fast Worms. PDF
    Joseph Tucek, James Newsome, Shan Lu, Chengdu Huang, Spiros Xanthos, David Brumley, Yuanyuan Zhou and Dawn Song
    In the Proceedings of the 2007 EuroSys Conference, 2007.
  20. A Generic Application-Level Protocol Analyzer and its Language. PDF
    Nikita Borisov, David Brumley, Helen Wang, John Dunagan, Pallavi Joshi, and Chuanxiong Guo.
    In the Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS 07)
  21. Efficient and Accurate Detection of Integer-based Attacks. PDF
    David Brumley, Tzi-cker Chiueh, Robert Johnson, Huijia Lin, and Dawn Song
    In the Proceedings of the 14th Annual Network and Distributed System Security Symposium (NDSS 07)
  22. Replayer: Automatic Protocol Replay by Binary Analysis. PDF James Newsome and David Brumley and Jason Franklin and Dawn Song.
    In the Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS 06)
  23. Towards Attack-Agnostic Defenses. PDF
    David Brumley and Dawn Song.
    In the Proceedings of the First Workshop on Hot Topics in Security (HOTSEC 06)
  24. Towards Automatic Generation of Vulnerability-Based Signatures. PDF
    David Brumley, James Newsome, Dawn Song, Hao Wang, and Somesh Jha.
    In the Proceedings of the 2006 IEEE Symposium on Security and Privacy.
    * Selected by program committe for recommendation to IEEE Transactions on Dependable and Secure Computing
  25. Vulnerability-Specific Execution Filtering for Exploit Prevention on Commodity Software. PDF
    James Newsome, David Brumley, and Dawn Song.
    In the Proceedings of the 13th Annual Network and Distributed Systems Security Symposium (NDSS 2006).
  26. Design Space and Analysis of Worm Defense Strategies. PDF
    David Brumley, Li-Hao Liu, Pongsin Poosankam, and Dawn Song.
    In the Proceedings of the 2006 ACM Symposium on Information, Computer, and Communication Security (ASIACCS 2006).
  27. Remote timing attacks are practical. PDF
    David Brumley and Dan Boneh.
    Journal of Computer Networks, 2005.
    * This is the updated and more complete journal version of the 2003 USENIX Security paper.
  28. Privtrans: Automatically Partitioning Programs for Privilege Separation. PDF
    David Brumley and Dawn Song.
    In the Proceedings of the 13th USENIX Security Symposium, August 2004.
  29. Virtual appliances for deploying and maintaing software. PDF
    C. Sapuntzakis, D. Brumley, R. Chandra, N. Zeldovich, J. Chow, M. S. Lam, and M. Rosenblum
    In the Proceedings of the 17th Large Installation System Administration Conference (LISA 2003), October 2003.
  30. Remote timing attacks are practical. PDF PS David Brumley and Dan Boneh
    In the Proceedings of the 12th USENIX Security Symposium, August 2003.
    * Conference Best Paper Award

Book Chapters

Articles/Unreviewed

Patents