David Brumley - AbsoluteAstronomy.com

David Brumley is an Assistant Professor at Carnegie Mellon University

Carnegie Mellon University

Carnegie Mellon University is a private research university in Pittsburgh, Pennsylvania, United States....

. He is a well-known researcher in software security, network security

Network security

In the field of networking, the area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources...

, and applied cryptography

Cryptography

Cryptography is the practice and study of techniques for secure communication in the presence of third parties...

. Prof. Brumley also worked for 5 years as a Computer Security Officer for Stanford University.

Some of his notable accomplishments include:

In 2008, he showed the counter-intuitive principle that patches can help attackers. In particular, he showed that given a patch for a bug and the originally buggy program, a working exploit can be automatically generated in as little as a few seconds. This result shows that current patch distribution architectures that distribute patches on time-scales larger than a few seconds are potentially insecure. In particular, this work shows one of the first applications of constraint satisfaction to generating exploits.
In 2007, he developed techniques for automatically inferring implementation bugs in protocol implementations. This work won the best paper award at the USENIX Security conference.
His work on a Timing attack
Timing attack
In cryptography, a timing attack is a side channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms...

against RSA. The work was able to recover the factors of a 1024-bit RSA private key over a network in about 2 hours. This work also won the USENIX
USENIX
-External links:* *...

Security Best Paper award. As a result of this work, OpenSSL, stunnel, and others now implement defenses such as RSA blinding.
His work on Rootkit
Rootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...

analysis.
His work on distributed denial of service attacks. In particular, he worked towards tracking down the attackers who brought down Yahoo in 2002.
He was a major contributor towards the arrest of Dennis Moran
US Patent 7373451, which is related to virtual appliance distribution and migration. This patent serves as part of the basis for founding moka5 by his co-authors.

Education

PhD, Computer Science, 2008. Carnegie Mellon University
Carnegie Mellon University
Carnegie Mellon University is a private research university in Pittsburgh, Pennsylvania, United States....

. Advisor: Dawn Song.
MS, Computer Science, 2003. Stanford University
Stanford University
The Leland Stanford Junior University, commonly referred to as Stanford University or Stanford, is a private research university on an campus located near Palo Alto, California. It is situated in the northwestern Santa Clara Valley on the San Francisco Peninsula, approximately northwest of San...

. Advisor: Boneh
Dan Boneh
Dan Boneh is a Professor of Computer Science and Electrical Engineering atStanford University. He is a well-known researcher in the areas of applied cryptographyand computer security.-Education:...

and Monica Lam
BA, Mathematics, 1998. University of Northern Colorado
University of Northern Colorado
-Organization:The University of Northern Colorado offers 100 undergraduate programs and more than 100 graduate programs. The university has a satellite campus in Denver, Colorado...

External links

Brumley's Home Page
Additional articles mentioning Brumley's work: Wired Magazine, CNN, and the Wall Street Journal

The source of this article is wikipedia, the free encyclopedia. The text of this article is licensed under the GFDL.