David Brumley is a professor at

Carnegie Mellon University Carnegie Mellon University (CMU) is a private research university in Pittsburgh, Pennsylvania. One of its predecessors was established in 1900 by Andrew Carnegie as the Carnegie Technical Schools; it became the Carnegie Institute of Technology ...

. He is a well-known researcher in

software security Application security (short AppSec) includes all tasks that introduce a secure software development life cycle to development teams. Its final goal is to improve security practices and, through that, to find, fix and preferably prevent security ...

network security Network security consists of the policies, processes and practices adopted to prevent, detect and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves th ...

, and applied

cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adve ...

. Prof. Brumley also worked for 5 years as a Computer Security Officer for Stanford University.

Education

Brumley obtained a

Bachelor of Arts Bachelor of arts (BA or AB; from the Latin ', ', or ') is a bachelor's degree awarded for an undergraduate program in the arts, or, in some cases, other disciplines. A Bachelor of Arts degree course is generally completed in three or four yea ...

in mathematics from the

University of Northern Colorado The University of Northern Colorado (UNC) is a public university in Greeley, Colorado. The university was founded in 1889 as the State Normal School of Colorado and has a long history in teacher education. The institution has officially change ...

in 1998. In 2003 he obtained an MS degree in

computer science Computer science is the study of computation, automation, and information. Computer science spans theoretical disciplines (such as algorithms, theory of computation, information theory, and automation) to practical disciplines (includin ...

from Stanford University. In 2008 he obtained a

PhD PHD or PhD may refer to: * Doctor of Philosophy (PhD), an academic qualification Entertainment * '' PhD: Phantasy Degree'', a Korean comic series * ''Piled Higher and Deeper ''Piled Higher and Deeper'' (also known as ''PhD Comics''), is a newsp ...

in computer science from

, where his

Advisor An adviser or advisor is normally a person with more and deeper knowledge in a specific area and usually also includes persons with cross-functional and multidisciplinary expertise. An adviser's role is that of a mentor or guide and differs categor ...

was Professor

Dawn Song Dawn Song is a Chinese American academic and is a professor at the University of California, Berkeley, in the Electrical Engineering and Computer Science Department. She received a MacArthur Foundation Fellowship in 2010. Education Song ear ...

Career

Brumley was previously the Assistant Computer Security Officer for Stanford University. Brumley is the faculty advisor to the Plaid Parliament of Pwning (PPP), which is the

competitive security team. Some of his notable accomplishments include: * In 2008, he showed the counter-intuitive principle that patches can help attackers. In particular, he showed that given a patch for a bug and the originally buggy program, a working exploit can be automatically generated in as little as a few seconds. This result shows that current patch distribution architectures that distribute patches on time-scales larger than a few seconds are potentially insecure. In particular, this work shows one of the first applications of constraint satisfaction to generating exploits. * In 2007, he developed techniques for automatically inferring implementation bugs in protocol implementations. This work won the best paper award at th
USENIX Security
conference. *His work on a

Timing attack In cryptography, a timing attack is a side-channel attack in which the attacker attempts to compromise a cryptosystem by analyzing the time taken to execute cryptographic algorithms. Every logical operation in a computer takes time to execute, a ...

against RSA. The work was able to recover the factors of a 1024-bit RSA private key over a network in about 2 hours. This work also won the USENIX Security Best Paper award. As a result of this work, OpenSSL, stunnel, and others now implement defenses such as RSA blinding. *His work on

Rootkit A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exis ...

analysis. *His work on distributed

denial of service In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conn ...

attacks. In particular, he worked towards tracking down the attackers who brought down Yahoo in 2002. *He was a major contributor towards the arrest of Dennis Moran * US Patent 7373451, which is related to virtual appliance distribution and migration. This patent serves as part of the basis for founding moka5 http://www.moka5.com by his co-authors.

References

External links

*Brumley'
Home Page
*Additional articles mentioning Brumley's work
Wired Magazine
and th
Wall Street Journal
Living people American cryptographers Computer security academics Carnegie Mellon University faculty Carnegie Mellon University alumni Year of birth missing (living people) Recipients of the Presidential Early Career Award for Scientists and Engineers {{US-academic-scientist-stub