David Brumley

American cryptographer

David Brumley is a professor at Carnegie Mellon University. He is a well-known researcher in software security, network security, and applied cryptography. Prof. Brumley also worked for 5 years as a Computer Security Officer for Stanford University.

Education

Brumley obtained a Bachelor of Arts in mathematics from the University of Northern Colorado in 1998.^[2][3] In 2003 he obtained an MS degree in computer science from Stanford University.^[2][4] In 2008 he obtained a PhD in computer science from Carnegie Mellon University, where his Advisor was Professor Dawn Song.^[2][5]

Career

Brumley was previously the Assistant Computer Security Officer for Stanford University.^[4][3] Brumley is the faculty advisor to the Plaid Parliament of Pwning (PPP), which is the Carnegie Mellon University competitive security team.^[6][7]

Some of his notable accomplishments include:

• In 2008, he showed the counter-intuitive principle that patches can help attackers. In particular, he showed that given a patch for a bug and the originally buggy program, a working exploit can be automatically generated in as little as a few seconds. This result shows that current patch distribution architectures that distribute patches on time-scales larger than a few seconds are potentially insecure.^[8] In particular, this work shows one of the first applications of constraint satisfaction to generating exploits.^[9]
• In 2007, he developed techniques for automatically inferring implementation bugs in protocol implementations. This work won the best paper award at the USENIX Security conference.
• His work on a Timing attack against RSA. The work was able to recover the factors of a 1024-bit RSA private key over a network in about 2 hours. This work also won the USENIX Security ^[10] Best Paper award. As a result of this work, OpenSSL, stunnel,^[11] and others now implement defenses such as RSA blinding.
• His work on Rootkit analysis.^[12]
• His work on distributed denial of service attacks. In particular, he worked towards tracking down the attackers who brought down Yahoo in 2002.^[13]
• He was a major contributor towards the arrest of Dennis Moran^[14]
• US Patent 7373451, which is related to virtual appliance distribution and migration. This patent serves as part of the basis for founding moka5 ^[15] by his co-authors.

References

1. "The Presidential Early Career Award for Scientists and Engineers: Recipient Details: David Brumley". NSF.
2. "David Brumley Awarded Sloan Fellowship for Pushing Frontiers of Research". Carnegie Mellon College of Engineering. March 25, 2013. Archived from the original on January 11, 2017. Brumley earned his undergraduate degree in mathematics in 1998 from the University of Northern Colorado, a master's degree in computer science in 2003 from Stanford University and a Ph.D. in computer science from CMU in 2008.
3. "Perspectives on Distributed Denial of Service Attacks". Stanford University. Archived from the original on January 11, 2017. David Brumley is the Assistant Computer Security Officer for Stanford University. He has responded to over 1000 incidents, authored such programs as the remote intrusion detector (RID) and SULinux (Stanford University Linux). David received his bachelor's degree in Mathematics from the University of Northern Colorado.
4. Sapuntzakis, Constantine; Brumley, David; Chandra, Ramesh; Zeldovich, Nickolai; Chow, Jim; Lam, Monica S.; Rosenblum, Mendel (2003). "Virtual Appliances for Deploying and Maintaining Software" (PDF). MIT Computer Science and Artificial Intelligence Laboratory. p. 192. Archived from the original (PDF) on January 11, 2017. David Brumley is a Ph.D. student in Computer Science at Carnegie Mellon University. Previously, he was the computer security officer for Stanford University, where he responded to over 1000 incidents and authored such programs as the remote intrusion detector (RID) and SULinux (Stanford University Linux). David received his Bachelor's degree in Mathematics from the University of Northern Colorado and his Master's degree in Computer Science from Stanford.
5. Brumley, David (July 26, 2016). "Why CGC Matters to Me". ForAllSecure. Archived from the original on January 11, 2017. In 2008 I started as a new assistant professor at CMU. I sat down, thought hard about what I had learned from graduate school, and tried to figure out what to do next. My advisor in graduate school was Dawn Song, one of the top scholars in computer security. She would go on to win a MacArthur "Genius" Award in 2010. She's a hard act to follow. I was constantly reminded of this because, by some weird twist of fate, I was given her office when she moved from CMU to Berkeley.
6. "CyLab wins big during DefCon Weekend". Carnegie Mellon College of Engineering. August 8, 2016. Archived from the original on January 11, 2017. Brumley is the faculty advisor to PPP. "Our team has put in thousands of hours of practice, and it is rewarding to see them win amongst the best hackers in the world," said Brumley. "Every year this competition becomes harder and harder to win."
7. Spice, Byron (November 11, 2010). "Plaid Parliament of Pwning Takes Capture the Flag Trifecta". Carnegie Mellon School of Computer Science. Archived from the original on January 11, 2017. And Carnegie Mellon's Plaid Parliament of Pwning (PPP) team, led by Assistant Professor of ECE and Computer Science David Brumley, has pulled off a huge feat this semester, winning not just one or two of these grueling competitions, but three — and all since September.
8. "Dissecting the Automatic Patch-Based Exploit Generator". 25 April 2008.
9. "Automatic Patch-Based Exploits Demonstrate Weakness of Patching - Messaging and Web Security". Archived from the original on 2008-08-27. Retrieved 2009-01-04.
10. 2003
11. "Bugtraq: Stunnel: RSA timing attacks / Key discovery".
12. "USENIX | the Advanced Computing Systems Association".
13. "Probe Focuses on Prime Hacking Suspects / Investigation hampered by bogus attack bragging". 15 February 2000.
14. New York Times,
15. http://www.moka5.com Archived 2008-03-05 at the Wayback Machine

External links

• Brumley's Home Page
• Additional articles mentioning Brumley's work: Wired Magazine, CNN, and the Wall Street Journal