Top Qs
Timeline
Chat
Perspective
David Brumley
American cryptographer From Wikipedia, the free encyclopedia
Remove ads
David Brumley is a professor at Carnegie Mellon University. He is a well-known researcher in software security, network security, and applied cryptography. Brumley also previously worked as a Computer Security Officer at Stanford University.
Remove ads
Education
Brumley obtained a Bachelor of Arts in mathematics from the University of Northern Colorado in 1998.[2][3] In 2003 he obtained an MS degree in computer science from Stanford University.[2][4] In 2008 he obtained a PhD in computer science from Carnegie Mellon University, where his Advisor was Professor Dawn Song.[2][5]
Career
Summarize
Perspective
Brumley was previously the Assistant Computer Security Officer for Stanford University.[4][3] Brumley is the faculty advisor to the Plaid Parliament of Pwning (PPP), Carnegie Mellon University competitive security team.[6][7]
Some of his notable accomplishments include:
- In 2008, he showed the counter-intuitive principle that patches can help attackers. In particular, he showed that given a patch for a bug and the originally buggy program, a working exploit can be automatically generated in as little as a few seconds. This result shows that current patch distribution architectures that distribute patches on time-scales larger than a few seconds are potentially insecure.[8] In particular, this work shows one of the first applications of constraint satisfaction to generating exploits.[9]
- In 2007, he developed techniques for automatically inferring implementation bugs in protocol implementations. This work won the best paper award at the USENIX Security conference.
- His work on a Timing attack against RSA. The work was able to recover the factors of a 1024-bit RSA private key over a network in about 2 hours. This work also won the USENIX Security [10] Best Paper award. As a result of this work, OpenSSL, stunnel,[11] and others now implement defenses such as RSA blinding.
- His work on Rootkit analysis.[12]
- His work on distributed denial of service attacks. In particular, he worked towards tracking down the attackers who brought down Yahoo in 2002.[13]
- He was a major contributor towards the arrest of Dennis Moran[14]
- US Patent 7373451, which is related to virtual appliance distribution and migration. This patent serves as part of the basis for founding moka5 [15] by his co-authors.
Remove ads
References
External links
Wikiwand - on
Seamless Wikipedia browsing. On steroids.
Remove ads