David Brumley
American cryptographer
From Wikipedia, the free encyclopedia
David Brumley is a professor at Carnegie Mellon University. He is a well-known researcher in software security, network security, and applied cryptography. Brumley also previously worked as a Computer Security Officer at Stanford University.
_(cropped).png)
David Brumley | |
|---|---|
Brumley in 2016 | |
| Alma mater | Carnegie Mellon University Stanford University of Northern Colorado |
| Known for | software security and applied cryptography |
| Awards | Presidential Early Career Award for Scientists and Engineers[1] |
| Scientific career | |
| Fields | computer science |
| Institutions | Carnegie Mellon University |
| Doctoral advisor | Dawn Song |
Education
Brumley obtained a Bachelor of Arts in mathematics from the University of Northern Colorado in 1998.[2][3] In 2003 he obtained an MS degree in computer science from Stanford University.[2][4] In 2008 he obtained a PhD in computer science from Carnegie Mellon University, where his Advisor was Professor Dawn Song.[2][5]
Career
Brumley was previously the Assistant Computer Security Officer for Stanford University.[4][3] Brumley is the faculty advisor to the Plaid Parliament of Pwning (PPP), Carnegie Mellon University competitive security team.[6][7]
Some of his notable accomplishments include:
- In 2008, he showed the counter-intuitive principle that patches can help attackers. In particular, he showed that given a patch for a bug and the originally buggy program, a working exploit can be automatically generated in as little as a few seconds. This result shows that current patch distribution architectures that distribute patches on time-scales larger than a few seconds are potentially insecure.[8] In particular, this work shows one of the first applications of constraint satisfaction to generating exploits.[9]
- In 2007, he developed techniques for automatically inferring implementation bugs in protocol implementations. This work won the best paper award at the USENIX Security conference.
- His work on a Timing attack against RSA. The work was able to recover the factors of a 1024-bit RSA private key over a network in about 2 hours. This work also won the USENIX Security [10] Best Paper award. As a result of this work, OpenSSL, stunnel,[11] and others now implement defenses such as RSA blinding.
- His work on Rootkit analysis.[12]
- His work on distributed denial of service attacks. In particular, he worked towards tracking down the attackers who brought down Yahoo in 2002.[13]
- He was a major contributor towards the arrest of Dennis Moran[14]
- US Patent 7373451, which is related to virtual appliance distribution and migration. This patent serves as part of the basis for founding moka5 [15] by his co-authors.
