Latest news: Our work on patch-based exploit generation was slashdotted and in Bruce Schneier's recent cryptogram.

Curriculum Vitae: PDF PS (Updated 1/23/2008)

Research Statement: PDF PS (1/23/2007: The work mentioned on patch-based exploit generation has been accepted to the 2008 IEEE Security and Privacy Symposium.)

Teaching Statement: PDF PS

Selected Publications

• Towards Automatic Discovery of Deviations in Binary Implementations with Applications to Error Detection and Fingerprint Generation. PDF
  By David Brumley, Juan Caballero, Zhenkai Liang, James Newsome, Dawn Song
  Proceedings of the 2007 USENIX Security Conference, 2007.
  * Conference Best Paper Award

• Creating Vulnerability Signatures Using Weakest Pre-conditions. PDF
  By David Brumley, Hao Wang, Somesh Jha, Dawn Song
  Proceedings of the 2007 Computer Security Foundations Symposium, 2007.

• Towards Automatic Generation of Vulnerability-Based Signatures. PDF
  David Brumley, James Newsome, Dawn Song, Hao Wang, and Somesh Jha.
  In the Proceedings of the 2006 IEEE Symposium on Security and Privacy.
  * Selected by program committe for recommendation to IEEE Transactions on Dependable and Secure Computing (one of top 3 conference papers)

• Remote timing attacks are practical. Journal PDF Conference PDF
  David Brumley and Dan Boneh.
  Journal of Computer Networks, 2005 and the Proceedings of the 2003 USENIX Security Conference
  * USENIX Security 2003 "Best Paper" and invited journal paper