Articles

Sep 02, 2022
Security

PUMM Accepted to USENIX 2023

My coauthors and I will be presenting our work on preventing use-after-free and double free vulnerabilities at USENIX Security 2023. Below is a preview of the abstract: Critical software is written in memory unsafe languages that are vulnerable to use-after-free and double free bugs. This has led to proposals to …

Aug 31, 2022
Security

Differentiating ARCUS (USENIX'21) and Bunkerbuster (CCS'21)

I've received several questions recently about two papers I published in 2021, one at USENIX (which I'll refer to here as ARCUS) and another at CCS (which I'll refer to as Bunkerbuster). You can find these papers at the USENIX and CCS conference websites, respectively. The question people have is …

Jun 03, 2022
Security

Update Regarding Halibut Bugs (CVE-2021-42612, CVE-2021-42613, CVE-2021-42614)

The bugs that I found using ARCUS in Halibut last year have been issued 3 CVE IDs: CVE-2021-42612 CVE-2021-42613 CVE-2021-42614 To the best of my knowledge, these bugs are now fixed in the latest release version, which at the time of writing is 1.3. Please refer to Halibut's project …

Mar 13, 2022
Security

Faculty Position at The Ohio State University

I have accepted an offer to become an Assistant Professor at The Ohio State University, starting in the Fall 2022 semester. I am currently looking to hire 1 Ph.D. student as a full-time graduate research assistant (GRA). If you are an incoming student and you're interested in cutting edge …

Oct 12, 2021
Security

Case Study: Security Analysis of Halibut

Over the past year I've been studying memory corruption vulnerabilities in Linux C/C++ programs, culminating in the open sourcing of a framework called ARCUS to find and explain them automatically using a combination of dynamic tracing and symbolic analysis. My work has led to two academic conference publications, one …

Sep 06, 2021
Security

Bunkerbuster to Appear in CCS'21

My coauthors and I will be presenting the paper, Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis, at CCS 2021. Below is a preview of the abstract: The increasing cost of successful cyberattacks has caused a mindset shift, whereby defenders now employ proactive defenses, namely software bug hunting, alongside …

Aug 31, 2021
Security

MARSARA to Appear in CCS'21

My coauthors and I will be presenting a paper on "Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks" at CCS 2021. Below is a preview of the abstract: Provenance-based causal analysis of audit logs has proven to be an invaluable method of investigating system intrusions. However, it also …

May 26, 2021
Security

"Modeling Large-Scale Manipulation in Open Stock Markets" to Appear in IEEE Security & Privacy

An article my coauthors and I wrote on automated large-scale market manipulation will be appearing in the November issue of IEEE Security & Privacy. It is currently available early access here. Below is the abstract: This article studies the feasibility of using a botnet to automate stock market manipulation, incorporating data …

Feb 08, 2021
Security

ARCUS System and Dataset Released

We have released the source code and evaluation dataset for "ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems," which will be appearing at USENIX Security 2021 in August, 2021. The paper will be ready for publication in about a month.

Dec 12, 2020
Security

Vulnerability Root Cause Analysis Approach "ARCUS" to Appear in USENIX'21

My coauthors and I will be presenting a paper "ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems" at USENIX Security 2021 in August, 2021. Below is a preview of the abstract: End-host runtime monitors (e.g., CFI, system call IDS) flag processes in response to symptoms of a …

Previous
2 of 7
Next