About Awards Grants Media Patents Projects Publications Service Talks Teaching

#arcus Articles

Differentiating ARCUS (USENIX'21) and Bunkerbuster (CCS'21)

Wed 31 August 2022

Security

I've received several questions recently about two papers I published in 2021, one at USENIX (which I'll refer to here as ARCUS) and another at CCS (which I'll refer to as Bunkerbuster). You can find these papers at the USENIX and CCS conference websites, respectively. The question people have is …

Update Regarding Halibut Bugs (CVE-2021-42612, CVE-2021-42613, CVE-2021-42614)

Fri 03 June 2022

Security

The bugs that I found using ARCUS in Halibut last year have been issued 3 CVE IDs: CVE-2021-42612 CVE-2021-42613 CVE-2021-42614 To the best of my knowledge, these bugs are now fixed in the latest release version, which at the time of writing is 1.3. Please refer to Halibut's project …

Case Study: Security Analysis of Halibut

Tue 12 October 2021

Security

Over the past year I've been studying memory corruption vulnerabilities in Linux C/C++ programs, culminating in the open sourcing of a framework called ARCUS to find and explain them automatically using a combination of dynamic tracing and symbolic analysis. My work has led to two academic conference publications, one …