The bugs that I found using ARCUS in Halibut last year have been issued 3 CVE IDs: CVE-2021-42612 CVE-2021-42613 CVE-2021-42614 To the best of my knowledge, these bugs are now fixed in the latest release version, which at the time of writing is 1.3. Please refer to Halibut's project …

I have accepted an offer to become an Assistant Professor at The Ohio State University, starting in the Fall 2022 semester. I am currently looking to hire 1 Ph.D. student as a full-time graduate research assistant (GRA). If you are an incoming student and you're interested in cutting edge …

Over the past year I've been studying memory corruption vulnerabilities in Linux C/C++ programs, culminating in the open sourcing of a framework called ARCUS to find and explain them automatically using a combination of dynamic tracing and symbolic analysis. My work has led to two academic conference publications, one …

My coauthors and I will be presenting the paper, Automated Bug Hunting With Data-Driven Symbolic Root Cause Analysis, at CCS 2021. Below is a preview of the abstract: The increasing cost of successful cyberattacks has caused a mindset shift, whereby defenders now employ proactive defenses, namely software bug hunting, alongside …

My coauthors and I will be presenting a paper on "Validating the Integrity of Audit Logs Against Execution Repartitioning Attacks" at CCS 2021. Below is a preview of the abstract: Provenance-based causal analysis of audit logs has proven to be an invaluable method of investigating system intrusions. However, it also …

We have released the source code and evaluation dataset for "ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems," which will be appearing at USENIX Security 2021 in August, 2021. The paper will be ready for publication in about a month.

My coauthors and I will be presenting a paper "ARCUS: Symbolic Root Cause Analysis of Exploits in Production Systems" at USENIX Security 2021 in August, 2021. Below is a preview of the abstract: End-host runtime monitors (e.g., CFI, system call IDS) flag processes in response to symptoms of a …

Here's something you don't see every day. The logs from my SSH honeypot show someone brute-forcing the password for root and then executing: ls /data/data/com.android.providers.telephony/databases This is a strange directory to look for because it's where Android devices store the SQLite databases for SMS …

Originally written for the Syracuse University College of Engineering blog. Last weekend, I had the opportunity to compete in the first-ever Collegiate Pentesting Competition along with five other members from the iSchool's Information Security Club. Hosted by RIT, this competition places competing university teams in the role of security consulting …