David Brumley

IRL Name: 
David Brumley

David Brumley is a security researcher who is an Assistant Professor at Carnegie Mellon University and has worked for 5 years as a Computer Security Officer for Stanford University. He is into software security, network security, and applied cryptography. He has received the USENIX Security best paper awards in 2003 and 2007, selected for the 2010 DARPA CSSP program, a 2010 NSF CAREER award, and the 2010 United States Presidential Early Career Award for Scientists and Engineers (PECASE) from President Obama.


In 2003, Dan Boneh and Brumley demonstrated a practical network-based timing attack on SSL-enabled web servers, based on a different vulnerability having to do with the use of RSA with Chinese Remainder Theorem optimizations.

He is the faculty sponsor for the CMU "Capture the Flag" (CTF) team.

He was a major contributor towards the arrest of Dennis Moran.

He worked towards tracking down the attackers who brought down Yahoo in 2002.

In 2007, he developed techniques for automatically inferring implementation bugs in protocol implementations.

The importance of his automatic exploitation research has been heavily debated among professionals (see dailydave).