Posts

  • Video: Exploiting Use After Free (UAF) vulnerabilities security videos memory-safety use-after-free

    Obligatory: I must point out that my inspiration for this post was a really nice video on YouTube. I don’t claim to have invented this idea, I just wanted to explain it in a way that makes sense to me (although the YouTuber likely does a better job than I)....

  • Job materials for 2017 git talks

    I’m applying to colleges and universities again in 2017. I’m very happy at Haverford, but I’m on the lookout for a tenure-track spot at a place that has students and colleagues that will excite me in the same way I’m feeling right now: My research statement (4 12-point pages) My...

  • All About Git git talks

    I’m giving a college-wide talk for FIG (Fig is Good) tonight. FIG is a student computing group. I’m hoping to record the talk, but for now I’ll just put the slides here.

  • My new cybersecurity course at Haverford (Spring 2017) teaching

    You can also download this syllabus as a PDF. Computer Security: Attacks and Defenses (CMSC 323 at Haverford) Prerequisites: Experience in C programming: E.g., CMSC245 at Haverford or CMSC246 at Bryn Mawr Experience with or willingness to learn learn new languages (Python, SQL, JavaScript, etc..) Workload: 3 lecture hours per...

  • Writing tip: say the text back to you writing

    Here’s the tip: have your computer read your writing back to you. Listen to how it sounds. Then, iterate until it conveys what you’d like to hear. On a mac, you can do this it like this: say -r words_per_minute "My speech goes here" I do this to either: Read...

  • How to Succeed in Grad School talks grad-school

    I gave this talk on August 24, 2017, to incoming grad students at the University of Maryland, College Park. Full slides available here

  • Here: Have Some PLUM Scrum research

    This post is about transparency with your advisor. It seems like most problems that PhD students face boil down to communication and transparency: students work on something the advisor doesn’t expect, the advisor has different expectations for number of papers required to graduate, student collaborates with someone when the advisor...

  • Appreciating Research as Problems research

    Recently I reflected on the kinds of problems I’ve worked on during my PhD, and in doing so realized that I likely did not fully appreciate what research was until rather recently. Research is about identifying and solving novel, important, and generalizable problems inherent in nature. Looking back on the...

  • The nonobvious -- but important -- aspects of teaching (for me) teaching

    I recently got motivated to look up teaching reviews for members of our department (and myself) on various websites our students frequent. Something occurred to me that I had previously suspected but hadn’t clearly articulated in my head: the parts of teaching that I enjoyed most weren’t necessarily the most...

  • Program Visualization as Abstract Interpretation program-analysis abstract-interpretation

    For this past semester, I’ve been thinking in a semi-principaled way about how we should visualize program executions. For example, how should we visualize this program: let id x = x in let g x = id x let check_zero y = if y = 0 then bad () else...

  • Half-Baked Ideas on The Future of Static Analysis and Security security

    It is well known that security policies for programs (such as noninterference) are not properties of a single run, but rather of properties about sets of runs. For example, the following program uses a so-called implicit flow to exfiltrate the value of its secret input: input(secret) if (secret == 0)...

  • The Environment Problem and Abstract Counting program-analysis

    Over the weekend I attempted to read a paper by Matt Might called Logic Flow Analysis. Logic Flow Analysis promises to marry constraint solvers and abstract interpretation so that they play off each other to produce better analysis results. Unfortunately, I fell somewhat flat on this, as the amount of...

  • Efficient SAT Solving algorithms sat

    The Boolean satisfiability problem is simply stated: Given a set of propositional formulas, decide whether or not there is an assignment to the variables in the formula such that the formula is satisfied (true). This basically says: given a large set of constraints with AND and ORs, can you find...

  • On Understanding Coinduction coinduction functional-programming

    Here’s the basic story: Induction is about finite data, co-induction is about infinite data. The typical example of infinite data is the type of a lazy list (a stream). For example, lets say that we have the following object in memory: let (pi : int list) = (* some function...

subscribe via RSS