David Brumley
Professor, Electrical and Computer Engineering
Courtesy Appointment, Computer Science Department
David Brumley is a professor in the Electrical and Computer Engineering Department at Carnegie Mellon University with an additional courtesy in the Computer Science Department. He was previously the director of CyLab, the CMU Security and Privacy Institute. His research focuses on software security.
Brumley received his Ph.D. in Computer Science from Carnegie Mellon University, an M.S. in Computer Science from Stanford University, and a B.A. in Mathematics from the University of Northern Colorado. He served as a computer security officer for Stanford University from 1998-2002 and handled thousands of computer security incidents in that capacity. He is the faculty mentor for the Carnegie Mellon Hacking Team Plaid Parliament of Pwning (PPP), which is ranked internationally as one of the top teams in the world according to ctftime.org. The team was ranked #1 in 2011, #2 in 2012, and #1 in 2013, and won DefCon 2013. Brumley received the USENIX Security Best Paper Award in 2003 and 2007, and an ICSE Distinguished Paper Award in 2014.<
Brumley’s honors include being selected for the 2010 DARPA CSSP program and 2013 DARPA Information Science and Technology Advisory Board, a 2010 NSF CAREER award, a 2010 United States Presidential Early Career Award for Scientists and Engineers (PECASE) from President Obama (the highest award in the US for early career scientists), and a 2013 Sloan Foundation Award.
Network Security: Protecting Today's Computers
Education
2008 Ph.D., Computer Science, Carnegie Mellon University
2003 MS, Computer Science, Stanford University
1998 BA, Mathematics, University of North Colorado
Affiliations
Research Interests
- AI and ML for security
- Applications of security and privacy
- autonomy
- cryptography
- cyber physical systems security and privacy
- cyberphysical systems (CPS)
- embedded systems security
- emerging applications security
- Formal methods
- formal methods for security
- hardware security
- Internet of Things (IoT)
- IoT security and privacy
- language-based security
- malware analysis and detection
- ML and AI
- network security
- secure systems
- security of AI and ML
- software security
- systems security
- verification
Media mentions
American Security Today
Brumley quoted on new CMU - Draper partnership
“We’re thrilled that Draper is building on top of the CMU Binary Analysis Platform, a framework we developed and open-sourced to enable analysis of programs in the machine code representation.”
CyLab Security and Privacy Institute
picoCTF celebrates competition winners at annual award ceremony
Over 18,000 people hacked their way through Carnegie Mellon’s annual cybersecurity competition in 2022, including more than 6,000 middle and high school students. The event saw players from all 50 U.S. States and 169 countries, who worked through 65 increasingly difficult challenges as they looked to take home this year’s crown.
CMU Engineering
Carnegie Mellon’s hacking team wins DEF CON
CMU’s hacking team, the Plaid Parliament of Pwning, joined forces with the University of British Columbia’s team and researchers from Theori.io to win this year’s DEF CON Capture the Flag competition.
CyLab Security and Privacy Institute
Carnegie Mellon's hacking team wins DEF CON CTF
Carnegie Mellon showed off its computer security talent by winning DEF CON’s Capture the Flag competition, the “Superbowl of hacking,” for the sixth time.
CyLab Security and Privacy Institute
Two of three IEEE Test of Time Awards go to CyLab researchers
At last month’s IEEE Symposium on Security and Privacy, two of three Test of Time Awards—among the most prestigious awards presented—were given to CyLab researchers.
DARKReading
Brumley quoted on fighting cybercrime
CyLab/ECE’s David Brumley was quoted in DARKReading on the role of officials combatting cybercrime.
The Washington Post
Brumley quoted on Russian hacking
CyLab/ECE's David Brumley was quoted in The Washington Post about President Biden’s response to the Russian hacking of SolarWinds software.
Dark Reading
Brumley quoted on cybersecurity
ECE/CyLab’s David Brumley was quoted in Dark Reading on getting started in cybersecurity.
Security Magazine
Brumley interviewed on security competitions
CyLab’s David Brumley was interviewed by Security Magazine on Capture the Flag cybersecurity competitions.
Tech Republic
Brumley interviewed on fuzzing
CyLab’s David Brumley was interviewed by Tech Republic on fuzzing.
CyLab Security and Privacy Institute
Carnegie Mellon hacking team finishes 2nd at DefCon
Carnegie Mellon University’s competitive hacking team, the Plaid Parliament of Pwning (PPP), finished in 2nd place in the “Capture the Flag” competition—widely referred to as “The Olympics of Hacking”—at this year’s DefCon security conference.
Tech Republic
Brumley interviewed about DevSecOps
ECE/CyLab’s David Brumley was interviewed in Tech Republic about DevSecOps, an application from his company, ForAllSecure.