Skip to main content

David Brumley

Director, CyLab; Professor, Electrical and Computer Engineering


David Brumley

Research Areas

Trustworthy Computing Platforms and Devices

Cross Cutting Thrusts

Software Security
Formal Methods


David Brumley is the Bosch Security and Privacy Professor at CMU, the Director of CyLab, the CMU Security and Privacy Institute, a Professor in ECE with an appointment in CS, and a founding member and academic advisor for a world ranked competitive hacking team. His research interests include all areas of security, with a specialization in software security. Prof. Brumley received his Ph.D. in Computer Science from Carnegie Mellon University, an M.S. in Computer Science from Stanford University, and a B.A. in Mathematics from the University of Northern Colorado. Brumley's honors include a United States Presidential Early Career Award for Scientists and Engineers (PECASE) from President Obama, a 2013 Sloan Foundation award and numerous best paper awards. Brumley's security startup ForAllSecure won the DARPA Cyber Grand Challenge that tested fully autonomous full-spectrum attack and defense cyber reasoning systems.

Visit Dr. Brumley's website for more information.


Additional Resources

Research Projects

Secure Software Development and Operation

Cross Cutting Thrusts: Software Security | Formal Methods
Researchers: David Brumley, Maverick Woo, Manuel Egele

Next-Generation Binary Analysis Techniques and Platform

Cross Cutting Thrusts: Software Security | Formal Methods
Researcher: David Brumley

BAP: The Binary Analysis Platform

Cross Cutting Thrusts: Software Security
Researchers: David Brumley, Andres Jager

Contractual Anonymity

Research Area: Trustworthy Computing Platforms and Devices | Privacy Protection
Cross Cutting Thrusts: Cryptography
Researchers: David Brumley, Jonathan McCune


"Automatic Exploit Generation". Thanassis Avgerinos, Sang Kil Cha, Alexandre Rebert, Edward J. Schwartz, Maverick Woo, and David Brumley. Communications of the ACM, 57(2):74–84, 2014. 

"Enhancing Symbolic Execution with Veritesting". Thanassis Avgerinos, Alexandre Rebert, Sang Kil Cha, and David Brumley.  In Proceedings of the International Conference on Software Engineering, pages 1083–1094, New York, New York, USA, 2014. ACM Press. 

"ByteWeight: Learning to Recognize Functions in Binary Code". Tiffany Bao, Jonathan Burket, Maverick Woo, Rafael Turner, and David Brumley. In Proceedings of the 23rd USENIX Security Symposium, pages 845–860. USENIX, 2014. 

"Blanket Execution: Dynamic Similarity Testing for Program Binaries and Components". Manuel Egele, Maverick Woo, Peter Chapman, and David Brumley. In Proceedings of the 23rd USENIX Security Symposium, pages 303–317. USENIX, 2014.

"Optimizing Seed Selection for Fuzzing". Alexandre Rebert, Sang Kil Cha, Thanassis Avgerinos, Jonathan Foote, David Warren, Gustavo Grieco, and David Brumley. In Proceedings of the 23rd USENIX Security Symposium, pages 861–875. USENIX, 2014. 

"An Empirical Study of the Cryptographic Misuse in Android Applications". Egele, M., Brumley, D. J., Fratantonio, Y., & Kruegel, C. (2013). ACM Conference on Computer and Communications Security Proceedings.

"Native x86 Decompilation using Semantics-Preserving Structural Analysis and Iterative Control-Flow Structuring". Brumley, D. J., Lee, J., Schwartz, E. J., & Woo, M. (2013). USENIX Security Symposium.

"Scheduling Black-box Mutational Fuzzing". Woo, M., Cha, S. K., Gottlieb, S., & Brumley, D. J. (2013). ACM Conference on Computer and Communications Security Proceedings.

"Towards Automatic Software Lineage Inference". Jang, J., Woo, M., & Brumley, D. J. (2013). USENIX Security Symposium.

"Unleashing Mayhem on Binary Code". S. K. Cha, T. Avgerinos, A. Rebert, and D. J. Brumley. IEEE Security and Privacy, 2012.