I am Research Associate at Stanford's
Secure Computer Systems group,
working with David
Prior to Stanford, I obtained both my Bachelor's and PhD degrees in Computer
Science at University College London. My thesis was on primitives and tools for
privilege separating legacy applications (Wedge). I was advised by
Mark Handley and
My research interests are security, operating systems and networking.
- CCFI. A compiler that enforces Control Flow Integrity using message authentication codes on indirect branches.
- BROP. Techniques for attacking proprietary services without either
binary or source-code knowledge, on modern 64-bit Linux systems with ASLR and
- tcpcrypt. A TCP option for opportunistic encryption.
- Dune. A system that lets applications have direct access to
privileged CPU features (page tables, ring protections) in a safe manner.
- Ori. A file system with replication, versioning, history and easy
A. Bittau, A. Belay, A. Mashtizadeh, D. Mazières, D. Boneh
A. Mashtizadeh, A. Bittau, Y. Huang, D. Mazières
A. Belay, A. Bittau, A. Mashtizadeh, D. Terei, D. Mazières, C. Kozyrakis
A. Bittau, M. Hamburg, M. Handley, D. Mazières, D. Boneh
USENIX Security 2010
Ph.D. dissertation, University College London 2009
A. Bittau, P. Marchenko, M. Handley, B. Karp
D. Spill, A. Bittau
USENIX WOOT 2007.
A. Bittau, M. Handley, J. Lackey
Software and past projects
- Wedge. Privilege separation primitives and tools for legacy
- Numerous exploits and cracks.
Fragmentation attack. Break 802.11 WEP without needing the key.
Now in aircrack-ng.
- Online WPA cracker. Database of WPA networks and
passwords with distributed cracking.
- FreeBSD's 802.11 WiFi stack. Worked with Sam Leffer on FreeBSD's 802.11
kernel stack to support generic sniffing and packet injection via radiotap.
- BlueSniff. First open-source Bluetooth sniffer. Used GNU radio.
- CSR tools. Reverse engineered firmware of popular Bluetooth dongles (CSR) to enable
- Linux kernel DCCP stack. Worked on Linux's DCCP kernel stack:
implemented ack vectors, CCID2, and more.
- XORP router policy framework. Wrote the routing policy
framework for the XORP router.
- XCP-lite. A simplified XCP that uses only two bits of signalling.
Multiple WiFi access points and clients using a single WiFi card (pre VAP days).
- FreeBSD kernel. ACPI suspend and resume for SMP; Intel HDA audio driver;
First schema compliant open source XPath 2 processor. Now used by Eclipse.