Andrea Bittau
bittau@cs.stanford.edu
About
I am Research Associate at Stanford's
Secure Computer Systems group,
working with David
Mazières.
Prior to Stanford, I obtained both my Bachelor's and PhD degrees in Computer
Science at University College London. My thesis was on primitives and tools for
privilege separating legacy applications (Wedge). I was advised by
Mark Handley and
Brad Karp.
My research interests are security, operating systems and networking.
Current projects
- CCFI. A compiler that enforces Control Flow Integrity using message authentication codes on indirect branches.
- BROP. Techniques for attacking proprietary services without either
binary or source-code knowledge, on modern 64-bit Linux systems with ASLR and
NX.
- tcpcrypt. A TCP option for opportunistic encryption.
- Dune. A system that lets applications have direct access to
privileged CPU features (page tables, ring protections) in a safe manner.
- Ori. A file system with replication, versioning, history and easy
sharing.
Publications
-
A. Bittau, A. Belay, A. Mashtizadeh, D. Mazières, D. Boneh
Oakland 2014
-
A. Mashtizadeh, A. Bittau, Y. Huang, D. Mazières
SOSP 2013
-
A. Belay, A. Bittau, A. Mashtizadeh, D. Terei, D. Mazières, C. Kozyrakis
OSDI 2012
-
A. Bittau, M. Hamburg, M. Handley, D. Mazières, D. Boneh
USENIX Security 2010
-
A. Bittau
Ph.D. dissertation, University College London 2009
-
A. Bittau, P. Marchenko, M. Handley, B. Karp
NSDI 2008
-
D. Spill, A. Bittau
USENIX WOOT 2007.
-
A. Bittau, M. Handley, J. Lackey
Oakland 2006
Software and past projects
Systems security
- Wedge. Privilege separation primitives and tools for legacy
applications.
- Numerous exploits and cracks.
Wireless security
- WEP
Fragmentation attack. Break 802.11 WEP without needing the key.
Now in aircrack-ng.
- Online WPA cracker. Database of WPA networks and
passwords with distributed cracking.
- FreeBSD's 802.11 WiFi stack. Worked with Sam Leffer on FreeBSD's 802.11
kernel stack to support generic sniffing and packet injection via radiotap.
- BlueSniff. First open-source Bluetooth sniffer. Used GNU radio.
- CSR tools. Reverse engineered firmware of popular Bluetooth dongles (CSR) to enable
sniffing.
Networking
- Linux kernel DCCP stack. Worked on Linux's DCCP kernel stack:
implemented ack vectors, CCID2, and more.
- XORP router policy framework. Wrote the routing policy
framework for the XORP router.
- XCP-lite. A simplified XCP that uses only two bits of signalling.
- MultiNet.
Multiple WiFi access points and clients using a single WiFi card (pre VAP days).
Other
- FreeBSD kernel. ACPI suspend and resume for SMP; Intel HDA audio driver;
SD/MMC driver.
- PsychoPath.
First schema compliant open source XPath 2 processor. Now used by Eclipse.
Personal