About

I am Research Associate at Stanford's Secure Computer Systems group, working with David Mazières.

Prior to Stanford, I obtained both my Bachelor's and PhD degrees in Computer Science at University College London. My thesis was on primitives and tools for privilege separating legacy applications (Wedge). I was advised by Mark Handley and Brad Karp.

My research interests are security, operating systems and networking.

Current projects

• CCFI. A compiler that enforces Control Flow Integrity using message authentication codes on indirect branches.
• BROP. Techniques for attacking proprietary services without either binary or source-code knowledge, on modern 64-bit Linux systems with ASLR and NX.
• tcpcrypt. A TCP option for opportunistic encryption.
• Dune. A system that lets applications have direct access to privileged CPU features (page tables, ring protections) in a safe manner.
• Ori. A file system with replication, versioning, history and easy sharing.

Publications

• Hacking Blind [slides]
  A. Bittau, A. Belay, A. Mashtizadeh, D. Mazières, D. Boneh
  Oakland 2014
• Replication, history, and grafting in the Ori file system
  A. Mashtizadeh, A. Bittau, Y. Huang, D. Mazières
  SOSP 2013
• Dune: Safe User-level Access to Privileged CPU Features
  A. Belay, A. Bittau, A. Mashtizadeh, D. Terei, D. Mazières, C. Kozyrakis
  OSDI 2012
• The Case for Ubiquitous Transport-Level Encryption [slides]
  A. Bittau, M. Hamburg, M. Handley, D. Mazières, D. Boneh
  USENIX Security 2010
• Toward Least-Privilege Isolation for Software
  A. Bittau
  Ph.D. dissertation, University College London 2009
• Wedge: Splitting Applications into Reduced-Privilege Compartments [slides]
  A. Bittau, P. Marchenko, M. Handley, B. Karp
  NSDI 2008
• BlueSniff: Eve meets Alice and Bluetooth
  D. Spill, A. Bittau
  USENIX WOOT 2007.
• The Final Nail in WEP's Coffin [slides]
  A. Bittau, M. Handley, J. Lackey
  Oakland 2006

Software and past projects

Systems security

• Wedge. Privilege separation primitives and tools for legacy applications.
• Numerous exploits and cracks.

Wireless security

• WEP Fragmentation attack. Break 802.11 WEP without needing the key. Now in aircrack-ng.
• Online WPA cracker. Database of WPA networks and passwords with distributed cracking.
• FreeBSD's 802.11 WiFi stack. Worked with Sam Leffer on FreeBSD's 802.11 kernel stack to support generic sniffing and packet injection via radiotap.
• BlueSniff. First open-source Bluetooth sniffer. Used GNU radio.
• CSR tools. Reverse engineered firmware of popular Bluetooth dongles (CSR) to enable sniffing.

Networking

• Linux kernel DCCP stack. Worked on Linux's DCCP kernel stack: implemented ack vectors, CCID2, and more.
• XORP router policy framework. Wrote the routing policy framework for the XORP router.
• XCP-lite. A simplified XCP that uses only two bits of signalling.
• MultiNet. Multiple WiFi access points and clients using a single WiFi card (pre VAP days).

Other

• FreeBSD kernel. ACPI suspend and resume for SMP; Intel HDA audio driver; SD/MMC driver.
• PsychoPath. First schema compliant open source XPath 2 processor. Now used by Eclipse.

Personal