IRENE: A Toolchain for High-Level Micropatching Through Recompilable Sub-Function Regions
Ian W. Smith, Francesco Bertolaccini, William Tan and Michael D. Brown
In IEEE Military Communications Conference (MILCOM), Washington DC 2024.
A Broad Comparative Evaluation of Software Debloating Tools [PDF]
Michael D. Brown, Adam Meily, Brian Fairservice, Akshay Sood, Jonathan Dorn, Eric Kilmer, and Ronald Eytchison
In 33rd USENIX Security Symposium, Philadelphia, PA 2024.
VulChecker: Graph-based Vulnerability Localization in Source Code [PDF]
Yisroel Mirsky, George Macon, Michael D. Brown, Carter Yagemann, Matthew Pruett, Evan Downing, Sukarno Mertoguno, and Wenke Lee
In 32nd USENIX Security Symposium, Anaheim, CA 2023.
A Broad Comparative Evaluation of x86-64 Binary Rewriters [PDF]
Eric Schulte, Michael D. Brown, and Vlad Folts.
In Proceedings of the 15th Workshop on Cyber Security Experimentation and Test Virtual, 2022
Not So Fast: Understanding and Mitigating Negative Impacts of Compiler Optimizations on Code Reuse Gadget Sets [PDF]
Michael D. Brown, Matthew Pruett, Robert Bigelow, Girish Mururu, and Santosh Pande.
In Proceedings of the ACM on Programming Languages Volume 5, Issue OOPSLA. Presented at SPLASH 2021, Chicago, IL 2021.
CARVE: Practical Security-Focused Software Debloating Using Simple Feature Set Mappings [PDF]
Michael D. Brown and Santosh Pande.
In Proc. 3rd ACM Workshop on Forming an Ecosystem Around Software Transformation (FEAST'19 @ CCS'19), London U.K. 2019.
Is Less Really More? Towards Better Metrics for Measuring Security Improvements Realized Through Software Debloating [PDF]
Michael D. Brown and Santosh Pande.
In Proc. 12th USENIX Workshop on Cyber Security Experimentation and Test (CSET'19 @ Security'19), Santa Clara, CA 2019.
Expanded Paper: Is Less Really More? Why Reducing Code Reuse Gadget Counts via Software Debloating Doesn't Necessarily Indicate Improved Security. [PDF] Michael D. Brown and Santosh Pande. arXiv:1902.10880 [cs.CR]