Publications

A Broad Comparative Evaluation of Software Debloating Tools [PDF]

Michael D. Brown, Adam Meily, Brian Fairservice, Akshay Sood, Jonathan Dorn, Eric Kilmer, and Ronald Eytchison 

arXiv:2312.13274 [cs.SE]

VulChecker: Graph-based Vulnerability Localization in Source Code [PDF]

Yisroel Mirsky, George Macon, Michael D. Brown, Carter Yagemann, Matthew Pruett, Evan Downing, Sukarno Mertoguno, and Wenke Lee 

In 31st USENIX Security Symposium, Anaheim, CA 2023.

A Broad Comparative Evaluation of x86-64 Binary Rewriters [PDF]

Eric Schulte, Michael D. Brown, and Vlad Folts. 

In Proceedings of the 15th Workshop on Cyber Security Experimentation and Test Virtual, 2022

Not So Fast: Understanding and Mitigating Negative Impacts of Compiler Optimizations on Code Reuse Gadget Sets  [PDF]

Michael D. Brown, Matthew Pruett, Robert Bigelow, Girish Mururu, and Santosh Pande. 

In Proceedings of the ACM on Programming Languages Volume 5, Issue OOPSLA. Presented at SPLASH 2021, Chicago, IL 2021.

CARVE: Practical Security-Focused Software Debloating Using Simple Feature Set Mappings [PDF]

Michael D. Brown and Santosh Pande. 

In Proc. 3rd ACM Workshop on Forming an Ecosystem Around Software Transformation (FEAST'19 @ CCS'19), London U.K. 2019.

Is Less Really More? Towards Better Metrics for Measuring Security Improvements Realized Through Software Debloating [PDF]

Michael D. Brown and Santosh Pande.

In Proc. 12th USENIX Workshop on Cyber Security Experimentation and Test (CSET'19 @ Security'19), Santa Clara, CA 2019.

Expanded Paper:  Is Less Really More? Why Reducing Code Reuse Gadget Counts via Software Debloating Doesn't Necessarily Indicate Improved Security. [PDF]   Michael D. Brown and Santosh Pande.  arXiv:1902.10880 [cs.CR]