Twitter | Search | |
snupe
Computer Scientist; Reverse Engineer; Program Analysis; PL/FM; Hardware Security; Fuzzing; Rust; Former Research Professor; Aspiring Rapper
20
Tweets
640
Following
8,078
Followers
Tweets
snupe retweeted
Dr Heidy Khlaaf (هايدي خلاف) Dec 15
In the past three years of working on large safety critical systems, I've learned that verification isn't the real problem, but it's writing specifications. Don't @ me.
Reply Retweet Like
snupe Dec 14
Replying to @Aaaaaaa93564923 @aatxe
Oxide from is interesting. See his paper and the related works section.
Reply Retweet Like
snupe Dec 12
Replying to @silviocesare
The key is that it takes a significant amount of time investment to be good at something, whether it be exploit dev or say boxing. Very few professors have real exploit dev experience, therefore it is difficult for them to really comprehend the necessary methods to teach.
Reply Retweet Like
snupe retweeted
John Regehr Sep 19
memory tagging should be a game changer for C and C++; get with the program, and !!
Reply Retweet Like
snupe Oct 26
Replying to @pepijndevos
Sure, but at what cost? ;)
Reply Retweet Like
snupe Oct 26
Replying to @DanSwinhoe
Definitely not "unhackable", but pretty good memory safety.
Reply Retweet Like
snupe Oct 26
Replying to @BenLaurie
Also, if memory serves correct, CHERI does not protect against data-only use after free attacks. So not exactly exact ;)
Reply Retweet Like
snupe Oct 26
Replying to @BenLaurie
Well maybe you should broaden your scope a bit and look beyond memory safety? For instance, how does CHERI enforce a policy for a mission critical system such that X can never happen before Y?
Reply Retweet Like
snupe Oct 9
The Rust programming language has significant potential to be impactful with respect to software security, particularly as the formal verification tools for the language mature.
Reply Retweet Like
snupe Aug 15
Formal Methods is the answer to ending CPU side channel attacks:
Reply Retweet Like
snupe Aug 9
Bruce Schneier is trying to hawk badges. I guess times are rough bro?
Reply Retweet Like
snupe Aug 8
It was just explained to me by a prominent security company that "symbolic execution" is the same thing as "dynamic taint analysis."
Reply Retweet Like
snupe retweeted
Stephen Watt Mar 15
Pretty smart move of Beto to let the world know about his being a member of CDC.... that way when oppo research tries to dig up dirt from his past, nobody can accuse him of being a hacker!
Reply Retweet Like
snupe retweeted
andreasdotorg Jul 21
The 70s called, they want their Lisp Machine architecture back.
Reply Retweet Like
snupe retweeted
Renata Hodovan 26 Jul 17
with grammar without writing grammar? New release of is out!
Reply Retweet Like
snupe retweeted
DARPA Mar 14
ICYMI: we're bringing our SSITH hardware defenses to the 2019 & 2020 Voting Villages! SSITH aims to demo that correctly constructed electronics can be a substantive part of a system’s security by limiting the impact of errors made within the software stack.
Reply Retweet Like
snupe retweeted
Emin Gün Sirer 23 May 18
So many academics forget that our goal, as a profession, is *not* to publish papers. It's to change the world.
Reply Retweet Like
snupe Jun 17
Contrary to popular belief, riscv-boom is vulnerable to Spectre attacks.
Reply Retweet Like
snupe retweeted
Dr Heidy Khlaaf (هايدي خلاف) 20 Nov 18
I never understood the fear mongering behind ML systems becoming self-aware. My first research project in Uni was on ML and I had the revelation that although powerful, they were utterly stupid, so I switched to PL. 10 years later, verifying DNNs, my god are they still stupid.
Reply Retweet Like
snupe Jun 16
Perhaps the most underrated security/verification research:
Reply Retweet Like