David Molnar

• is a PhD candidate in computer science at UC-Berkeley.
• works with the amazing David Wagner.
• is on the market for research jobs in academia or industry. See my application materials.
• suggests you should move away from MD5.
• Check out my CV and three of my papers:
  1. "Automated Whitebox Fuzz Testing," P. Godefroid, M. Levin, and D. Molnar. Network Distributed Security Symposium (NDSS) 2008. We show that the technique of "dynamic test generation" scales to work with large commodity software, and we show that it finds bugs missed by static analysis, black-box fuzz testing, and human code review. Describes a system called SAGE that is now used daily within Microsoft. I continue to work in this area - see the SmartFuzz and Metafuzz links below for details.
     See papers that cite this paper!
  2. "Privacy and Security in Library RFID: Issues, Practices, and Architectures," D. Molnar and D. Wagner. ACM Computer and Communications Security (ACM CCS) 2004. We look at radio frequency identification (RFID) as applied to library books. In library RFID, each book or item has a "tag" that can be read remotely via radio. Because reading habits are sensitive, this raises privacy issues. We explain these issues, review systems that were extant at the time, and develop new protocols to improve privacy. Our work led directly to engagement with librarians and members of the public on the topic of RFID. Our paper also introduced the first protocol for symmetric key private authentication that scales sub-linearly in the number of participants.
     See papers that cite this paper!
  3. "Security and Privacy Issues in E-Passports", A. Juels, D. Molnar, and D. Wagner. IEEE SecureComm 2005. We critique the proposed deployment choices for U.S. "E-passports," passports that contain remotely readable chips with information about the bearer. We also submitted this paper as part of an Electronic Frontier Foundation comment to the U.S. State Department. Afterwards, the State Department announced changes in the E-passport deployment that are in line with our recommendations.
     See papers that cite this paper!
• works on SmartFuzz (formerly "catchconv"), a software testing tool that uses recent advances in constraint solvers to find security-relevant bugs in software.
• works on metafuzz, a web site for collecting and managing test cases that exhibit bugs in software, plus statistics about tools which found such bugs.
• is supported by the National Science Foundation.
• writes papers.
• does research.
• gives talks.
• no longer runs the Security Reading Group. See Cynthia Sturton's page instead.
• maintains a CV.
• keeps a list of grad schools in cryptography. Please send updates!
• sometimes posts to a weblog.
• reads things .
• relaxes sometimes (but not other times).
• drinks coffee.
• has a list of quotes that stick.
• has a gpg key.
• maintains some useful odds and ends.
• is also the name of a musician, a photographer, and a mathematician.
• wants you to submit to ACM Computer and Communications Security 2009 (Deadline: 20 April 2009)
• wants you to submit to IEEE SecureComm 2009 (Deadline: 31 March 2009)