David Molnar

• is on the market for research jobs in academia or industry.
• See my CV.
• Read my research statement.
• Read my teaching statement.
• See three of my papers:
  1. "Automated Whitebox Fuzz Testing," P. Godefroid, M. Levin, and D. Molnar. Network Distributed Security Symposium (NDSS) 2008. We show that the technique of "dynamic test generation" scales to work with large commodity software, and we show that it finds bugs missed by static analysis, black-box fuzz testing, and human code review. Describes a system called SAGE that is now used daily within Microsoft. I continue to work in this area - see the SmartFuzz and Metafuzz links below for details.
     See papers that cite this paper!
  2. "Privacy and Security in Library RFID: Issues, Practices, and Architectures," D. Molnar and D. Wagner. ACM Computer and Communications Security (ACM CCS) 2004. We look at radio frequency identification (RFID) as applied to library books. In library RFID, each book or item has a "tag" that can be read remotely via radio. Because reading habits are sensitive, this raises privacy issues. We explain these issues, review systems that were extant at the time, and develop new protocols to improve privacy. Our work led directly to engagement with librarians and members of the public on the topic of RFID. Our paper also introduced the first protocol for symmetric key private authentication that scales sub-linearly in the number of participants.
     See papers that cite this paper!
  3. "Security and Privacy Issues in E-Passports", A. Juels, D. Molnar, and D. Wagner. IEEE SecureComm 2005. We critique the proposed deployment choices for U.S. "E-passports," passports that contain remotely readable chips with information about the bearer. We also submitted this paper as part of an Electronic Frontier Foundation comment to the U.S. State Department. Afterwards, the State Department announced changes in the E-passport deployment that are in line with our recommendations.
     See papers that cite this paper!
• Want more? See my other papers, visit metafuzz.com, or check out the code for SmartFuzz/Catchconv.