Sergey Bratus

My web page at https://www.cs.dartmouth.edu/~sergey/ now redirects here. Links may be broken for a while.

Classes

Upcoming: [CS 69.19/269 Basics of Cyber Exploitation] in Winter 2025.

Current: I am teaching [CS 59 Programming Languages] this Fall 2024.

Previous: [CS 60 Networking] [CS 69.16/169, Basics of Reverse Engineering] [CS 59, Programming Languages] [CS 258, Advanced OS] [CS 65, Smartphone Programing] [CS 60, Computer Networks]

I also teach a variety of low-level networking and systems security reading courses such as "netreads"; ask if interested.

Bio

I am the Dartmouth College Distinguished Professor in Cyber Security, Technology, and Society and an Associate Professor of Computer Science. In 2018-2024 I served as a Program Manager at DARPA's Information Innovation Office (I2O), where I created multiple fundamental research programs in cybersecurity, resilience, and sustainment of critical software. You can read about them here.

My primary focus is on studying exploitation of systems and networks, and any ways of inducing unexpected computation (a.k.a. weird machines, unexpected, unintended, or emergent programming models in software or hardware). In a word, I believe that state-of-the-art hacking is already a distinct discipline of computer science, even though not formally recognized as such; this is where my main interest is.

I am interested in all aspects of cyber security, including Unix and Linux kernel security, software verification and cyber hardening, malware detection and reverse engineering (especially at the kernel and boot-stage firmware levels), wireless networking, digital radio, and visualizations of security-related information. I am interested in identifying and eliminating the root causes of software vulnerabilities, and I believe that this requires connecting state-of-the-art hacking with fundamental concepts of computer science. I believe that edge-of-the-art hacking has developed into a distinct discipline of computer science, even though not formally recognized as such, and that studying it is indispensable for building future computing systems we could finally trust.

Before coming to Dartmouth, I worked on Natural Language Processing systems at BBN Technologies (see [1, 2]).

Projects & interests

In May 2009 I provided an expert witness report for the Franklin Pierce Law Center's legal team led by Prof. Ashlyn Lembree defending Mavis Roy in UMG Recordings et al. v. Roy civil action lawsuit. This led to a research paper with Prof. Lembree on the general issues and challenges of trust in computer-generated evidence, presented the TRUST 2010 conference in Berlin, Germany. [local copy], [slides], [discussion on Bruce Schneier's blog]. More information about the case can be found on [Ray Beckerman's blog] and [ArsTechnica].

Hacking

Being much indebted to the hacker community for many things I learned from its amazingly rich sources, I tried to describe some trends in the hacker learning experience (the so-called "hacker curriculum") that distinguish it from the typical experiences of traditionally trained developers and CS students. We use some (implicit) principles of this "hidden curriculum" and related experiences in our teaching of Computer Security at Dartmouth.

Offsite collection of relevant materials: www.hackercurriculum.org.

Publications:

Personal

I received my undergraduate education at the Moscow Institute of Physics and Technology (aka Moscow Phystech), and my Ph.D. at Northeastern University (1999). Before coming to Dartmouth I worked at BBN Technologies on statistical learning methods in Natural Language Processing (NLP) for information extraction from natural English text, "text understanding", and similar topics.

My old homepage is at http://www.ccs.neu.edu/home/sbratus/.

My GPG public key.

[FSF Associate Member] Please support the Free Software Foundation, the people who brought us the GPL and are fighting to protect our freedom to write and change software.
Join EFF Today Don't care to have your research squashed by an unscrupulous vendor's bogus copyright claims or have all of your Internet traffic mined and monitored for undisclosed purposes? Please support the Electronic Frontier Foundation.