Billy Brumley Headshot

Billy Brumley

Professor

Department of Cybersecurity
Golisano College of Computing and Information Sciences
Department of Cybersecurity
Director of Research, GCI
Kevin O'Sullivan Endowed Professor in Cybersecurity

Office Location
Office Mailing Address
Cybersecurity Hall 70-1770, 100 Lomb Memorial Drive, Rochester, NY 14623

Billy Brumley

Professor

Department of Cybersecurity
Golisano College of Computing and Information Sciences
Department of Cybersecurity
Director of Research, GCI
Kevin O'Sullivan Endowed Professor in Cybersecurity

Education

Sc.D., Aalto University

Bio

A native Texan, Bill Brumley received his doctorate from Aalto University (Helsinki, Finland) in 2012. He is a former Staff Engineer for Qualcomm's Product Security Initiative (QPSI) in San Diego, California. He is a 2018 European Research Council (ERC) Starting Grant Laureate. Before joining RIT, he spent a decade as a Professor at Tampere University (Finland). He specializes in system security, cryptography engineering, and side-channel analysis.


Areas of Expertise

Currently Teaching

CSEC-522
3 Credits
Side-channel analysis (SCA) is an offensive security technique that targets not the formal description of a security-critical system, but the implementation of it. Examples of side channels include—but are not limited to—latency measurements, power consumption, electro-magnetic radiation, and acoustic emanations. This is a young but very active field within applied computer security. Modern processors are equipped with numerous features to improve the average performance of software, including—but not limited to—low-latency execution pipelines, various caches, prediction, speculative execution, and multi-layered parallelism. These mechanisms can often be used as side channels to attack implementations of security-critical systems by using leakage to recover critical data or state that should remain secret. This course provides an overview of these modern SCA concepts, explains how to establish and construct these channels, demonstrates how to apply SCA techniques, and furthermore basic methods to prevent them.
CSEC-535
3 Credits
The Free and Open-Source Software (FOSS) movement promotes the principles of software freedom, collaboration, and innovation, allowing users to access, modify, and share software without restrictions. FOSS is good for software security because it promotes transparency, allowing anyone to review the source code for vulnerabilities and ensuring that security flaws are more likely to be discovered and fixed quickly: "given enough eyeballs, all bugs are shallow" –Eric S. Raymond (Linus's law) In this course, we use OpenSSL—one of the most security-critical FOSS projects of our time—as a case study on the evolution of an FOSS project in response to vulnerabilities reported by security researchers. We study, discuss, and present their discovery, potential exploitation, mitigation, and disclosure. We also learn how to effectively contribute to FOSS projects.
CSEC-622
3 Credits
Side-channel analysis (SCA) is an offensive security technique that targets not the formal description of a security-critical system, but the implementation of it. Examples of side channels include—but are not limited to—latency measurements, power consumption, electro-magnetic radiation, and acoustic emanations. This is a young but very active field within applied computer security. Modern processors are equipped with numerous features to improve the average performance of software, including—but not limited to—low-latency execution pipelines, various caches, prediction, speculative execution, and multi-layered parallelism. These mechanisms can often be used as side channels to attack implementations of security-critical systems by using leakage to recover critical data or state that should remain secret. This course provides an overview of these modern SCA concepts, explains how to establish and construct these channels, demonstrates how to apply SCA techniques, and furthermore basic methods to prevent them. Students will also be exposed to current literature covering research in side-channel analysis. Students will program in C and need a strong understanding of the design of modern computer architectures.
CSEC-635
3 Credits
The Free and Open-Source Software (FOSS) movement promotes the principles of software freedom, collaboration, and innovation, allowing users to access, modify, and share software without restrictions. FOSS is good for software security because it promotes transparency, allowing anyone to review the source code for vulnerabilities and ensuring that security flaws are more likely to be discovered and fixed quickly: "given enough eyeballs, all bugs are shallow" –Eric S. Raymond (Linus's law) In this course, we use OpenSSL—one of the most security-critical FOSS projects of our time—as a case study on the evolution of an FOSS project in response to vulnerabilities reported by security researchers. We study, discuss, and present their discovery, potential exploitation, mitigation, and disclosure. We also learn how to effectively contribute to FOSS projects and we will explore vulnerability lifecycles of past open source software vulnerabilities.

In the News