William Blair, Boston University Computer Science

William Blair
PhD Candidate [cv]
Computer Science (SeclaBU, POPV)
Boston University
Email: wdblair at bu dot edu
Google Scholar

Research

I am a PhD candidate studying Computer Science at Boston University under the supervision of Manuel Egele and Hongwei Xi.

Recently, I have been researching language based security techniques to protect cloud services. I had the opportunity to investigate this cloud security topic while interning with the Cyber Security Intelligence (CSI) team at IBM Research where I participated in the DARPA Cyber-Hunting at Scale (CHASE) program. I also work on defenses that use memory protection keys (MPKs) available on recent Intel CPUs to improve applications' memory safety. This architectural security work was done as a part of the NSF Secure and Trustworthy Cyberspace (SaTC) Taming Memory Corruption with Security Monitors program.

Previously, I worked on a novel fuzz testing technique called micro-fuzzing to detect algorithmic complexity (AC) vulnerabilities in Java programs and libraries. This was done in collaboration with researchers from Boston University, Northeastern University, and UC Santa Barbara under the DARPA Space and Time Analysis for Cybersecurity (STAC) program. In addition to being used on challenges designed by defense contractors throughout the STAC program, our micro-fuzzing prototype, HotFuzz, has discovered AC bugs in widely used production libraries.

I am also interested in how advanced type systems can be used to improve the reliability and security of systems software. To test this idea, I periodically work on ATSFlight, a firmware for first person view (FPV) drones implemented in ATS, a statically typed functional programming language that features both dependent and linear types.

Education

MS in Computer Science
Boston University 2014
BA in Computer Science
Boston University 2012

Papers

MPKAlloc: Efficient Heap Meta-Data Integrity Through Hardware Memory Protection Keys[pdf][slides][code][cite]
William Blair, William Robertson, Manuel Egele.
In Proceedings of the Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA) 2022
HotFuzz: Discovering Temporal and Spatial Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing[pdf][cite]
William Blair, Andrea Mambretti, Sajjad Arshad, Michael Weissbacher, William Robertson, Engin Kirda, Manuel Egele.
In ACM Transactions on Privacy and Security (TOPS) 2022
FlexFilt: Towards Flexible Instruction Filtering for Security[pdf][cite]
Leila Delshadtehrani, Sadullah Canakci, William Blair, Manuel Egele, Ajay Joshi
In Proceedings of the Annual Computer Security Applications Conference (ACSAC) 2021
HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Guided Micro-Fuzzing [pdf][post][slides][talk][cite]
William Blair, Andrea Mambretti, Sajjad Arshad, Michael Weissbacher, Engin Kirda, William Robertson, Manuel Egele
In Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS) 2020
Dependent Types for Multi-Rate Data Flows in Synchronous Programming [pdf][code][cite]
William Blair, Hongwei Xi
In Post-Proceedings of the ACM Workshop on ML 2015

Patents

Stateful Microservice-Aware Intrusion Detection[doc]
Frederico Araujo, William Blair, Teryl Paul Taylor.
US Patent Application US17/216,215 2022
Intrusion Detection in Micro-Services through Container Telemetry and Behavior Modeling[doc]
Frederico Araujo, Teryl Paul Taylor, Jiyong Jang, William Blair.
US Patent Application US17/071,055 2022

Talks

Symbolic Modeling of Micro Services for Intrusion Detection
Poster Session: IEEE Symposium on Security and Privacy, May 2021
Microservice-Aware Reference Monitoring through Hybrid Program Analysis
FloCon 2021, CMU Software Engineering Institute (SEI)
HotFuzz: Fuzzing for Space and Time Vulnerabilities in Java Programs
DARPA Space and Time Analysis for Cybersecurity P.I. Meeting, Apogee Research, February 2019.
Continuum: Finding Space and Time Vulnerabilities in Java Programs
DARPA Space and Time Analysis for Cybersecurity P.I. Meeting, August 2016.
Side Channels and Worst Case Behavior in Java
Northeastern-WPI Seminar on Systems Security June 2016.
Using a Portfolio of SMT Solvers in Software Development
New England Programming Languages Symposium (NEPLS), Tufts University, November 2015.
Dependent Types for Real-Time Constraints [talk]
ACM SIGPLAN ML Family Workshop at The International Conference on Functional Programming (ICFP)
Vancouver, Canada, September 2015.
Integrating SMT into Software Development
New England Programming Languages Symposium (NEPLS), Wesleyan University, June 2015.
Debugging with Types in ATS[talk]
Boston Haskell Meetup, December 2014.

Teaching
I have served as a T.F. for the following courses.

CS210: Computer Systems (Spring 2021)
CS630: Graduate Design and Analysis of Algorithms (Fall 2020)
CS530: Graduate Design and Analysis of Algorithms (Fall 2019)
CS111: Introduction to Computer Science (Spring 2015)
CS111: Introduction to Computer Science (Fall 2014)
CS211: iOS Application Development (Spring 2014)

Misc

Expander Graphs [notes]
Quicksort [animation][code]