Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
 
Contact Information
Name: Alexey Smirnov
Email: alexey (at) gmail (dot) com [email concealed]
Location: Dzerzhinsk, , Russian Federation
Resume
Position/Title: Security Researcher
Resume: ALEXEY I SMIRNOV

DOB: June 28, 1981

CITIZENSHIP: Russian

ADDRESS: Petrisheva 14-632,Dzerzhinsk, Nizhegorodskaya obl.,606037, Russia

PHONE: 7-8313-226952

E-MAIL: alexey (at) gmail (dot) com [email concealed]

HOMEPAGE: http://alexeysmirnov.name

OBJECTIVE

Find a challenging research or development position in the area of computer security. I have designed, implemented, and evaluated an innovative buffer-overflow attack signature and patch generation tool. The automatically generated signatures are context aware and represent each packet as a regular expression. The automatically generated patches resemble human-generated ones thus reducing patch development time from days to hours if not minutes.

EDUCATION

09/2002 - 09/2006

Studied in the Ph. D. program in Computer Science, Department of Computer Science, State University of New York

at Stony Brook. Advisor Prof. Tzi-cker Chiueh.

09/2002 - 05/2005

M.S. in Computer Science, Department of Computer Science, State University of New York

at Stony Brook. Final GPA 4.0/4. Advisor Prof. Tzi-cker Chiueh.

09/1997 - 06/2002

Diploma of Specialist in Computer Science, Nizhny Novgorod State University,

Nizhny Novgorod, Russia. Final GPA 5.0/5.

WORK EXPERIENCE

12/2006 - 08/2007

Senior Lecturer, Department of Information Systems and Technologies, Dzerzhinsk Polytechnic Institute (Dzerzhinsk, Russia)

(lectured and gave recitals for the following courses: Informatics, Information Protection, Computer Architecture, Information Technology. Supervised 1 undergraduate student).

06/2003 - 09/2006

Research Assistant, Research Foundation of SUNY at Stony Brook (Stony Brook, NY, United States)

(worked under supervision of Prof. Tzi-cker Chiueh in a number of projects in the systems area).

09/2002 - 05/2003

Teaching Assistant, Department of Computer Science, SUNY at Stony Brook (Stony Brook, NY, United States)

(graded homeworks and held office hours for CSE373 Analysis of Algorithms,

CSE504 Compilers, CSE306 Operating Systems).

11/2000 - 07/2002

Contractor, Intel Corporation, Microprocessor Research Lab (Nizhny Novgorod, Russia)

(worked on open-source Light Field Mapping project and its MPEG4 standardization; worked on an open research problem ╓ relighting of image-based models).

TEXTBOOK

D. Batishchev, V. Kostyukov, N. Starostin, and A. Smirnov. Population-genetic approach to set cover problem, Nizhny Novgorod State University Publishing, 2004, in Russian. ISBN: 5857464775.

REFEREED PAPERS

1. A. Smirnov, R. Lin, and T.-C. Chiueh. PASAN: Automatic Patch and Signature Generation for Buffer Overflow Attacks, In Proc. of 8th International Symposium on Systems and Information Security, 2006 (SSI'06). BEST PAPER AWARD

2. A. Smirnov and T.-C. Chiueh. DIRA: Automatic Detection, Identification, and Repair of Control-Hijacking Attacks, In Proc. of 12th Network and Distributed System Security Symposium, 2005 (NDSS'05).

3. A. Smirnov and T.-C. Chiueh. A Portable Implementation Framework for Intrusion-Resilient Database Management Systems, In Proc. of International Conference on Dependable Systems and Networks, 2004 (DSN'04).

4. S. Skiena and A. Smirnov. Sequence Assembly for Single Molecule Methods. Abstract at the 3rd Annual RECOMB Satellite Meeting on DNA Sequencing Technologies and Computation, 2003.

5. A. Smirnov, S. Molinov, D. Simakov, R. Grzeszczuk. Light Field Mapping: A Method for Progressive and Interactive Visualization of Surface Light Fields. In Proc. of GraphiCon 2002.

TECHNICAL REPORTS

1. A. Smirnov et al. GNU C Compiler Internals. Wikibook. http://en.wikibooks.org/wiki/GNU_C_Compiler_Internals

2. A. Smirnov. RADARBOR: Automatic Detection and Repair of Buffer Overflow Attacks. Technical Report, ECSL, SUNY Stony Brook, 2006.

3. Smirnov and T.-C. Chiueh. A User-Level Development Environment for In-Kernel Network Protocol/Extension Implementations. Technical Report, ECSL, SUNY Stony Brook, 2005.

4. A. Smirnov and T.-C. Chiueh. An Implementation of a FIR filter on a GPU. Technical Report, ECSL, SUNY Stony Brook, 2005.

5. A. Smirnov and T.-C. Chiueh. Compiler Support for Automatic Undo Code Generation. Technical Report, ECSL, SUNY Stony Brook, 2004.

6. J. Chen, S. Skiena, A. Smirnov. Assembly for Short- and Long-Read Sequencing Technologies (Extended Abstract). Technical Report, Algorithms Lab, SUNY Stony Brook, 2003.

7. I. Smirnov, A. Smirnov, J. W. Caruthers, and A. I. Khil'ko. Tomographic reconstruction of spatially-localized inhomogeneties in oceanic waveguides, Preprint #538, Institute of Applied Physics of Russian Academy of Sciences, 2000. In Russian.

UNITED STATES PATENT #6,919,889

R. Grzeszczuk, A. Smirnov, M. H. Chu. Compression of surface light fields, July 19, 2005.

RESEARCH PROJECTS

SUPERVISED RESEARCH AT SUNY STONY BROOK

* PASAN: Automatic Patch and Signature Generation for Network Buffer-Overflow Attacks (http://research.alexeysmirnov.name/pasan). In this project we developed a tool that can generate the signature of a buffer-overflow attack and a patch that eliminates the vulnerability from the source code once an attack is detected. In short, we applied dynamic slicing techniques in the security context. The generated signatures are multi-packet where each packet is represented as a regular expression. PASAN improves on previous research efforts because it is possible to generate a signature from just one attack instance whereas a large amount of malicious network data was required previously. The automatically generated patches are similar to those that programmers generate. This simplifies their addition to the source code base. A member of a team of 2 developers.

* DIRA: A compiler for Detection, Identification, and Repair of control-hijacking Attacks (http://www.ecsl.cs.sunysb.edu/dira). Developed DIRA compiler that can instrument

the source code of a program so that it becomes resilient to buffer overflow attacks. Once such an attack is detected, the program can

automatically undo attack effects, identify the malicious packets, and continue normal execution. DIRA is

a patch to GCC. Single developer.

* RDB: Repairable Database Systems (http://www.ecsl.cs.sunysb.edu/rdb). Developed a portable

implementation framework that can render a commercial DBMS intrusion-resilient without modifying its internals. The fully

operational prototype was successfully applied to Oracle, Sybase, and PostgreSQL. Single developer.

* DUSK: Develop in Userland inStall in Kernel. (http://www.ecsl.cs.sunysb.edu/dusk) Designed and implemented a tool for developing kernel extensions such as Netfilter modules in userland and installing them in the kernel. DUSK is implemented as an extension to GCC. It instruments the source code written using the native kernel API and creates a user-level program. Therefore, no code changes are required to port the code to the kernel mode when the development is finished. Single developer.

INDEPENDENT RESEARCH

* BOMJPACKET: Browsing Internet on a $100 phone (http://research.alexeysmirnov.name/bp). Displaying an HTML page on a low-end mobile phone is impossible because this is a computationally intensive process. WML language restricts HTML to facilitate displaying HTML-like pages on mobile devices. A tool that converts an arbitrary HTML page that can have a complex layout into a number of simplified WML pages has been developed. Compared to other phone browsers, for example a Java-based OperaMini, BomjPacket targets a broader audience because it only requires WAP connectivity and therefore is less resource demanding. Single developer.

OTHER

* LFM: Light Field Mapping (http://www.intel.com/research/mrl/research/lfm).

Worked on MPEG4 standardization, developed a DirectX and OpenGL compatible viewer of LFM models, worked on an open research problem

(relighting of LFM models). A member of a team of 6 people.

TEACHING EXPERIENCE

Taught the following courses in the SPRING 2007 semester at Dzerzhinsk Polytechnic Institute, Russia. Each course included lectures and recitals. Applied American educational standards in a Russian environment.

1. INFORMATICS (55 undergraduate students). An introductory course on using office applications in business planning.

2. INFORMATION PROTECTION (54 undergraduate students). A data-protection oriented computer security course. Used the following textbook: R. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems, Wiley Computer Publishing, 2001.

3. COMPUTER ARCHITECTURE (20 undergraduate students). A basic course on computer architecture. Used the following textbook: D. A. Patterson, J. L. Hennessy. Computer Organization and Design. The hardware/software interface, 2nd edition, Morgan Kaufmann Publishers, 1998.

4. INFORMATION TECHNOLOGY (12 graduate students). An introductory course on Web programming including HTML, CSS, Javascript, mobile technologies.

PRESENTATIONS

1. Mobile Technologies in Education, The Future of Technology Science, Nizhny Novgorod Polytechnic Institute, Nizhny Novgorod, Russia, May, 16, 2007.

2. PASAN: Automatic Patch and Signature Generation for Buffer Overflow Attacks, Fall Student Informatics Conference, Dzerzhinsk Poly Institute, Russia, November 28, 2006.

3. PASAN: Automatic Patch and Signature Generation for Buffer Overflow Attacks, Department of Computational Mathematics and Cybernetics, Nizhny Novgorod State University, Russia, October 10, 2006.

4. FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hijacking Attacks, Poster Session at the Organizing Workshop of Center for Information Protection, Stony Brook, NY, July 14, 2006.

5. GCC Hacks, Graduate Research Conference (GRC 2006), SUNY Stony Brook, Stony Brook, NY, April 21, 2006.

6. FORECAST: Fast Generation of Accurate Context-Aware Signatures of Control-Hijacking Attacks, Poster Session at the Polytechnic Institute's Cyber Security Awareness Week (CSAW 2005), Brooklyn, NY, November 14, 2005.

7. DIRA: Automatic Detection, Identification, and Repair of Control-Hijacking Attacks, DEFCON-13, Las Vegas, NV, July 31, 2005.

8. DIRA: Automatic Detection, Identification, and Repair of Control-Hijacking Attacks, NDSS'05, San Diego, CA, February 4, 2005.

9. RDB: Repairable Database Systems, Poster Session at the Polytechnic Institute's Cyber Security Awareness Week (CSAW 2004), Brooklyn, NY, November 10, 2004.

10. RDB: Repairable Database Systems, Poster Session at the Workshop on Information Assurance Education, Stony Brook, NY, August 5, 2004.

11. A Portable Implementation Framework for Intrusion-Resilient Database Management Systems, DSN 2004, Florence, Italy, July 1, 2004.

12. RDB Software Demo, Homeland Security Technology Exhibit, Brookhaven National Laboratory, Upton, NY, November 24, 2003.

13. Sequence Assembly for Single Molecule Methods. 3rd Annual RECOMB Satellite Meeting on DNA Sequencing Technologies and Computation, Stanford University, CA, May 18, 2003.

CONFERENCES ATTENDED

1. Microsoft Phoenix Tutorial at CGO-4, March 26, 2006, New York, NY.

2. SchmooCon 2006, January 2006, Washington DC.

PROFESSIONAL ACTIVITIES

1. ACM Professional Member.

2. TopCoder rated member.

3. Member of Computer Science Graduate Student Council, Department of Computer Science, SUNY Stony Brook (09/03 - 05/04). Organized Ongoing Research Seminar, International Dinner, Graduate Research Conference.

4. An external reviewer for DSN 2004.

AWARDS

1. Best score in Ph. D. Qualifying Examination, passed with honors, Computer Science Department, SUNY Stony Brook, May 2003.

2. Presidential Fellowship, SUNY at Stony Brook, 09/2002 ╓ 05/2003.

3. Fifth Place in ACM Greater New York Regional Programming Competition, 2002.

4. First Place in Stony Brook University Programming Competition, 2002.

5. Third Place in All-Russian Student Collegiate Competition in Applied Mathematics and Computer Science, 2000.

SKILLS

* LANGUAGES: C, C++, Java, Objective Caml, Scheme, ML, PHP, HTML, CSS, Javascript, WML, XML, XQuery, XSLT.

* OPERATING SYSTEMS: Linux 2.4, 2.6 (kernel development with particular focus on VFS and networking subsystems), Windows XP/2000/9x.

* TOOLS: GNU C Compiler Internals, Grammatech Codesurfer, OpenGL, DirectX, MATLAB, JDBC, LaTeX.

* DATABASES: Installation, administration, and performance optimization of the following DBMSs: Oracle 9.2.0, Sybase ASE 12.5, PostgreSQL 7.2.2.

REFERENCES

Available upon request.

 







 

Privacy Statement
Copyright 2009, SecurityFocus