Fraser Brown

I'm a PhD student at Stanford University advised by Dawson Engler (and working with Deian Stefan at UCSD). I'm interested in using technqiues from programming languages to make systems more secure. Lately, I've been focusing on web browsers, trying to (1) verify existing parts of browser JITs with minimal developer interaction and (2) find bugs using symbolic execution. I graduated from Stanford in 2016 with a BA in English Literature, advised by Elaine Treharne.

Publications

Sys: a static/symbolic tool for finding good bugs in good (browser) code.
Fraser Brown, Deian Stefan, Dawson Engler.
Usenix Sec 2020. [pdf]

Towards a verified range analysis for JavaScript JITs.
Fraser Brown, John Renner, Andres Nötzli, Sorin Lerner, Hovav Shacham, Deian Stefan.
PLDI 2020. [pdf]

FaCT: a DSL for timing-sensitive computation.
Sunjay Cauligi, Gary Soeller, Brian Johannesmeyer, Fraser Brown, Riad S. Wahby, John Renner, Benjamin Grégoire, Gilles Barthe, Ranjit Jhala, Deian Stefan.
PLDI 2019. [pdf]

Browser history re:visited.
Michael Smith, Craig Disselkoen, Shravan Narayan, Fraser Brown, Deian Stefan.
WOOT 2018. [pdf]

Towards verified, constant-time floating-point operations.
Marc Andrysco, Andres Nötzli, Fraser Brown, Ranjit Jhala, Deian Stefan.
CCS 2018. [pdf]

FaCT: A flexible, constant-time programming language.
Sunjay Cauligi, Gary Soeller, Fraser Brown, Brian Johannesmeyer, Yunlu Huang, Ranjit Jhala, Deian Stefan.
SecDev 2017. [pdf].

Finding and preventing bugs in JavaScript bindings.
Fraser Brown, Shravan Narayan, Riad Wahby, Dawson Engler, Ranjit Jhala, Deian Stefan.
Oakland 2017. [pdf]

Superhacks: Exploring and preventing vulnerabilities in browser binding code.
Fraser Brown.
PLAS 2016. [pdf]

Lifejacket: Verifying precise floating-point optimizations in LLVM.
Andres Nötzli, Fraser Brown.
SOAP 2016. [pdf]

How to find bugs using orders of magnitude less code.
Fraser Brown, Andres Nötzli, Dawson Engler.
ASPLOS 2016. [pdf]
(Conference version available here.)

Talks

Towards a verified range analysis for JavaScript JITs. Full talk, lightning talk.

Finding and preventing bugs in JavaScript bindings. Full talk.

Browser Bugs

Some of these bugs may be blocked for security reasons. They will unblock over time!

My current favorite bug: logic error in the Firefox JIT's range analysis

Browser CVEs:

Browser bounties: