Any problem in computing can be solved
by adding another level of indirection
David Wheeler, Cambridge Computer Laboratory


A simple RPC library based on Google Protocol Buffers.

xv6p is an extension to the xv6 operating system that adds support for paging; this simple paging implementation was used as a pedagogical tool for an operating systems course.

Though it is based on the work of many researchers at the Paradyn project, I was largely responsible for the ParseAPI binary code parsing library.


Overview of program provenance research, Google Madison, April 2011. [slides | video]

ML Binary Code Analysis talk, Bowie, MD, January 2008. [slides]

Vitae [PDF]


Computer program binaries are the end result of a process that starts with an idea in a programmer's mind and culminates with an executable program. Along the way, the nascent program undergoes a variety of transformations: instantiation in a programming language, compilation by particular compiler with specific compilation options, and possible post-compilation transformation like link-time optimization or obfuscation or packing. We refer to the specific stages of this transformative process---from the program author down---as the program's provenance. The central hypothesis of our research is that evidence of this process remains encoded in program binaries, and can be recovered to give insight into how binaries were produced, with applications in software engineering and debugging, malware analysis, and digital forensics.

My dissertation, Six Years in Provenance, is available.


N. Rosenblum, X. Zhu, B. Miller "Who Wrote This Code? Identifying the Authors of Program Binaries", to appear in Proceedings of the 15th European Symposium on Research in Computer Security (ESORICS), Leuven, Belgium, September 2011.

E. Jacobson, N. Rosenblum, B. Miller. "Labeling Library Functions in Stripped Binaries", to appear in Proceedings of the 10th ACM SIGPLAN-SIGSOFT workshop on Program Analysis for Software Tools and Engineering (PASTE), Szeged, Hungary, September 2011.

N. Rosenblum, B. Miller, X. Zhu. "Recovering the Toolchain Provenance of Binary Code", to appear in Proceedings of the 20th International Symposium on Software Testing and Analysis (ISSTA), Toronto, Canada, July 2011.
[PDF | talk slides]

N. Rosenblum, B. Miller, X. Zhu. "Extracting Compiler Provenance from Program Binaries", Proceedings of the 9th ACM SIGPLAN-SIGSOFT workshop on Program Analysis for Software Tools and Engineering (PASTE), Toronto, Canada, June 2010.
[PDF | talk slides] © ACM

N. Rosenblum, X. Zhu, B. Miller, K. Hunt. "Learning to Analyze Binary Computer Code", Proceedings of the 23rd Conference on Artificial Intelligence (AAAI-08), Chicago, Illinois, July 2008.

N. Rosenblum, G. Cooksey, B. Miller. "Virtual Machine-Provided Context Sensitive Page Mappings", 4th International Conference on Virtual Execution Environments (VEE '08), Seattle, Washington, March 2008.
[PDF | PS | talk slides] © ACM

N. Rosenblum, X. Zhu, B. Miller, K. Hunt. "Machine Learning-Assisted Binary Code Analysis", NIPS 2007 Workshop on Machine Learning in Adversarial Environments for Computer Security, Whistler, British Columbia, Canada, December 2007.
[PDF | talk slides]


Aside from my doctoral research, I am interested in virtualization, particularly from a security context, and in operating and distributed systems in general. I also enjoy playing around in OS code, which tendency has been occasionally exploited.

CONTACT INFORMATION: CS 7360 nater@cs (608) 262-6623