As a Technical Leader in the Advanced Security Initiatives Group at Cisco Systems, I work to identify and mitigate security weaknesses and vulnerabilities in Cisco products and services. I received my Ph.D. in Computer Science from the University of California, Davis where I studied under Hao Chen in the UC Davis Computer Security Lab. My research focus is computer security including privacy preserving technologies, censorship resistance, information flow security, and web security. Previously, I participated in work on evading network-based signature generation systems for polymorphic worms -- a line of work that I began during a brief stint in the the Computer Security Group at UC Santa Barbara under Giovanni Vigna. For more information on my research, please see my publication list.
Publications
The Security of NTP's Datagram Protocol. Aanchal Malhotra, Matthew Van Gundy, Mayank Varia, Haydn Kennedy, Jonathan Gardner, and Sharon Goldberg. In Proceedings of the 21st International Conference on Financial Cryptography and Data Security (FC 2017), Malta, April 2017.
[paper] [BibTeX]Multi-party Off-the-Record Messaging. Ian Goldberg, Berkant Ustaoglu, Matthew Van Gundy, and Hao Chen. In Proceedings of the Sixteenth ACM Conference on Computer and Communications Security (CCS), Chicago, IL, November 2009.
[paper] [slides] [BibTeX] [Errata]Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks. Matthew Van Gundy and Hao Chen. In Proceedings of the Sixteenth Annual Network & Distributed System Security Symposium (NDSS), San Diego, CA, February 2009.
[paper] [slides] [BibTeX]Feature Omission Vulnerabilities: Thwarting Signature Generation for Polymorphic Worms. Matthew Van Gundy, Hao Chen, Zhendong Su, and Giovanni Vigna. In Proceedings of the Twenty-Third Annual Computer Security Applications Conference (ACSAC), Miami, FL, December 2007.
[paper] [BibTeX]Catch Me, If You Can: Evading Network Signatures with Web-based Polymorphic Worms. Matthew Van Gundy, Davide Balzarotti, and Giovanni Vigna. In Proceedings of the First USENIX Workshop on Offensive Technologies (WOOT), Boston, MA, August 2007.
[paper] [BibTeX]
Recent Public Talks
SSnO-nos: Finding and exploiting common OAuth pitfalls. Cisco Offensive Summit, May 2018. [slides]
Complex Paths and Derelict Sentinels: software engineering underpinnings of recent NTP vulnerabilities. Invited Talk. Language-Theoretic Security (LangSec) IEEE Security & Privacy Workshop, San Jose, California, May 2016.
[video] [slides]Security Evaluation of NTP. Invited Talk. Linux Collaboration Summit, Lake Tahoe, California, March 2016.
[slides]
Public Vulnerabilty Disclosures
- CVE-2017-14474–CVE-2017-14481: Multi-Master
Replication Manager for MySQL mmm_agentd Remote Command
Injection Vulnerabilities
(CVE-2017-14474, CVE-2017-14475, CVE-2017-14476, CVE-2017-14477, CVE-2017-14478, CVE-2017-14479, CVE-2017-14480, and CVE-2017-14481) - CVE-2016-9042: Network Time Protocol Origin Timestamp Check Denial of Service Vulnerability
- CVE-2016-9311: Network Time Protocol Trap Crash Denial of Service Vulnerability
- CVE-2016-9310: Network Time Protocol Control Mode Unauthenticated Trap Information Disclosure and DDoS Amplification Vulnerability
- CVE-2016-7428: Network Time Protocol Broadcast Mode Poll Interval Enforcement Denial of Service Vulnerability
- CVE-2016-7427: Network Time Protocol Broadcast Mode Replay Prevention Denial of Service Vulnerability
- CVE-2016-1550: Network Time Protocol libntp Message Digest Disclosure Vulnerability (with Stephen Gray, independently reported by Loganaden Velvindron)
- CVE-2016-1549: Network Time Protocol Ephemeral Association Sybil Vulnerability
- CVE-2016-1547: Network Time Protocol Crypto-NAK Preemptable Association Denial of Service Vulnerability (with Stephen Gray)
- CVE-2015-8140: Network Time Protocol ntpq Control Protocol Replay Vulnerability (with Matthew Street)
- CVE-2015-8139: Origin Leak: Network Time Protocol ntpq and ntpdc Origin Timestamp Disclosure Vulnerability
- CVE-2015-8138: 0rigin: Network Time Protocol Origin Timestamp Check Impersonation Vulnerability (with Jonathan Gardner)
- CVE-2015-7871: NAK to the Future: NTP Symmetric Association Authentication Bypass Vulnerability
- CVE-2006-0868: Multiple injection vulnerabilities in PHP PEAR::Auth DB and LDAP backends
Acknowledgments
Any illustrations on this site were graciously created by Jessi, my dear wife.