I'm a faculty member at CMU, where I work on program correctness for security. I did my PhD student at Stanford with Dawson Engler (and often collaborating with Deian Stefan at UCSD). I graduated from Stanford in 2016 with a BA in English Literature, advised by Elaine Treharne.

Publications

Lightweight, modular verification for WebAssembly-to-native instruction selection.
Alexa VanHattum, Monica Pardeshi, Chris Fallin, Adrian Sampson, Fraser Brown.
ASPLOS 2024. [pdf]

Bounded verification for finite-field-blasting (in a compiler for zero knowledge proofs).
Alex Ozdemir, Riad Wahby, Fraser Brown, Clark Barrett.
CAV 2023.

The ghost is the machine: weird machines in transient execution.
Ping-Lun Wang, Fraser Brown, Riad Wahby.
WOOT 2023. Best student paper award!

Silph: a framework for scalable and accurate generation of hybrid MPC protocols.
Edward Chen, Jinhao Zhu, Alex Ozdemir, Riad Wahby, Fraser Brown, Wenting Zheng.
Oakland 2023.

WaVe: a verifiably secure WebAssembly sandboxing runtime.
Evan Johnson, Evan Laufer, Zijie Zhao, Shravan Narayan, Stefan Savage, Deian Stefan, Fraser Brown.
Oakland 2023. Distinguished paper award!

Unifying compilers for SNARKs, SMT, and more.
Alex Ozdemir, Fraser Brown, Riad S. Wahby.
Oakland 2022. [pdf]

High-level, high-speed, high-assurance crypto.
Jonathan Cogan, Fraser Brown, Alex Ozdemir, Riad S. Wahby.
PriSC 2021.

Trust but verify: SFI safety for native-compiled Wasm.
Evan Johnson, David Thien, Youssef Alessi, Shravan Narayan, Fraser Brown, Stefan Savage, Deian Stefan.
NDSS 2021.

Sys: a static/symbolic tool for finding good bugs in good (browser) code.
Fraser Brown, Deian Stefan, Dawson Engler.
Usenix Sec 2020. [pdf]

Towards a verified range analysis for JavaScript JITs.
Fraser Brown, John Renner, Andres Nötzli, Sorin Lerner, Hovav Shacham, Deian Stefan.
PLDI 2020. [pdf]

FaCT: a DSL for timing-sensitive computation.
Sunjay Cauligi, Gary Soeller, Brian Johannesmeyer, Fraser Brown, Riad S. Wahby, John Renner, Benjamin Grégoire, Gilles Barthe, Ranjit Jhala, Deian Stefan.
PLDI 2019. [pdf]

Browser history re:visited.
Michael Smith, Craig Disselkoen, Shravan Narayan, Fraser Brown, Deian Stefan.
WOOT 2018. [pdf]

Towards verified, constant-time floating-point operations.
Marc Andrysco, Andres Nötzli, Fraser Brown, Ranjit Jhala, Deian Stefan.
CCS 2018. [pdf]

FaCT: A flexible, constant-time programming language.
Sunjay Cauligi, Gary Soeller, Fraser Brown, Brian Johannesmeyer, Yunlu Huang, Ranjit Jhala, Deian Stefan.
SecDev 2017. [pdf].

Finding and preventing bugs in JavaScript bindings.
Fraser Brown, Shravan Narayan, Riad S. Wahby, Dawson Engler, Ranjit Jhala, Deian Stefan.
Oakland 2017. [pdf]

Superhacks: Exploring and preventing vulnerabilities in browser binding code.
Fraser Brown.
PLAS 2016. [pdf]

Lifejacket: Verifying precise floating-point optimizations in LLVM.
Andres Nötzli, Fraser Brown.
SOAP 2016. [pdf]

How to find bugs using orders of magnitude less code.
Fraser Brown, Andres Nötzli, Dawson Engler.
ASPLOS 2016. [pdf]
(Conference version available here.)

Some bugs

A favorite bug: logic error in the Firefox JIT's range analysis

Browser CVEs:

• 2020-26960 (use-after-free)
• 2020-12417 (assertion failure)
• 2020-6822 (out-of-bounds access)
• 2020-6444 (uninit memory)
• 2019-5827 (out-of-bounds access)
• 2019-9805 (uninit memory)
• 2018-6137 (history sniffing)

Browser bounties:

• use-after-free in Firefox
• assertion failure in Firefox
• uninit memory in Firefox's Prio (set of 3)
• out-of-bounds access in SQLite as exposed by Chrome (set of 13)
• out-of-bounds access in Chrome audio codec
• history sniffing in Chrome
• use-after-free in Chrome's PDFium
• use-after-free in Chrome's PDFium