Toby Murray

News

(archive)

Last Updated: January 2025

CSF 2025

I'm Program Chair for CSF'25, with Dominique Unruh, which is taking place this June in beautiful Santa Cruz hosted by the wonderful General Chairs Owen Arden and Mohsen Lesani. The final submission round is the Winter Cycle, whose submission deadline is February 4, AoE. Please submit your best work!

Social Media Ban and Online Age Assurance Commentary

Over the past few months I have provided extensive commentary on the Australian Government's recently-legislated social media ban, ongoing age assurance trial, and digital identity and attestation efforts. These have included several popular media pieces I have authored:

• Commentary on the Government's Trust Exchange (TEx) platform from August, in The Conversation;
• Advocating for the major tech platforms to work together on child safety features from September, in The Conversation;
• Explaining why strict social media bans are unlikely to be the best way to keep kids safe online with Shaanan Cohney from September, in Pursuit; and
• Explaining the government's ongoing Age Assurance technology trial from December, in The Conversation;

These expand on my commentary earlier in the year in The Conversation back in July when the media first began to focus on these topics.

Software Security Lecture I had an absolute blast giving a guest lecture on software security to COMP10001 students the other day. Thanks to the wonderful editing of Shaanan Cohney, the video is now live on YouTube: https://www.youtube.com/watch?v=maRUk-9HHsI. It gives my (somewhat biased) take on why software security is so hard to get right, and includes a demo of my LLM-based CTF challenge. I'd love your feedback! This lecture follows a string of talks I've given recently, including at the 2024 Australian Joint Conference on Artificial Intelligence.

Papers at ITP and FM 2024

Two of my fabulous PhD students each have papers respectively at ITP 2024 and FM 2024, two leading conferences in formal program verification. Pengbo Yan will present his recent work on verifying oblivious algorithms at FM, while Vincent Jackson will present at ITP an elegant formalisation of RGSep (a marriage of Rely-Guarantee and Separation Logic reasoning) via separation alegras. If you're attending either event, please check out their talks!

CrowdStrike Commentary

The large-scale outage caused by CrowdStrike on July 19 has offered a unique opportunity to shed light on better ways the cyber security industry can build their software, as well as to dispel some of the misinformation that has circulated since the outage. I've written multiple pieces on these topics including:

• A technical explainer on CrowdStrike Falcon for The Conversation;
• A personal blog post to try to clear up some of the confusion immediately after the incident;
• An analysis of the tradeoffs of current EDR technologies like CrowdStrike's for The Conversation;
• A deep dive personal blog post on what went wrong and why CrowdStrike's plan is inadequate; and
• A Q&A article published in the University of Melbourne's Pursuit.

My comentary on this issue has been picked-up widely across media in Australia and globally, including news.com.au, Nine news, SBS, Yahoo News UK, Kurdistan24, Nation Thailand and many more.

EDEFuzz wins Distinguished Paper Award at ICSE 2024

Over the past couple of years, my PhD student Lianglu Pan has been working on the first mechanical method for detecting Excessive Data Exposure (EDE) vulnerabilities in web applications. This method was devised in collaboration with Lianglu's PhD supervisors, Thuan Pham, Shaanan Cohney, and me. We're delighted to say that this work will appear at ICSE 2024. You can check out the paper online, which was recognised with a Distinguished Paper award. If you're attending ICSE, please say hi to Lianglu!

About Me

I am an academic in the School of Computing and Information Systems of the University of Melbourne. Prior to joining Melbourne in May 2016, I was employed in the Software Systems Research Group of NICTA (now Data61), and was a Conjoint Senior Lecturer in the school of Computer Science and Engineering of UNSW. I joined NICTA and UNSW in 2010 from Oxford, where I completed a D.Phil. (PhD) in Computer Science, awarded in 2011. Before moving to Oxford, I worked for the Defence Science and Technology Organisation after my undergraduate study at the University of Adelaide.

I live in Melbourne with my wife and two children, enjoy (and sometimes write and record) alternative music, and spend too much time on Twitter engaging a hot-cold obsession with Australian politics, security and privacy. I love great ales, informed by my days in Oxford, and rich reds, like any Adelaide native.

Research and Collaborations

My research is focused on the problem of how to build highly secure computing systems cost-effectively. As part of this, I work on ways to assess the security of computer systems, methods to ensure the absence of vulnerabilities in programs and systems, methods to detect vulnerabilities in programs, methods for designing secure systems, and related topics. Below is a snapshot of my current research projects.

Current Research Projects

My current research projects include the following. This list does not include PhD student projects that are yet to be made public.

• Proving Obliviousness of Probabilistic Programs
• EDEFuzz: Detecting excessive data exposure in web applications
• COVERN: Proving information flow security of concurrent programs
• Time Protection: Proving timing channel freedom for seL4
• Insecurity Logic: Proving that programs have security vulnerabilities, compositionally
• CATCH: Cybersecurity Assurance for Teams of Computers and Humans
• AFLTeam: Collaborative Parallel Fuzzing

Past and Dormant Research Projects

Some of my past and dormant research projects include the following.

• Cross Domain Desktop Compositor: A Usable and Secure Cross Domain Solution
• Verified Compilation for Concurrent Information Flow Security
• Eisbach: A Proof Method Language for Isabelle
• Proof Cost Estimation: Measuring and Predicting the Cost of Formal Verification
• Legion: Best-First Concolic Testing
• Cogent: A Programming Language Code and Proof Co-Generation for Systems Code
• Verified Information Flow Security for seL4
• Proving the Security of Capability-Based Programs

My Group

Researchers

Current postdocs:

• Aaron Bembenek

Current Research Assistants:

• James Tobler

Previous postdocs and Research Assistants:

• Robert Sison (now a senior postdoc at UNSW)
• Mukesh Tiwari (now a faculty member at Swansea University)
• Gidon Ernst (now a faculty member at LMU Munich)
• Christine Rizkallah (while at NICTA; previously a faculty member at UNSW Sydney, now faculty at University of Melbourne)
• Pengbo Yan (now a PhD student at University of Melbourne)
• Jack Zezula

Research Students

Current PhD students:

• Viet Hoang Luu (with Thuan Pham and Shaanan Cohney)
• Tian Qiu (with Thuan Pham and William Umboh)
• Wenqi Yan (with Thuan Pham and Ben Rubinstein)
• Faxing Wang (with Shaanah Cohney and Joseph Bonneau)
• Thanh Le-Cong (with Bach Le)
• Vincent Jackson (with Christine Rizkallah)
• Pengbo Yan (with Thuan Pham and Robert Sison)
• Lianglu Pan (with Thuan Pham and Shaanan Cohney)

Previous research students:

• Zhiyuan Zhang, University of Melbourne (PhD thesis: The Security Impact of Microarchitecture Optimizations ; co-supervised with Chitchanok Chuengsatiansup and Yuval Yarom)
• Mo Zhang, University of Melbourne (PhD thesis: Secure User-Driven Pairing with Implantable Medical Devices; co-supervised with Vassilis Kostakos)
• Renlord Yang, University of Melbourne (PhD thesis: An empirical analysis of the systemic performance of decentralised cryptocurrency systems; co-supervised with Udaya Parampalli and Renata Borovica-Gajic)
• Dongge Liu, University of Melbourne (PhD thesis: Software Testing with Monte Carlo Tree Search; supervised with Ben Rubinstein, Gidon Ernst, and Thuan Pham)
• Duc Than Nguyen, University of Melbourne (MPhil thesis: Foundations for Reasoning about Holistic Specifications; supervised with Ben Rubinstein)
• Robert Sison, UNSW (PhD thesis: Proving Confidentiality and Its Preservation Under Compilation for Mixed-Sensitivity Concurrent Programs; jointly supervised with Carroll Morgan and Kai Engelhardt)
• Daniel Matichuk, UNSW (PhD thesis: Automation for Proof Engineering: Machine-Checked Proofs At Scale ; co-supervised with Gerwin Klein)
• David (Knobby) Clarke, University of Melbourne (PhD thesis: Analyses of Java Programs over Weak Memory; co-supervised with Tim Miller and Antonette Mendoza)
• Yude Lin, University of Melbourne (PhD thesis: Symbolic Execution with Over-Approximation; co-supervised with Tim Miller and Harald Sondergaard)
• Sidney Amani, UNSW (PhD thesis: A Methodology for Trustworthy File Systems )
• Japheth Lim, UNSW (Honours thesis: Automatically Proving the Correctness of C Code Generation)
• Sudeep Kanav (Masters student from TU Munich, thesis: Compiler Verification for a Data Format DSL)

Working with Me

I'm always looking for motivated students to work with. Check out my page for prospective research students.

Papers

See my papers page.

Software and Artifacts

My group has developed various pieces of software, plus formal artifacts embedded in interactive theorem provers such as program logics and compilers. All are available under open source licenses.

Software

SecC: Verified Security for Concurrent C Programs

SecC is the first autoactive program verifier able to verify information flow security for concurrent C programs.

More Information ->

Legion: Principled Automatic Test Case Generation

Legion automatically generates test cases for programs, generalising traditional concolic testing and fuzzing, orchestrating program exploration via Monte-Carlo Tree Search.

More Information ->

Underflow: Compositional Vulnerability Detection for C Programs

Underflow is the first first automatic tool able to compositionally detect memory-safety and information-leakage vulnerabilities in C programs.

More Information ->

Algovis: Rudimentary, Interactive Algorithm Visualisation in Python

When teaching COMP90038 - Algorithms and Complexity (2021--2022) I created a simple visualisation framework to allow introductory algorithms students to interactively visualise the various algorithms, and to experiment with variations on those algorithms, to better understand them.

More Information ->

Artifacts

Under-Approximate Relational Program Logic: How to Prove your Program is Insecure

A general-purpose logic that enables one to perform under-approximate reasoning about relational properties, and the fist logic able to prove when programs are insecure.

More Information ->

SecRSL: How to Prove Efficient, Concurrent Programs Secure

The first security separation program logic able to reason about C11's weak memory concurrency features used by highly-efficient concurrent C programs.

More Information ->

VERONICA: Verified Secure Declassification for Concurrent Programs

VERONICA is a verification method, embedded in the Isabelle/HOL theorem prover, for verifying secure declassification policies for concurrent programs.

More Information ->

Security Concurrent Separation Logic (SecCSL): Proving Concurrent C Programs Information-Flow Secure

A program logic for concurrent C-like programs with pointers, arrays etc., for proving they do not leak sensitive information.

More Information ->

COVERN Compiler: Verified Secure Compilation for Concurrent Programs

The COVERN Compiler is a proof-of-concept compiler embedded in the Isabelle/HOL theorem prover that provably preserves information flow security when compiling concurrent programs.

More Information ->

COVERN Logic: Verified Security for Concurrent Programs

The COVERN logic, embedded in the Isabelle/HOL theorem prover, allows one to prove that concurrent programs do not leak sensitive information.

More Information ->

Bugs

Like any researcher who works on security, my work necessarily involves discovering bugs in software. As somebody who works on tools for proving things about programs (including the presence of bugs), my work not only uncovers bugs in ordinary programs but also bugs in programs that reason about other programs. Below is a list of some bugs I've uncovered in program analysis tools during my research:

• Facebook's Infer bug-finding tool: Issue 1676
• AdaCore's SPARK Prover for SPARK Ada: Issue 20
• The Nagini Python program verifier: Issue 152
• The certification procedure in Globally Robust Neural Networks: Issue 8, Issue 9

Teaching

In 2023, I am teaching:

• SWEN90010 - High Integrity Systems Engineering (Semester 1)
• COMP90074 - Web Security (Semester 2)

I previusly taught:

• COMP90038 - Algorithms and Complexity (2018--2022)
• SWEN90006 - Software Security & Testing (2016--2021)
• COMP4161 - Advanced Topics in Software Verification (2010, 2011, 2012, 2013, 2014 as Lecturer in Charge, 2015)
• COMP9241 - Advanced Operating Systems (Guest lecturer in Operating Systems Security, 2011, 2012, 2013, 2014, 2015)

I have also taught half-day courses to industry on topics including:

• Separation Logic
• Software Model Checking for C code using CBMC

If your company develops software and would like to know how you can more easily detect and remove bugs during development, and would like to know more, please get in touch.

Service

I am a Research Integrity Advisor, serve as an undergraduate Academic Advisor, as well as regularly chairing Academic Misconduct Committee hearings, amongst other things. I am also Deputy Director of the Defence Science Institute.

I am an Associate Editor for IEEE Security & Privacy and ACM Transactions on Privacy and Security (TOPS), and serve on a range of Program Committees (see below). I am a member of IFIP's WG 1.7 on Theoretical Foundations of Security Analysis and Design and WG 2.3 on Programming Methodology.

Steering Committees

• IEEE Computer Security Foundations Symposium (2023--2027)
• International Conference on Formal Methods in Software Engineering (FormaliSE) (2023--2025)
• ACM Workshop on Programming Languages and Analysis for Security (PLAS) (2016--2020)

Edited Books

• Proceedings of the 2023 IEEE/ACM 11th International Conference on Formal Methods in Software Engineering (FormaliSE)
• Proceedings of the 21st Workshop on Formal Techniques for Java-like Programs (FTfJP 2019)
• Journal of Computer Security, Special Issue on Verified Information Flow Security - Volume 25, Issue 4-5, 2017
• Proceedings of the 2016 ACM Workshop on Programming Languages and Analysis for Security (PLAS)

Program Committees

2026

• ACM CCS - Formal Methods and Programming Languages Track

2025

• CSF 2025 (senior chair)
• PLAS 2025

2024

• CSF 2024 (co-chair)

2023

• ACM CCS 2023
• PLDI 2023
• CSF 2023
• USENIX Security 2023
• FormaliSE 2023 (Co-Chair)

2022

• SecDev 2022
• ACM CCS 2022
• PriSC 2022
• USENIX Security 2022
• CSF 2022
• CPP 2022

2021

• HotSpot 2021 (Chair)
• PLAS 2021
• PAVeTrust 2021
• OOPSLA 2021 (ERC)
• SecDev 2021
• ASE 2021 Student Research Competition
• ACM CCS 2021
• PLDI 2021
• USENIX Security 2021
• CC 2021
• CSF 2021

2020

• SecDev 2020
• PLDI 2020 (ERC)
• CSF 2020
• POST 2020
• ESOP 2020
• ICISS 2020

2019

• FTfJP 2019 (Co-Chair)
• SecDev 2019
• ENTROPY 2019
• FCT 2019
• CPP 2019

2018

• ICFEM 2018 Doctoral Symposium
• OCAP 2018
• IEEE SecDev 2018
• iFM 2018

2017

• IEEE SecDev 2017
• OCAP 2017
• CSF 2017
• FCS 2017
• TMPA 2017
• EuroS&P 2017

2016

• CRTS 2016
• PLAS 2016 (Co-Chair)

2015

• CRTS 2015
• SSV 2015 (Co-Chair)
• PLAS 2015
• POPL 2015 (External Review Committee)

2014

• SSV 2014

2013

• CPP 2013

2012

• SSV 2012

2010

• DCDP 2010