About me

PhD student at UC San Diego interested in computer security, including automatic vulnerability finding (and fixing), secure languages/runtimes, and side channels such as Spectre.

I am co-advised by Deian Stefan and Dean Tullsen, and anticipate completing my PhD in 2022.

As a PhD student, I have completed summer internships with Qualcomm and with Mozilla; the latter led to our paper Code That Never Ran (see Publications below). In summer 2021 I am interning with Correct Computation.

I graduated from Dordt University with a B.S.E in Computer Engineering and a B.A. in Mathematics. While there, I worked with Nathan Tintle in biostatistics / statistical genetics.

Open Source

I am the author and maintainer of a few Rust crates (libraries), most notably:

  • the Haybale symbolic execution engine for LLVM IR
  • the llvm-ir high-level safe API for interacting with LLVM IR
  • the boolector crate, which provides safe high-level bindings for the Boolector SMT solver


SoK: Practical Foundations for Spectre Defenses

Sunjay Cauligi, Craig Disselkoen, Daniel Moghimi, Gilles Barthe, Deian Stefan

[Full Text (arXiv preprint)]

Swivel: Hardening WebAssembly against Spectre

Shravan Narayan, Craig Disselkoen, Daniel Moghimi, Sunjay Cauligi, Evan Johnson, Zhao Gang, Anjo Vahldiek-Oberwagner, Ravi Sahita, Hovav Shacham, Dean Tullsen, Deian Stefan

USENIX Security Symposium 2021

[Full Text (pdf)]
Talk video and source code coming soon!

Automatically Eliminating Speculative Leaks from Cryptographic Code with Blade

Marco Vassena, Craig Disselkoen, Klaus v. Gleissenthall, Sunjay Cauligi, Rami Gökhan Kıcı, Ranjit Jhala, Dean Tullsen, Deian Stefan

Principles of Programming Languages (POPL) 2021

Distinguished Paper Award winner!
[Full Text (pdf)]
[Full Talk (video)] - my portion begins at about 10:15
[Source Code]
[Blog post in PL Perspectives]

Finding and Eliminating Timing Side-Channels in Crypto Code with Pitchfork

Craig Disselkoen, Sunjay Cauligi, Dean Tullsen, Deian Stefan


[Full Text (pdf)]
[Source Code]

Constant-Time Foundations for the New Spectre Era

Sunjay Cauligi, Craig Disselkoen, Klaus v. Gleissenthall, Dean Tullsen, Deian Stefan, Tamara Rezk, Gilles Barthe

Programming Language Design and Implementation (PLDI) 2020

[Full Text (pdf)]
[Video Abstract]
[Full Talk (video)]
[Source Code]

Retrofitting Fine Grain Isolation in the Firefox Renderer

Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Nathan Froyd, Eric Rahm, Sorin Lerner, Hovav Shacham, Deian Stefan

USENIX Security Symposium 2020

Distinguished Paper Award winner!
[Full Text (extended version) (pdf)]
[RLBox framework: Code Docs]
[Mozilla blog post on using RLBox in Firefox]
[Article in USENIX ;login: magazine]

Bringing Memory Safety to WebAssembly

Craig Disselkoen, John Renner, Conrad Watt, Tal Garfinkel, Amit Levy, Deian Stefan

Workshop on Hardware and Architectural Support for Security and Privacy (HASP) 2019

[Full Text (pdf)]

I gave a talk on an early version of this work at the 3rd Workshop on Principles of Secure Compilation (PriSC) in January 2019.

Code That Never Ran: Modeling Attacks on Speculative Evaluation

Craig Disselkoen, Radha Jagadeesan, Alan Jeffrey, James Riely

Authors listed alphabetically for this paper.

IEEE Symposium on Security and Privacy (S&P) 2019

[Full Text (pdf)]
[Talk (video)]
[Source Code]

Browser history re:visited

Michael Smith, Craig Disselkoen, Shravan Narayan, Fraser Brown, Deian Stefan

USENIX Workshop on Offensive Technologies (WOOT) 2018

[Full Text (pdf)]

Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX

Craig Disselkoen, David Kohlbrenner, Leo Porter, Dean Tullsen

USENIX Security Symposium 2017

[Full Text (pdf)]
[Talk (video)]

Other Interests

I love making music; I play piano, drums, and concert percussion, and I also sing. I was in this parody music video produced by several UCSD CSE grad students for the 2019 department holiday party. I'm also a part of the La Jolla Symphony Chorus at UCSD.

I ride a Onewheel self-balancing electric skateboard, and I briefly blogged about my learning experience.

In January 2016 I was part of a trip to Nicaragua focused on computer science education in K-12 schools. We connected with a local group of Nicaraguan K-12 computer science teachers, introducing them to an affordable, low-maintenance, and low-power computer called the Raspberry Pi as a solution for school computer labs. I remain interested in ways to improve education (at all levels) and combat poverty around the world.

Contact / More Info

Find me on LinkedIn, Twitter, or by email.