About me

PhD student at UC San Diego interested in computer security, including automatic vulnerability finding (and fixing), secure languages/runtimes, and side channels such as Spectre.

I am co-advised by Deian Stefan and Dean Tullsen, and anticipate completing my PhD in 2022.

As a PhD student, I have completed summer internships with Qualcomm and with Mozilla; the latter led to our paper Code That Never Ran (see Publications below). In summer 2021 I am interning with Correct Computation.

I graduated from Dordt University with a B.S.E in Computer Engineering and a B.A. in Mathematics. While there, I worked with Nathan Tintle in biostatistics / statistical genetics.

Open Source

I am the author and maintainer of a few Rust crates (libraries), most notably:

  • the Haybale symbolic execution engine for LLVM IR
  • the llvm-ir high-level safe API for interacting with LLVM IR
  • the boolector crate, which provides safe high-level bindings for the Boolector SMT solver

Publications

Shravan Narayan, Craig Disselkoen, Daniel Moghimi, Sunjay Cauligi, Evan Johnson, Zhao Gang, Anjo Vahldiek-Oberwagner, Ravi Sahita, Hovav Shacham, Dean Tullsen, and Deian Stefan.

Swivel: Hardening WebAssembly against Spectre.

USENIX Security Symposium, 2021.
[Full Text (pdf)]
Talk video and source code coming soon!

Marco Vassena, Craig Disselkoen, Klaus v. Gleissenthall, Sunjay Cauligi, Rami Gökhan Kıcı, Ranjit Jhala, Dean Tullsen, and Deian Stefan.

Automatically Eliminating Speculative Leaks from Cryptographic Code with Blade.

Principles of Programming Languages (POPL), 2021.
Distinguished Paper Award winner!
[Full Text (pdf)]
[Full Talk (video)] - my portion begins at about 10:15
[Source Code]
[Blog post in PL Perspectives]

Sunjay Cauligi, Craig Disselkoen, Klaus v. Gleissenthall, Dean Tullsen, Deian Stefan, Tamara Rezk, and Gilles Barthe.

Constant-Time Foundations for the New Spectre Era.

Programming Language Design and Implementation (PLDI), 2020.
[Full Text (pdf)]
[Video Abstract]
[Full Talk (video)]
[Source Code]

Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Nathan Froyd, Eric Rahm, Sorin Lerner, Hovav Shacham, and Deian Stefan.

Retrofitting Fine Grain Isolation in the Firefox Renderer.

USENIX Security Symposium, 2020.
Distinguished Paper Award winner!
[Full Text (extended version) (pdf)]
[RLBox framework: Code Docs]
[Mozilla blog post on using RLBox in Firefox]
[Article in USENIX ;login: magazine]

Craig Disselkoen, John Renner, Conrad Watt, Tal Garfinkel, Amit Levy, and Deian Stefan.

Bringing Memory Safety to WebAssembly.

Workshop on Hardware and Architectural Support for Security and Privacy (HASP), 2019.
[Full Text (pdf)]

I gave a talk on an early version of this work at the 3rd Workshop on Principles of Secure Compilation (PriSC) in January 2019.

Craig Disselkoen, Radha Jagadeesan, Alan Jeffrey, and James Riely.

Code That Never Ran: Modeling Attacks on Speculative Evaluation.

Authors listed alphabetically for this paper.

IEEE Symposium on Security and Privacy (S&P), 2019.
[Full Text (pdf)]
[Talk (video)]
[Source Code]

Michael Smith, Craig Disselkoen, Shravan Narayan, Fraser Brown, and Deian Stefan.

Browser history re:visited.

USENIX Workshop on Offensive Technologies (WOOT), 2018.
[Full Text (pdf)]

Craig Disselkoen, David Kohlbrenner, Leo Porter, and Dean Tullsen.

Prime+Abort: A Timer-Free High-Precision L3 Cache Attack using Intel TSX.

USENIX Security Symposium, 2017.
[Full Text (pdf)]
[Talk (video)]

Other Interests

I love making music; I play piano, drums, and concert percussion, and I also sing. I was in this parody music video produced by several UCSD CSE grad students for the 2019 department holiday party. I'm also a part of the La Jolla Symphony Chorus at UCSD.

I ride a Onewheel self-balancing electric skateboard, and I briefly blogged about my learning experience.

In January 2016 I was part of a trip to Nicaragua focused on computer science education in K-12 schools. We connected with a local group of Nicaraguan K-12 computer science teachers, introducing them to an affordable, low-maintenance, and low-power computer called the Raspberry Pi as a solution for school computer labs. I remain interested in ways to improve education (at all levels) and combat poverty around the world.

Contact / More Info

Find me on LinkedIn, Twitter, or by email.