Trevor Dunlap

Co-authored papers

2024

• VFCFinder: Pairing Security Advisories and Patches

  ACM ASIA Conference on Computer and Communications Security

  Trevor Dunlap, Elizabeth Lin, William Enck, and Bradley Reaves

  DOI PDF

  Our natural-language-to-programming-language model matches vulnerability reports to their fixing commits with 96.6% top-5 recall, backfilling over 300 missing patch links accepted into the GitHub Security Advisory database.

• Pairing Security Advisories with Vulnerable Functions Using Open-Source LLMs

  Conference on Detection of Intrusions and Malware and Vulnerability Assessment

  Trevor Dunlap, John Speed Meyers, Bradley Reaves, and William Enck

  DOI PDF

  Open-source LLMs can pinpoint which functions a security patch fixes, achieving 173% higher precision than treating all changed functions as vulnerable.

2023

• Diving into Robocall Content with SNORCall

  Proceedings of the USENIX Security Symposium

  Sathvik Prasad, Trevor Dunlap, Alexander Ross, and Bradley Reaves

  PDF Code Video Slides Data

  Applies weak-supervision labeling to 232,000 robocall transcripts, producing the first large-scale estimates of robocall scam prevalence and campaign infrastructure.

• Finding Fixed Vulnerabilities with Off-the-Shelf Static Analysis

  IEEE European Symposium on Security and Privacy

  Trevor Dunlap, Seaver Thorn, William Enck, and Bradley Reaves

  DOI PDF

  Differential Alert Analysis compares static analysis results across commits to discover silently fixed vulnerabilities with high precision, even when using noisy off-the-shelf SAST tools.

2022

• A Study of Application Sandbox Policies in Linux

  Proceedings of the ACM Symposium on Access Control Models and Technologies

  Trevor Dunlap, William Enck, and Bradley Reaves

  DOI PDF

  Flatpak and Snap sandbox policies improve Linux security, but frequent privilege mismatches between the two platforms for the same application reveal that defining least-privilege policy remains error-prone.