Systems and security researcher at Motorola (Lenovo), under the excellent guidance of Andrew Wheeler.

Doctorate at UIUC under the excellent guidance of Kirill Levchenko.

Master's and Bachelor's at UCSD.

Hardware and Software Protection Mechanisms

Empirical Security and Information Measurement

Static and Dynamic Program Analysis

mbland@motorola.com

bland@sdf.org

Well, big projects take some time. I'm working on [redacted] as well as a couple of other internal systems at Motorola to scrape together as much security and privacy as my brain can consistently muster. One of the most difficult and unsolvable problems in computer security & privacy is human factors. If you are familiar with the idea of a Fréchet space, humans are not a Fréchet space. (-;

If you are here wondering about a status update to my most recent 2025 LSS Talk, I am still working on this and other efforts to solve exploits for good, but there's a big gap between memory exploits and other attacks like RATs, etc.!

Beyond needing to convince AOSP to better support security patch application for open source Android alternatives, there's a whole heck of a lot of hardware and software work to do. The world needs our help! Feel free to reach out with any questions on how to get involved.

Check out the KSPP for Linux-side and LLVM dev meeting for updates on this that are not my own. A decent, clear implementation of ARM MTE application to cachelines is available in GrapheneOS's hardened malloc implementation, which is also worth checking out and experimenting with. IMO (at present), computer security probably needs a decent, fast, and uniform DBI framework to capture dynamic data use and allocation semantics, similar to DARPA's CHERI, but suitable for consumer devices and applicable directly to object files. But I might be wrong, lmk!

age1tzp8ww74dtfxxwr0qd8f235jtlp8klps5cmty4tgauzgqzrhnd3q97tfcs