Stephen McCamant
Assistant Professor
Department of Computer Science & Engineering
4-192 Keller Hall (mailing address) / 4-225E Keller Hall (office location)
200 Union St. SE.
University of Minnesota (Twin Cities)
Minneapolis, MN, 55455
This home page:
Office hours: Mondays 2-3pm, or by appointment. I am also usually available at least for short discussions whenever my office door is open.


We've released an updated version of the Flowcheck tool, with better compatibility with modern Linux systems.

We've promulgated a technical report from my project with Qiuchen Yan on Conservative Signed/Unsigned Type Inference for Binaries using Minimum Cut.


Since the fall of 2012 I'm an assistant professor here at the University of Minnesota. For the 2008-2012 academic years I was a postdoc and project scientist at the University of California, Berkeley.

I got my M.S. and Ph.D. at MIT, working with Michael Ernst (now at the University of Washington) and the Program Analysis Group. During this time I also spent the summer of 2005 at Microsoft Research in Redmond, working with Trishul Chilimbi on using dynamically-collected points-to sets to improve the efficiency of software model checking.

Prior to that I got my undergraduate B.A. in computer science at the University of California, Berkeley; while there, I worked with the Harmonia research group and helped out at the Open Computing Facility, among other things.

Though I've spent enough time in California and the East Coast to see some of their advantages as well, I am by birth a midwesterner: I was born and raised in Chicago and Evanston, Illinois. My mother's side of the family was from Minneapolis and I still have family here.


My primary research interest is applications of program analysis techniques for software security and correctness. This includes binary analysis and transformation, hybrids of dynamic and static analysis including symbolic execution, information flow and taint analysis, instruction-level hardening and isolation, and applications of decision procedures and proof-assistant tools.

FuzzBALL is a binary-level symbolic execution tool built on top of the BitBlaze platform. We've used it in several past projects and its source code is now available on GitHub.

Some of my previous projects have their own web sites:


I plan to put together a unified list of my research publications here in the future. Until then, my papers while at MIT (2002-2008) are available here on the PAG group's site, and my papers from UC Berkeley (2008-2012) are available from the BitBlaze publications list.

Prospective Students

I'm looking forward to meeting and potentially working with current and prospective Minnesota students whose research interests overlap with mine, including software security, binary analysis, symbolic execution, and testing and correctness. If you're a current student, please stop by my office (or email for an appointment) and introduce yourself.

If you're a prospective graduate student with interests in these areas, I encourage you to apply to Minnesota. Information about the application process is available from the department. I'd also be interested in corresponding with prospective grad students by email to discuss your and my research interests; David Evans has some good advice on how to do this productively.


Spring 2016: CSci 2021, Machine Architecture and Organization

Fall 2015: CSci 5271, Introduction to Computer Security

Spring 2015: CSci 2021, Machine Architecture and Organization

Fall 2014: CSci 5271, Introduction to Computer Security

Spring 2014: CSci 8271, Security and Privacy in Computing

Fall 2013: CSci 5271, Introduction to Computer Security (personal copy of old site)

Spring 2013: CSci 8980-1, Program Analysis For Security (personal copy of old site)

Course materials available for reuse:


During the spring of 2007, I worked as a TA in 6.001. My tutorial notes from the semester are available.

If you're developing or testing tools that operate on C source code, you might want to reuse my single-file versions of open-source programs.

As an exercise while teaching myself the ACL2 system, I proved a personal favorite result from pure mathematics, Goodstein's theorem. Here's the (uncommented) proof script.

Last updated: August 30th, 2016