OneO A Way Of Life

Be kind to yourself.
Heal within so your children don't have to heal because of you.
Be true, honest, authentic and lead by example.
Live consciously from the heart with gratitude, compassion, and empathy.
Don't look for others to validate who you are.
Learn to take some time out for yourself.
It's okay to say no, to something you do not want to do.
Don't get lost in your own game.
Don't be afraid to ask for help.

Welcome to the personal/professional homepage of Ilan Buzzetti the adoring husband of the lovely Angelica Li. As with all ineligible ex-bachelors he comports himself with dignity and good humour. He is in his 2nd year of doctoral studies, advised by the brilliant Kevin W. Hamlen in the scientific pursuit of Cybersecurity through Formal Methods. He conducts his work as part of a small and close-knit team at the University of Texas at Dallas, home to the feared Temoc and the revered Enarc, and is the grateful recipient of the NSF's creatively named CSGrad4US scholarship and UTD's esteemed Eugene McDermott Graduate Fellows Program.

This webpage is optimized for a download-now-read-later experience. The nav buttons use CSS selectors to hide and display the different webpages.

And now a word from the man himself...

Hello! And welcome to my homepage! This serves both personal and professional purposes, which I believe to be inseperable at the granularity of leaders. That is, the professional character of an organization is inseperable from the personal character of its leaders. I am a leader of the organization comprised exclusively of myself, thus it is important for professional relationships to get a sense of the leader's character, namely myself.

For potential personal relationships I think an idea of the person's profession is also relevant. A person's profession accounts for a large part of how they spend their time and mental effort. It shapes not only how they see the world, but which parts of the world they see. This latter aspect, in combination with their personal values, is critical for understanding their decisions and attitudes, and I think it is the foundation of what we conceive of as expertise.

Reading Recommendations

The Giving Tree - Shel Silverstein : this one doesn't need any explanation. It is timeless.
Be Nice to Spiders - Margaret Bloy Graham : very important for kids to read so they have a positive relationship with spiders.
The Malazan Book of the Fallen - Steven Erikson : the most life changing and engaging fiction series I have read.
The Potent Self - Moshe Feldenkrais : the intro and a quick skim is enough to have a thought provoking experience. I especially find his conceptualization of maturity to be useful in reflecting on my actions and responses to my environment.
The Ware Tetralogy - Rudy von Bitter Rucker : a fun science fiction tetralogy. Not much of those out there.
Dark Lord of Derkholm - Diana Wynne Jones : a fun D&D style fantasy. Wikipedia says it is a parody, I think it is a satire along the lines of the Hunger Games series.
Till Morning Comes - Han Suyin : a rich and captivating cross-nationality romance spanning 1940-1990 giving an engaging account of Chinese history and US-Sino relations in this era.

Film Recommendations

Johnny Keep Walking (English Title) : a hilarious chinese comedy you don't even need to understand the references to enjoy.
Moana : my favorite modern Disney film. Great fun, meaningful story, catchy soundtrack.
Shogun : a TV series displaying japanese culture. Pleasantly emotional.

Other Websites

Here are some more websites that I find interesting or useful. The views and opinions expressed on these sites do not necessarily reflect my own. Nor do I vouch for the security of these site. Indeed some of them insist on http. However, I do endorse the exploration of the web beyond the typical top 50 websites. There are many passionate, knowledgable, and well meaning people out there whom you will not find in the densely populated portions of cyberspace. Stay safe and stay curious.

Professors

John Cole · Gopal Gupta · Benjamin C. Pierce · Adam Chlipala · David Gries · Yiorgos Makris · Ramaswamy Chandrasekaran · Emily Fox · Michael Franz · Sanjeev Arora · Remzi H. Arpaci-Dusseau · Meera Sridhar · Andrej Bauer · Jeff Lei · Norman Ramsey · Scott Aaronson · Robert Harper · John Wickerson · E. W. Dijkstra · Abdussalam Alawini

Others

Phrack Magazine · BlueDwarf Social Network · Wiby Search Engine · Cheapskates Guide · Sizeof(Cat) · Internet Relics · Bicycle Info · Feldenkrais Project · Lysxia's blog · LandChad.net · FFMpeg · Afrigadget · Rachel By The Bay · HYTRADBOI · Ganssle Group · Jamie Brandon · Andrew Helwer · The Art Of Unix Programming · Tom Ryder · Julio Diegido · SDR · Image Hosting · Hyperlinked Text · DBooks · Anna's Archive

Research

I research formally verified binary hardening and vulnerability discovery and mitigation at the Software Languages Security Lab of the University of Texas at Dallas.

Among my proudest accomplishments is formally proving the functional correctness and safety properties of the strspn function from the musl C-library compiled for ARMv8. This work involved using our inhouse Coq framework, Picinae, to reason over a lifted version of the binary code without any reference to the source code (if any even exists). I am grateful to my labmate, Shreya Soman, for her indispensible help with the proof and especially with wrangling the complexity of the MapMaker invariant. You can see the Strspn diagram I made as a roadmap for this project below.

Resources

The list below captures my suggestions for learning and appreciating the tools I find useful in my research. It is lean in order to provide new learners a clear direction. There are so many resources available on the web newcomers are cursed with the daunting task of deciding where to start and deciphering what is relevant and what is not. It is free in order to not pose any monetary barriers to beginners and dabblers. If anything is not free then the link is outdated or I have made a mistake. I hope this list will help folks interested in this line of research take their first effortless steps.

Tool / Skill	Resources
Assembly	OpenSecurityTraining.info has a course. You can also look at this reference manual for the ARMv8-M architecture to see what that's like :)
Bash	I don't remember how I learned Bash, but this guide looks useful. Please note that learning Bash, and any language, is a marathon. You can't learn all of the fine details in your first sitting. It's an iterative process of learning and applying.
Coq	The canonical and indispensible resource for learning Coq is Volumes I & II of Software Foundations.
CLI Tools	I also don't remember how I learned CLI tools, but lukesmith's productivity videos (example) were a big inspiration. Recently, I found the Bandit wargame at overthewire.org to be a kind and joyful introduction to some linux and cybersecurity fundamentals.
Python	I recommend Automate The Boring Stuff , though note that Python is overkill for many things like text processing and file manipulation. A shell scripting language like bash is a more lightweight wrapper for the underlying cli tools that Python uses anyways. This inspiring video convinced me that programming fluency is a powerful aide to the powers of good.
Computer Science	I think teachyourselfcs.com has a great teaching / learning philosophy and learning recommendations. Their public advice is free, and itself is useful. Some of their textbooks aren't freely available, and their paid bootcamps I cannot attest to.

Opportunities

I am looking for interested and capable undergraduates to assist with a variety of projects to support and directly contribute to my research. The smaller projects are great for students that have developed skills but find themselves without a directed outlet to apply them. Sizeable projects will involve paid compensation; novel insights that spur research results will result in authorship credit in the relevant research publication. I am open to working with talented and mature high schoolers, but I will have to consult our legal department to see if there are any complications. You can see a list of projects and their basic requirements below.

Project Description	Skills Required / Developed
Restructure and add features to a Ghidra pcode to Picinae IL translator.	Python, Coq
Design and create a CVE explorer app using an offline copy of the NVD.	HTML, CSS, Javascript, Bash, cli tools
Create or polish an Assembly-to-CFG graph generator to produce graphs like the above.	Bash, cli tools, LLM integration (optional)
Picinae IL representation optimization - essentially create compiler optimization passes.	Coq, compiler optimization
Find new graph-query templates for finding possible software vulnerabiliites.	Binary exploitation, compilers, graph querying
Develop and prove functional correctness specifications for libc functions.	Coq/Picinae, assembly, formal methods

If you would like to work with me on any of these projects please follow these instructions.

Find / figure out my email. You do not need to break any laws to do this, so don't overthink it.
Send me an email with "SUNFLOWER Project" as the subject and the following contents.

Which project you'd like to work on.
A summary of what you bring to the table, including links to relevant pieces of your portfolio.
A summary of what you'd like to get from working together.
Optional: please read the question-asking guides linked below.

You'll do yourself and everyone you work with a favor by following these guides.

On the other hand there's this SO guide on answering questions.

Jon Skeet's checklist version is reproduced here:

Have you done some research before asking the question?
Have you explained what you’ve already tried to solve your problem?
Have you specified which language and platform you’re using, including version number where relevant?
If your question includes code, have you written it as a short but complete program?
If your question includes code, have you checked that it’s correctly formatted?
If your code doesn’t compile, have you included the exact compiler error?
If your question doesn’t include code, are you sure it shouldn’t?
If your program throws an exception, have you included the exception, with both the message and the stack trace?
If your program produces different results to what you expected, have you stated what you expected, why you expected it, and the actual results?
If your question is related to anything locale-specific (languages, time zones) have you stated the relevant information about your system (e.g. your current time zone)?
Have you checked that your question looks reasonable in terms of formatting?
Have you checked the spelling and grammar to the best of your ability?

Courses

I will be teaching an undergraduate course about logic programming in the fall of 2025. The intention is to provide students with Perspective, Joy, and Confidence with respect to Logic programming. A Perspective,or awareness, of what it is, what it can do, and how it is being used in commercial applications. An opportunity to experience the Joy of using it to express themselves and harnessing its problem solving powers. A Confidence that they can pick it back up when the time is right, even if they only find a use case that begs for it a decade down the line.

Course Outcomes

After this course you will be able to...

Reason about recursive relations.
Feel comfortable writing Prolog code and navigating the online documentation.
Proficiently use Constraint Logic Programming, Discrete Clause Grammers, and data structures to solve problems using Prolog.
Design and implement automated reasoning, planning, and search in a logic programming environment.
Understand ontologies, their structure, design, and implementation and implement a simple one yourself.
Translate natural language problems into formal specifications of correctness into logic programs that solve them.

Course Materials

Course Syllabus

Textbooks

The Art of Prolog - available for free at the publisher's website
The Power of Prolog - free
Knowledge Representation, Reasoning, and the Design of Intelligent Agents - available online for free through the UTD library
The Calculus of Computation - available online for free through the UTD library

Documentation

Course Content

Date	Topics
8/25/2025	Course Outline Diving straight into Prolog Diving back out - interface and atoms
8/27/2025	Existential and Universal Quantification Writing rules Backtracking Search and Unification Prolog builtins
9/1/2025	Putting it all together - Recipe Gosh Putting it all together - Trinary Numbers Lists Data Structures
9/3/2025	More data structures
9/8/2025	Putting it all together - Word Games! Data structures review Problem formalization / Solution specification Thinking recursively
9/10/2025	Overflow from last class
9/15/2025	Putting it all together - Prolog Interpreter Constraint Logic Programming Answer Set Programming
9/17/2025	Overflow from last class
9/22/2025	Automata DCGs
9/24/2025	Overflow from last class
9/29/2025	Demystifying prolog documentation Project structure Prolog IO
10/6/2025	MiniZinc intro
10/8/2025	More MiniZinc
10/13/2025	More MiniZinc
10/15/2025	More MiniZinc
10/20/2025	Programming Languages Hoare Triples and Proof Generation
10/22/2025	Trinary Numbers Revisited
10/27/2025	Prolog vs Datalog
10/29/2025	What is a combinatorial problem anywho?
11/3/2025	Beyond Prolog - What else is out there?
11/5/2025	Rocq Intro - Theorem Proving Continued
11/10/2025	Rocq Day 2
11/12/2025	Rocq Day 3
11/17/2025	Buffer Room
11/24/2025	Buffer Room
11/26/2025	Project presentations!
12/1/2025	Project presentations!
12/3/2025	Project presentations!
12/8/2025	Project presentations!