My research interest lies in Computer Security and Privacy. Broadly, I am interested in applying techniques from formal verification and runtime monitoring in achieving provable security and privacy assurances of modern systems and protocols. I am also interested in applying formal verification and software engineering techniques to automatically detect functional bugs in network protocols and safety-critical cyber-physical and IoT systems.
SPRING 2017: I am currently looking for one or two motivated graduate students who are interested in tackling practical cyber security and privacy problems to join my group. If interested, please contact me through email.
SPRING 2017: Our paper titled "Analyzing Operational Behavior of Stateful Protocol Implementations for Detecting Semantic Bugs" has been accepted at IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2017. Congratulations Sze Yiu Chau and Endadul Hoque.
SPRING 2017: Our paper titled "SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations" has been accepted at IEEE S&P 2017. Congratulations Sze Yiu Chau and Endadul Hoque.
FALL 2016: [bugs] We tested axTLS 1.5.3 for RFC compliance and other vulnerabilities. The developers of axTLS acknowledged our findings of certain attributes of distinguished names being ignored, X.509 version number not being checked, certificates with unrecognised extensions are not being rejected, hhmmss of UTCTime being ignored, and an off-by-one error in interpreting the year of UTCTime. Fixes are planned to be implemented in upcoming releases.
FALL 2016: Joined the University of Iowa as an Assistant Professor of Computer Science.