Photo: Cole Geddy/UVa | More Pictures

David Evans
Professor of Computer Science
University of Virginia

Rice Hall 507 - - Contact Information


My research seeks to create systems that can be trusted even in the presence of malicious attackers and that empower individuals to control how their data are used. This involves many traditional research areas, including security, software engineering, programming languages, cryptography, and networking. My research group's current work focuses mainly on two areas: secure computation and web/mobile security.

In Spring 2014, I am teaching cs4414: Operating Systems, which I first taught in Fall 2013. This is the first course to use the Rust programming language.

In 2012, I developed two open, on-line courses: cs101: Building a Search Engine (which has enrolled over 200,000 314,159 students) [Prospect Magazine, Chronicle, more...] and cs387: Applied Cryptography. These courses are both open enrollment, and anyone can join at any time for free.

Other courses I have taught recently include: an Applied Cryptography course for working engineers in a movie theater, a short course on string theory, a course on Great Works in Computer Science, cs1120: Introduction to Computing: Explorations in Language, Logic, and Machines (Fall 2011), a course on poker (Spring 2011), cs2220: Engineering Software (Fall 2010) and cs3102: Theory of Computation (Spring 2010).

I wrote two introductory computer science books, both of which are available as free downloads under a Creative Commons license, and as nicely printed color versions from

Dori-Mic and the Universal Machine!
(With Illustrations by Kim Dylla), 2014
A Tragicomic Tale of Combinatorics and Computability
for Curious Children of All Ages

"If only I had this book when I was a young student, I might have done something useful with my life like discover a new complexity class instead of dropping out and wasting my life on flipping pancakes, playing with basic blocks, and eradicating polo."
Gill Bates, Founder of Mic-Soft Corporation

Introduction to Computing:
Explorations in Language, Logic, and Machines

Introductory computer science coursebook, 2007-2012.

On-line version available from

I was the Founding Director of the Interdisciplinary Major in Computer Science (BA) for students in the College of Arts and Sciences that was approved in February 2006. I was Program Co-Chair for the 2010 IEEE Symposium on Security and Privacy ("Oakland"). I won the Outstanding Faculty Award (2009) from the State Council of Higher Education for Virginia.

I joined UVA's Computer Science Department in November 1999 after completing my PhD, SM and SB degrees at MIT.



Q: How realistic is the depiction of SIS in the James Bond films?
James Bond, as Ian Fleming originally conceived him was based on reality. But any author needs to inject a level of glamour and excitement beyond reality in order to sell. By the time the filmmakers focused on Bond the gap between truth and fiction had already widened. Nevertheless, staff who join SIS can look forward to a career that will have moments when the gap narrows just a little and the certainty of a stimulating and rewarding career which, like Bond's, will be in the service of their country.
Q: Why can't I download or write to you via this site?
SIS has kept this site browse only for security reasons.

All it took was for a University of Virginia student to finally outsmart the popular SMART cards... Falling into the wrong hands, this security loophole can be and will surely be used in high profile heists and break-ins, seemingly straight from a James Bond movie.
Hacked RFIDs Render Smart Cards Less Smarter, TrendLabs Malware Blog, 18 March 2008.

Except for the wire problem, the computer was a success. We could solve this with larger wires and by growing hair to cover our ears, a conspicuous style at the time, or persuade our reluctant wives to "wire up". We adjourned to consider.
Edward Thorp, on building computers with Claude Shannon

I am a little troubled about the tea service in the electronic computer building. Apparently the members of your staff consume several times as much supplies as the same number of people do in Fuld Hall and they have been especially unfair in the matter of sugar.... I should like to raise the question whether it would not be better for the computer people to come up to Fuld Hall at the end of the day at 5 o'clock and have their tea here under proper supervision.
Letter to John von Neumann (shown in George Dyson's talk on The birth of the computer)

More Quotes

I have the privilege of working with a team of extraordinary students, including both graduate and undergraduate students. If you are a UVa undergraduate or graduate student interested in joining my research group, please look over our project pages (linked below), browse our group blog, and send me email to arrange a meeting or drop by my office hours. If you are considering applying to our PhD program, please read my advice for prospective research students. If you think you are ready for graduate school, you may also want to try our previous pre-qualification exam [PDF]. Everyone is welcome at the Security Research Group meetings (subscribe to the mailing list for notifications).

UVa Students and Alumni at USENIX Security 2011

My research group is funded primarily by grants from the National Science Foundation (TC: Large: Collaborative Research: Practical Secure Two-Party Computation: Techniques, Tools, and Applications), Air Force Office of Scientific Research (Defending Against Hostile Operating Systems, FA9550-09-1-0539), and a Google Research Award.

Active Projects

We are developing tools and techniques for enabling efficient multi-party computation while preserving data privacy using a pipelined garbled circuits framework.
We are working on developing automated techniques to detect vulnerabilities in web applications, focusing on integration of single sign-on services.
Hardware, Languages, and Architectures for Defense Against Hostile Operating Systems with UC Berkeley, Harvard University, University of Illinois, Urbana-Champaign, and Stony Brook (AFOSR MURI)
We are developing an integrated suite of techniques for protecting applications from a hostile OS. Our work focuses on binding policies to data that are enforced when a program executes.

Recent Projects

Protect systems from sophisticated and motivated adversaries by automatically and continuously changing the attack surface of a running system.
We are investigating new approaches to cryptography, protocol, and system design to provide adequate security on low-power devices.
GuardRails with Jonathan Burket, Austin DeVinney, Casey Mihaloew (part of AFOSR MURI)
GuardRails is a secure web application framework that provides rich data policies for Ruby on Rails.
Side-Channel Analysis with Peter Chapman
We are developing a new method to find side-channel leaks in web applications and quantify their risk using a dynamic, black-box approach.
Protects vulnerable programs by storing security-critical data in a separate protected store.
Uses the disk processor to improve virus detection and response by recognizing viruses by their disk-level activity.
Genesis with Jack Davidson, John Knight, and Anh Nguyen-Tuong (DARPA)
Explores the potential for using automatically generated diversity at various levels of abstraction to protect computer systems.
Inexpensive Program Analysis (NASA, NSF CAREER)
Reducing the cost and improves the scalability of program analysis using lightweight static analysis (Splint).
Explores a systems framework that uses structured artificial diversity to provide high security assurances against large classes of attacks.
Perracotta with Jinlin Yang (NSF CPA)
Develops techniques for automatically inferring temporal properties of real world software using dynamic analysis.
Physicrypt (NSF ITR)
How computing in the physical world impacts security.
Social networking platforms integrate third-party content into the site and give third-party developers access to user data, posing serious privacy risks. We are developing a privacy-by-proxy design for a privacy-preserving API.
Programming the Swarm (NSF CAREER)
Getting sensible behavior from collections of unreliable, unorganized components.

Recent and Upcoming Conferences

Note: I have signed the Research Without Walls pledge, and only provide volunteer reviewing and organizing efforts to open access publications (effective May 2012).

34th IEEE Symposium on Security and Privacy (Oakland 2013), Program Committee Member
21st USENIX Security Symposium (USENIX Sec 2012), Program Committee Member
33rd IEEE Symposium on Security and Privacy (Oakland 2012), Program Committee Member
19th Network and Distributed System Security Symposium (NDSS 2012), Program Committee Member
20th USENIX Security Symposium (USENIX Sec 2011), Program Committee Member
32nd IEEE Symposium on Security and Privacy (Oakland 2011), Program Committee Member
18th Network and Distributed System Security Symposium (NDSS 2011), Program Committee Member
31st IEEE Symposium on Security and Privacy (Oakland 2010), Program Committee Co-Chair
17th Network and Distributed System Security Symposium (NDSS 2010), Program Committee Member
30th IEEE Symposium on Security and Privacy (Oakland 2009), Program Committee Co-Chair
NSF/IARPA/NSA Workshop on the Science of Security (Berkeley, Nov 2008), Lead Organizer

Death Valley


My teaching has been supported by an NSF CCLI Award (PDF) and University Teaching Fellowship (2001-2002, PDF). I won the Harold Morton Jr. SEAS Award for Teaching (2003-4), an All-University Teaching Award (2008), and an Outstanding Faculty Award (2009) from the State Council of Higher Education for Virginia. This essay explains my teaching philosophy.

I am writing an introductory computing textbook based on the cs200/cs150/cs1120 course.

I was the Founding Director of the Interdisciplinary Major in Computer Science, which became the most popular major taught by the Engineering School (until caps were instituted in 2013).

Selected Courses (Full List)

Outreach Courses
Engineering Cryptosystems (4-class course on building cryptographic systems for working engineers, taught at Tyson's Corner AMC Theater, October 2013)
Cryptography in World War II (4-class course for Jefferson Institute for Life-Long Learning)
Dragon Crypto (2-day cryptography course for middle school students)

Science is the greatest of all adventure stories, one that's been unfolding for thousands of years as we have sought to understand ourselves and our surroundings. Science needs to be taught to the young and communicated to the mature in a manner that captures this drama. We must embark on a cultural shift that places science in its rightful place alongside music, art and literature as an indispensable part of what makes life worth living.
Brian Greene, Put a Little Science in Your Life (New York Times, June 1, 2008)


My most visited page is my Advice for Prospective Research Students. I have also written some advice of giving talks, and collected my favorite advice from others.

My academic genealogy traces back to Gottfried Wilheim Leibniz.

I have taken some pictures including: Yellowstone, Glacier, Death Valley, Yosemite, Lawn Lighting, Nature near Charlottesville, China, and Bletchley Park. I also have pictures from my trips to World Cups: France 1998, Korea 2002, South Africa 2010.


My wife is pursuing a PhD in Mathematics at UVa (currently on leave).

Our daughter, Dorina Michelle, was born 29 June 2012. She made her first original computer science contribution at only eight months old, discovering the non-equivalence of the Kleene-* and Kleene-X operators. Since then, she has been focusing on languages and inputs and outputs.

Family pages: NeuroKitchen Arts Collective (my sister's project), my brother's blog, Science Serving Society (my Dad's site, focusing on traffic safety), Art Talks (by my Mom).