Students

Research Students of David Evans

Yan Huang, PhD candidate (Computer Science) — analyzing obfuscated code

Jeffrey Shirley, PhD candidate (Computer Science) — user-intent based access control

Randolph Yu Yao, PhD candidate (Computer Engineering) — RFID privacy and security

PhD Students

Undergraduate Researchers

Richard Hsu (since summer 2008) — scene-based CAPTCHAs

Rachel Lathbury (since summer 2008) — linguistics and security

Paul DiOrio (since summer 2008) — linguistics and security

Prospective Students

I am always happy to exchange email with UVa students looking for research projects. My primary research area is computer security which includes software security, applications of cryptography, system security and network security. I will also supervise outstanding students interested in other areas.

If you are a current UVa undergraduate student, visit our research group blog to learn about what is going on in our group, and send me an email to arrange a meeting. All students are also welcome (and encouraged) to attend our Security Research Lunches. Visit http://groups.google.com/group/uva-cs-sec to sign up for the mailing list. I generally prefer to find first or second year students so you have sufficient time to do something interesting before you graduate, but I have also been known to accept exceptional third or fourth year students.

If you are a current UVa graduate student looking for a research advisor, look at my research websites and some of our papers. If the kind of work we do seems interesting to you, contact me to arrange a meeting, preferably to discuss some of your own original research ideas.

If you are interested in coming to UVa to do a graduate degree, please feel free to contact me (but it would be a good idea to read my advice for prospective students first). I will be on sabbatical for the 2008-2009 academic year, but looking for new students who are planning to start PhD programs in fall 2009.

Graduated PhD Students

Karsten Nohl, Computer Engineering PhD Spring 2009

Thesis: Implementable Privacy for RFID Systems, January 2009

Winner of ECE Rader Graduate Research Award, 2008

Selected Papers:

Reverse-Engineering a Cryptographic RFID Tag (with Starbug, and Henryk Plotz), USENIX Security 2008, August 2008.

Hiding in Groups: On the Expressiveness of Privacy Distributions, 23^rd International Information Security Conference (SEC 2008), Milan, Italy, September 2008. [PDF]

Quantifying Information Leakage in Tree-Based Hash Protocols, Eigth International Conference on Information and Communications Security (ICICS), Raleigh, North Carolina, December 2006. [PDF] [Technical Report (UVA-CS-2006-20): PDF]

Nathanael Paul — Computer Science PhD 2008

Thesis: Disk-Level Malware Detection, May 2008

Selected Papers:

Comparing Java and .NET security: Lessons Learned and Missed, Computers & Security, July 2006. [PDF, HTML]

Thermal Attacks on Storage Systems (with Sudhanva Gurumurthi), 14^th NASA Goddard, 23^rd IEEE Conference on Mass Storage Systems and Technologies, College Park, Maryland, May 2006. [PDF]

Where's the FEEB?: The Effectiveness of Instruction Set Randomization (with Ana Nora Sovarel), 14^th USENIX Security Symposium, Baltimore, MD, August 2005. [PDF, HTML]

.NET Security: Lessons Learned and Missed from Java, Twentieth Annual Computer Security Applications Conference (ACSAC 2004), December 2004, Tucson, Arizona. [PDF]

Election Security: Perception and Reality, IEEE Security and Privacy, January-February 2004. [PDF]

Authentication for Remote Voting (with Avi Rubin and Dan Wallach), Workshop on Human-Computer Interaction and Security Systems, April 2003. [PDF]

First employment: Postdoc, Vrije Universiteit Amsterdam (Andrew Tanenbaum)

Jinlin Yang — Computer Science PhD 2007

Thesis: Automatic Inference and Effective Application of Temporal Specifications, May 2007

Selected Papers:

Perracotta: Mining Temporal API Rules From Imperfect Traces (with Jinlin Yang, Deepali Bhardwaj, Thirumalesh Bhat, and Manuvir Das). ICSE 2006. May 2006.

Automatically Inferring Temporal Properties for Program Evolution , ISSRE 2004, November 2004. [PDF]

Dynamically Inferring Temporal Properties. ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE 2004). [PDF]

Software: Perracotta
First Employment: Microsoft Center for Software Excellence (Redmond, WA)

Graduated Masters Students

Benjamin Cox — UVA MCS 2006

Security through Redundant Data Diversity , 38^th IEEE/IFPF International Conference on Dependable Systems and Networks, Anchorage, Alaska, June 2008. [PDF]

N-Variant Systems: A Secretless Framework for Security through Diversity , 15^th USENIX Security Symposium, Vancouver, BC, August 2006. Talk slides: [PPT, PDF]

Software: N-Variant Systems Framework
First employment: Northrop Grumman (Charlottesville, VA)

Ana Nora Sovarel — UVA MCS 2006

Automatic Identification and Protection of Security-Critical Data

Where's the FEEB?: The Effectiveness of Instruction Set Randomization, USENIX Security 2005, August 2005. [PDF] [HTML]

First employment: UVa Hospital (Medical Informatics)

Lingxuan Hu — 2004

Localization for Mobile Sensor Networks, Tenth Annual International Conference on Mobile Computing and Networking (ACM MobiCom 2004). [PDF] Talk Slides [PPT]

Using Directional Antennas to Prevent Wormhole Attacks, Network and Distributed System Security Symposium, February 2004. [PDF]

Secure Aggregation for Wireless Networks, Workshop on Security and Assurance in Ad hoc Networks. January, 2003. [PDF]

Software: MCL Simulator (Monte Carlo Localization)
First employment: Microsoft (Redmond, WA)

Selvin George — UVA MCS 2003

EnviroTrack: Towards an Environmental Computing Paradigm for Distributed Sensor Networks, The 24th International Conference on Distributed Computing Systems. Tokyo, Japan. March 23-26, 2004. [PDF]

A Biological Programming Model for Self-Healing, First ACM Workshop on Survivable and Self-Regenerative Systems, October 2003. [PDF]

A Biologically Inspired Programming Model for Self-Healing Systems, Workshop on Self-Healing Systems (WOSS'02), November, 2002. [PDF]

Software: CellSim
First employment: Yahoo!

Greg Yukl — UVA MCS 2003

In-Line Source Code Generation

David Larochelle — UVA MCS 2002

Statically Detecting Likely Buffer Overflow Vulnerabilities, 2001 USENIX Security Symposium, Aug 2001. (PDF, HTML, 13 pages)

Software: Splint
First employment: Ounce Labs

Joel Winstead — UVA MS 2002

MS Thesis: Structured Exception Semantics for Parallel Loops, January 2002.

First employment: Cigital

Weilin Zhong — UVA MCS 2002

When Ants Attack: Security Issues for Stigmergic Systems, UVA TR 2002-23.

First employment: Cigital (Current employment: Aspect Security)

Andrew Twyman — MIT MEng '99 (co-supervised with John Guttag)

MEng Thesis: Flexible Code Safety for Win32 (winner of MIT Masterworks Prize)

Software: Naccio (Win32)
First Employment: Maker Communications (acquired by Conexant)
Current Employment: Liquid Machines

Undergraduate Research Alumni

Currently in PhD Programs

John Calandrino (2002) — University of North Carolina (PhD expected 2009) (working with James Anderson on real-time scheduling for multicore platforms) (RTSS 2006: [PDF], Euromicro 2007: [PDF])

Adrienne Felt (2006-2008) — UC Berkeley; privacy protection for social networking APIs, mashup security issues; CRA Outstanding Undergraduate Award Finalist 2008; SEAS Outstanding Student Award 2008

Christopher Frost (2003-2004) — UCLA (working on the Featherstich File System Project with Eddie Kohler) (SOSP 2007 paper: [PDF])

Salvatore Guarnieri (2003-2006) — University of Washington (working on securing software with Dan Grossman and Yoshi Kohno); CRA Outstanding Undergraduate Award Finalist in 2006

William (GJ) Halfond (2002) — Georgia Tech (working on web application security with Alessandro Orso) (FSE 2007: [PDF], TSE 2007: [PDF], FSE 2006: [PDF], ASE 2005: [PDF], WODA 2005: [PDF]

Felipe Huici (2001) - University College London (working on mitigating denial-of-service attacks with Mark Handley and Brad Karp) (SIGCOMM Review 2007 paper: [PDF])

Jonathan McCune (2001-2003) — CMU (PhD expected 2009) (working with Adrian Perrig and Mike Reiter on trusted computing) (EuroSys 2008: [PDF], ASPLOS 2008: [PDF], Oakland 2007: [PDF], USENIX Tech 2006: [PDF], Oakland 2005 (Seeing is Believing): [PDF], Oakland 2005 (Detection of Denial of Message Attacks): [PDF]); CRA Outstanding Undergraduate Honorable Mentionee in 2003

Matt Spear (2005-2006) — UC Davis (working with Karl Levitt and Felix Wu on peer-to-peer security) (Infocom 2008: [PDF], ICC 2008: [PDF])

Other Alumni

Meghan Knoll (summer 2007) — spyware
Carly Simpson (summer 2007) — security applications of GPUs
Michael Peck (2003-2004) — Johns Hopkins University
David Friedman (2002) — Johns Hopkins University
Adam Trost (2001-2002) — UVa Law School
Ryan Persaud (2001) — UCSD

Completed Senior Theses

Adrienne Felt — Privacy Protection for Social Networking, May 2008.

Samuel Baumgardner — Combining Software Components using Artificial Intelligence, May 2006.

Salvatore Guarnieri — Automatically Hardening Web Applications Using Precise Tainting, May 2006. (Finalist in University Undergraduate Research Symposium, April 15, 2005; co-author and presenter of paper at Twentieth IFIP International Information Security Conference, Chiba, Japan, May 2005; USENIX Security Symposium short talk, August 2005.)

Jacob McPadden, Solving Intractable Problems Using a Learning Agent: Can an Agent Learn to Deal with the Unknown Variables in Poker?, May 2006.

Matthew Spear, BianFu: Anonymity Guarantees in a Token Network, May 2006.

Qi Wang, Securing Hotel Video Distribution Networks, May 2006.

Andrew Paul Connors (Applied Mathematics), Finding an Optimal Collusive Strategy for a Simplified Game of Poker, March 2005.

Doug Anthony Greene (Computer Engineering), A Taxonomy for PHP Security Vulnerabilities, March 2005.

John Franchak (Cognitive Science Distinguished Major Thesis, second reader), March 2005.

Aaron Michael Karp, Using Execution Side Effects to Create Trusted Distributed Environments, March 2005.

Evong Nham, Improving Communication in Wireless Sensor Networks with Geographically Targeted Messaging, March 2005.

Dan Vinh Nguyen, Analyzing Password Recovery, March 2005.

Yuan-Yao (Jeffrey) Chang — 802.11 Person-In-Middle (PiM) Attacks: Implementation and Practical Solutions, 23 March 2004. [PDF] May 2004.

Christopher Frost — Amorphous Shape Mapping, 7 May 2004. [PDF, Web Page]

Jackson Kwok — A Wireless Protocol to Prevent Wormhole Attacks, 23 March 2004. [PDF]

Ben Maskell — Preventing Software Piracy, May 2004.

Michael Peck — Improving the Usability of the ESC/Java Static Analysis Tool, 25 March 2004. [PDF]

Anthony Aiello, Planners that Learn

Jonathan McCarrell McCune — Adaptability in Sensor Networks, 8 April 2003. [PDF]

Ankush Seth, Scalability and Communication within Swarm Computing, March 2003. [PDF]

Matthew Suhocki, How Biology forms Abstractions

Shobana Thyagarajan, Differentiating between Humans and Computers Remotely and Automatically

Nadim Barsoum — WIL: A Tool fo Web-data Extraction, March 2002.

Dev Batta - Finding a Give-And-Go In a Simulated Soccer Environment, April 2002.

John Calandrino — Applying Computer Network Flow Efficiency Techniques to Vehicular Traffic Systems, April 2002. (Graduate student at NC State University, Computer Science)

Giles Cotter - Generation of Pseudorandom Numbers From Microphone Input in Computing Devices, April 2002.

Mike Cuvelier - Behavior of Composed Swarm Primitives, March 2002.

Nicholas Dunnuck — An Ethical Analysis of the Goals and Methods of Developing Artificial Intelligence Systems, March 2002.

David Friedman — Using Splint to Detect Buffer Overflow Vulnerabilities in Sendmail , April 2002. (Graduate student at Johns Hopkins University, Computer Science)

William Haubert — An Interactive Approach to Secure and Memorable Passwords , April 2002.

Mike Hogye — Achieving Trade-Offs in Swarm Systems

Errol McEachron - A System for Synthesizing Swarm Applications, April 2002.

Lap Fan ("Jack") Lam - Detecting Email Viruses By Analyzing Network Traffic Patterns

Michael Lanouette - Static Checking of Coding Standards

Bill Oliver - Analyzing Group Behavior: Developing a Tool to Evaluate Swarm Programs, March 2002.

Hien Phan - Developing a Web Interface for the LCLint Static Checker

Kenneth Pickering - Evaluating the Viability of Intrusion Detection System Benchmarking, March 2002.

Douglas Ross - Cyberfridge.com - Magnetic Poetry for the World Wide Web, March 2002.

Adam Sowers - Analysis of the Selected Key Pairing Encryption for Client-Server Systems, March 2002.

Lim Vu - Securing Web Communications, April 2002.

Chris Barker - Static Error Checking of C Applications Ported from UNIX to WIN32 Systems Using LCLint, March 2001.

Felipe Huice - A Database-backed Personal Information System for Automatic Creation of Home and Summary Web Pages, March 2001.

Jennifer Kahng - Evaluating Web Browser Security Interfaces for a More Meaningful Design, March 2001.

John David Loizeaux - Describing and Predicting MEMS Capabilities, March 2001.

Ryan Persaud - Investigating the Fundamentals of Swarm Computing, March 2001
Graduate student at University of California San Diego, Computer Science

Rick Rossano - Monitoring Suspect Internet Packets on the Network at the Department of Computer Science, March 2001.

Dan Rubin - The Security of Remote On-Line Voting, March 2001.

Adam Trost - Extendable Swarm Programming Architecture, July 2001.

Phil Varner - Vote Early, Vote Often, and VoteHere: A Security Analysis of VoteHere, March 2001.

Julie Vogelman - Determining Web Usability Through an Analysis of Server Logs, March 2001.

Shannon Waddy - Case Studies in Security: Open Source vs. Closed Source Software, December 2001.