Students

Research Students of David Evans

Research Group Lunch (11 May 2011)

PhD Students

Ivan Alagentchev, PhD Student (Computer Science)

Yikan Chen, PhD Student (Computer Engineering) — measuring information leakage in private computations

Longze Chen, PhD Student (Computer Science)

Yan Huang, PhD Candidate (Computer Science) — efficient private computation

Katherine Miller, PhD Student (Computer Science)

Simon Sibomana, PhD Student (Computer Science)

Tianhao Tong, PhD Student (Computer Science) — web application security

Samee Zahur, PhD Student (Computer Science) — symbolic evaluation

Yuchen Zhou, PhD Student (Computer Engineering) — web application security

Undergraduate Researchers

Jonathan Burket (since Spring 2010) — a secure web application framework

Peter Chapman (since Spring 2010) — side-channel vulnerabilities in web applications, secure mobileapplications

Jiamin Chen (since Summer 2011) — secure image processing

Austin DeVinney (since summer 2011, visiting from Radford University) — secure web application framework

SangHyung Koo (since Summer 2011) — secure mobile applications

Casey Mihaloew (since Summer 2011) — secure web aplication framework

Shengxuan (Jerry) Ye (since Spring 2011) — secure genome analysis

Prospective Students

I am always happy to exchange email with UVa students looking for research projects. My primary research area is computer security which includes software security, applications of cryptography, system security and network security. I will also supervise outstanding students interested in other areas.

If you are a current UVa undergraduate student, visit our research group blog to learn about what is going on in our group, and send me an email to arrange a meeting. All students are also welcome (and encouraged) to attend our Security Research meetings (sign up for the mailing list). I generally prefer to find first or second year students so you have sufficient time to do something interesting before you graduate, but I have also been known to accept exceptional third or fourth year students.

If you are a current UVa graduate student looking for a research advisor, look at my research websites and some of our papers. If the kind of work we do seems interesting to you, contact me to arrange a meeting, preferably to discuss some of your own original research ideas.

If you are interested in coming to UVa to do a graduate degree, please feel free to contact me (but it would be a good idea to read my advice for prospective students first).

UVa Students and Alumni at USENIX Security 2011

Graduated PhD Students

Karsten Nohl, Computer Engineering PhD Spring 2009

Thesis: Implementable Privacy for RFID Systems, January 2009

Winner of ECE Rader Graduate Research Award, 2008

Current occupation: Chief Scientist, Security Research Labs (Berlin)

Selected Papers:

Privacy through Noise: A Design Space for Private Identification (with David Evans), 2009 Annual Computer Security Applications Conference (ACSAC), Honolulu, Hawaii, 7-11 December 2009.

Reverse-Engineering a Cryptographic RFID Tag (with Starbug, and Henryk Plotz), USENIX Security 2008, August 2008.

Hiding in Groups: On the Expressiveness of Privacy Distributions, 23^rd International Information Security Conference (SEC 2008), Milan, Italy, September 2008. [PDF]

Quantifying Information Leakage in Tree-Based Hash Protocols, Eigth International Conference on Information and Communications Security (ICICS), Raleigh, North Carolina, December 2006. [PDF] [Technical Report (UVA-CS-2006-20): PDF]

Nathanael Paul — Computer Science PhD 2008

Thesis: Disk-Level Malware Detection, May 2008

Current occupation: Associate Professor, University of Tennessee, Security Research Scientist and Director of Center for Trustworthy Embedded Systems, Oak Ridge National Laboratory

Selected Papers:

Comparing Java and .NET security: Lessons Learned and Missed, Computers & Security, July 2006. [PDF, HTML]

Thermal Attacks on Storage Systems (with Sudhanva Gurumurthi), 14^th NASA Goddard, 23^rd IEEE Conference on Mass Storage Systems and Technologies, College Park, Maryland, May 2006. [PDF]

Where's the FEEB?: The Effectiveness of Instruction Set Randomization (with Ana Nora Sovarel), 14^th USENIX Security Symposium, Baltimore, MD, August 2005. [PDF, HTML]

.NET Security: Lessons Learned and Missed from Java, Twentieth Annual Computer Security Applications Conference (ACSAC 2004), December 2004, Tucson, Arizona. [PDF]

Election Security: Perception and Reality, IEEE Security and Privacy, January-February 2004. [PDF]

Authentication for Remote Voting (with Avi Rubin and Dan Wallach), Workshop on Human-Computer Interaction and Security Systems, April 2003. [PDF]

First employment: Postdoc, Vrije Universiteit Amsterdam (Andrew Tanenbaum)

Jinlin Yang — Computer Science PhD 2007

Thesis: Automatic Inference and Effective Application of Temporal Specifications, May 2007

Current occupation: Microsoft (Redmond)
Selected Papers:

Perracotta: Mining Temporal API Rules From Imperfect Traces (with Jinlin Yang, Deepali Bhardwaj, Thirumalesh Bhat, and Manuvir Das). ICSE 2006. May 2006.

Automatically Inferring Temporal Properties for Program Evolution , ISSRE 2004, November 2004. [PDF]

Dynamically Inferring Temporal Properties. ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE 2004). [PDF]

Software: Perracotta
First Employment: Microsoft Center for Software Excellence (Redmond, WA)

Graduated Masters Students

Jeffrey Shirley — UVa MCS 2011

The User is Not the Enemy: Fighting Malware by Tracking User Intentions, New Security Paradigms Workshop (NSPW 2008), Lake Tahoe, California, 22-25 September 2008. (Paper: PDF, 13 pages)

Benjamin Cox — UVA MCS 2006

Security through Redundant Data Diversity , 38^th IEEE/IFPF International Conference on Dependable Systems and Networks, Anchorage, Alaska, June 2008. [PDF]

N-Variant Systems: A Secretless Framework for Security through Diversity , 15^th USENIX Security Symposium, Vancouver, BC, August 2006. Talk slides: [PPT, PDF]

Software: N-Variant Systems Framework
First employment: Northrop Grumman (Charlottesville, VA)

Ana Nora Sovarel — UVA MCS 2006

Automatic Identification and Protection of Security-Critical Data

Where's the FEEB?: The Effectiveness of Instruction Set Randomization, USENIX Security 2005, August 2005. [PDF] [HTML]

First employment: UVa Hospital (Medical Informatics)

Lingxuan Hu — 2004

Localization for Mobile Sensor Networks, Tenth Annual International Conference on Mobile Computing and Networking (ACM MobiCom 2004). [PDF] Talk Slides [PPT]

Using Directional Antennas to Prevent Wormhole Attacks, Network and Distributed System Security Symposium, February 2004. [PDF]

Secure Aggregation for Wireless Networks, Workshop on Security and Assurance in Ad hoc Networks. January, 2003. [PDF]

Software: MCL Simulator (Monte Carlo Localization)
First employment: Microsoft (Redmond, WA)

Selvin George — UVA MCS 2003

EnviroTrack: Towards an Environmental Computing Paradigm for Distributed Sensor Networks, The 24th International Conference on Distributed Computing Systems. Tokyo, Japan. March 23-26, 2004. [PDF]

A Biological Programming Model for Self-Healing, First ACM Workshop on Survivable and Self-Regenerative Systems, October 2003. [PDF]

A Biologically Inspired Programming Model for Self-Healing Systems, Workshop on Self-Healing Systems (WOSS'02), November, 2002. [PDF]

Software: CellSim
First employment: Yahoo!

Greg Yukl — UVA MCS 2003

In-Line Source Code Generation

David Larochelle — UVA MCS 2002

Statically Detecting Likely Buffer Overflow Vulnerabilities, 2001 USENIX Security Symposium, Aug 2001. (PDF, HTML, 13 pages)

Software: Splint
First employment: Ounce Labs

Current employment: Lead Engineer for Media Cloud, Berkman Center for Internet and Society (Harvard University)

Joel Winstead — UVA MS 2002

MS Thesis: Structured Exception Semantics for Parallel Loops, January 2002.

First employment: Cigital

Weilin Zhong — UVA MCS 2002

When Ants Attack: Security Issues for Stigmergic Systems, UVA TR 2002-23.

First employment: Cigital (Current employment: Aspect Security)

Andrew Twyman — MIT MEng '99 (co-supervised with John Guttag)

MEng Thesis: Flexible Code Safety for Win32 (winner of MIT Masterworks Prize)

Software: Naccio (Win32)
First Employment: Maker Communications (acquired by Conexant)
Current Employment: Liquid Machines

Undergraduate Research Alumni

Completed PhDs

John Calandrino (2002) — Microsoft

University of North Carolina (PhD 2009) (worked with James Anderson on real-time scheduling for multicore platforms)

RTSS 2006: [PDF], Euromicro 2007: [PDF]

Christopher Frost (2003-2004) — Google

UCLA (PhD 2010). Worked on the Featherstich File System Project with Eddie Kohler)

SOSP 2007 paper: [PDF])

William (GJ) Halfond (2002) — Assistant Professor of Computer Science, University of Southern California.

Georgia Tech (PhD 2010) (worked on web application security with Alessandro Orso).

FSE 2007: [PDF], TSE 2007: [PDF], FSE 2006: [PDF], ASE 2005: [PDF], WODA 2005: [PDF]

Jonathan McCune (2001-2003) — Research Scientist, Carnegie Mellon University

CRA Outstanding Undergraduate Honorable Mentionee in 2003

CMU PhD 2009 (advised by Adrian Perrig and Mike Reiter)

EuroSys 2008: [PDF], ASPLOS 2008: [PDF], Oakland 2007: [PDF], USENIX Tech 2006: [PDF], Oakland 2005 (Seeing is Believing): [PDF], Oakland 2005 (Detection of Denial of Message Attacks): [PDF]).

Matt Spear (2005-2006) — Google

UC Davis (PhD 2010, worked with Karl Levitt and Felix Wu on peer-to-peer security)

Infocom 2008: [PDF], ICC 2008: [PDF]

Currently in PhD Programs

Patrick Mutchler (since Spring 2010, BSCS 2011) — Stanford University

Rachel Lathbury (summer 2008, BACS 2010) — University of Pennsylvania (linguistics)

Adrienne Felt (2006-2008) — UC Berkeley; privacy protection for social networking APIs, mashup security issues; CRA Outstanding Undergraduate Award Finalist 2008; SEAS Outstanding Student Award 2008

Salvatore Guarnieri (2003-2006) — University of Washington (working on securing software with Dan Grossman and Yoshi Kohno); CRA Outstanding Undergraduate Award Finalist in 2006

Felipe Huici (2001) - University College London (working on mitigating denial-of-service attacks with Mark Handley and Brad Karp) (SIGCOMM Review 2007 paper: [PDF])

Other Alumni

Jenny Cha (summer 2011) — secure web applications

Brittany Harris (summer 2011) — secure computation

Michael Weaver (summer/fall 2010, BSCS 2011) — a secure web application framework

Muzzammil Zaveri (summer/fall 2010, BSCS 2011) — a secure web application framework

Richard Hsu (summer 2008) — scene-based CAPTCHAs

Paul DiOrio (summer 2008) — linguistics and security

Meghan Knoll (summer 2007) — spyware

Carly Simpson (summer 2007) — security applications of GPUs

Michael Peck (2003-2004) — Johns Hopkins University

David Friedman (2002) — Johns Hopkins University

Adam Trost (2001-2002) — UVa Law School

Ryan Persaud (2001) — UCSD

Completed Senior Theses

Adrienne Felt — Privacy Protection for Social Networking, May 2008.

Samuel Baumgardner — Combining Software Components using Artificial Intelligence, May 2006.

Salvatore Guarnieri — Automatically Hardening Web Applications Using Precise Tainting, May 2006. (Finalist in University Undergraduate Research Symposium, April 15, 2005; co-author and presenter of paper at Twentieth IFIP International Information Security Conference, Chiba, Japan, May 2005; USENIX Security Symposium short talk, August 2005.)

Jacob McPadden, Solving Intractable Problems Using a Learning Agent: Can an Agent Learn to Deal with the Unknown Variables in Poker?, May 2006.

Matthew Spear, BianFu: Anonymity Guarantees in a Token Network, May 2006.

Qi Wang, Securing Hotel Video Distribution Networks, May 2006.

Andrew Paul Connors (Applied Mathematics), Finding an Optimal Collusive Strategy for a Simplified Game of Poker, March 2005.

Doug Anthony Greene (Computer Engineering), A Taxonomy for PHP Security Vulnerabilities, March 2005.

John Franchak (Cognitive Science Distinguished Major Thesis, second reader), March 2005.

Aaron Michael Karp, Using Execution Side Effects to Create Trusted Distributed Environments, March 2005.

Evong Nham, Improving Communication in Wireless Sensor Networks with Geographically Targeted Messaging, March 2005.

Dan Vinh Nguyen, Analyzing Password Recovery, March 2005.

Yuan-Yao (Jeffrey) Chang — 802.11 Person-In-Middle (PiM) Attacks: Implementation and Practical Solutions, 23 March 2004. [PDF] May 2004.

Christopher Frost — Amorphous Shape Mapping, 7 May 2004. [PDF, Web Page]

Jackson Kwok — A Wireless Protocol to Prevent Wormhole Attacks, 23 March 2004. [PDF]

Ben Maskell — Preventing Software Piracy, May 2004.

Michael Peck — Improving the Usability of the ESC/Java Static Analysis Tool, 25 March 2004. [PDF]

Anthony Aiello, Planners that Learn, March 2003.

Jonathan McCarrell McCune — Adaptability in Sensor Networks, 8 April 2003. [PDF]

Ankush Seth, Scalability and Communication within Swarm Computing, March 2003. [PDF]

Matthew Suhocki, How Biology forms Abstractions, March 2002.

Shobana Thyagarajan, Differentiating between Humans and Computers Remotely and Automatically

Nadim Barsoum — WIL: A Tool fo Web-data Extraction, March 2002.

Dev Batta - Finding a Give-And-Go In a Simulated Soccer Environment, April 2002.

John Calandrino — Applying Computer Network Flow Efficiency Techniques to Vehicular Traffic Systems, April 2002. (Graduate student at NC State University, Computer Science)

Giles Cotter - Generation of Pseudorandom Numbers From Microphone Input in Computing Devices, April 2002.

Mike Cuvelier - Behavior of Composed Swarm Primitives, March 2002.

Nicholas Dunnuck — An Ethical Analysis of the Goals and Methods of Developing Artificial Intelligence Systems, March 2002.

David Friedman — Using Splint to Detect Buffer Overflow Vulnerabilities in Sendmail , April 2002. (Graduate student at Johns Hopkins University, Computer Science)

William Haubert — An Interactive Approach to Secure and Memorable Passwords , April 2002.

Mike Hogye — Achieving Trade-Offs in Swarm Systems, March 2002.

Errol McEachron - A System for Synthesizing Swarm Applications, March 2002.

Lap Fan ("Jack") Lam - Detecting Email Viruses By Analyzing Network Traffic Patterns, March 2002.

Michael Lanouette - Static Checking of Coding Standards, March 2002.

Bill Oliver - Analyzing Group Behavior: Developing a Tool to Evaluate Swarm Programs, March 2002.

Hien Phan - Developing a Web Interface for the LCLint Static Checker

Kenneth Pickering - Evaluating the Viability of Intrusion Detection System Benchmarking, March 2002.

Douglas Ross - Cyberfridge.com - Magnetic Poetry for the World Wide Web, March 2002.

Adam Sowers - Analysis of the Selected Key Pairing Encryption for Client-Server Systems, March 2002.

Lim Vu - Securing Web Communications, April 2002.

Shannon Waddy - Case Studies in Security: Open Source vs. Closed Source Software, December 2001.

Chris Barker - Static Error Checking of C Applications Ported from UNIX to WIN32 Systems Using LCLint, March 2001.

Felipe Huice - A Database-backed Personal Information System for Automatic Creation of Home and Summary Web Pages, March 2001.

Jennifer Kahng - Evaluating Web Browser Security Interfaces for a More Meaningful Design, March 2001.

John David Loizeaux - Describing and Predicting MEMS Capabilities, March 2001.

Ryan Persaud - Investigating the Fundamentals of Swarm Computing, March 2001

Rick Rossano - Monitoring Suspect Internet Packets on the Network at the Department of Computer Science, March 2001.

Dan Rubin - The Security of Remote On-Line Voting, March 2001.

Adam Trost - Extendable Swarm Programming Architecture, March 2001.

Phil Varner - Vote Early, Vote Often, and VoteHere: A Security Analysis of VoteHere, March 2001.

Julie Vogelman - Determining Web Usability Through an Analysis of Server Logs, March 2001.