I graduated from Thomas Jefferson High School for Science and Technology in 2008 and from the University of Virginia in May of 2012 with a Bachelor of Arts majoring in Computer Science and Cognitive Science.
My areas of recent research interest include web security and secure computation described in more detail below.
In the summer of 2011 I had the pleasure of participating in a Microsoft Research internship in Redmond, Washington under the mentorship of Jinlin Yang working with the Windows Azure System Monitoring and Diagnostics group.
In the Februrary of 2012 I began working at Udacity as an assistant instructor for CS 101: Building a Search Engine and CS 262: Building a Web Browser. I also developed a prototype Android application for consuming course content and improved internal community management tools in collaboration with the engineering team. To correct a common misconception, I am not secretly evil. David Evans wrote a nice blog post on launching Udacity's first course.
In the fall of 2012 I began attending the PhD program at Carnegie Mellon University. My advisor is David Brumley.
I am now the lead organizer of a nation-wide high school hacking competition, picoCTF.
I have been awarded an ARCS (Achievement Rewards for College Scientists) scholarship.
I was awarded a NSF Graduate Research Fellowship in 2012.
I was named the 2012 CRA Outstanding Undergraduate Research Award Runner-Up. This is the premier national award for undergraduate researchers in computer science.
I graduated from the University of Virginia with a Bachelor of Arts with a Distinguished Major in Computer Science with Highest Distinction.
As described by Chen, et al. an adversary monitoring network traffic, even over an encrypted channel, can infer a user's browser state by examining the size and control flow of network transfers. In our CCS 2011 publication we detail an automated black-box approach to measuring and quantifying such leaks in real world web applications. We additionally demonstrate an evaluation of proposed mitigations using our framework. The source code is available from the project page.
In mid-2011 we ported the Secure Computation Framework from the desktop to the Android operating system to show the feasibility and applicability of secure computation on mobile devices. We discussed our experiences and thoughts on future research in our HotSec 2011 paper, which I presented. Our demonstration applications are available on the Google Play.
Secure Computation Using Third-Party Randomness
For my distinguished major, we developed a general secure-computation protocol dependent on a trusted third party to generate correlated random numbers. The scheme is an order of magnitude more efficient than garbled circuit approaches because it does not use encryption or oblivious transfer.
Access Control Policies based on User Actions
With Jeffery Shirley I assisted on a project to develop accurate access control policies based on the state of the user interface and precedding user actions.
Peter Chapman and David Evans. Automated Black-Box Detection of Side-Channel Vulnerabilities in Web Applications. In 18th ACM Conference on Computer and Communications Security (CCS 2011), Chicago, IL. 17-21 October 2011. [PDF, 12 pages]
presentations and posters
Peter Chapman and David Evans. Automated Black-Box Detection of Side-Channel Vulnerabilities in Web Applications. In 18th ACM Conference on Computer and Communications Security (CCS 2011), Chicago, IL. 19 October 2011. [PPTX , PDF]
Yan Huang, Peter Chapman, and David Evans. Privacy-Preserving Applications on Smartphones. 6th USENIX Workshop on Hot Topics in Security (HotSec 2011), San Francisco. 9 August 2011. [Slides, 6 pages] [Presentation Video, 15 min] [Post-Session Panel, 43 min]
Peter Chapman, Jeffrey Shirley, and David Evans. Monitoring User Actions for Better Malware Specifications. Poster at IEEE Symposium on Security and Privacy, Berkeley, CA. 16-19 May 2010. [Poster] [Poster Abstract]
To serve as a simple baseline measurement in a research project I wrote this script to create fuzz testing inputs using the manual pages and help options for command-line applications. The code is available on GitHub under an Apache License, Version 2.0.
Working at Udacity I regularly sent emails to thousands of our active students. To facilitate this role I created an online tool to convert a well-formatted HTML email to something friendly to text-only email clients.