Carnegie Mellon University
Peter Chapman
about
I am available via email at peter@cmu.edu or pchapman@cs.virginia.edu.
I graduated from Thomas Jefferson High School for Science and Technology in 2008 and began attending the University of Virginia that same year. I graduated from the University of Virginia in May of 2012 with a Bachelor of Arts majoring in Computer Science and Cognitive Science.
From 2009 to 2012 I was an active member of the Security Research Group in the UVa Computer Science Department working under my advisor David Evans.
My areas of recent research interest include web security and secure computation described in more detail below.
In the summer of 2011 I had the pleasure of participating in a Microsoft Research internship in Redmond, Washington under the mentorship of Jinlin Yang working with the Windows Azure System Monitoring and Diagnostics group.
In the Februrary of 2012 I began working at Udacity as an assistant instructor for CS 101: Building a Search Engine and CS 262: Building a Web Browser. My next project at Udacity is to be announced in the near future.
In the fall of 2012 I will begin attending the PhD program at Carnegie Mellon University.
awards
ARCS Scholar
I have been awarded an ARCS (Achievement Rewards for College Scientists) scholarship.
National Science Foundation Graduate Research Fellowship
I was awarded a NSF Graduate Research Fellowship in 2012.
2012 Computer Research Association Outstanding Undergraduate Researcher Award Runner-Up
I was named the 2012 CRA Outstanding Undergraduate Research Award Runner-Up. This is the premier national award for undergraduate researchers in computer science.
Distinguished Major with Highest Distinction
I graduated from the University of Virginia with a Bachelor of Arts with a Distinguished Major in Computer Science with Highest Distinction.
projects
Side-Channel Leaks in Web Applications
As described by Chen, et al. an adversary monitoring network traffic, even over an encrypted channel, can infer a user's browser state by examining the size and control flow of network transfers. In our CCS 2011publication we detail an automated black-box approach to measuring and quantifying such leaks in real world web applications. We additionally demonstrate an evaluation of proposed mitigations using our framework. The source code will be available soon from the project page.
Secure Computation on Mobile Devices
In mid-2011 we ported the Secure Computation Framework from the desktop to the Android operating system to show the feasibility and applicability of secure computation on mobile devices. We discussed our experiences and thoughts on future research in our HotSec 2011paper, which I presented. Our demonstration applications are available on the Android Market.
Secure Computation Using Third-Party Randomness
For my distinguished major, we are currently developing a general secure-computation protocol dependent on a trusted third party to generate correlated random numbers. This scheme has the potential to be orders of magnitude faster than garbled circuit approaches because it does not use encryption or oblivious transfer. It is exciting work I hope to share soon.
Access Control Policies based on User Actions
With Jeffery Shirley I assisted on a project to develop accurate access control policies based on the state of the user interface and precedding user actions. This work is currently under submission.
publications
Peter Chapman and David Evans. Automated Black-Box Detection of Side-Channel Vulnerabilities in Web Applications. In 18th ACM Conference on Computer and Communications Security (CCS 2011), Chicago, IL. 17-21 October 2011. [PDF, 12 pages]
Yan Huang, Peter Chapman, and David Evans. Privacy-Preserving Applications on Smartphones. 6th USENIX Workshop on Hot Topics in Security (HotSec 2011), San Francisco. 9 August 2011. [PDF, 6 pages]
presentations and posters
Peter Chapman and David Evans. Automated Black-Box Detection of Side-Channel Vulnerabilities in Web Applications. In 18th ACM Conference on Computer and Communications Security (CCS 2011), Chicago, IL. 19 October 2011. [PPTX , PDF]
Yan Huang, Peter Chapman, and David Evans. Privacy-Preserving Applications on Smartphones. 6th USENIX Workshop on Hot Topics in Security (HotSec 2011), San Francisco. 9 August 2011. [Slides, 6 pages] [Presentation Video, 15 min] [Post-Session Panel, 43 min]
Yan Huang, Peter Chapman, and David Evans. Secure Computation on Mobile Devices. Poster at IEEE Symposium on Security and Privacy, Berkeley, CA. 22-25 May 2011. 2011. [Poster] [Poster Abstract]
Peter Chapman, and David Evans. Automated Black-box Detection of Side-Channel Vulnerabilities. Poster at 19th USENIX Security Symposium, Washington, DC. 11-13 August 2010. 2011. [Poster] [Poster Abstract]
Peter Chapman, Jeffrey Shirley, and David Evans. Monitoring User Actions for Better Malware Specifications. Poster at IEEE Symposium on Security and Privacy, Berkeley, CA. 16-19 May 2010. 2011. [Poster] [Poster Abstract]