about

I am available via email at peter@cmu.edu or pchapman@cs.virginia.edu. My resume is available here.

I graduated from Thomas Jefferson High School for Science and Technology in 2008 and from the University of Virginia in May of 2012 with a Bachelor of Arts majoring in Computer Science and Cognitive Science.

From 2009 to 2012 I was an active member of the Security Research Group in the UVa Computer Science Department working under my advisor David Evans.

My areas of recent research interest include web security and secure computation described in more detail below.

In the summer of 2011 I had the pleasure of participating in a Microsoft Research internship in Redmond, Washington under the mentorship of Jinlin Yang working with the Windows Azure System Monitoring and Diagnostics group.

In the Februrary of 2012 I began working at Udacity as an assistant instructor for CS 101: Building a Search Engine and CS 262: Building a Web Browser. I also developed a prototype Android application for consuming course content and improved internal community management tools in collaboration with the engineering team. To correct a common misconception, I am not secretly evil. David Evans wrote a nice blog post on launching Udacity's first course.

In the fall of 2012 I began attending the PhD program at Carnegie Mellon University. My advisor is David Brumley.

I am now the lead organizer of a nation-wide high school hacking competition, picoCTF.

awards
ARCS Scholar

I have been awarded an ARCS (Achievement Rewards for College Scientists) scholarship.

National Science Foundation Graduate Research Fellowship

I was awarded a NSF Graduate Research Fellowship in 2012.

2012 Computer Research Association Outstanding Undergraduate Researcher Award Runner-Up

I was named the 2012 CRA Outstanding Undergraduate Research Award Runner-Up. This is the premier national award for undergraduate researchers in computer science.

Distinguished Major with Highest Distinction

I graduated from the University of Virginia with a Bachelor of Arts with a Distinguished Major in Computer Science with Highest Distinction.

projects
Side-Channel Leaks in Web Applications

As described by Chen, et al. an adversary monitoring network traffic, even over an encrypted channel, can infer a user's browser state by examining the size and control flow of network transfers. In our CCS 2011 publication we detail an automated black-box approach to measuring and quantifying such leaks in real world web applications. We additionally demonstrate an evaluation of proposed mitigations using our framework. The source code is available from the project page.

Secure Computation on Mobile Devices

In mid-2011 we ported the Secure Computation Framework from the desktop to the Android operating system to show the feasibility and applicability of secure computation on mobile devices. We discussed our experiences and thoughts on future research in our HotSec 2011 paper, which I presented. Our demonstration applications are available on the Google Play.

Secure Computation Using Third-Party Randomness

For my distinguished major, we developed a general secure-computation protocol dependent on a trusted third party to generate correlated random numbers. The scheme is an order of magnitude more efficient than garbled circuit approaches because it does not use encryption or oblivious transfer.

Access Control Policies based on User Actions

With Jeffery Shirley I assisted on a project to develop accurate access control policies based on the state of the user interface and precedding user actions.

publications

Peter Chapman and David Evans. Automated Black-Box Detection of Side-Channel Vulnerabilities in Web Applications. In 18th ACM Conference on Computer and Communications Security (CCS 2011), Chicago, IL. 17-21 October 2011. [PDF, 12 pages]

Yan Huang, Peter Chapman, and David Evans. Privacy-Preserving Applications on Smartphones. 6th USENIX Workshop on Hot Topics in Security (HotSec 2011), San Francisco. 9 August 2011. [PDF, 6 pages]

presentations and posters

Peter Chapman. Secure Computation on Mobile Devices. For CS 1120 - Computing: Language, Logic, Machines, Charlottesville, VA. 2 December 2011. [PPTX , PDF]

Peter Chapman and David Evans. Automated Black-Box Detection of Side-Channel Vulnerabilities in Web Applications. In 18th ACM Conference on Computer and Communications Security (CCS 2011), Chicago, IL. 19 October 2011. [PPTX , PDF]

Yan Huang, Peter Chapman, and David Evans. Privacy-Preserving Applications on Smartphones. 6th USENIX Workshop on Hot Topics in Security (HotSec 2011), San Francisco. 9 August 2011. [Slides, 6 pages] [Presentation Video, 15 min] [Post-Session Panel, 43 min]

Yan Huang, Peter Chapman, and David Evans. Secure Computation on Mobile Devices. Poster at IEEE Symposium on Security and Privacy, Berkeley, CA. 22-25 May 2011. [Poster] [Poster Abstract]

Peter Chapman, and David Evans. Automated Black-box Detection of Side-Channel Vulnerabilities. Poster at 19th USENIX Security Symposium, Washington, DC. 11-13 August 2010. [Poster] [Poster Abstract]

Peter Chapman, Jeffrey Shirley, and David Evans. Monitoring User Actions for Better Malware Specifications. Poster at IEEE Symposium on Security and Privacy, Berkeley, CA. 16-19 May 2010. [Poster] [Poster Abstract]

tools
Man Fuzzer

To serve as a simple baseline measurement in a research project I wrote this script to create fuzz testing inputs using the manual pages and help options for command-line applications. The code is available on GitHub under an Apache License, Version 2.0.

Email Textifier

Working at Udacity I regularly sent emails to thousands of our active students. To facilitate this role I created an online tool to convert a well-formatted HTML email to something friendly to text-only email clients.