Computer Science Division
University of California, Berkeley
Research interests. Computer security, especially security of large-scale systems and networks. Applications of static and dynamic program analysis to computer security. I am currently working on software security, smartphone security, electronic voting, and other topics. In the past, I have worked on wireless security, sensor network security, and applied cryptography.
Projects. I'm part of Berkeley's security research group. I am PI for SCRUB, the Intel Science and Technology Center for Secure Computing, and for the DHOSA project. I am also an active member of the TRUST and ACCURATE centers, and I'm part of the Science of Security project. In the past, I was a co-founder of the ISAAC research group.
Publications. My technical papers and publications are all available online. Some of my technical talks are also available, too.
Teaching. I am co-teaching CS C79 (Societal Risks and the Law) in Spring 2013. (You might also be interested in CS 294-90 (Cryptography and Cryptanalysis).) See my past teaching.
Students. I'm lucky to have the chance to work with a group of outstanding graduate students and postdocs: Thurston Dang, Serge Egelman, Ian Fischer, Sakshi Jain, Michael McCoyd, Paul Pearce, Rebecca Pottenger, Cynthia Sturton, and Chris Thompson. See also the students I've graduated.
Contacting me. See my contact information for my address and other details. My office hours for Fall 2013 are Tuesdays, 4-5pm, in 733 Soda Hall.
Professional activities. I am co-chair for USEC 2014 (Workshop on Usable Security); please send us your best work! (Submission deadline extended until Dec 13, 2013.) I serve on the program committee of NDSS 2013, USEC '13, SOUPS 2013, Mobile Security Technologies (MoST) 2013, Usenix Security 2013, and Vote-ID 2013. I'm serving on the committee for the NSA Award for the Best Scientific Cybersecurity Paper and on the editorial board for the Journal of Election Technology and Systems (JETS). Join me in committing to support open-access publication venues.
Software. Available: Stowaway, a tool for analyzing whether your Android app requests any unnecessary permissions; Comdroid, a tool for detecting security vulnerabilities in your Android app related to inter-application communications (Android intents); OpenCount, a tool to help with auditing of elections conducted using optical-scan paper ballots; AuditBear, a web application for analyzing audit logs from ES&S iVotronic voting machines; Joe-E, a Java-based programming language for secure programming; html-sanitizer-testbed, a suite of tests to probe the security of a HTML sanitizer; and CQual++, a tool for type inference analysis of C and C++ code.
Information for Berkeley undergraduates. Interested in research with me? New: I'm recruiting Berkeley undergraduates who are interested in research on computer security, starting immediately. Contact me with the information listed here if interested.