Education

I received my B.S. in Computer Science from UCSB in June 2004. I entered the Ph.D. program in Computer Science three months later.

Research

I am a research assistant in the Computer Security Group. My research interests include static and dynamic vulnerability analysis and testing for security. I am especially interested in vulnerability analysis of web-based applications. Some other areas that I am interested in, and have been working on, are binary analysis and security of mobile code systems.

My graduation time is getting closer, and, currently, I am mostly working on finishing up my dissertation. In my thesis research, I explore the problem of identifying vulnerabilities that result from flawed application logic. The vulnerabilities in this category are often application-specific and include such problems as missing authentication or authorization checks and incorrectly enforced workflow constraints. This class of vulnerabilities is known to be extremely hard for automated detection tools, and there has been little research done on finding suitable techniques for dealing with them. I have proposed (and implemented in a prototype-tool) an approach for detection of specific classes of application-specific vulnerabilities. Currently, I am working on making the tool scalable to a wider range of real-world applications.

Extras

• In 2007, I participated, as a red team member, in the Top-to-Bottom Review of the electronic voting systems used in California and in the Evaluation and Validation of Election-Related Equipment, Standards and Testing (EVEREST) project for the state of Ohio.
• I have been involved into organizing the International Capture The Flag (iCTF) security exercises since spring of 2005. My main responsibilities are general infrastructure and routing setup.
• I am also a proud member of the ShellPhish group, which won the Defcon CTF in 2005 :)