Research Interests

My primary research interests are in embedded and cyberphysical systems security. Beyond those, I am interested in a number of topics such as tech policy, cryptography, programming languages, and compilers.

I think research is a social activity and I enjoy collaboration.

Research Projects

• Aerosec
• Dual EC
• Radsec
• Trustworthy Health & Wellness
• Autosec
• IRV Post-election Auditing

I have a collection of miscellaneous software I’ve written or contributed to here (almost certainly an incomplete list).

Recent Papers

1. Willy R. Vasquez, Stephen Checkoway, and Hovav Shacham. The Most Dangerous Codec in the World: Finding and Exploiting Vulnerabilities in H.264 Decoders, in Proceedings of the USENIX Security Symposium 2023. USENIX, Aug. 2023. [Details, PDF]
2. Evan Johnson, Maxwell Bland, YiFei Zhu, Joshua Mason, Stephen Checkoway, Stefan Savage, and Kirill Levchenko. Jetset: Targeted Firmware Rehosting for Embedded Systems, in Proceedings of the USENIX Security Symposium 2021. USENIX, Aug. 2021. [Details, PDF]

All of my papers are available and my Google Scholar profile is reasonably up to date.

Teaching

• CS 210 Introduction to Computer Architecture: Spring 2025, Fall 2024, Spring 2022, Fall 2021
• CS 241 Systems Programming: Spring 2024, Fall 2023, Spring 2020, Fall 2019
• CS 275 Programming Abstractions: Spring 2025, Fall 2024, Spring 2022, Fall 2021, Summer 2021, Fall 2020
• CS 343 Security: Fall 2020
• CS 383 Theory of Computation: Spring 2024, Fall 2023

Past teaching at UIC

• CS 301 Languages and Automata: Spring 2018, Fall 2015
• CS 487 Secure Computer Systems Fall 2017
• CS 590 Research Methods in Computer Science: Spring 2017
• CS 491 Software Vulnerability Analysis: Fall 2016
• CS 594 Advanced Computer Security Spring 2016

Past teaching at JHU

• CS 271 Automata and Computation Theory: Spring 2015, Spring 2014
• CS 460 Software Vulnerability Analysis: Fall 2014, Fall 2013, Fall 2012
• CS 668 Advanced Topics in Software Security: Spring 2013

Professional Activities

• I am a member of the JETS editorial board.
• I am a member of the USENIX Security 2020 program committee.
• I am a member of the Oakland 2020 program committee.
• I am a member of the USENIX Security 2019 program committee.
• I am a member of the USENIX CSET 2019 program committee.
• I was a member of the AutoSec 2019 program committee.
• I was a member of the ROOTS 2018 program committee.
• I was a member of the LangSec 2018 program committee.
• I was a member of the ROOTS 2017 program committee.
• I was a member of the USENIX Security 2017 program committee.
• I was a member of the Oakland 2017 program committee.
• I was a member of the WWW 2017 program committee.
• I was a member of the USENIX Security 2016 program committee.
• I was a member of the Oakland 2016 program committee.
• I was a member of the WWW 2016 program committee.
• I was a member of the CCS 2015 program committee.
• I was a member of the CANS 2015 program committee.
• I was a member of the USENIX Security 2015 program committee.
• I was a member of the CCS 2014 program committee.
• I was a member of the PASSAT 2014 program committee.
• I was a member of the USENIX Security 2014 program committee.
• I was a member of the ARES 2014 program committee.
• I was a member of the WOOT 2013 program committee.
• I was a member of the CSET 2013 program committee.
• I was a member of the EVT/WOTE 2012 program committee.
• I was a member of the DIMVA 2012 program committee.
• I was a member of the EVT/WOTE 2011 program committee.
• I was a member of the WOOT 2011 program committee.

Recent Musings

• C enables bugs. Another examples of C enabling bugs Posted 2023-07-07.
• Using Nix on macOS. Making Nix work for me on macOS Posted 2022-07-23.
• Why didn’t NSA notice when their backdoor stopped working?. Some possible reasons the NSA didn’t notice their backdoor stopped working Posted 2021-09-04.
• Git is ridiculous. Git is ridiculous. Posted 2019-04-03.
• TypingDNA Authenticator sends its users’ secrets to the cloud (updated). TypingDNA Authenticator Google Chrome extension used to send its users’ TOTP secrets to the cloud and used to track their actions. Last updated 2018-05-22.
• Duplicity SSH backends. Duplicity’s legacy Pexpect SSH backend is an order of magnitude faster than the default Paramiko backend. Last updated 2019-09-23.
• TLS 1.3 in enterprise networks. A brief description of the latest TLS 1.3 drama regarding enterprise networks. Posted 2017-07-22.
• Turning tweets into vector images. A simple procedure for turning tweets into high-quality vector images. Posted 2017-07-11.

All of my musings are available.

Education

• Ph.D. in Computer Science, University of California, San Diego, 2012.
• C.Phil. in Computer Science, University of California, San Diego, 2009.
• M.S. in Computer Science, University of California, San Diego, 2008.
• B.S. in Mathematics, minor in Physics, University of Washington, 2005.
• B.S. in Computer Science, University of Washington, 2005.