I am an assistant professor in the department of computer science at Columbia University. My primary research interests are in the areas of computer security and privacy. More specifically, I am interested in building automated tools for finding and fixing security and privacy vulnerabilities. I also occasionally delve into software engineering, machine learning, and operating systems.
Email: suman (AT) cs.columbia.edu
Office: Mudd 412
500 W 120th St
- Fall 2017: Security Architecture & Engineering (COMS W4187)
- Spring 2017: Secure Software Development: Theory and Practice (COMS W4995)
- Spring 2016: Advanced Topics in Network Security (COMS E6183)
- Nezha won 2nd place in the NYU CSAW'17 applied research competition
- DeepXplore won the best paper award at SOSP 2017
- Nezha selected as one of the top 10 finalists in the NYU CSAW'17 applied research competition
- DeepXplore code is available now
- DeepTest: Automated Testing of Deep-Neural-Network-driven Autonomous Cars. Y. Tian, K. Pei, S. Jana, and B. Ray.
DeepXplore: Automated Whitebox Testing of Deep Learning Systems.
K. Pei, Y. Cao, J. Yang, and S. Jana. SOSP 2017. [DeepXplore code]
SOSP 2017 Best Paper Award.
SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities.
T. Petsios, J. Zhao, A. D. Keromytis, and S. Jana. CCS 2017.
NEZHA: Efficient Domain-independent Differential Testing.
T. Petsios, A. Tang, S. Stolfo, A. D. Keromytis, and S. Jana. S&P (Oakland) 2017. [Bibtex, Nezha code] 2nd place in 2017 NYU CSAW Applied Research Competition
HVLearn: Automated Black-box Analysis of Hostname Verification in SSL/TLS Implementations.
S. Sivakorn, G. Argyros, K. Pei, A. D. Keromytis, and S. Jana. S&P (Oakland) 2017. [Bibtex, HVLearn code]
SFADiff: Automated Evasion Attacks and Fingerprinting Using Blackbox Differential Automata Learning.
G. Argyros, I. Stais, S. Jana, A. D. Keromytis, and A. Kiayias. CCS 2016. [Bibtex, lightbulb framework code]
APEx: Automated Inference of Error Specifications for C APIs.
Y. J. Kang, B. Ray, and S. Jana. ASE 2016. [Bibtex, Slides(pptx), APEx code]
Automatically Detecting Error Handling Bugs using Error Specifications.
S. Jana, Y. J. Kang, S. Roth, and B. Ray. USENIX Security 2016. [Bibtex, Slides(pptx), EPEx code]
Recommendations for Randomness in the Operating System or, How to Keep Evil Children out of Your Pool and Other Random Facts.
H. Corrigan-Gibbs and S. Jana. HotOS 2015. [Bibtex]
No Escape From Reality: Security and Privacy of Augmented Reality Browsers.
R. McPherson, S. Jana, and V. Shmatikov. WWW 2015. [Bibtex]
Rethinking Security of Web-Based System Applications.
M. Georgiev, S. Jana, and V. Shmatikov. WWW 2015. [Bibtex]
Password Managers: Attacks and Defenses.
D. Silver, S. Jana, E. Chen, C. Jackson, and D. Boneh. USENIX Security 2014. [Bibtex, Slides(pptx)] Publicity: Reddit, Schneier on Security, Learning Tree, Mac Performance Guide.
Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations.
C. Brubaker, S. Jana, B. Ray, S. Khurshid, and V. Shmatikov. S&P (Oakland) 2014. [Bibtex, Frankencert code, Slides(pptx)]
S&P 2014 Best Practical Paper Award. Publicity: Reddit, Golem, Heise.
Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks.
M. Georgiev, S. Jana, and V. Shmatikov. NDSS 2014. [Bibtex, NoFrak code, Apache Cordova integration, Slides(pdf)]
Enabling Fine-Grained Permissions for Augmented Reality Applications With Recognizers.
S. Jana, D. Molnar, A. Moshchuk, A. M. Dunn, B. Livshits, H. J. Wang, and E. Ofek. Usenix Security 2013. [Bibtex, Slides(pptx)]
A Scanner Darkly: Protecting User Privacy from Perceptual Applications.
S. Jana, A. Narayanan, and V. Shmatikov. S&P (Oakland) 2013. [Bibtex, Slides(pptx), Our freedom to tinker post]
2014 PET Award Winner. Publicity: VPN Creative, Alcalde.
Operating System Support for Augmented Reality Applications.
L. D'Antoni, A. Dunn, S. Jana, T. Kohno, B. Livshits, D. Molnar, A. Moshchuk, E. Ofek, F. Roesner, S. Saponas, M. Veanes, and H. J. Wang. HotOS 2013. [Bibtex]
Memento: Learning Secrets from Process Footprints.
S. Jana and V. Shmatikov. S&P (Oakland) 2012. [Bibtex, Slides(pptx)]
S&P 2012 Best Student Paper Award. Publicity: CACM, Mocana.
Abusing File Processing in Malware Detectors for Fun and Profit.
S. Jana and V. Shmatikov. S&P (Oakland) 2012. [Bibtex, Slides(pptx)]
The Most Dangerous Code in the World: Validating SSL Certificates
in Non-Browser Software.
M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh, and V. Shmatikov. CCS 2012. [FAQ, Bibtex]
2012 NYU-Poly AT&T Best Applied Security Paper Award. Publicity: Ars Technica, Threatpost, Hacker News, Slashdot, Schneier, Reddit, LWN.net, The H, SC Magazine, Softpedia, Heise, it republik, Webwereld, Security.nl, Punto Informatico, root.cz, xakep.ru, SecurityLab.ru.
Eternal Sunshine of the Spotless Machine: Protecting Privacy with Ephemeral Channels.
A. M. Dunn, M. Z. Lee, S. Jana, S. Kim, M. Silberstein, Y. Xu, V. Shmatikov, and E. Witchel. OSDI 2012. [Bibtex, Slides(pptx)]
2013 PET Award Runner-up.
2011 and older
TxBox: Building Secure, Efficient Sandboxes with System Transactions.
S. Jana, D. E. Porter, and V. Shmatikov. S&P (Oakland) 2011. [Bibtex, Slides( keynote, quicktime, pdf)]
EVE: Verifying Correct Execution of Cloud-Hosted Web Applications.
S. Jana and V. Shmatikov. HotCloud 2011. [Bibtex, Slides(keynote, quicktime, pdf)]
On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments.
S. Jana, S. N. Premnath, M. Clark, S. K. Kasera, N. Patwari, and S. V. Krishnamurthy. MOBICOM 2009. [Bibtex, Slides(pdf)]
On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock Skews.
S. Jana and S. K. Kasera. MOBICOM 2008. [Bibtex, Slides( pdf )]
PhD: Kexin Pei (co-advised with Junfeng Yang), Shiqi Wang, and Dongdong She.
- BS: Ruoxin (Amy) Jiang (CRA Outstanding Undergraduate Honorable Mentionee in 2017), Joshua Michael Zweig, Daniel Schwartz, John Hui, and Jason Zhao.
- Student collaborators: George Argyros, Yuan Jochen Kang, Theofilos Petsios, Suphannee Sivakorn, and Adrian Tang.
Security advisories & open source outreachOur research has resulted in reporting and fixing of more than 200 high-impact security vulnerabilities across a wide range of software.
Recent awards & honors
- 2017 SOSP best paper award
- 2017 Google Faculty Research Award
- 2nd place in 2017 NYU CSAW Applied Research Competition
- 2014 PET Award for Outstanding Research in Privacy Enhancing Technologies
- IEEE S&P 2014 Best Practical Paper Award
- Runner-up for the 2013 PET Award for Outstanding Research in Privacy Enhancing Technologies
- IEEE S&P 2012 Best Student Paper Award
- 2012 NYU-Poly AT&T Best Applied Security Paper Award
- Google U.S./Canada Fellowship in Security (2012-2014)
- MCD Fellowship (2009-2012)