I am an assistant professor in the department of computer science at Columbia University. My primary research interests are in the areas of computer security and privacy. More specifically, I am interested in building automated tools for finding and fixing security and privacy vulnerabilities. I also occasionally delve into software engineering, machine learning, and operating systems.
Email: suman (AT) cs.columbia.edu
Office: Mudd 412
500 W 120th St
- Fall 2018: Security I (COMS W4181)
- Fall 2017: Security Architecture & Engineering (COMS W4187)
- Spring 2017: Secure Software Development: Theory and Practice (COMS W4995)
- Spring 2016: Advanced Topics in Network Security (COMS E6183)
- DeepXplore and Moonshine got the 2nd and 3rd prizes in NYU CSAW Applied Research Competition
- Moonshine is getting integrated with Syzkaller (Google's kernel fuzzer)
- Neurify for formal verification of NN in NIPS 2018 (see below for code)
- NSF medium (joint with NYU) grant on DL testing
- ARO YIP award 2018
- Two papers in USENIX Security 2018
- NEUZZ: Efficient Fuzzing with Neural Program Learning. D. Shi, K. Pei, D. Epstein, J. Yang, B. Ray, and S. Jana.
- Towards Practical Verification of Machine Learning: The Case of Computer Vision Systems. K. Pei, Y. Cao, J. Yang, and S. Jana.
Efficient Formal Safety Analysis of Neural Networks.
S. Wang, K. Pei, J. Whitehouse, J. Yang, and S. Jana. NIPS 2018. [Neurify code]
MoonShine: Optimizing OS Fuzzer Seed Selection with Trace Distillation.
S. Pailoor, A. Aday, and S. Jana. USENIX Security 2018. [MoonShine code, MoonShine integration with Syzkaller]
Formal Security Analysis of Neural Networks using Symbolic Intervals.
S. Wang, K. Pei, J. Whitehouse, J. Yang, and S. Jana. USENIX Security 2018. [ReluVal code]
DeepTest: Automated Testing of Deep-Neural-Network-driven Autonomous Cars.
Y. Tian, K. Pei, S. Jana, and B. Ray. ICSE 2018. [DeepTest code]
DeepXplore: Automated Whitebox Testing of Deep Learning Systems.
K. Pei, Y. Cao, J. Yang, and S. Jana. SOSP 2017. [DeepXplore code]
SOSP 2017 Best Paper Award. Publicity:
the morning paper,
The Fortelix Blog,
The Spider's Web.
SlowFuzz: Automated Domain-Independent Detection of Algorithmic Complexity Vulnerabilities.
T. Petsios, J. Zhao, A. D. Keromytis, and S. Jana. CCS 2017.
NEZHA: Efficient Domain-independent Differential Testing.
T. Petsios, A. Tang, S. Stolfo, A. D. Keromytis, and S. Jana. S&P (Oakland) 2017. [Bibtex, Nezha code] 2nd place in 2017 NYU CSAW Applied Research Competition
HVLearn: Automated Black-box Analysis of Hostname Verification in SSL/TLS Implementations.
S. Sivakorn, G. Argyros, K. Pei, A. D. Keromytis, and S. Jana. S&P (Oakland) 2017. [Bibtex, HVLearn code]
SFADiff: Automated Evasion Attacks and Fingerprinting Using Blackbox Differential Automata Learning.
G. Argyros, I. Stais, S. Jana, A. D. Keromytis, and A. Kiayias. CCS 2016. [Bibtex, lightbulb framework code]
APEx: Automated Inference of Error Specifications for C APIs.
Y. J. Kang, B. Ray, and S. Jana. ASE 2016. [Bibtex, Slides(pptx), APEx code]
Automatically Detecting Error Handling Bugs using Error Specifications.
S. Jana, Y. J. Kang, S. Roth, and B. Ray. USENIX Security 2016. [Bibtex, Slides(pptx), EPEx code]
Recommendations for Randomness in the Operating System or, How to Keep Evil Children out of Your Pool and Other Random Facts.
H. Corrigan-Gibbs and S. Jana. HotOS 2015. [Bibtex]
No Escape From Reality: Security and Privacy of Augmented Reality Browsers.
R. McPherson, S. Jana, and V. Shmatikov. WWW 2015. [Bibtex]
Rethinking Security of Web-Based System Applications.
M. Georgiev, S. Jana, and V. Shmatikov. WWW 2015. [Bibtex]
Password Managers: Attacks and Defenses.
D. Silver, S. Jana, E. Chen, C. Jackson, and D. Boneh. USENIX Security 2014. [Bibtex, Slides(pptx)] Publicity: Reddit, Schneier on Security, Learning Tree, Mac Performance Guide.
Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations.
C. Brubaker, S. Jana, B. Ray, S. Khurshid, and V. Shmatikov. S&P (Oakland) 2014. [Bibtex, Frankencert code, Slides(pptx)]
S&P 2014 Best Practical Paper Award. Publicity: Reddit, Golem, Heise.
Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks.
M. Georgiev, S. Jana, and V. Shmatikov. NDSS 2014. [Bibtex, NoFrak code, Apache Cordova integration, Slides(pdf)]
Enabling Fine-Grained Permissions for Augmented Reality Applications With Recognizers.
S. Jana, D. Molnar, A. Moshchuk, A. M. Dunn, B. Livshits, H. J. Wang, and E. Ofek. Usenix Security 2013. [Bibtex, Slides(pptx)]
A Scanner Darkly: Protecting User Privacy from Perceptual Applications.
S. Jana, A. Narayanan, and V. Shmatikov. S&P (Oakland) 2013. [Bibtex, Slides(pptx), Our freedom to tinker post]
2014 PET Award Winner. Publicity: VPN Creative, Alcalde.
Operating System Support for Augmented Reality Applications.
L. D'Antoni, A. Dunn, S. Jana, T. Kohno, B. Livshits, D. Molnar, A. Moshchuk, E. Ofek, F. Roesner, S. Saponas, M. Veanes, and H. J. Wang. HotOS 2013. [Bibtex]
Memento: Learning Secrets from Process Footprints.
S. Jana and V. Shmatikov. S&P (Oakland) 2012. [Bibtex, Slides(pptx)]
S&P 2012 Best Student Paper Award. Publicity: CACM, Mocana.
Abusing File Processing in Malware Detectors for Fun and Profit.
S. Jana and V. Shmatikov. S&P (Oakland) 2012. [Bibtex, Slides(pptx)]
The Most Dangerous Code in the World: Validating SSL Certificates
in Non-Browser Software.
M. Georgiev, S. Iyengar, S. Jana, R. Anubhai, D. Boneh, and V. Shmatikov. CCS 2012. [FAQ, Bibtex]
2012 NYU-Poly AT&T Best Applied Security Paper Award. Publicity: Ars Technica, Threatpost, Hacker News, Slashdot, Schneier, Reddit, LWN.net, The H, SC Magazine, Softpedia, Heise, it republik, Webwereld, Security.nl, Punto Informatico, root.cz, xakep.ru, SecurityLab.ru.
Eternal Sunshine of the Spotless Machine: Protecting Privacy with Ephemeral Channels.
A. M. Dunn, M. Z. Lee, S. Jana, S. Kim, M. Silberstein, Y. Xu, V. Shmatikov, and E. Witchel. OSDI 2012. [Bibtex, Slides(pptx)]
2013 PET Award Runner-up.
TxBox: Building Secure, Efficient Sandboxes with System Transactions.
S. Jana, D. E. Porter, and V. Shmatikov. S&P (Oakland) 2011. [Bibtex, Slides( keynote, quicktime, pdf)]
EVE: Verifying Correct Execution of Cloud-Hosted Web Applications.
S. Jana and V. Shmatikov. HotCloud 2011. [Bibtex, Slides(keynote, quicktime, pdf)]
On the Effectiveness of Secret Key Extraction from Wireless Signal Strength in Real Environments.
S. Jana, S. N. Premnath, M. Clark, S. K. Kasera, N. Patwari, and S. V. Krishnamurthy. MOBICOM 2009. [Bibtex, Slides(pdf)]
On Fast and Accurate Detection of Unauthorized Wireless Access Points Using Clock Skews.
S. Jana and S. K. Kasera. MOBICOM 2008. [Bibtex, Slides( pdf )]
PhD: Kexin Pei (co-advised with Junfeng Yang), Shiqi Wang, Dongdong She, Gabriel Ryan (co-advised with Sal Stolfo), Dennis Roellke (co-advised with Roxana Geambasu).
- BS: Ruoxin (Amy) Jiang (CRA Outstanding Undergraduate Honorable Mentionee in 2017), Joshua Michael Zweig, Daniel Schwartz, John Hui, Jason Zhao, and Justin A. Whitehouse..
- Student collaborators: George Argyros, Yuan Jochen Kang, Theofilos Petsios, Suphannee Sivakorn, and Adrian Tang.
- 2018 ARO Young Investigator Award
- 2017 SOSP best paper award
- 2017 Google Faculty Research Award
- 2nd place in 2017 NYU CSAW Applied Research Competition
- 2014 PET Award for Outstanding Research in Privacy Enhancing Technologies
- IEEE S&P 2014 Best Practical Paper Award
- Runner-up for the 2013 PET Award for Outstanding Research in Privacy Enhancing Technologies
- IEEE S&P 2012 Best Student Paper Award
- 2012 NYU-Poly AT&T Best Applied Security Paper Award
- Google U.S./Canada Fellowship in Security (2012-2014)
- MCD Fellowship (2009-2012)