Portrait of Shuo Chen

Shuo Chen

Senior Researcher


I am a researcher in the Microsoft Research Technologies division, and also affiliated with the Redmond Security and Privacy Research group. My research interest is mainly on systems security and privacy. My current focus is in the web/browser space.


Certification of Symbolic Transaction

Established: May 6, 2015

Logic flaws are prevalent in multiparty cloud services, which cause serious consequences, e.g., an attacker can make purchases without paying, or gets into other people’s accounts without password. For decades, researchers have been advocating formal verification as a solution, but…

















Shuo Chen is a senior researcher at Microsoft Research Redmond. His interest is on studying real-world operational systems to understand their security challenges and flaws. Specifically, he spends significant time studying problems about software-as-a-service, browser, web privacy/security and memory-based issues. He served on the program committees for IEEE S&P, USENIX Security, ACM CCS, WWW, etc. Shuo obtained his Ph.D. degree in computer science under the guidance of Prof. Ravi Iyer from University of Illinois at Urbana-Champaign. He obtained his master’s and bachelor’s degree from Tsinghua University and Peking University, both in computer science.

Academic Service

Academic Service

  • Program committee member, IEEE Symposium on Security and Privacy 2010, 2011, 2012, 2013, 2015
  • Program committee member, USENIX Security Symposium 2013
  • Program committee member, ACM Conference on Computer and Communications Security 2011, 2012
  • Program committee member, WWW (Security and Privacy Track) 2008, 2009, 2011, 2012
  • Program committee member, SecureComm 2009
  • Program committee member, Web 2.0 Security and Privacy Workshop (W2SP) 2011
  • Program committee member, IEEE DSN 2007
  • Ph.D. thesis committees for
    • Ralf Sasse (former intern, UIUC, advised by Jose Meseguer), defended successfully in 2012
    • Keun Soo Yim (UIUC, advised by Ravi Iyer), defended successfully in 2012
    • Rui Wang (former intern, Indiana U, advised by XiaoFeng Wang), defended successfully in 2013
    • Yuchen Zhou (former intern, UVa, advised by David Evans), defended successfully in 2015
    • Eric Chen (former intern, CMU, advised by Patrick Tague and Collin Jackson), defended successfully in 2015



  • Best Practical Paper award, IEEE Symposium on Security and Privacy 2011
  • Microsoft Gold Star award, 2010
  • Microsoft Gold Star award, 2007

Media Coverage



I encourage Ph.D. students to seek opportunities of Microsoft Research internships. I myself was interning here in the summers of 2003 and 2004. MSR internship is interesting, challenging and rewarding. Please ask your advisor to write a reference letter for you as early as you can! Most offers are made in the early spring.

  • Summer 2015: Peter Chapman (CMU). Welcome Peter!
  • Summer 2015: Daniel Song (Rice University, co-mentored with Helen Wang). Welcome Daniel!
  • Summer 2013: Eric Chen (CMU), expertise: web security. Project: Certification of symbolic transaction, in IEEE Symposium on Security and Privacy 2015.
  • Summer 2012: Yuchen Zhou (University of Virginia), expertise: web security. Project: Implicit security assumptions of SDKs, in USENIX Security Symposium 2013.
  • Summer 2011: Rui Wang (Indiana University), expertise: web security. Project: Web-based single-sign-on systems, in IEEE Symposium on Security and Privacy 2012.
  • Summer 2010: Rui Wang (Indiana University), expertise: web security. Project: How to shop for free online, in IEEE Symposium on Security and Privacy 2011.
  • Summer 2009: Rui Wang (Indiana University), expertise: web security. Project: Side channel leaks in web applications, in IEEE Symposium on Security and Privacy 2010.
  • Summer 2008: Hong Chen (Purdue), expertise: access control. Project: Browser’s residue objects, in EuroSys 2010.
  • Summer 2007: Ziqing Mao (Purdue), expertise: access control. Project: Pretty-Bad-Proxy, in IEEE Symposium on Security and Privacy 2009.
  • Summer 2006: Ralf Sasse (UIUC), expertise: formal methods. Project: GUI logic errors, in IEEE Symposium on Security and Privacy 2007.