Shuo Chen is a senior researcher at Microsoft Research Redmond. His interest is on studying real-world operational systems to understand their security challenges and flaws. Specifically, he spends significant time studying problems about software-as-a-service, browser, web privacy/security and memory-based issues. He served on the program committees for IEEE S&P, USENIX Security, ACM CCS, WWW, etc. Shuo obtained his Ph.D. degree in computer science under the guidance of Prof. Ravi Iyer from University of Illinois at Urbana-Champaign. He obtained his master’s and bachelor’s degree from Tsinghua University and Peking University, both in computer science.
- Program committee member, IEEE Symposium on Security and Privacy 2010, 2011, 2012, 2013, 2015
- Program committee member, USENIX Security Symposium 2013
- Program committee member, ACM Conference on Computer and Communications Security 2011, 2012
- Program committee member, WWW (Security and Privacy Track) 2008, 2009, 2011, 2012
- Program committee member, SecureComm 2009
- Program committee member, Web 2.0 Security and Privacy Workshop (W2SP) 2011
- Program committee member, IEEE DSN 2007
- Ph.D. thesis committees for
- Ralf Sasse (former intern, UIUC, advised by Jose Meseguer), defended successfully in 2012
- Keun Soo Yim (UIUC, advised by Ravi Iyer), defended successfully in 2012
- Rui Wang (former intern, Indiana U, advised by XiaoFeng Wang), defended successfully in 2013
- Yuchen Zhou (former intern, UVa, advised by David Evans), defended successfully in 2015
- Eric Chen (former intern, CMU, advised by Patrick Tague and Collin Jackson), defended successfully in 2015
- Best Practical Paper award, IEEE Symposium on Security and Privacy 2011
- Microsoft Gold Star award, 2010
- Microsoft Gold Star award, 2007
Recent Media Coverage
About our Oakland’12 paper
- Study Finds Major Weaknesses in Single Sign-on Systems, Network World, March 27, 2012
- Flawed sign-in services from Google and Facebook imperil user account, Ars Technica, March 25, 2012
- Trial finds EIGHT WAYS to defeat Google, PayPal and other SSOs, The Register, March 20, 2012
- Researchers discover flaws in SSO that leave websites vulnerable, Infosecurity, March 20
- Web Services Single Sign-On Contain Big Flaws, Dark Reading, March 19, 2012
- Researchers discover “worrisome” authentication flaws in many online services, ZDNet, March 16, 2012
About our Oakland’11 paper
- How to Shop for Free Online (video interview), Channel 9, May 17, 2011
- Vulnerabilities in Online Payment Systems, Schneier on Security, May 9, 2011
- Researchers find major flaws in online payment systems. CNN, April 13, 2011.
- Exploit-wielding boffins go on free online shopping binge — World’s biggest e-commerce sites wide open, The Register, April 12, 2011
- Could criminals shop for free online? CNET, April 11, 2011
- Security Researchers Exploit Logic Flaws to Shop for Free Online, Network World, April 11, 2011
I encourage Ph.D. students to seek opportunities of Microsoft Research internships. I myself was interning here in the summers of 2003 and 2004. MSR internship is interesting, challenging and rewarding. Please ask your advisor to write a reference letter for you as early as you can! Most offers are made in the early spring.
- Summer 2015: Peter Chapman (CMU). Welcome Peter!
- Summer 2015: Daniel Song (Rice University, co-mentored with Helen Wang). Welcome Daniel!
- Summer 2013: Eric Chen (CMU), expertise: web security. Project: Certification of symbolic transaction, in IEEE Symposium on Security and Privacy 2015.
- Summer 2012: Yuchen Zhou (University of Virginia), expertise: web security. Project: Implicit security assumptions of SDKs, in USENIX Security Symposium 2013.
- Summer 2011: Rui Wang (Indiana University), expertise: web security. Project: Web-based single-sign-on systems, in IEEE Symposium on Security and Privacy 2012.
- Summer 2010: Rui Wang (Indiana University), expertise: web security. Project: How to shop for free online, in IEEE Symposium on Security and Privacy 2011.
- Summer 2009: Rui Wang (Indiana University), expertise: web security. Project: Side channel leaks in web applications, in IEEE Symposium on Security and Privacy 2010.
- Summer 2008: Hong Chen (Purdue), expertise: access control. Project: Browser’s residue objects, in EuroSys 2010.
- Summer 2007: Ziqing Mao (Purdue), expertise: access control. Project: Pretty-Bad-Proxy, in IEEE Symposium on Security and Privacy 2009.
- Summer 2006: Ralf Sasse (UIUC), expertise: formal methods. Project: GUI logic errors, in IEEE Symposium on Security and Privacy 2007.