Shuo Chen at Microsoft Research

I am a researcher in the Systems and Networking research area in Microsoft Research Asia. My research interest is mainly on systems security and privacy. My hope is to solve practical security problems using rigorous program analysis technologies.

Bio
Shuo Chen is a researcher at Microsoft Research Asia. His interest is on studying real-world operational systems to understand their security challenges and flaws. Specifically, he spends significant time studying problems about software-as-a-service, browser, web privacy/security, blockchain/smart contract and memory-based issues. He served on the program committees for IEEE S&P, USENIX Security, ACM CCS, WWW, etc. Shuo obtained his Ph.D. degree in computer science under the guidance of Prof. Ravi Iyer from University of Illinois at Urbana-Champaign. He obtained his master’s and bachelor’s degree from Tsinghua University and Peking University, both in computer science.

CV

Click here.

Academic Service

Program committee member, IEEE Symposium on Security and Privacy 2010, 2011, 2012, 2013, 2015
Program committee member, USENIX Security Symposium 2013
Program committee member, ACM Conference on Computer and Communications Security 2011, 2012, 2018
Program committee member, WWW (Security and Privacy Track) 2008, 2009, 2011, 2012
Program committee member, SecureComm 2009
Program committee member, Web 2.0 Security and Privacy Workshop (W2SP) 2011
Program committee member, IEEE DSN 2007
Ph.D. thesis committees for
- Ralf Sasse (former intern, UIUC, advised by Jose Meseguer), defended successfully in 2012
- Keun Soo Yim (UIUC, advised by Ravi Iyer), defended successfully in 2012
- Rui Wang (former intern, Indiana U, advised by XiaoFeng Wang), defended successfully in 2013
- Yuchen Zhou (former intern, UVa, advised by David Evans), defended successfully in 2015
- Eric Chen (former intern, CMU, advised by Patrick Tague and Collin Jackson), defended successfully in 2015

Awards

Best Practical Paper award, IEEE Symposium on Security and Privacy 2011
Microsoft Gold Star award, 2010
Microsoft Gold Star award, 2007

About our CCS’13 paper
• iOS and Android weaknesses allow stealthy pilfering of website credentials, Ars Technica, August 27, 2013

About our Oakland’12 paper
• Study Finds Major Weaknesses in Single Sign-on Systems, Network World, March 27, 2012
• Flawed sign-in services from Google and Facebook imperil user account, Ars Technica, March 25, 2012
• Trial finds EIGHT WAYS to defeat Google, PayPal and other SSOs, The Register, March 20, 2012
• Researchers discover flaws in SSO that leave websites vulnerable, Infosecurity, March 20
• Web Services Single Sign-On Contain Big Flaws, Dark Reading, March 19, 2012
• Researchers discover “worrisome” authentication flaws in many online services, ZDNet, March 16, 2012

About our finding of an OpenID authentication bug
• OpenID Warns Of Serious Bug, InformationWeek, May 9, 2011
• OpenID warns of ‘psychic paper’ authentication attack, Register, May 9, 2011
• OpenID Foundation warns of identity transmission bug, ZDNet UK, May 9, 2011
• OpenID Foundation Warns Websites of Authentication Flaw, eWeek, May 9, 2011

About our Oakland’11 paper
• How to Shop for Free Online (video interview), Channel 9, May 17, 2011
• Vulnerabilities in Online Payment Systems, Schneier on Security, May 9, 2011

(Shaz Qadeer and I didn’t directly participate in the following interviews because of a non-academic reason.)
• Researchers find major flaws in online payment systems. CNN, April 13, 2011.
• Exploit-wielding boffins go on free online shopping binge — World’s biggest e-commerce sites wide open, Register, April 12, 2011
• Could criminals shop for free online? CNET, April 11, 2011
• Security Researchers Exploit Logic Flaws to Shop for Free Online, Network World, April 11, 2011

About our finding of a Facebook authentication bug

Informatics students discover, alert Facebook to threat allowing access to private data, PhysOrg, ‎Feb 3, 2011
• New Facebook vulnerability patched, ComputerWorld, Feb 2, 2011
• Facebook Fixes Security Vulnerability,eWeek, Feb 2, 2011
• Facebook plugs gnarly authentication flaw, Register, ‎Feb 2, 2011‎
• Facebook flaw allowed websites to steal users’ personal data without consent, Graham Cluley’s blog, ‎Feb 2, 2011‎

About our Oakland’10 paper
• Side Channel Attacks in SSL, ha.ckers.org, June 21st, 2010
• SaaS Apps May Leak Data Even When Encrypted, Study Says, Dark Reading, March 26th, 2010
• Side-Channel Attacks on Encrypted Web Traffic, Schneier on Security, March 26th, 2010
• Researchers sound alarm on Web app “side channel” data leaks, Network World, March 25th, 2010
• Your health, tax, and search data siphoned: Software-as-a-service springs SSL leak, The Register, March 23rd, 2010.
• Side-Channel Leaks in Web Applications, Freedom To Tinker, March 23rd, 2010

About our Oakland’09 paper
• Browser flaws expose users to man-in-the-middle attacks, ZDNet, August 7th, 2009
• Mozilla patches 11 Firefox bugs, six critical. Plugs SSL hole reported by Microsoft researchers, Computer World, June 12, 2009
• Breaking Web Browsers’ Trust, Technology Review, May 21st, 2009

Interns

I encourage Ph.D. students to seek opportunities of Microsoft Research internships. I myself was interning here in the summers of 2003 and 2004. MSR internship is interesting, challenging and rewarding. Please ask your advisor to write a reference letter for you as early as you can! Most offers are made in the early spring.

Summer 2019: Phuong Cao (UIUC), expertise: dependable computing.
Summer 2017: Daejun Park (UIUC), expertise: programming language.
Summer 2016: Matt McCutchen (MIT). Project: Self-Verifying Execution.
Summer 2015: Peter Chapman (CMU).
Summer 2015: Daniel Song (Rice University, co-mentored with Helen Wang). Project: Self-Verifying Execution.
Summer 2013: Eric Chen (CMU), expertise: web security. Project: Certification of symbolic transaction, in IEEE Symposium on Security and Privacy 2015.
Summer 2012: Yuchen Zhou (University of Virginia), expertise: web security. Project: Implicit security assumptions of SDKs, in USENIX Security Symposium 2013.
Summer 2011: Rui Wang (Indiana University), expertise: web security. Project: Web-based single-sign-on systems, in IEEE Symposium on Security and Privacy 2012.
Summer 2010: Rui Wang (Indiana University), expertise: web security. Project: How to shop for free online, in IEEE Symposium on Security and Privacy 2011.
Summer 2009: Rui Wang (Indiana University), expertise: web security. Project: Side channel leaks in web applications, in IEEE Symposium on Security and Privacy 2010.
Summer 2008: Hong Chen (Purdue), expertise: access control. Project: Browser’s residue objects, in EuroSys 2010.
Summer 2007: Ziqing Mao (Purdue), expertise: access control. Project: Pretty-Bad-Proxy, in IEEE Symposium on Security and Privacy 2009.
Summer 2006: Ralf Sasse (UIUC), expertise: formal methods. Project: GUI logic errors, in IEEE Symposium on Security and Privacy 2007.

About

Projects

Publications

Videos

Other

CV

Academic Service

Academic Service

Awards

Awards

Press Coverage

Interns

Interns

Other

Follow us:

Share this page: