Johnny So

Johnny So

PhD Candidate

Stony Brook University

Biography

I am currently a fourth-year Ph.D. candidate advised by Professor Nick Nikiforakis at the PragSec Lab in Stony Brook University. I investigate (the lack of) web integrity in various contexts (e.g., domain names and JavaScript) through large-scale experiments, and subsequently design and evaluate defenses that improve the integrity of the web.

Interests
  • Web Security
  • Distributed Systems
  • Network Security
  • Algorithms
Education

  • PhD in Computer Science, 2020 - Dec 2024 (expected)

    Stony Brook University

  • BSc in Computer Science, 2016 - 2020

    Stony Brook University

  • BSc in Applied Math and Statistics, 2016 - 2020

    Stony Brook University

Work

 
 
 
 
 
(Incoming) Software Engineer Intern
IAB / Browser Product Infrastructure @ Meta
May 2024 – Aug 2024 Bellevue, WA
Responsibilities TBD.
 
 
 
 
 
Research Assistant
PragSec Lab @ Stony Brook University
Aug 2020 – Present Stony Brook, New York

Conducting web security research projects that result in flagship conference publications:

  • Designing an application-agnostic link management system that prevents access to external dependencies of websites if such links violate integrity policies
  • Demonstrated that strict integrity verification of scripts cannot protect the web and provided insight for future methods through a large-scale, data-driven analysis (Things Change)
  • Profiled the behavior of bots that monitor Certificate Transparency logs, analyzing how bots of various intentions and origins react to new certificates within seconds (Uninvited Guests)
  • Illustrated the capability of adversaries to potentially affect millions of IP addresses in tens of thousands of autonomous systems by re-registering a few hundred domains (Domains Change)
  • Proposed transparent web authentication mechanisms that leverage deception (Click This, Not That)
 
 
 
 
 
Software Engineering Intern
Bot Management / API Shield @ Cloudflare
Jun 2023 – Aug 2023 Remote
Designed a policy-based system to detect broken object-level authorization in API traffic
 
 
 
 
 
PhD Research Intern
Research @ NortonLifeLock
May 2022 – Aug 2022 Remote
Analyzing the integrity of Android applications through dynamic analysis (under submission)
 
 
 
 
 
Software Development Engineer Intern
Alexa @ Amazon
Jun 2019 – Aug 2019 Seattle, Washington
Created an intent recommendation service for Alexa skills using short utterance text data
 
 
 
 
 
Software Engineer Intern
Softheon
Jun 2018 – Dec 2018 Stony Brook, New York
Built the prototype of a new state health exchange platform and established a preprocessing library used to build machine learning models

Publications

Quickly discover relevant content by filtering publications.
Johnny So, Michael Ferdman, Nick Nikiforakis (2023). The More Things Change, the More They Stay the Same: Integrity of Modern JavaScript. In Proceedings of the ACM Web Conference (WWW), 2023.

PDF Cite Teaser Media Coverage

Brian Kondracki, Johnny So, Nick Nikiforakis (2022). Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots. In Proceedings of the USENIX Security Symposium (USENIX Security), 2022.

PDF Cite Talk NSA 11th Annual Best Scientific Cybersecurity Paper

Johnny So, Najmeh Miramirkhani, Michael Ferdman, Nick Nikiforakis (2021). Domains Do Change Their Spots: Quantifying Potential Abuse of Residual Trust. In Proceedings of the IEEE Symposium on Security and Privacy (IEEE S&P), 2022.

PDF Cite Teaser Talk

Timothy Barron, Johnny So, Nick Nikiforakis (2021). Click This, Not That: Extending Web Authentication with Deception. In ACM Asia Conference on Computer and Communications Security (AsiaCCS), 2021.

PDF Cite

Teaching

WSE 380 Rotation: Technical Foundations of a Startup
Instructor Apr 2024 – Apr 2024
WSE 380 Rotation: Honeypots and Intrusion Detection
Instructor Oct 2022 – Nov 2022
WSE 380 Rotation: Honeypots and Intrusion Detection
Instructor Mar 2022 – Apr 2022
CSE 331: Computer Security Fundamentals
Teaching Assistant Aug 2020 – May 2021
CSE 214: Data Structures
Teaching Assistant Aug 2017 – Aug 2018

Service

Paper Reviewer

I contributed paper reviews for the following conferences and journals:

  • International Symposium on Research in Attacks, Intrusions, and Defenses (RAID), External Reviewer: 2023
  • IEEE Transactions on Networking (ToN), Paper Reviewer: 2024

Artifact Evaluation Committee

I served on the artifact evaluation committee for the following conferences:

Honors

Graduate Research Day 2024 Best Poster Award Runner-Up
The More Things Change, the More They Stay the Same: Integrity of Modern JavaScript Mar 2024
NSA 11th Annual Best Scientific Cybersecurity Paper
Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots Feb 2024

Contact

  • josso [at] cs [dot] stonybrook [dot] edu