Johnny So

Johnny So

PhD Candidate

Stony Brook University


I am currently a third-year Ph.D. candidate advised by Professor Nick Nikiforakis at the PragSec Lab in Stony Brook University. I investigate (the lack of) web integrity in various contexts (e.g., domain names and JavaScript) through large-scale experiments, and subsequently design and evaluate defenses that improve the integrity of the web.


  • Web Security
  • Distributed Systems
  • Network Security
  • Algorithms


  • PhD in Computer Science, 2020 - Present

    Stony Brook University

  • BSc in Computer Science, 2020

    Stony Brook University

  • BSc in Applied Math and Statistics, 2020

    Stony Brook University



PhD Research Intern

NortonLifeLock Research Group

May 2022 – Aug 2022 (Remote) Stony Brook, New York
Analyzing the integrity of Android applications through dynamic analysis (ongoing)

Research Assistant

PragSec Lab, Stony Brook University

Aug 2020 – Present Stony Brook, New York


  • Designing a link management system that will enable administrators to manage all external resource dependencies of their websites and be notified of changes (ongoing)
  • Demonstrated that strict integrity verification of scripts cannot adequately protect the web through a large-scale, data-driven analysis (under submission)
  • Profiled the behavior of bots that monitor Certificate Transparency logs, analyzing how bots of various intentions and origins react to new certificates within seconds (Uninvited Guests)
  • Illustrated the capability of adversaries to potentially affect millions of IP addresses in tens of thousands of autonomous systems by re-registering a few hundred domains (Domains Change)
  • Proposed and evaluated deceptive web authentication mechanisms that remove the integrity of a web application from the attacker’s arsenal, and instead place the lack of it in the defender’s arsenal (Click This, Not That)

Software Development Engineer Intern

Amazon Alexa

Jun 2019 – Aug 2019 Seattle, Washington
Created an intent recommendation service for third-party Alexa skills using short utterance text data

Software Engineer Intern


Jun 2018 – Dec 2018 Stony Brook, New York
Built the prototype of a new state health exchange platform and established a preprocessing library used to build machine learning models


WSE 380 Rotation: Honeypots and Intrusion Detection

WSE 380 Rotation: Honeypots and Intrusion Detection

CSE 331: Computer Security Fundamentals

CSE 214: Data Structures


Artifact Evaluation Committee Member

  • USENIX Security Symposium: 2022


  • josso [at] cs [dot] stonybrook [dot] edu