Johnny So

Johnny So

PhD Candidate

Stony Brook University

Biography

I am currently a third-year Ph.D. candidate advised by Professor Nick Nikiforakis at the PragSec Lab in Stony Brook University. I investigate (the lack of) web integrity in various contexts (e.g., domain names and JavaScript) through large-scale experiments, and subsequently design and evaluate defenses that improve the integrity of the web.

Interests
  • Web Security
  • Distributed Systems
  • Network Security
  • Algorithms
Education

  • PhD in Computer Science, 2020 - Present

    Stony Brook University

  • BSc in Computer Science, 2020

    Stony Brook University

  • BSc in Applied Math and Statistics, 2020

    Stony Brook University

Work

 
 
 
 
 
Research Assistant
PragSec Lab, Stony Brook University
Aug 2020 – Present Stony Brook, New York

Projects:

  • Designing an application-agnostic link management system that prevents access to external dependencies of websites if such links violate customizable integrity policies
  • Demonstrated that strict integrity verification of scripts cannot protect the web and provided insight for future methods through a large-scale, data-driven analysis (Things Change)
  • Profiled the behavior of bots that monitor Certificate Transparency logs, analyzing how bots of various intentions and origins react to new certificates within seconds (Uninvited Guests)
  • Illustrated the capability of adversaries to potentially affect millions of IP addresses in tens of thousands of autonomous systems by re-registering a few hundred domains (Domains Change)
  • Proposed and evaluated deceptive web authentication mechanisms that remove the integrity of a web application from the attacker’s arsenal, and instead place the lack of it in the defender’s arsenal (Click This, Not That)
 
 
 
 
 
PhD Research Intern
NortonLifeLock Research Group
May 2022 – Aug 2022 (Remote) Stony Brook, New York
Analyzing the integrity of Android applications through dynamic analysis (ongoing)
 
 
 
 
 
Software Development Engineer Intern
Amazon Alexa
Jun 2019 – Aug 2019 Seattle, Washington
Created an intent recommendation service for third-party Alexa skills using short utterance text data
 
 
 
 
 
Software Engineer Intern
Softheon
Jun 2018 – Dec 2018 Stony Brook, New York
Built the prototype of a new state health exchange platform and established a preprocessing library used to build machine learning models

Teaching

WSE 380 Rotation: Honeypots and Intrusion Detection
Instructor Oct 2022 – Nov 2022
WSE 380 Rotation: Honeypots and Intrusion Detection
Instructor Mar 2022 – Apr 2022
CSE 331: Computer Security Fundamentals
Teaching Assistant Aug 2020 – May 2021
CSE 214: Data Structures
Teaching Assistant Aug 2017 – Aug 2018

Publications

Quickly discover relevant content by filtering publications.
Johnny So, Michael Ferdman, Nick Nikiforakis (2023). The More Things Change, the More They Stay the Same: Integrity of Modern JavaScript. In Proceedings of the ACM Web Conference 2023.

Cite

Brian Kondracki, Johnny So, Nick Nikiforakis (2022). Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots. In Proceedings of the 31st USENIX Security Symposium 2022.

PDF Cite

Johnny So, Najmeh Miramirkhani, Michael Ferdman, Nick Nikiforakis (2021). Domains Do Change Their Spots: Quantifying Potential Abuse of Residual Trust. In Proceedings of the 2022 IEEE Symposium on Security and Privacy (S&P).

PDF Cite Teaser Talk

Timothy Barron, Johnny So, Nick Nikiforakis (2021). Click This, Not That: Extending Web Authentication with Deception. In ACM Asia Conference on Computer and Communications Security (AsiaCCS), 2021.

PDF Cite

Service

Artifact Evaluation Committee Member

Contact

  • josso [at] cs [dot] stonybrook [dot] edu
  • Computer Science Building, Engineering Dr, Stony Brook, NY 11794