Johnny So

Johnny So

PhD Candidate

Stony Brook University


I am currently a third-year Ph.D. candidate advised by Professor Nick Nikiforakis at the PragSec Lab in Stony Brook University. I investigate (the lack of) web integrity in various contexts (e.g., domain names and JavaScript) through large-scale experiments, and subsequently design and evaluate defenses that improve the integrity of the web.

  • Web Security
  • Distributed Systems
  • Network Security
  • Algorithms
  • PhD in Computer Science, 2020 - Present

    Stony Brook University

  • BSc in Computer Science, 2020

    Stony Brook University

  • BSc in Applied Math and Statistics, 2020

    Stony Brook University


Research Assistant
Aug 2020 – Present Stony Brook, New York


  • Designing a link management system that will enable administrators to manage all external resource dependencies of their websites and be notified of changes (ongoing)
  • Demonstrated that strict integrity verification of scripts cannot adequately protect the web through a large-scale, data-driven analysis (under submission)
  • Profiled the behavior of bots that monitor Certificate Transparency logs, analyzing how bots of various intentions and origins react to new certificates within seconds (Uninvited Guests)
  • Illustrated the capability of adversaries to potentially affect millions of IP addresses in tens of thousands of autonomous systems by re-registering a few hundred domains (Domains Change)
  • Proposed and evaluated deceptive web authentication mechanisms that remove the integrity of a web application from the attacker’s arsenal, and instead place the lack of it in the defender’s arsenal (Click This, Not That)
PhD Research Intern
May 2022 – Aug 2022 (Remote) Stony Brook, New York
Analyzing the integrity of Android applications through dynamic analysis (ongoing)
Software Development Engineer Intern
Amazon Alexa
Jun 2019 – Aug 2019 Seattle, Washington
Created an intent recommendation service for third-party Alexa skills using short utterance text data
Software Engineer Intern
Jun 2018 – Dec 2018 Stony Brook, New York
Built the prototype of a new state health exchange platform and established a preprocessing library used to build machine learning models


WSE 380 Rotation: Honeypots and Intrusion Detection
WSE 380 Rotation: Honeypots and Intrusion Detection
CSE 331: Computer Security Fundamentals
CSE 214: Data Structures


Quickly discover relevant content by filtering publications.
(2022). Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots. In Proceedings of the 31st USENIX Security Symposium 2022.

PDF Cite

(2021). Domains Do Change Their Spots: Quantifying Potential Abuse of Residual Trust. In Proceedings of the 2022 IEEE Symposium on Security and Privacy (S&P).

PDF Cite Teaser Talk

(2021). Click This, Not That: Extending Web Authentication with Deception. In ACM Asia Conference on Computer and Communications Security (AsiaCCS), 2021.

PDF Cite


Artifact Evaluation Committee Member


  • josso [at] cs [dot] stonybrook [dot] edu
  • Computer Science Building, Engineering Dr, Stony Brook, NY 11794