Johnny So

PhD Candidate

Stony Brook University

Biography

I am currently a third-year Ph.D. candidate advised by Professor Nick Nikiforakis at the PragSec Lab in Stony Brook University. I investigate (the lack of) web integrity in various contexts (e.g., domain names and JavaScript) through large-scale experiments, and subsequently design and evaluate defenses that improve the integrity of the web.

Interests

Web Security
Distributed Systems
Network Security
Algorithms

Education

PhD in Computer Science, 2020 - Present
Stony Brook University
BSc in Computer Science, 2020
Stony Brook University
BSc in Applied Math and Statistics, 2020
Stony Brook University

Work

Research Assistant

PragSec Lab @ Stony Brook University

Aug 2020 – Present Stony Brook, New York

Projects:

Designing an application-agnostic link management system that prevents access to external dependencies of websites if such links violate customizable integrity policies
Demonstrated that strict integrity verification of scripts cannot protect the web and provided insight for future methods through a large-scale, data-driven analysis (Things Change)
Profiled the behavior of bots that monitor Certificate Transparency logs, analyzing how bots of various intentions and origins react to new certificates within seconds (Uninvited Guests)
Illustrated the capability of adversaries to potentially affect millions of IP addresses in tens of thousands of autonomous systems by re-registering a few hundred domains (Domains Change)
Proposed and evaluated deceptive web authentication mechanisms that remove the integrity of a web application from the attacker’s arsenal, and instead place the lack of it in the defender’s arsenal (Click This, Not That)

Software Engineering Intern

Bot Management / API Shield @ Cloudflare

Jun 2023 – Aug 2023 Remote

Analyzing API traffic to reduce attack surface, detect malicious bot activity, and identify anomalous server-side behavior

PhD Research Intern

Research @ NortonLifeLock

May 2022 – Aug 2022 Remote

Analyzing the integrity of Android applications through dynamic analysis (ongoing)

Software Development Engineer Intern

Alexa @ Amazon

Jun 2019 – Aug 2019 Seattle, Washington

Created an intent recommendation service for third-party Alexa skills using short utterance text data

Software Engineer Intern

Softheon

Jun 2018 – Dec 2018 Stony Brook, New York

Built the prototype of a new state health exchange platform and established a preprocessing library used to build machine learning models

Teaching

WSE 380 Rotation: Honeypots and Intrusion Detection

Instructor Oct 2022 – Nov 2022

WSE 380 Rotation: Honeypots and Intrusion Detection

Instructor Mar 2022 – Apr 2022

CSE 331: Computer Security Fundamentals

Teaching Assistant Aug 2020 – May 2021

CSE 214: Data Structures

Teaching Assistant Aug 2017 – Aug 2018

Publications

Quickly discover relevant content by filtering publications.

Johnny So, Michael Ferdman, Nick Nikiforakis (2023). The More Things Change, the More They Stay the Same: Integrity of Modern JavaScript. In Proceedings of the ACM Web Conference (WWW), 2023.

PDF Cite Teaser

Brian Kondracki, Johnny So, Nick Nikiforakis (2022). Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots. In Proceedings of the USENIX Security Symposium (USENIX Security), 2022.

PDF Cite Talk

Johnny So, Najmeh Miramirkhani, Michael Ferdman, Nick Nikiforakis (2021). Domains Do Change Their Spots: Quantifying Potential Abuse of Residual Trust. In Proceedings of the IEEE Symposium on Security and Privacy (IEEE S&P), 2022.

PDF Cite Teaser Talk

Timothy Barron, Johnny So, Nick Nikiforakis (2021). Click This, Not That: Extending Web Authentication with Deception. In ACM Asia Conference on Computer and Communications Security (AsiaCCS), 2021.

PDF Cite

Service

Artifact Evaluation Committee Member

USENIX Security Symposium: 2022 2023

Contact

josso [at] cs [dot] stonybrook [dot] edu
Computer Science Building, Engineering Dr, Stony Brook, NY 11794