April 20, 2016

My paper: Gone in Six Characters: Short URLs Considered Harmful for Cloud Services has received international acclaim:

# HackerNews, USA
# Ars Technica, USA
# Forbes, USA
# Wired, USA
# CNN Indonesia, Indonesia
# The Register, UK
# Heise, Germany
# Xakep.ru, Russia
# Silicon, France
# Bit, Australia
# ldiario, Spain
# WebNews, Italy
# Security, Netherlands
# DigiToday, Finland
# ... and many others

April 14, 2016

Today, we are publicly releasing our paper: Gone in Six Characters: Short URLs Considered Harmful for Cloud Services.

This paper demonstrates the inherent insecurities of short URLs for cloud services and presents large-scale vulnerabilities in Google Maps and Microsoft OneDrive.

August 17, 2015

I have officially graduated from UT Austin with a PhD in Computer Science. The topic of my dissertation is: On the (In)security of Service APIs.

0 to PhD in 20 years.

I would like to take this moment to thank the following people for their continuous support and encouragement throughout the years: Hristo Georgiev and Temenuzhka Georgieva (my parents); Pavel Georgiev (my brother); Vitaly Shmatikov (my PhD adviser); Vitaly Shmatikov, Brent Waters, Emmett Witchel, Lili Qiu and XiaoFeng Wang (my PhD committee members); Nona Sirakova (♥); Sanford Miller, Bogdan Petrenko, Vishal Anand and Sandeep Mitra (my most inspirational college professors); Daniela Zhekova and Stefka Stoilkova (my Math teachers); Suman Jana, Hongkun Yang, Tsvetomira Radeva, Chad Brubaker and many other professors, teachers and friends. Thank you!


May 26, 2015

I am going back to Google for a summer internship. I will be working on the Gmail Security team. I am very thrilled to be part of this team and help improve the security of the best email service in the world.

January 17, 2015

My paper: Rethinking Security of Web-Based System Applications has been accepted for publication at WWW 2015.

September 3, 2014

I have moved to NYC and am currently a visiting student at Cornell NYC Tech.

June 2, 2014

This summer I will be doing an internship at Google (Mountain View office). I will be working on improving the security of OAuth 2.0 clients. I am very excited about this opprotunity and look forward to contributing to Google's great products and services.

November 1, 2013

My paper: Breaking and Fixing Origin-Based Access Control in Hybrid Web/Mobile Application Frameworks has been accepted for publication at NDSS 2014.

September 9, 2013

Today I found something quite hilarious:

                RFC 3514          The Security Flag in the IPv4 Header      1 April 2003

                The bit field is laid out as follows:

                           0
                          +-+
                          |E|
                          +-+
                Currently-assigned values are defined as follows:

                0x0  If the bit is set to 0, the packet has no evil intent.  Hosts,
                     network elements, etc., SHOULD assume that the packet is
                     harmless, and SHOULD NOT take any defensive measures.  (We note
                     that this part of the spec is already implemented by many common
                     desktop operating systems.)

                0x1  If the bit is set to 1, the packet has evil intent.  Secure
                     systems SHOULD try to defend themselves against such packets.
                     Insecure systems MAY chose to crash, be penetrated, etc.
                

August 15, 2013

I have been selected to be one of the VMware student ambassadors at UT Austin for the 2013-2014 academic year. This program is to run as an extension to the last year's program. I look forward to collaborating with the University Relations team at VMware and organizing events here at UT.

If you are a student and would like to know more about VMware, feel free to contact me. I will be happy to share with you my experience working at VMware, as well as give you tips how to apply for an internship/new grad position.

May 27, 2013

This summer I will be doing an internship at VMware. I will be working on the Product Security team. I am very excited about this work and am looking forward to learning more about virtualization as well as contributing to VMware's efforts to keep the enterprise software secure.

November 17, 2012

My paper: The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software won 1st place at the AT&T Best Applied Security Paper competition held at NYU-Poly.

October 11, 2012

Today I passed my Research Preparation Exam (RPE). The topic of my RPE talk was:
"The Most Dangerous Code in the World: (In)secure Usage of Security Libraries".

July 9, 2012

My paper: The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software was accepted in ACM CCS 2012.

The acceptance rate of the conference this year is: 19.15% i.e. 81 papers were accepted out of 423 papers submitted.

March 7, 2012

I currently work on verifying how the Secure Sockets Layer protocol is implemented in different frameworks and what effects certain architectural design decisions may have on the end application's security.

August 24, 2011

Today is my "day one" in the PhD program at UT Austin. I am very excited about this opportunity and looking forward to working on some high-impact research problems in the years ahead.