About Me

I am an Assistant Professor in the Cheriton School of Computer Science at the University of Waterloo, Canada. I am also a member of the Cryptography, Security, and Privacy (CrySP) group and the Cybersecurity and Privacy Institute (CPI). See my CV for more information about me.

My research is in the area of system and software security, with a focus on delivering high-quality solutions to practical security programs, especially in finding and patching vulnerabilities in critical computer systems. This usually includes research and development of automated program analysis / testing / verification tools that facilitate the security reasoning of critical programs.

I am a believer that security should be treated as a first-class citizen in programming instead of being considered after-the-fact. But this won’t be possible without a wide range of security tools in every stage of software development. Therefore, I am placing my efforts behind

• secure-by-design languages (e.g., Rust, Move),
• automated program analysis (e.g., symbolic model checking, fuzzing / mutation testing), and
• runtime defense techniques (e.g., moving target defense, secure hardware).

Before joining Waterloo, I spent a gap-year at Facebook/Novi where I was a member of the Move language team and worked on the Move compiler, interpreter, and prover. As a cutting-edge programming language, Move not only provides memory safety but also resource safety—an intriguing security property in a distributed setting—and various verification-friendly features.

Prospective Students

I am looking for highly-motivated PhD, research-based master (MMath), undergraduate and visiting students interested in security, program analysis, software engineering, operating systems, or blockchain / smart contracts. Feel free to contact me with your transcript and CV or list my name as a potential supervisor in the official application so that it comes to my attention.