index.html

<!DOCTYPE html>
<html>
  <head>
    <title>David Huang (Lin-Shung Huang)</title>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <style>
      #content{background:#FFF;border-top:#4c66a4 solid 20px;margin:auto;margin-bottom:20px;padding:20px 60px 80px 60px;max-width:768px;box-shadow:0 0 4px 4px #ccc}
      #profile{background:url('images/profile.jpg');background-size:contain;height:200px;width:150px;float:left;margin:0 40px 40px 0;box-shadow:4px 4px 4px #ccc;display:block}
      #email{background:url('images/email.png');background-size:contain;height:21px;width:186px;display:inline-block}
      #scholar{background:url('images/scholar.png');background-size:contain;height:21px;width:21px;display:inline-block}
      #linkedin{background:url('images/linkedin.png');background-size:contain;height:21px;width:21px;display:inline-block}
      .title{font-weight:bold}
      .comment{color:DarkGreen;font-style:italic}
      .comment a{color:DarkGreen;text-decoration:underline}
      span{white-space:nowrap}
      body{background:#f7f7f7;font-family:Helvetica,Arial,sans-serif;margin:0;line-height:1.3}
      h3{clear:both}
      a{text-decoration:none}
      @media only screen and (max-device-width:768px) {
        #content{margin:0;padding:0 20px 40px 20px;box-shadow:none}
        #profile{float:none;box-shadow:none}
      }
    </style>
  </head>
  <body>
    <div id="content">
      <h1><span>David Huang</span> <span>(Lin-Shung Huang)</span></h1>
      <img id="profile" />
      <div id="email"></div>
      <a href="https://scholar.google.com/citations?user=o4HLLIoAAAAJ"><div id="scholar"></div></a>
      <a href="https://www.linkedin.com/in/linshunghuang/"><div id="linkedin"></div></a>
      <p>Hello! I work on Product Security at <a href="https://www.facebook.com/">Facebook</a>. I've previously interned at Facebook and <a href="https://www.microsoft.com/en-us/research/">Microsoft Research</a>. I TA'd at <a href="https://www.cmu.edu/">Carnegie Mellon University</a> for Browser Security (18-636) and Web Application Security and Performance (18-635).</p>
      <p>I recieved my PhD from Carnegie Mellon University under the supervision of <a href="http://www.collinjackson.com/">Collin Jackson</a>. My research interests are in the security of web applications and browsers.</p>
      <h3>Education</h3>
      <div>PhD, Electrical and Computer Engineering, <a href="http://www.cmu.edu/">Carnegie Mellon University</a>, 2014</div>
      <div>MEng, Electrical and Computer Engineering, <a href="http://www.cornell.edu/">Cornell University</a>, 2009</div>
      <div>BS, MS, Computer Science, <a href="http://www.nctu.edu.tw/">National Chiao Tung University</a>, 2007</div>
      <h3>Publications</h3>
      <div class="title"><a href="/papers/mitm.pdf">Analyzing Forged SSL Certificates in the Wild</a></div>
      <div class="authors">Lin-Shung Huang, Alex Rice, <a href="https://alf.nu/">Erling Ellingsen</a> and <a href="http://www.collinjackson.com/">Collin Jackson</a></div>
      <div class="howpublished">IEEE Symposium on Security and Privacy (IEEE S&P) 2014</div>
      <div class="comment">*Proposed method is deployed at Facebook.</div>
      <br>
      <div class="title"><a href="https://www.ieee-security.org/TC/SP2014/papers/AllYourScreensareBelongtoUs_c_AttacksExploitingtheHTML5ScreenSharingAPI.pdf">All Your Screens Are Belong to Us: Attacks Exploiting the HTML5 Screen Sharing API</a></div>
      <div class="authors"><a href="http://wnss.sv.cmu.edu/people/tian/">Yuan Tian</a>, Ying-Chuan Liu, Amar Bhosale, Lin-Shung Huang, <a href="http://wnss.sv.cmu.edu/people/tague/">Patrick Tague</a> and <a href="http://www.collinjackson.com/">Collin Jackson</a></div>
      <div class="howpublished">IEEE Symposium on Security and Privacy (IEEE S&P) 2014</div>
      <br>
      <div class="title"><a href="/papers/ecc-pfs.pdf">An Experimental Study of TLS Forward Secrecy Deployments</a></div>
      <div class="authors">Lin-Shung Huang, Shrikant Adhikarla, <a href="https://crypto.stanford.edu/~dabo/">Dan Boneh</a> and <a href="http://www.collinjackson.com/">Collin Jackson</a></div>
      <div class="howpublished">Web 2.0 Security and Privacy (W2SP) 2014</div>
      <div class="howpublished">IEEE Internet Computing (Volume: 18, Issue: 6)</div>
      <br>
      <div class="title"><a href="https://dl.acm.org/citation.cfm?doid=2598394.2598413">Darwin: A Ground Truth Agnostic CAPTCHA Generator Using Evolutionary Algorithm</a> (Poster)</div>
      <div class="authors">Eric Y. Chen, Lin-Shung Huang, Ole J. Mengshoel and Jason D. Lohn</div>
      <div class="howpublished">Genetic and Evolutionary Computation Conference (GECCO) 2014</div>
      <br>
      <div class="title"><a href="/papers/aki.pdf">Accountable Key Infrastructure (AKI): A Proposal for a Public-Key Validation Infrastructure</a></div>
      <div class="authors"><a href="https://users.ece.cmu.edu/~hyunjin1/">Tiffany Hyun-Jin Kim</a>, Lin-Shung Huang, <a href="https://users.ece.cmu.edu/~adrian/">Adrian Perrig</a>, <a href="http://www.collinjackson.com/">Collin Jackson</a> and Virgil Gligor</div>
      <div class="howpublished">International World Wide Web Conference (WWW) 2013</div>
      <br>
      <div class="title"><a href="/papers/clickjacking.pdf">Clickjacking: Attacks and Defenses</a></div>
      <div class="authors">Lin-Shung Huang, Alexander Moshchuk, Helen J. Wang, Stuart Schechter and <a href="http://www.collinjackson.com/">Collin Jackson</a></div>
      <div class="howpublished">USENIX Security Symposium 2012</div>
      <div class="comment">*Proposed defense is part of the <a href="http://www.w3.org/TR/UISecurity/">User Interface Security</a> W3C working draft.</div>
      <br>
      <div class="title"><a href="/papers/short-lived.pdf">Towards Short-Lived Certificates</a></div>
      <div class="authors">Emin Topalovic, Brennan Saeta, Lin-Shung Huang, <a href="http://www.collinjackson.com/">Collin Jackson</a> and <a href="https://crypto.stanford.edu/~dabo/">Dan Boneh</a></div>
      <div class="howpublished">Web 2.0 Security and Privacy (W2SP) 2012</div>
      <br>
      <div class="title"><a href="/papers/prefetching.pdf">The Case for Prefetching and Prevalidating TLS Server Certificates</a></div>
      <div class="authors"><a href="https://www.emilymstark.com/">Emily Stark</a>, Lin-Shung Huang, Dinesh Israni, <a href="http://www.collinjackson.com/">Collin Jackson</a> and <a href="https://crypto.stanford.edu/~dabo/">Dan Boneh</a></div>
      <div class="howpublished">Network and Distributed System Security Symposium (NDSS) 2012</div>
      <br>
      <div class="title"><a href="https://docs.google.com/document/pub?id=1hVcxPeCidZrM5acFH9ZoTYzg1D0VjkG3BDW_oUdn5qc">Clickjacking Attacks Unresolved</a></div>
      <div class="authors">Lin-Shung Huang and <a href="http://www.collinjackson.com/">Collin Jackson</a></div>
      <div class="howpublished">Technical Report 2011</div>
      <br>
      <div class="title"><a href="/papers/websocket.pdf">Talking to Yourself for Fun and Profit</a></div>
      <div class="authors">Lin-Shung Huang, Eric Y. Chen, <a href="https://www.adambarth.com/">Adam Barth</a>, <a href="http://www.rtfm.com/">Eric Rescorla</a> and <a href="http://www.collinjackson.com/">Collin Jackson</a></div>
      <div class="howpublished">Web 2.0 Security and Privacy (W2SP) 2011</div>
      <div class="comment">*Proposed defense is standardized in <a href="https://tools.ietf.org/html/rfc6455">RFC 6455</a> and adopted across major browsers.</div>
      <br>
      <div class="title"><a href="/papers/css.pdf">Protecting Browsers from Cross-Origin CSS Attacks</a></div>
      <div class="authors">Lin-Shung Huang, <a href="http://www.owlfolio.org/">Zack Weinberg</a>, <a href="http://scarybeastsecurity.blogspot.com/">Chris Evans</a> and <a href="http://www.collinjackson.com/">Collin Jackson</a></div>
      <div class="howpublished">ACM Conference on Computer and Communications Security (CCS) 2010</div>
      <div class="comment">*Proposed defense is adopted by <a href="http://blogs.msdn.com/b/ie/archive/2010/10/26/mime-handling-changes-in-internet-explorer.aspx">IE</a>, <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=524223">Firefox</a>, <a href="https://code.google.com/p/chromium/issues/detail?id=9877">Chrome</a>, <a href="https://bugs.webkit.org/show_bug.cgi?id=29820">Safari</a>, Opera, and standardized in <a href="https://www.w3.org/Bugs/Public/show_bug.cgi?id=9834">HTML5</a>.</div>
      <br>
      <div class="title"><a href="https://dl.acm.org/citation.cfm?doid=1869983.1870045">TouchAble: A Camera-Based Multitouch System</a> (Demo)</div>
      <div class="authors">Lin-Shung Huang, Feng-Tso Sun and Pei Zhang</div>
      <div class="howpublished">ACM Conference on Embedded Networked Sensor Systems (SenSys) 2010</div>
      <br>
      <div class="title"><a href="https://www.sciencedirect.com/science/article/pii/S1047320308000588?via%3Dihub">A Rate-Distortion Optimization Model for SVC Inter-Layer Encoding and Bitstream Extraction</a></div>
      <div class="authors">Wen-Hsiao Peng, John K. Zao, Hsueh-Ting Huang, Tse-Wei Wang and Lin-Shung Huang</div>
      <div class="howpublished">Journal of Visual Communication and Image Representation 2008</div>
      <br>
      <div class="title"><a href="https://ieeexplore.ieee.org/document/4476003/">Rate-Distortion Optimized SVC Bitstream Extraction for Heterogeneous Devices: A Preliminary Investigation</a></div>
      <div class="authors">Wen-Hsiao Peng, Lin-Shung Huang, John K. Zao, Jiun-Shien Lu, Tse-Wei Wang, Hsueh-Ting Huang and Lun-Chia Kuo</div>
      <div class="howpublished">IEEE International Symposium on Multimedia Workshops 2007</div>
      <br>
      <div class="title"><a href="https://ieeexplore.ieee.org/document/4061193/">Trickle: Resilient Real-Time Video Multicasting for Dynamic Peers with Limited or Asymmetric Network Connectivity</a></div>
      <div class="authors">Yu-Hsuang Guo, John K. Zao, Wen-Hsiao Peng, Lin-Shung Huang, Fang-Po Kuo and Che-Min Lin</div>
      <div class="howpublished">IEEE International Symposium on Multimedia 2006</div>
    </div>
  </body>
</html>