**Hovav Shacham (חובב שחם)** ![ ](hovav-bessell.jpg width="240px") Professor,
[Department of Computer Science](https://www.cs.utexas.edu/),
[The University of Texas at Austin](https://www.utexas.edu/). E-mail: : hovav@cs.utexas.edu Address: : 2317 Speedway, Stop D9500
Austin, TX 78712 Office: : GDC 6.510 Phone: : (512) 471-9792 Professional activities ======================================================================== Before retiring from program chairing, I was co-program chair (with [Alexandra Boldyreva](https://www.cc.gatech.edu/~aboldyre/)) of [Crypto 2018](https://crypto.iacr.org/2018/), co-program chair (with [Jonathan Katz](https://www.cs.umd.edu/~jkatz/)) of [Crypto 2017](https://www.iacr.org/conferences/crypto2017/), co-program chair (with [Christopher Kruegel](https://www.cs.ucsb.edu/~chris/)) of [IEEE Security and Privacy ("Oakland") 2019](https://www.ieee-security.org/TC/SP2019/), and co-program chair (with [Alina Oprea](https://www.ccs.neu.edu/home/alina/)) of [IEEE Security and Privacy ("Oakland") 2020](https://www.ieee-security.org/TC/SP2020/). In November, 2020, I joined 58 other election security experts in stating that there is "no credible evidence of computer fraud in the 2020 election outcome." Read [our statement](dist/election-statement.pdf) and [Nicole Perlroth's article about it](https://www.nytimes.com/2020/11/16/business/election-security-letter-trump.html). In February, 2016, I submitted, along with other security researchers, a [brief of _amici curiae_](https://www.courtlistener.com/docket/4154125/82/united-states-v-in-the-matter-of-the-search-of-an-apple-iphone-seized/) in support of Apple, organized by [Stanford’s Center for Internet and Society](https://cyberlaw.stanford.edu/). Publications ======================================================================== Recent publications include: > N. Smith, A. Sharma, J. Renner, D. Thien, F. Brown, H. Shacham, > R. Jhala, and D. Stefan. “[Icarus: Trustworthy Just-In-Time > Compilers with Symbolic Meta-Execution](dist/icarus.pdf).” In > A. Arpaci-Dusseau and K. Keeton, eds., _Proceedings of SOSP 2024_, > pages 473–87. ACM Press, Nov. 2024. > S. O’Connell, L. Aben Sour, R. Magen, D. Genkin, Y. Oren, > H. Shacham, and Y. Yarom. “[Pixel Thief: Exploiting SVG Filter > Leakage in Firefox and > Chrome](https://www.usenix.org/conference/usenixsecurity24/presentation/oconnell).” > In D. Balzarotti and W. Xu, eds., _Proceedings of USENIX Security > 2024_, pages 3331–48. USENIX, Aug. 2024. > Y. Wang, R. Paccagnella, Z. Gang, W.R. Vasquez, D. Kohlbrenner, > H. Shacham, and C.W. Fletcher. “[GPU.zip: On the Side-Channel > Implications of Hardware-Based Graphical Data > Compression](https://www.hertzbleed.com/gpu.zip).” In > P. Traynor and W. Enck, eds., _Proceedings of IEEE Security and > Privacy ("Oakland") 2024_. IEEE Computer Society, May 2024. > A. Kwong, W. Wang, J. Kim, J. Berger, D. Genkin, E. Ronen, > H. Shacham, R. Wahby, and Y. Yarom. “[Checking Passwords on > Leaky Computers: A Side Channel Analysis of Chrome’s Password > Leak Detection > Protocol](https://www.usenix.org/conference/usenixsecurity23/presentation/kwong).” > In J. Calandrino and C. Troncoso, eds., _Proceedings of USENIX > Security 2023_. USENIX, Aug. 2023. > W.R. Vasquez, S. Checkoway, and H. Shacham. “[The Most > Dangerous Codec in the World: Finding and Exploiting Vulnerabilities > in H.264 Decoders](dist/h26forge.pdf).” In J. Calandrino and > C. Troncoso, eds., _Proceedings of USENIX Security 2023_. USENIX, > Aug. 2023. > Y. Wang, R. Paccagnella, E.T. He, H. Shacham, C.W. Fletcher, and D. > Kohlbrenner. “[Hertzbleed: Turning Power Side-Channel Attacks > Into Remote Timing Attacks on > x86](https://ieeexplore.ieee.org/document/10122602)” (top > pick). _IEEE Micro_ 43(4):19–27, Jul.–Aug. 2023. All my publications are [available online](publications.html). Teaching ======================================================================== * CS 361s, Computer Security: Spring 2024, Fall 2022, Spring 2022, Spring 2019. * CS 378h, Computer Security (honors): Fall 2023, Fall 2020, Fall 2019. * CS 380s, Graduate Computer Security: Spring 2023, Spring 2021, Spring 2020, Fall 2018. Students ======================================================================== Ph.D. students ------------------------------------------------------------------------ * Anand Balaji Former students ------------------------------------------------------------------------ * [Willy Vasquez](https://wrv.github.io/) (Ph.D. 2024) * [Yingchen Wang](/~yingchen/) (Ph.D. 2024) -> UC Berkeley (postdoc) * [David Kohlbrenner](https://dkohlbre.com/) (Ph.D. 2018) -> UC Berkeley (postdoc) -> UW * [Wilson Lian](https://cseweb.ucsd.edu/~wlian/) (Ph.D. 2016) -> Google * [Jacob Maskiewicz](https://jakemask.com/) (M.S. 2016) -> Facebook * [Keaton Mowery](https://cseweb.ucsd.edu/~kmowery/) (Ph.D. 2015) -> Apple * [Daniel Cashman](https://www.linkedin.com/in/daniel-cashman-892a1328) (M.S. 2013) -> Google * [Stephen Checkoway](https://checkoway.net/) (Ph.D. 2012) -> Johns Hopkins -> UI Chicago -> Oberlin * [Aishwarya Venkataraman](https://www.linkedin.com/in/aishwarya-venkataraman-5b7b1310) (M.S. 2012) -> Stack iQ * [Grace Wang](https://www.linkedin.com/in/grace-wang-93b87417) (M.S. 2010) -> Qualcomm Brief biography ======================================================================== Hovav Shacham joined the University of Texas at Austin in 2018. His research interests are in applied cryptography, systems security, privacy-enhancing technologies, and technology policy. Shacham was a student at Stanford and a postdoctoral fellow at the Weizmann Institute. From 2007 to 2018, he was on the faculty at the University of California, San Diego. His work has been recognized with four "test-of-time" awards, including one at ACM CCS 2017 for his 2007 paper that introduced return-oriented programming. Shacham took part in California’s 2007 "Top-to-Bottom" voting systems review and served on the advisory committee for California’s 2011–13 post-election risk-limiting audit pilot program. His work has been cited by the National Academies, the Federal Trade Commission, the National Highway Traffic Safety Administration, the Cybersecurity and Infrastructure Security Agency, and the RAND Corporation. (#) (Un)professional activities I used to be on Twitter (as `@hovav`), and am now trying the fediverse. (#) Photo credits Portrait copyright 2011 by Natalie Bessell. All rights reserved.