<meta charset="utf-8" emacsmode="-*- markdown -*-">
           **Hovav Shacham (חובב שחם)**

![ ](daemon.png width="240px")
[Department of Computer Science](https://www.cs.utexas.edu/),<br>
[The University of Texas at Austin](https://www.utexas.edu/).

E-mail:
: hovav@cs.utexas.edu
Address:
: 2317 Speedway, Stop D9500<br>
  Austin, TX 78712

Professional activities
========================================================================

Before retiring from program chairing, I was co-program chair (with [Alexandra
Boldyreva](https://www.cc.gatech.edu/~aboldyre/)) of [Crypto
2018](https://crypto.iacr.org/2018/), co-program chair (with [Jonathan
Katz](https://www.cs.umd.edu/~jkatz/)) of [Crypto
2017](https://www.iacr.org/conferences/crypto2017/), co-program chair (with
[Christopher Kruegel](https://www.cs.ucsb.edu/~chris/)) of [IEEE Security and
Privacy ("Oakland") 2019](https://www.ieee-security.org/TC/SP2019/), and
co-program chair (with [Alina Oprea](https://www.ccs.neu.edu/home/alina/)) of
[IEEE Security and Privacy ("Oakland")
2020](https://www.ieee-security.org/TC/SP2020/).

In November, 2020, I joined 58 other election security experts in
stating that there is "no credible evidence of computer fraud in the
2020 election outcome."  Read [our
statement](dist/election-statement.pdf) and [Nicole Perlroth's article
about
it](https://www.nytimes.com/2020/11/16/business/election-security-letter-trump.html).

In February, 2016, I submitted, along with other security researchers, a [brief
of _amici
curiae_](https://www.courtlistener.com/docket/4154125/82/united-states-v-in-the-matter-of-the-search-of-an-apple-iphone-seized/)
in support of Apple, organized by [Stanford&rsquo;s Center for Internet and
Society](https://cyberlaw.stanford.edu/).


Publications
========================================================================

Recent publications include:

> N. Smith, A. Sharma, J. Renner, D. Thien, F. Brown, H. Shacham,
> R. Jhala, and D. Stefan.  &ldquo;[Icarus: Trustworthy Just-In-Time
> Compilers with Symbolic Meta-Execution](dist/icarus.pdf).&rdquo; In
> A. Arpaci-Dusseau and K. Keeton, eds., _Proceedings of SOSP 2024_,
> pages 473&ndash;87. ACM Press, Nov. 2024.

> S. O&rsquo;Connell, L. Aben Sour, R. Magen, D. Genkin, Y. Oren,
> H. Shacham, and Y. Yarom. &ldquo;[Pixel Thief: Exploiting SVG Filter
> Leakage in Firefox and
> Chrome](https://www.usenix.org/conference/usenixsecurity24/presentation/oconnell).&rdquo;
> In D. Balzarotti and W. Xu, eds., _Proceedings of USENIX Security
> 2024_, pages 3331&ndash;48.  USENIX, Aug. 2024.

> Y. Wang, R. Paccagnella, Z. Gang, W.R. Vasquez, D. Kohlbrenner,
> H. Shacham, and C.W. Fletcher.  &ldquo;[GPU.zip: On the Side-Channel
> Implications of Hardware-Based Graphical Data
> Compression](https://www.hertzbleed.com/gpu.zip).&rdquo; In
> P. Traynor and W. Enck, eds., _Proceedings of IEEE Security and
> Privacy ("Oakland") 2024_.  IEEE Computer Society, May 2024.

> A. Kwong, W. Wang, J. Kim, J. Berger, D. Genkin, E. Ronen,
> H. Shacham, R. Wahby, and Y. Yarom.  &ldquo;[Checking Passwords on
> Leaky Computers: A Side Channel Analysis of Chrome&rsquo;s Password
> Leak Detection
> Protocol](https://www.usenix.org/conference/usenixsecurity23/presentation/kwong).&rdquo;
> In J. Calandrino and C. Troncoso, eds., _Proceedings of USENIX
> Security 2023_.  USENIX, Aug. 2023.

> W.R. Vasquez, S. Checkoway, and H. Shacham.  &ldquo;[The Most
> Dangerous Codec in the World: Finding and Exploiting Vulnerabilities
> in H.264 Decoders](dist/h26forge.pdf).&rdquo; In J. Calandrino and
> C. Troncoso, eds., _Proceedings of USENIX Security 2023_.  USENIX,
> Aug. 2023.

> Y. Wang, R. Paccagnella, E.T. He, H. Shacham, C.W. Fletcher, and D.
> Kohlbrenner.  &ldquo;[Hertzbleed: Turning Power Side-Channel Attacks
> Into Remote Timing Attacks on
> x86](https://ieeexplore.ieee.org/document/10122602)&rdquo; (top
> pick).  _IEEE Micro_ 43(4):19&ndash;27, Jul.&ndash;Aug. 2023.

All my publications are [available online](publications.html).

Teaching
========================================================================

* CS 361s, Computer Security: Spring 2024, Fall 2022, Spring 2022, Spring 2019.
* CS 378h, Computer Security (honors): Fall 2023, Fall 2020, Fall 2019.
* CS 380s, Graduate Computer Security: Spring 2023, Spring 2021,
    Spring 2020, Fall 2018.

Students
========================================================================

Ph.D. students
------------------------------------------------------------------------

* Anand Balaji

Former students
------------------------------------------------------------------------

* [Willy Vasquez](https://wrv.github.io/)
  (Ph.D. 2024)
* [Yingchen Wang](/~yingchen/)
  (Ph.D. 2024) -> UC Berkeley (postdoc)
* [David Kohlbrenner](https://dkohlbre.com/)
  (Ph.D. 2018) -> UC Berkeley (postdoc) -> UW
* [Wilson Lian](https://cseweb.ucsd.edu/~wlian/)
  (Ph.D. 2016) -> Google
* [Jacob Maskiewicz](https://jakemask.com/)
  (M.S. 2016) -> Facebook
* [Keaton Mowery](https://cseweb.ucsd.edu/~kmowery/)
  (Ph.D. 2015) -> Apple
* [Daniel Cashman](https://www.linkedin.com/in/daniel-cashman-892a1328)
  (M.S. 2013) -> Google
* [Stephen Checkoway](https://checkoway.net/)
  (Ph.D. 2012) -> Johns Hopkins -> UI Chicago -> Oberlin
* [Aishwarya Venkataraman](https://www.linkedin.com/in/aishwarya-venkataraman-5b7b1310)
  (M.S. 2012) -> Stack iQ
* [Grace Wang](https://www.linkedin.com/in/grace-wang-93b87417)
  (M.S. 2010) -> Qualcomm

Brief biography
========================================================================

Hovav Shacham's research interests are in applied cryptography,
systems security, privacy-enhancing technologies, and technology
policy.  Shacham was a student at Stanford and a postdoctoral fellow
at the Weizmann Institute.  From 2018 to 2025, he was on the faculty
at The University of Texas at Austin.  His work has been recognized
with four "test-of-time" awards, including one at ACM CCS 2017 for his
2007 paper that introduced return-oriented programming.  Shacham took
part in California&rsquo;s 2007 "Top-to-Bottom" voting systems review
and served on the advisory committee for California&rsquo;s
2011&ndash;13 post-election risk-limiting audit pilot program.  His
work has been cited by the National Academies, the Federal Trade
Commission, the National Highway Traffic Safety Administration, the
Cybersecurity and Infrastructure Security Agency, and the RAND
Corporation.

(#) (Un)professional activities

I used to be on Twitter (as `@hovav`), and can now be found on
<a rel="me" href="https://infosec.exchange/@hovav">the fediverse</a>.


(#) Photo credits

<!--
Portrait copyright 2011 by Natalie Bessell. All rights reserved.
-->

BSD Daemon Copyright 1988 by Marshall Kirk McKusick.
All Rights Reserved.

Permission to use the daemon may be obtained from:

> Marshall Kirk McKusick<br>
> 1614 Oxford St<br>
> Berkeley, CA 94709–1608<br>
> USA

or via email at [`mckusick@mckusick.com`](mailto:mckusick@mckusick.com).

<!-- Portrait by Erik Jepsen, UC San Diego Publications. -->

<!-- Markdeep: --><style class="fallback">body{visibility:hidden;white-space:pre;font-family:monospace}</style><script src="markdeep.min.js" charset="utf-8"></script><script src="https://morgan3d.github.io/markdeep/latest/markdeep.min.js" charset="utf-8"></script><script>window.alreadyProcessedMarkdeep||(document.body.style.visibility="visible")</script>