**Hovav Shacham**
![ ](hovav-bessell.jpg width="240px")
Professor,
[Department of Computer Science](https://www.cs.utexas.edu/),
[The University of Texas at Austin](https://www.utexas.edu/).
E-mail:
: hovav@cs.utexas.edu
Address:
: 2317 Speedway, Stop D9500
Austin, TX 78712
Office:
: GDC 6.510
Phone:
: (512) 471-9792
Professional activities
========================================================================
Before retiring from program chairing, I was co-program chair (with [Alexandra
Boldyreva](https://www.cc.gatech.edu/~aboldyre/)) of [Crypto
2018](https://crypto.iacr.org/2018/), co-program chair (with [Jonathan
Katz](https://www.cs.umd.edu/~jkatz/)) of [Crypto
2017](https://www.iacr.org/conferences/crypto2017/), co-program chair (with
[Christopher Kruegel](https://www.cs.ucsb.edu/~chris/)) of [IEEE Security and
Privacy ("Oakland") 2019](https://www.ieee-security.org/TC/SP2019/), and
co-program chair (with [Alina Oprea](https://www.ccs.neu.edu/home/alina/)) of
[IEEE Security and Privacy ("Oakland")
2020](https://www.ieee-security.org/TC/SP2020/).
In November, 2020, I joined 58 other election security experts in
stating that there is "no credible evidence of computer fraud in the
2020 election outcome." Read [our
statement](dist/election-statement.pdf) and [Nicole Perlroth's article
about
it](https://www.nytimes.com/2020/11/16/business/election-security-letter-trump.html).
In February, 2016, I submitted, along with other security researchers, a [brief
of _amici
curiae_](https://www.courtlistener.com/docket/4154125/82/united-states-v-in-the-matter-of-the-search-of-an-apple-iphone-seized/)
in support of Apple, organized by [Stanford’s Center for Internet and
Society](https://cyberlaw.stanford.edu/).
Publications
========================================================================
Recent publications include:
> S. O'Connell, L. Aben Sour, R. Magen, D. Genkin, Y. Oren,
> H. Shacham, and Y. Yarom. “[Pixel Thief: Exploiting SVG Filter
> Leakage in Firefox and
> Chrome](https://www.usenix.org/conference/usenixsecurity24/presentation/oconnell).”
> In D. Balzarotti and W. Xu, eds., _Proceedings of USENIX Security
> 2024_. USENIX, Aug. 2024. To appear.
> Y. Wang, R. Paccagnella, Z. Gang, W.R. Vasquez, D. Kohlbrenner,
> H. Shacham, and C.W. Fletcher. “[GPU.zip: On the Side-Channel
> Implications of Hardware-Based Graphical Data
> Compression](https://www.hertzbleed.com/gpu.zip).” In
> P. Traynor and W. Enck, eds., _Proceedings of IEEE Security and
> Privacy ("Oakland") 2024_. IEEE Computer Society, May 2024. To
> appear.
> A. Kwong, W. Wang, J. Kim, J. Berger, D. Genkin, E. Ronen,
> H. Shacham, R. Wahby, and Y. Yarom. “[Checking Passwords on
> Leaky Computers: A Side Channel Analysis of Chrome’s Password
> Leak Detection
> Protocol](https://www.usenix.org/conference/usenixsecurity23/presentation/kwong).”
> In J. Calandrino and C. Troncoso, eds., _Proceedings of USENIX
> Security 2023_. USENIX, Aug. 2023.
> W.R. Vasquez, S. Checkoway, and H. Shacham. “[The Most
> Dangerous Codec in the World: Finding and Exploiting Vulnerabilities
> in H.264 Decoders](dist/h26forge.pdf).” In J. Calandrino and
> C. Troncoso, eds., _Proceedings of USENIX Security 2023_. USENIX,
> Aug. 2023.
> Y. Wang, R. Paccagnella, E.T. He, H. Shacham, C.W. Fletcher, and D.
> Kohlbrenner. “[Hertzbleed: Turning Power Side-Channel Attacks
> Into Remote Timing Attacks on
> x86](https://ieeexplore.ieee.org/document/10122602)” (top
> pick). _IEEE Micro_ 43(4):19–27, Jul.–Aug. 2023.
> Y. Wang, R. Paccagnella, A. Wandke, Z. Gang, G. Garrett-Grossman,
> C.W. Fletcher, D. Kohlbrenner, and H. Shacham. “[DVFS
> Frequently Leaks Secrets: Hertzbleed Attacks Beyond SIKE,
> Cryptography, and CPU-Only
> Data](https://www.hertzbleed.com/2h2b.pdf).” In T. Ristenpart
> and P. Traynor, eds., _Proceedings of IEEE Security and Privacy
> ("Oakland") 2023_. IEEE Computer Society, May 2023.
All my publications are [available online](publications.html).
Teaching
========================================================================
* CS 361s, Computer Security: Spring 2024, Fall 2022, Spring 2022, Spring 2019.
* CS 378h, Computer Security (honors): Fall 2023, Fall 2020, Fall 2019.
* CS 380s, Graduate Computer Security: Spring 2023, Spring 2021,
Spring 2020, Fall 2018.
Students
========================================================================
Ph.D. students
------------------------------------------------------------------------
* [Willy Vasquez](https://wrv.github.io/)
* [Yingchen Wang](/~yingchen/)
Former students
------------------------------------------------------------------------
* [David Kohlbrenner](https://dkohlbre.com/)
(Ph.D. 2018) -> UC Berkeley (postdoc) -> UW
* [Wilson Lian](https://cseweb.ucsd.edu/~wlian/)
(Ph.D. 2016) -> Google
* [Jacob Maskiewicz](https://jakemask.com/)
(M.S. 2016) -> Facebook
* [Keaton Mowery](https://cseweb.ucsd.edu/~kmowery/)
(Ph.D. 2015) -> Apple
* [Daniel Cashman](https://www.linkedin.com/in/daniel-cashman-892a1328)
(M.S. 2013) -> Google
* [Stephen Checkoway](https://checkoway.net/)
(Ph.D. 2012) -> Johns Hopkins -> UI Chicago -> Oberlin
* [Aishwarya Venkataraman](https://www.linkedin.com/in/aishwarya-venkataraman-5b7b1310)
(M.S. 2012) -> Stack iQ
* [Grace Wang](https://www.linkedin.com/in/grace-wang-93b87417)
(M.S. 2010) -> Qualcomm
Brief biography
========================================================================
Hovav Shacham joined the University of Texas at Austin in 2018. His research
interests are in applied cryptography, systems security, privacy-enhancing
technologies, and technology policy. Shacham was a student at Stanford and a
postdoctoral fellow at the Weizmann Institute. From 2007 to 2018, he was on
the faculty at the University of California, San Diego. His work has been
recognized with three "test-of-time" awards, including one at ACM CCS 2017
for his 2007 paper that introduced return-oriented programming. Shacham took
part in California’s 2007 "Top-to-Bottom" voting systems review and
served on the advisory committee for California’s 2011–13
post-election risk-limiting audit pilot program. His work has been cited by
the National Academies, the Federal Trade Commission, the National Highway
Traffic Safety Administration, and the RAND Corporation.
(#) (Un)professional activities
I used to be on Twitter (as `@hovav`), and am now trying
the fediverse.
(#) Photo credits
Portrait copyright 2011 by Natalie Bessell. All rights reserved.