PhD student in Computer Science,
Columbia University
suphanneenull (at) csnull.columbia.comedu
github.com/ssivakorn,
twitter.com/ssivakorn
Education
-
Columbia University, September 2013 - April 2018
Ph.D. in Computer Science
M.Phil. in Computer Science, October 2016
Advisors: Prof. Angelos D. Keromytis and Prof. Steven M. Bellovin -
New York University, September 2011 - May 2013
M.S. in Computer Science -
Mahidol University, June 2006 - April 2010
B.Eng. in Computer Engineering (Honors)
Research Interests
Security & privacy in the aspects of web and social network, network security, and usable security. Using machine learning in solving computer security problems e.g., intrusion detection, malware detection and classification, and network analysis. Finding security vulnerabilities.
Publications
-
Countering Malicious Processes with Process-DNS Association
S. Sivakorn, K. Jee, Y. Sun, L. Korts-Pärn, Z. Li, C. Lumezanu, Z. Wu, L. Tang, D. Li.
In Proceedings of the 26th Network and Distributed System Security Symposium (NDSS), San Diego, California, USA, February 2019. (Acceptance rate: 17.08%)
-
HVLearn: Automated Black-box Analysis of Hostname Verification in SSL/TLS Implementations.
S. Sivakorn, G. Argyros, K. Pei, A. D. Keromytis, S. Jana.
In Proceedings of the 38th IEEE Symposium on Security and Privacy (S&P), San Jose, California, USA, May 2017. (Acceptance rate: 13.33%)- Project's repo: github.com/HVLearn/HVLearn, wiki
-
Evaluating the Privacy Guarantees of Location Proximity Services.
G. Argyros, T. Petsios, S. Sivakorn, A. D. Keromytis, J. Polakis.
In ACM Transactions on Privacy and Security (TOPS, formerly TISSEC), Volume 19(4), Article 12, February 2017.
-
That's the Way the Cookie Crumbles: Evaluating HTTPS Enforcing Mechanisms.
S. Sivakorn, A. D. Keromytis, J. Polakis.
In Proceedings of the 15th ACM Workshop on Privacy in the Electronic Society (WPES), Vienna, Austria, October 2016. (Acceptance rate: 19.44%)
-
The Cracked Cookie Jar: HTTP Cookie Hijacking and the Exposure of Private Information.
S. Sivakorn*, I. Polakis*, A. D. Keromytis.
In Proceedings of the 37th IEEE Symposium on Security and Privacy (S&P), San Jose, California, USA, May 2016. (Acceptance rate: 13.75%)- Also presented at BlackHat USA 2016
- Media Coverage: Security Intelligence | Threat Post | eWeek | Active Cypher
-
I Am Robot: (Deep) Learning to Break Semantic Image CAPTCHAs.
S. Sivakorn, I. Polakis, A. D. Keromytis.
In Proceedings of the 1st IEEE European Symposium on Security and Privacy (EuroS&P), Saarbrücken, GERMANY, March 2016. (Acceptance rate: 17.3%)- Also presented at BlackHat Asia 2016
- Media Coverage: The Register | Slashdot | Softpedia | Gizmodo | Sophos | Schneier on Security | Kaspersky | Information Week | Security Week | SC Magazine | The Inquirer | Computing | Security Affairs | BotWatch | DHS
- Image CAPTCHA dataset collected from Google reCAPTCHA and Facebook image CAPTCHA services
-
Where's Wally? Precise User Discovery Attacks in Location Proximity Services.
I. Polakis, G. Argyros, T. Petsios, S. Sivakorn, A. D. Keromytis.
In Proceedings of the 22nd ACM Computer and Communications Security Conference (CCS), Denver, Colorado, USA, October 2015. (Acceptance rate: 19.8%)- Video of our live attack demonstration against Foursquare Swarm service
- Project's repo: Audit framework for Location Based Services
-
Entropy-based Input-Output Traffic Mode Detection Scheme for DoS/DDoS Attacks.
S. Tritilanunt, S. Sivakorn, C. Juengjincharoen, A. Siripornpisan.
In Proceedings of 2010 International Symposium on Communications and Information Technologies (ISCIT). Tokyo, JAPAN, October 2010.
Grants, Awards and Scholarships
-
BlackHat Speaker Honorarium, August 2016
BlackHat USA 2016, Las Vagas -
BlackHat Speaker Honorarium, April 2016
BlackHat Asia 2016, Singapore - ACM CCS Student Travel Grant, October 2015
22nd ACM Conference on Computer and Communications Security (CCS)
sigsac.org/ccs/CCS2015/grant.html -
New York University Travel Grants, October 2012
12th Annual Grace Hopper Celebration of Women in Computing
cs.nyu.edu/webapps/content/research/student_recognition -
Royal Thai Government Scholarship, 2011 - 2017
Computer Science/Engineering MS - PhD fellowship -
Mahidol University Conference Funding and Paper Presentation, November 2010
14th National Computer Science and Engineering Conference 2010 - Third Place Winner in Thailand Network Security Contest, 2009
Bangkok, Thailand -
Valedictorian in Computer Engineering, Mahidol University, 2008 - 2010
Annual Scholarship - Student Exchange between Japan and Thailand, October 2004
Fukuoka, Japan
Bug and Vulnerability Disclosures
- Discrepancies and/or RFC violations of hostname verification process in SSL/TLS implementations, 2017
- MatrixSSL: github.com/matrixssl/matrixssl/blob/3-9-0-open/CHANGES.md
- GnuTLS: gitlab.com/gnutls/gnutls/issues/185, gitlab.com/gnutls/gnutls/issues/187
- HttpClient: issues.apache.org/jira/browse/HTTPCLIENT-1802
- Java Secure Socket Extension (JSSE): https://www.oracle.com/technetwork/topics/security/cpujul2017-3236622.html
-
Google vulnerable reward hall of fame, 2015
(co-listed with Jason Polakis)
- Expose user's sensitive information with cookie hijacking attack
- Google "No CAPTCHA reCAPTCHA" vulnerabilities
-
Ebay responsible disclosure acknowledgements, 2015
Expose user's sensitive information with cookie hijacking attack
ebay.com/securitycenter/researchersacknowledgement.html -
Facebook bug bounty, 2014
Evaluate the privacy guarantees of location based services in Facebook Nearby Friends
facebook.com/whitehat/thanks
Teaching
- Teaching Assistant - Security Architecture and Engineering, Fall 2015
Instructor: Prof. Steven M. Bellovin, Columbia University
Graduate-level course, 80 students - Teaching Assistant - Introduction to Programming in C, Summer 2015
Instructor: Prof. Angelika Zavou, Columbia University
Session I: Grade 11, 12 or Freshman year, 20 students
Session II: Grade 10 and 11, 16 students - Teaching Assistant - Introduction to Programming in C, Summer 2014
Instructor: Theofilos Petsios, Columbia University
Grade 11, 12 or Freshman year, 16 students - Teaching Assistant - Intrusion Detection Systems, Spring 2014
Instructor: Prof. Shlomo Hershkop, Columbia University
Graduate-level course, 30 students