Thomas H. Austin

Contact One Washington Square [email protected] San Jose, CA 95192-0249 www.sjsu.edu/people/thomas.austin/ United States tomthemighty.blogspot.com github.com/taustin/

Work San Jos´eState University. San Jose, CA. Experience Assistant Professor: Department of Computer Science. August 2013 – present.

Ecole´ Sup´erieure d’Informatique Electronique´ Automatique Ouest. Laval, France. Invited Researcher: Laboratoire de Recherche Cryptologie et Virologie Op´erationnelles. September 2011 – December 2011.

Mozilla Corporation. Mountain View, CA. Intern: Research Group. June 2011 – September 2011.

Mozilla Corporation. Mountain View, CA. Intern: Research Group. June 2010 – September 2010.

McClatchy Interactive West (formerly Knight Ridder Digital). San Jose, CA. Senior Software Engineer: Engineering Department. July 1998 – July 2008.

Education Ph.D., University of California at Santa Cruz, March 2012. Major: Computer Science Dissertation: Dynamic Information Flow Analysis for JavaScript in a Web Browser

M.S., San Jos´eState University, May 2008. Major: Computer Science Master’s thesis: Expanding JavaScript’s Metaobject Protocol

B.S., Santa Clara University, June 1998. Major: Operations and Management of Information Systems Minor: Spanish

Publications Book Chapter Thomas H. Austin. Designing a secure programming language. In Handbook of Information and Communication Security, editors Peter Stavroulakis and Mark Stamp, chapter 35, pages 771-785. Springer-Verlag, 2010.

Journal Articles (all peer-reviewed) Ashwin Kalbhor, Thomas H. Austin, Eric Filiol, S´ebastien Josse, and Mark Stamp. Dueling hidden Markov models for virus analysis. In Journal in Computer Virology and Hacking Techniques, Springer, 2014.

Mangesh Musale, Thomas H. Austin, Mark Stamp. Hunting for metamorphic JavaScript malware. In Journal in Computer Virology and Hacking Techniques, Springer, 2014.

Chinmayee Annachhatre, Thomas H. Austin, and Mark Stamp. Hidden Markov models for malware classiﬁcation. In Journal in Computer Virology and Hacking Techniques, Springer, 2014.

Ranjith Kumar Jidigam, Thomas H. Austin, Mark Stamp. Singular value decomposition and metamorphic detection. In Journal in Computer Virology and Hacking Techniques, Springer, 2014.

Fall 2014 Page 1 Teja Tamboli, Thomas H. Austin, and Mark Stamp. Metamorphic code generation from LLVM bytecode. In Journal in Computer Virology and Hacking Techniques, Springer, 2013.

Conference Papers (all peer-reviewed) Thomas H. Austin, Eric Filiol, S´ebastien Josse, and Mark Stamp. Exploring hidden Markov models for virus analysis: a semantic approach. In HICSS: Hawaii International Conference on System Sciences, 2013.

Thomas H. Austin and Cormac Flanagan. Multiple facets for dynamic information ﬂow. In POPL: Proceedings of the 39th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Lan- guages, ACM, 2012.

Thomas H. Austin, Cormac Flanagan, and Mart´ınAbadi. A functional view of imperative information ﬂow. In APLAS: 10th Asian Symposium on Programming Languages and Systems. 2012.

Thomas H. Austin, Tim Disney, and Cormac Flanagan. Virtual values for language extension. In OOPSLA: Proceedings of the 26th Annual ACM SIGPLAN Conference on Object-Oriented Pro- gramming, Systems, Languages, and Applications, part of SPLASH 2011, ACM, 2011.

Workshop Papers (all peer-reviewed) Thomas H. Austin, Jean Yang, Cormac Flanagan, and Armando Solar-Lezama. Faceted Execution of Policy-Agnostic Programs. In PLAS: Proceedings of the ACM SIGPLAN Eighth Workshop on Programming Languages and Analysis for Security, ACM, 2013.

Thomas H. Austin and Cormac Flanagan. Permissive dynamic information ﬂow analysis. In PLAS: Proceedings of the ACM SIGPLAN Fifth Workshop on Programming Languages and Analysis for Security, ACM, 2010.

Thomas H. Austin and Cormac Flanagan. Eﬃcient purely-dynamic information ﬂow analysis. In PLAS: Proceedings of the ACM SIGPLAN Fourth Workshop on Programming Languages and Anal- ysis for Security, ACM, 2009.

Technical Reports Thomas H. Austin, Kenn Knowles, Cormac Flanagan. Typed faceted values for secure information ﬂow in Haskell. Technical Report UCSC-SOE-14-07, The University of California at Santa Cruz, 2014.

Thomas H. Austin, Jean Yang, Cormac Flanagan, and Armando Solar-Lezama. Faceted execution of policy-agnostic programs, extended version. Technical Report UCSC-SOE-12-18, The University of California at Santa Cruz, 2012.

Thomas H. Austin, Cormac Flanagan, and Mart´ınAbadi. A functional view of imperative information ﬂow, extended version. Technical Report UCSC-SOE-12-15, The University of California at Santa Cruz, 2012.

Thomas H. Austin, Tim Disney, Cormac Flanagan, and Alan Jeﬀrey. Dynamic information ﬂow analysis for Featherweight JavaScript. Technical Report UCSC-SOE-11-19, The University of Cali- fornia at Santa Cruz, 2009.

Trade Publications Thomas H. Austin. Rails vs. Grails vs. Helma: The JVM web framework smackdown (2 part article). Linux Magazine, 4, 2009. Part 1: http://www.linux-mag.com/cache/7470/1.html, part 2: http://www.linux-mag.com/cache/7479/1.html.

Fall 2014 Page 2 Service & Faculty advisor for the San Jose State Information Security Club. Organizations Collaborator on the Jeeves programming language (http://projects.csail.mit.edu/jeeves/), a programming language incorporating information flow controls and a flexible mechanism for speci- fying security policies. Jeeves is a collaboration between San Jose State, UC Santa Cruz, and MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL).

Member of San Jos´eState’s Security and Big Data Cluster.

Master’s thesis advisor for: • Hanshu Lin, Formal Semantics of Featherweight Lua. Graduation date: Fall 2014 (expected). • Brian Lee, Spartan Web Application Firewall. Graduation date: Fall 2014. • Ashwin Kalbhor, A Tiered Approach to Detect Metamorphic Malware with Hidden Markov Models. Graduation date: Spring 2014. • Jared Lee, Compression-Based Analysis of Metamorphic Malware. Graduation date: Fall 2013.

On thesis committee for: • Mangesh Musale, Hunting for Metamorphic JavaScript Malware. Graduation date: Spring 2014. • Nikki Benecke Brandt, Automating NFC Message Sending for Good and Evil. Graduation date: Spring 2014. • Jeﬀrey Yi, Cryptanalysis of Homophonic Substitution-Transposition Cipher. Graduation date: Spring 2014. • Hardikkumar Rana, Hunting for Pirated Software Using Metamorhpic Analysis. Graduation date: Spring 2014. • Kiet Nguyen, Automatic Evaluation of Python and C Programs with Codecheck. Graduation date: Spring 2014. • Amir Eibagi, Big Data Analysis Using Neuro-Fuzzy System. Graduation date: Spring 2014. • Prasad Deshpande, Metamorphic Detection Using Call Graph Analysis. Graduation date: Fall 2013. • Chinmayee Annachhatre, Hidden Markov Models for Malware Classiﬁcation. Graduation date: Fall 2013. • Ranjith Kumar Jidigam, Metamorphic Detection Using Singular Value Decomposition. Graduation date: Fall 2013.

SE 195 (senior project) advisor for: • Art Tucay Jr., Benjamin Roppiyakuda, Mojdeh Keykhanzadeh, Paul Portela, and Phil Le, SpartanBucks: A Local Cryptocurrency. Graduation date: Fall 2014 (expected).

Open Source Zaphod: Narcissus integration for Firefox. https://github.com/taustin/Zaphod. Projects Zaphod integrates the Narcissus JavaScript engine into Firefox; a fork incorporates information ﬂow controls.

Fall 2014 Page 3 RhinoFaces: Rhino JavaScript on the server. http://java.net/projects/rhinofaces. RhinoFaces is a web framework built with Rhino JavaScript and JavaServer Faces. It is patterned after Ruby on Rails and uses a metaobject protocol, developed as part of my master’s thesis.

XMUltra: Java/XML datafeed framework. http://xmultra.sourceforge.net. XMUltra a Java and XML based feed processing framework ﬁrst developed by Knight Ridder Digital. It has a variety of utilities available for feed processing. I led the eﬀort to open source the project.

Teaching CS 152 - Programming Language Paradigms. Fall 2014. San Jos´eState University. Experience Upper-division course studying diﬀerent programming language paradigms and programming language concepts. Topics include functional programming, logic programming, formal semantics, and formal grammars. Programming assignments are in Scheme, JavaScript, and Ruby among others.

Summer University - Web Application Security. Summer 2013, Summer 2014. Haute Ecole d’Ing´enierie et de Gestion du Canton de Vaud (HEIG-Vd)/San Jos´eState University. Part of an exchange program with HEIG-Vd in Yverdon, Switzerland. This course covers com- mon vulnerabilities in web applications, and includes an assignment to break into an existing web application. In 2014, I extended this module to include a review of the concepts in cryptocurrencies.

CS 252 - Advanced Programming Languages. Fall 2013, Fall 2014. San Jos´eState University. Graduate course studying diﬀerent aspect of programming language design, including type systems, formal semantics, metaprogramming features, and security controls. Programming assignments are in Haskell, JavaScript, and Ruby among others.

CS 265 - Cryptography and Computer Security. Spring 2014. San Jos´eState University. Graduate level course covering fundamentals of information security, with an emphasis on cryptography.

CS 166 - Information Security. Spring 2014, Fall 2013. San Jos´eState University. Undergraduate course covering fundamentals of information security. This class includes both theory and programming assignments.

Talks & A History of Cryptography. Guest Lectures The Villages Democratic Club. May 6, 2014.

Languages and Security. SJSU Center for Faculty Development’s Tea & Talk Program. April 21, 2014.

Malware Detection: the Cat and Mouse Game Attackers and Defenders Play. SJSU 2014 Cyberquest Prep Day Camp. April 5, 2014.

Exploring Hidden Markov Models for Virus Analysis: a Semantic Approach. San Jos´eState University. November 19, 2012.

Dynamic Information Flow Analysis for JavaScript in a Web Browser. San Jos´eState University. May 10, 2011.

Information Flow Analysis for JavaScript. University of California at Santa Cruz. Feb 12, 2010.

Fall 2014 Page 4