Grant Ho
|
I am an Assistant Professor at the University of Chicago in the Computer Science Department.
My research studies computer security, with a particular interest in problems at the intersection of data and security. My current work focuses on improving the security of organizations and enterprises by (1) building new systems to thwart attacks, (2) analyzing the real-world efficacy and the costs of deploying security measures, and (3) exploring how we can develop and apply machine learning for security purposes.
Previously, I was a CSE Postdoctoral Fellow at UC San Diego, where I worked with Geoff Voelker and Stefan Savage, and a Visiting Researcher at Corelight Labs.
I received my Ph.D. in computer science from UC Berkeley, where I was advised by Vern Paxson and David Wagner, and supported in part by a Facebook Ph.D. Fellowship and an NSF Graduate Research Fellowship.
Before graduate school, I received my Bachelors in computer science from Stanford University.
|
Email: grantho@uchicago.edu |
Publications
- Understanding the Viability of Email Origin Indicators for Identifying the Sender
Enze Liu, Lu Sun, Alex Bellon, Grant Ho, Geoffrey M. Voelker, Stefan Savage, Imani N. S. Munyaka
Symposium on Usable Privacy and Security (SOUPS) 2023 (To Appear).
- Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy
Enze Liu, Gautam Akiwate, Mattijs Jonker, Ariana Mirian, Grant Ho, Geoffrey M. Voelker, Stefan Savage
Best Paper Award
IEEE European Symposium on Security and Privacy (Euro S&P) 2023.
- No Privacy Among Spies: Assessing the Functionality and Insecurity of Consumer Android Spyware Apps
Enze Liu, Sumanth Rao, Sam Havron, Grant Ho, Stefan Savage, Geoffrey M. Voelker, Damon McCoy
Privacy Enhancing Technologies Symposium (PoPETS) 2023.
- Hopper: Modeling and Detecting Lateral Movement
Grant Ho, Mayank Dhiman, Devdatta Akhawe, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, David Wagner
Usenix Security Symposium 2021.
- Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design Patterns
Maximillian Golla, Grant Ho, Marika Lohmus, Monica Pulluri, Elissa M. Redmiles
Usenix Security Symposium 2021.
- A Large-Scale Analysis of Attacker Activity in Compromised Enterprise Accounts
Neil Shah, Grant Ho, Marco Schweighauser, Mohamed Ibrahim, Asaf Cidon, David Wagner
KDD MLHat Workshop 2020.
- Detecting and Characterizing Lateral Phishing at Scale
[Extended Report]
Grant Ho, Asaf Cidon, Lior Gavish, Marco Schweighauser, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, David Wagner
Distinguished Paper Award
Usenix Security Symposium 2019.
- Detecting Credential Spearphishing Attacks in Enterprise Settings
Grant Ho, Aashish Sharma, Mobin Javed, Vern Paxson, David Wagner
Distinguished Paper Award
Internet Defense Prize 2017
Usenix Security Symposium 2017.
- Smart Locks: Lessons for Securing Commodity Internet of Things Devices
Grant Ho, Derek Leung, Pratyush Mishra, Ashkan Hosseini, Dawn Song, David Wagner
ACM Asia Conference on Computer and Communications Security (AsiaCCS) 2016.
- Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension
Frank Li, Grant Ho, Eric Kuan, Yuan Niu, Lucas Ballard, Kurt Thomas, Elie Bursztein, Vern Paxson
World Wide Web Conference (WWW) 2016.
- Ad Injection at Scale: Assessing Deceptive Advertisement Modifications
Kurt Thomas, E. Bursztein, C. Grier, Grant Ho, N. Japgal, A. Kapravelos, D. McCoy, A. Nappa, V. Paxson, P. Pearce, N. Provos, M. Rajab
Distinguished Practical Paper Award
IEEE Symposium on Security and Privacy (Oakland/S&P) 2015.
- Tick Tock: Building Browser Red Pills from Timing Side Channels
Grant Ho, Dan Boneh, Lucas Ballard, Niels Provos
Usenix Security Workshop on Offensive Technology (WOOT) 2014.
Teaching Experience
- Introduction to Computer Security (CS 161 at Berkeley), by Raluca Ada Popa and Nicholas Weaver, Spring 2019.
- Introduction to Computer Security (CS 161 at Berkeley), by Vern Paxson, Spring 2017.
- Introduction to Computer Security (CS 155 at Stanford), by Dan Boneh and John Mitchell, Spring 2014.
- Mathematical Foundations of Computing (CS 103 at Stanford), by David Dill, Winter 2014.
- Programming Methodology (CS 106A at Stanford), by Steve Cooper, Spring 2013.
- Programming Methodology (CS 106A at Stanford), by Keith Schwarz, Winter 2013.
- Programming Methodology (CS 106A at Stanford), by Mehran Sahami, Fall 2012.
Industry Experience
Throughout my research, I've collaborated with many companies and organizations to tackle a wide-range of security problems, including UC San Diego's IT and Security teams, Barracuda Networks, Dropbox, the Lawrence Berkeley National Laboratory, Facebook, and Google.
If you work in industry and have an important security problem that you're stumped on how to solve, feel free to email me!
Service
I am on the Program Committee for IEEE Security and Privacy (Oakland) 2024.
Previously I served on the PC for Usenix Security 2023, IEEE Security and Privacy (Oakland) 2022, and as an external reviewer for Usenix Security 2020, CCS 2019, Usenix Security 2019, NDSS 2016, and ACM TWEB 2016.
At Berkeley, I started an external security speaker series,
the Berkeley Security Seminar, and organized it from Spring 2015 - Fall 2018.
Personal
Several years ago, I used to be an active chess player.
My USCF rating is 2111 and I am a two-time US National co-champion (tied for first) in the 8th grade and 9th grade divisions.
I've also won first place at the Florida State Chess Championship a few times; the high school division in 2008 (as a 10th grader) and the middle school division in 2005.
Currently, I spend a lot of my time as a researcher, but I enjoy occasionally playing blitz and watching the games of some of my favorite players (Carlsen and Topalov) at the latest tournaments. My favorite book is "Play like a Grandmaster" by Kotov and one of my favorite games is Kramnik vs. Topalov at Corus 2005.