Grant Ho

I am an Assistant Professor at the University of Chicago in the Computer Science Department. My research studies computer security, with a particular interest in problems at the intersection of data and security. My current work focuses on improving the security of organizations and enterprises by (1) building new systems to thwart attacks, (2) analyzing the real-world efficacy and the costs of deploying security measures, and (3) exploring how we can develop and apply machine learning for security purposes. Previously, I was a CSE Postdoctoral Fellow at UC San Diego, where I worked with Geoff Voelker and Stefan Savage, and a Visiting Researcher at Corelight Labs. I received my Ph.D. in computer science from UC Berkeley, where I was advised by Vern Paxson and David Wagner, and supported in part by a Facebook Ph.D. Fellowship and an NSF Graduate Research Fellowship. Before graduate school, I received my Bachelors in computer science from Stanford University.

Email: grantho@uchicago.edu

Publications

• Understanding the Viability of Email Origin Indicators for Identifying the Sender
  Enze Liu, Lu Sun, Alex Bellon, Grant Ho, Geoffrey M. Voelker, Stefan Savage, Imani N. S. Munyaka
  Symposium on Usable Privacy and Security (SOUPS) 2023 (To Appear).


• Forward Pass: On the Security Implications of Email Forwarding Mechanism and Policy
  Enze Liu, Gautam Akiwate, Mattijs Jonker, Ariana Mirian, Grant Ho, Geoffrey M. Voelker, Stefan Savage
  Best Paper Award
  IEEE European Symposium on Security and Privacy (Euro S&P) 2023.


• No Privacy Among Spies: Assessing the Functionality and Insecurity of Consumer Android Spyware Apps
  Enze Liu, Sumanth Rao, Sam Havron, Grant Ho, Stefan Savage, Geoffrey M. Voelker, Damon McCoy
  Privacy Enhancing Technologies Symposium (PoPETS) 2023.


• Hopper: Modeling and Detecting Lateral Movement
  Grant Ho, Mayank Dhiman, Devdatta Akhawe, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, David Wagner
  Usenix Security Symposium 2021.


• Driving 2FA Adoption at Scale: Optimizing Two-Factor Authentication Notification Design Patterns
  Maximillian Golla, Grant Ho, Marika Lohmus, Monica Pulluri, Elissa M. Redmiles
  Usenix Security Symposium 2021.


• A Large-Scale Analysis of Attacker Activity in Compromised Enterprise Accounts
  Neil Shah, Grant Ho, Marco Schweighauser, Mohamed Ibrahim, Asaf Cidon, David Wagner
  KDD MLHat Workshop 2020.


• Detecting and Characterizing Lateral Phishing at Scale [Extended Report]
  Grant Ho, Asaf Cidon, Lior Gavish, Marco Schweighauser, Vern Paxson, Stefan Savage, Geoffrey M. Voelker, David Wagner
  Distinguished Paper Award
  Usenix Security Symposium 2019.


• Detecting Credential Spearphishing Attacks in Enterprise Settings
  Grant Ho, Aashish Sharma, Mobin Javed, Vern Paxson, David Wagner
  Distinguished Paper Award
  Internet Defense Prize 2017
  Usenix Security Symposium 2017.


• Smart Locks: Lessons for Securing Commodity Internet of Things Devices
  Grant Ho, Derek Leung, Pratyush Mishra, Ashkan Hosseini, Dawn Song, David Wagner
  ACM Asia Conference on Computer and Communications Security (AsiaCCS) 2016.


• Remedying Web Hijacking: Notification Effectiveness and Webmaster Comprehension
  Frank Li, Grant Ho, Eric Kuan, Yuan Niu, Lucas Ballard, Kurt Thomas, Elie Bursztein, Vern Paxson
  World Wide Web Conference (WWW) 2016.


• Ad Injection at Scale: Assessing Deceptive Advertisement Modifications
  Kurt Thomas, E. Bursztein, C. Grier, Grant Ho, N. Japgal, A. Kapravelos, D. McCoy, A. Nappa, V. Paxson, P. Pearce, N. Provos, M. Rajab
  Distinguished Practical Paper Award
  IEEE Symposium on Security and Privacy (Oakland/S&P) 2015.


• Tick Tock: Building Browser Red Pills from Timing Side Channels
  Grant Ho, Dan Boneh, Lucas Ballard, Niels Provos
  Usenix Security Workshop on Offensive Technology (WOOT) 2014.

Teaching Experience

• Introduction to Computer Security (CS 161 at Berkeley), by Raluca Ada Popa and Nicholas Weaver, Spring 2019.
• Introduction to Computer Security (CS 161 at Berkeley), by Vern Paxson, Spring 2017.
• Introduction to Computer Security (CS 155 at Stanford), by Dan Boneh and John Mitchell, Spring 2014.
• Mathematical Foundations of Computing (CS 103 at Stanford), by David Dill, Winter 2014.
• Programming Methodology (CS 106A at Stanford), by Steve Cooper, Spring 2013.
• Programming Methodology (CS 106A at Stanford), by Keith Schwarz, Winter 2013.
• Programming Methodology (CS 106A at Stanford), by Mehran Sahami, Fall 2012.

Industry Experience

Throughout my research, I've collaborated with many companies and organizations to tackle a wide-range of security problems, including UC San Diego's IT and Security teams, Barracuda Networks, Dropbox, the Lawrence Berkeley National Laboratory, Facebook, and Google.
If you work in industry and have an important security problem that you're stumped on how to solve, feel free to email me!

Service

I am on the Program Committee for IEEE Security and Privacy (Oakland) 2024. Previously I served on the PC for Usenix Security 2023, IEEE Security and Privacy (Oakland) 2022, and as an external reviewer for Usenix Security 2020, CCS 2019, Usenix Security 2019, NDSS 2016, and ACM TWEB 2016.
At Berkeley, I started an external security speaker series, the Berkeley Security Seminar, and organized it from Spring 2015 - Fall 2018.

Personal

Several years ago, I used to be an active chess player. My USCF rating is 2111 and I am a two-time US National co-champion (tied for first) in the 8th grade and 9th grade divisions. I've also won first place at the Florida State Chess Championship a few times; the high school division in 2008 (as a 10th grader) and the middle school division in 2005. Currently, I spend a lot of my time as a researcher, but I enjoy occasionally playing blitz and watching the games of some of my favorite players (Carlsen and Topalov) at the latest tournaments. My favorite book is "Play like a Grandmaster" by Kotov and one of my favorite games is Kramnik vs. Topalov at Corus 2005.