I am a PhD candidate at Purdue CS working primarily on network and system security, with Prof. Ninghui Li and Prof. Aniket Kate as my advisors. I am also a member of The Center for Education and Research in Information Assurance and Security (CERIAS) at Purdue.

Born and raised in Hong Kong, I speak fluent Cantonese, Mandarin Chinese (Putonghua) and English. Prior to joining Purdue, I received a BSc in Information Technology from Department of Computing, The Hong Kong Polytechnic University with First-class honours.

Research Interest

My research interest is mainly on the (in)security of the design and implementation of widely deployed systems and network protocols. In particular, my colleagues and I have investigated exploitable weaknesses in many popular content delivery apps on Android, as well as the robustness of X.509 certificate validation and RSA signature verification implemented in various open source software, which led to the discovery of many vulnerabilities with varying degrees of severity.


Conference Papers

  1. Analyzing Semantic Correctness with Symbolic Execution: A Case Study on PKCS#1 v1.5 Signature Verification
    Sze Yiu Chau; Moosa Yahyazadeh; Omar Chowdhury; Aniket Kate; Ninghui Li
    [The Network and Distributed System Security Symposium (NDSS) 2019] (To Appear)

  2. Why Johnny Can’t Make Money With His Contents: Pitfalls of Designing and Implementing Content Delivery Apps
    Sze Yiu Chau; Bincheng Wang; Jianxiong Wang; Omar Chowdhury; Aniket Kate; Ninghui Li
    [The 34th Annual Computer Security Applications Conference (ACSAC 2018)] (Paper)

  3. Adaptive Deterrence of DNS Cache Poisoning
    Sze Yiu Chau; Omar Chowdhury; Victor Gonsalves; Huangyi Ge; Weining Yang; Sonia Fahmy; Ninghui Li
    [The 14th EAI International Conference on Security and Privacy in Communication Networks (SecureComm 2018)] (Paper)

  4. Analyzing Operational Behavior of Stateful Protocol Implementations for Detecting Semantic Bugs
    Endadul Hoque; Omar Chowdhury; Sze Yiu Chau; Cristina Nita-Rotaru; Ninghui Li
    [IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2017] (Paper)

  5. SymCerts: Practical Symbolic Execution For Exposing Noncompliance in X.509 Certificate Validation Implementations
    Sze Yiu Chau; Omar Chowdhury; Endadul Hoque; Huangyi Ge; Aniket Kate; Cristina Nita-Rotaru; Ninghui Li
    [IEEE Symposium on Security and Privacy (Oakland) 2017] (Paper|Errata|Talk|CSAW '17 (Applied Research) Finalist)

Workshop Papers and Posters

  1. Detecting Specification Noncompliance in Network Protocol Implementations
    Endadul Hoque; Omar Chowdhury; Sze Yiu Chau; Cristina Nita-Rotaru; Ninghui Li
    [USENIX ATC '16 Poster]

Professional Activities

  • Member of IEEE Symposium on Security and Privacy (Oakland) 2018 Student Program Committee
  • External/Sub reviewer for ACM TNET, ICNP '18, ESORICS '18, Blockchain '18, CODASPY '18, CCS '17, ACM TOIT, AsiaCCS '16, ACNS '16, DSN '15, USENIX Security '15 and '14, ICDCS '15

Invited Talks



My Erdös number is 4, with multiple paths through my advisors:

  • Chau → Kate → Goldberg → Stinson → Erdös
  • Chau → Kate → Zaverucha → Stinson → Erdös
  • Chau → Li → Bertino → Wagstaff → Erdös