David Huang (Lin-Shung Huang)

Hello! I work on Product Security at Facebook. I've previously interned at Facebook and Microsoft Research. I TA'd at Carnegie Mellon University for Browser Security (18-636) and Web Application Security and Performance (18-635).

I recieved my PhD from Carnegie Mellon University under the supervision of Collin Jackson. My research interests are in the security of web applications and browsers.


PhD, Electrical and Computer Engineering, Carnegie Mellon University, 2014
MEng, Electrical and Computer Engineering, Cornell University, 2009
BS, MS, Computer Science, National Chiao Tung University, 2007


Analyzing Forged SSL Certificates in the Wild
Lin-Shung Huang, Alex Rice, Erling Ellingsen and Collin Jackson
IEEE Symposium on Security and Privacy (IEEE S&P) 2014
*Proposed method is deployed at Facebook.

All Your Screens Are Belong to Us: Attacks Exploiting the HTML5 Screen Sharing API
Yuan Tian, Ying-Chuan Liu, Amar Bhosale, Lin-Shung Huang, Patrick Tague and Collin Jackson
IEEE Symposium on Security and Privacy (IEEE S&P) 2014

An Experimental Study of TLS Forward Secrecy Deployments
Lin-Shung Huang, Shrikant Adhikarla, Dan Boneh and Collin Jackson
Web 2.0 Security and Privacy (W2SP) 2014
IEEE Internet Computing (Volume: 18, Issue: 6)

Darwin: A Ground Truth Agnostic CAPTCHA Generator Using Evolutionary Algorithm (Poster)
Eric Y. Chen, Lin-Shung Huang, Ole J. Mengshoel and Jason D. Lohn
Genetic and Evolutionary Computation Conference (GECCO) 2014

Accountable Key Infrastructure (AKI): A Proposal for a Public-Key Validation Infrastructure
Tiffany Hyun-Jin Kim, Lin-Shung Huang, Adrian Perrig, Collin Jackson and Virgil Gligor
International World Wide Web Conference (WWW) 2013

Clickjacking: Attacks and Defenses
Lin-Shung Huang, Alexander Moshchuk, Helen J. Wang, Stuart Schechter and Collin Jackson
USENIX Security Symposium 2012
*Proposed defense is part of the User Interface Security W3C working draft.

Towards Short-Lived Certificates
Emin Topalovic, Brennan Saeta, Lin-Shung Huang, Collin Jackson and Dan Boneh
Web 2.0 Security and Privacy (W2SP) 2012

The Case for Prefetching and Prevalidating TLS Server Certificates
Emily Stark, Lin-Shung Huang, Dinesh Israni, Collin Jackson and Dan Boneh
Network and Distributed System Security Symposium (NDSS) 2012

Clickjacking Attacks Unresolved
Lin-Shung Huang and Collin Jackson
Technical Report 2011

Talking to Yourself for Fun and Profit
Lin-Shung Huang, Eric Y. Chen, Adam Barth, Eric Rescorla and Collin Jackson
Web 2.0 Security and Privacy (W2SP) 2011
*Proposed defense is standardized in RFC 6455 and adopted across major browsers.

Protecting Browsers from Cross-Origin CSS Attacks
Lin-Shung Huang, Zack Weinberg, Chris Evans and Collin Jackson
ACM Conference on Computer and Communications Security (CCS) 2010
*Proposed defense is adopted by IE, Firefox, Chrome, Safari, Opera, and standardized in HTML5.

TouchAble: A Camera-Based Multitouch System (Demo)
Lin-Shung Huang, Feng-Tso Sun and Pei Zhang
ACM Conference on Embedded Networked Sensor Systems (SenSys) 2010

A Rate-Distortion Optimization Model for SVC Inter-Layer Encoding and Bitstream Extraction
Wen-Hsiao Peng, John K. Zao, Hsueh-Ting Huang, Tse-Wei Wang and Lin-Shung Huang
Journal of Visual Communication and Image Representation 2008

Rate-Distortion Optimized SVC Bitstream Extraction for Heterogeneous Devices: A Preliminary Investigation
Wen-Hsiao Peng, Lin-Shung Huang, John K. Zao, Jiun-Shien Lu, Tse-Wei Wang, Hsueh-Ting Huang and Lun-Chia Kuo
IEEE International Symposium on Multimedia Workshops 2007

Trickle: Resilient Real-Time Video Multicasting for Dynamic Peers with Limited or Asymmetric Network Connectivity
Yu-Hsuang Guo, John K. Zao, Wen-Hsiao Peng, Lin-Shung Huang, Fang-Po Kuo and Che-Min Lin
IEEE International Symposium on Multimedia 2006