I’m a Senior Lecturer (equivalent to a U.S. Associate Professor) and Deputy Head of School (Academic) in the School of Computing and Information Systems at the University of Melbourne. My research explores how computer systems interact with the law, with a particular focus on security.

In public service, I was the inaugural Geller Fellow placed at the Federal Trade Commission’s Office of Policy Planning and worked on federal technology policy as a Cybersecurity Fellow in the office of U.S. Senator Ron Wyden. I earned my Ph.D. and MSE in Computer & Information Science and a Master in Law from the University of Pennsylvania, and a BSc and DipMus from the University of Melbourne and its Conservatorium.

Research Interests

A few themes that guide my current projects and collaborations.

  • Applied Cryptography
  • Computer Security
  • Public Interest Technology
  • Consumer Protection

Highlighted Publications

A mix of representative papers and recent releases. See the full list for more.

  1. “It’s been lovely watching you”: Institutional Decision-Making on Online Proctoring Software. 2025 IEEE Symposium on Security and Privacy (SP) (2025). Elisa Shioji, Ani Meliksetyan, Lucy Simko, Ryan Watkins, Adam Aviv and Shaanan Cohney.
  2. SoK: Trusted setups in cryptography, Financial Cryptography and Data Security, (2025), Faxing Wang, Shaanan Cohney and Joseph Bonneau.
  3. Trailblazer: Practical End-to-end Web API Fuzzing (Registered Report) . Proceedings of the 34th ACM SIGSOFT International Symposium on Software Testing and Analysis (2025). Lianglu Pan, Shaanan Cohney, Toby Murray and Van-Thuan Pham.
  4. Detecting Excessive Data Exposures in Web Server Responses with Metamorphic Fuzzing, 46th ACM/IEEE International Conference on Software Engineering, (2024), Lianglu Pan, Shaanan Cohney, Toby Murray and Van-Thuan Pham, 🏆 Distinguished Paper Award.
  5. Watching the watchers: bias and vulnerability in remote proctoring software, 31st USENIX Security Symposium (USENIX Security 22), (2022), Ben Burgess, Avi Ginsberg, Edward W Felten and Shaanan Cohney.
  6. Coin-operated capitalism, Columbia Law Review, 3 (2019), Shaanan Cohney, David Hoffman, Jeremy Sklaroff and David Wishnick.
  7. A systematic analysis of the Juniper Dual EC incident, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, (2016), Stephen Checkoway, Jacob Maskiewicz, Christina Garman, Joshua Fried, Shaanan Cohney, Matthew Green, Nadia Heninger, Ralf-Philipp Weinmann, Eric Rescorla and Hovav Shacham, 🏆 Best Paper Award.

Teaching Snapshot

Selected courses I've led. Visit the teaching page for full details.

Students & Collaborators

Current and past mentees across degrees.

PhD Students

  • Yuhao Sun 2025-present
  • Viet Hoang Luu — In what ways can we leverage source-code to improve automated software testing? (Software Security) 2024-present
  • Mike Zhuang — Are there ways in which social media and similar actually help creativity and innovation? (Behavioural Science) 2023-present
  • Faxing Wang — Can we make more complex reporting models for secure messaging? (Applied Cryptography) 2022-present
  • Elisa Shioji — What is the relationship between socio-technical regulation and the systems-level outcomes? (Law and CS) 2021-present
  • Dr Lianglu Pan — How can we test challenging-to-test aspect of web applications? (Software Security) University of Melbourne (Academic) 2021-2025

Masters Researchers

  • Tian (Jack) Zhang — LLM-driven fuzzing for vulnerability discovery (Software Security) 2025
  • Han Perry — Modern-methods for inference of protocol definitions from network traces (Systems Security) 2024
  • Liam Saliba — LLMs for Transpilation into Memory Safe Languages (Software Security) Blackmagic Design 2023
  • Xiaocong Zhang 2023
  • Qingyun Wu PwC 2023
  • Michael Maxwell Wenn — Improving governance reviews of Operational Technology posture (Cybersecurity Policy) 2023
  • Haodong Gu 2023
  • Zachary Duthie WeGuide 2023
  • Simon Kelly 2023

Undergraduate Researchers

  • Fane Ye — Mutation Testing for Web Applications with Inferred Specifications (Software Security) 2025
  • Lena Habtu — Adversarial testing of age-assurance systems (Security and Society) 2025
  • Ray Zhang 2025
  • Chunchun (Rachel) Ye 2024
  • Joseph Surin — Lattice Cryptanalysis for CTF Challenges (Applied Cryptography) Eltam Security 2022
  • Angel He 2022-2023

Random Facts

Odds and ends that capture the spirit of my work and life.

  • While at Princeton I was a Bass in Voices of Gotham, a competitive barbershop chorus. I spent my PhD in multiple different choirs, the most significant of them being the Penn Glee Club and the Penn Pipers.
  • I spend much of my free time playing piano, predominantly works from musical theatre.
  • I came second place in a safe cracking tournament, and am working to learn and teach lockpicking.
  • I ran the Melbourne Marathon in 2021, having started from not being able to run 1km in 2020.
  • I have a finite Bacon-Erdős number of 6.
    • Kevin Bacon appeared with Laurence Fishburne in Mystic River, Laurence Fishburne appeared with Christine Anu in The Matrix Reloaded, Christine Anu appeared with me in The Project. Bacon 3.
    • I coauthored with Yuval Yarom who coauthored with Amnon B. Barak who coauthored with Paul Erdős. Erdős 3.