⚠️ AU Media Inquiries: I'm currently on U.S. EST, and will check emails in the early AM.
I am currently accepting only limited Masters and PhD students. Please see here for details.
I’m a Senior Lecturer (equivalent to a U.S. Associate Professor) and Deputy Head of School (Academic) in the School of Computing and Information Systems at the University of Melbourne. My research explores how computer systems interact with the law, with a particular focus on security.
In public service, I was the inaugural Geller Fellow placed at the Federal Trade Commission’s Office of Policy Planning and worked on federal technology policy as a Cybersecurity Fellow in the office of U.S. Senator Ron Wyden. I earned my Ph.D. and MSE in Computer & Information Science and a Master in Law from the University of Pennsylvania, and a BSc and DipMus from the University of Melbourne and its Conservatorium.
Research Interests
Applied Cryptography, Computer Security, Public Interest Technology, Consumer Protection
Highlighted Publications
This list represents a mix of some recent work and older work that is exciting and representative of my research.
-
“It’s been lovely watching you”: Institutional Decision-Making on Online Proctoring Software. 2025 IEEE Symposium on Security and Privacy (SP) (2025). Elisa Shioji, Ani Meliksetyan, Lucy Simko, Ryan Watkins, Adam Aviv and Shaanan Cohney.
-
SoK: Trusted setups in cryptography, Financial Cryptography and Data Security, (2025), Faxing Wang, Shaanan Cohney and Joseph Bonneau.
-
Trailblazer: Practical End-to-end Web API Fuzzing (Registered Report) . Proceedings of the 34th ACM SIGSOFT International Symposium on Software Testing and Analysis (2025). Lianglu Pan, Shaanan Cohney, Toby Murray and Van-Thuan Pham.
-
Detecting Excessive Data Exposures in Web Server Responses with Metamorphic Fuzzing, 46th ACM/IEEE International Conference on Software Engineering, (2024), Lianglu Pan, Shaanan Cohney, Toby Murray and Van-Thuan Pham, 🏆 Distinguished Paper Award.
-
Watching the watchers: bias and vulnerability in remote proctoring software, 31st USENIX Security Symposium (USENIX Security 22), (2022), Ben Burgess, Avi Ginsberg, Edward W Felten and Shaanan Cohney.
-
Coin-operated capitalism, Columbia Law Review, 3 (2019), Shaanan Cohney, David Hoffman, Jeremy Sklaroff and David Wishnick.
-
A systematic analysis of the Juniper Dual EC incident, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, (2016), Stephen Checkoway, Jacob Maskiewicz, Christina Garman, Joshua Fried, Shaanan Cohney, Matthew Green, Nadia Heninger, Ralf-Philipp Weinmann, Eric Rescorla and Hovav Shacham, 🏆 Best Paper Award.
Teaching
Foundations of Algorithms (University of Melbourne)
Information Security and Privacy (University of Melbourne)
2024s2, 2023s2, 2022s2, 2021s2
Foundations of Computing (University of Melbourne)
2024s2
PhD Students
2025-present
Viet Hoang Luu— In what ways can we leverage source-code to improve automated software testing? (Software Security)
2024-present
Mike Zhuang— Are there ways in which social media and similar actually help creativity and innovation? (Behavioural Science)
2023-present
Faxing Wang— Can we make more complex reporting models for secure messaging? (Applied Cryptography)
2022-present
Elisa Shioji— What is the relationship between socio-technical regulation and the systems-level outcomes? (Law and CS)
2021-present
Dr Lianglu Pan— How can we test challenging-to-test aspect of web applications? (Software Security)
now University of Melbourne (Academic) — 2021-2025
Masters Research Students
Tian (Jack) Zhang— LLM-driven fuzzing for vulnerability discovery (Software Security)
2025
Han Perry— Modern-methods for inference of protocol definitions from network traces (Systems Security)
2024
Liam Saliba— LLMs for Transpilation into Memory Safe Languages (Software Security)
now Blackmagic Design — 2023
Xiaocong Zhang
2023
Qingyun Wu
now PwC — 2023
Michael Maxwell Wenn— Improving governance reviews of Operational Technology posture (Cybersecurity Policy)
2023
Haodong Gu
2023
Zachary Duthie
now WeGuide — 2023
Simon Kelly
2023
Undergraduate Research Students
Fane Ye— Mutation Testing for Web Applications with Inferred Specifications (Software Security)
2025
Lena Habtu— Adversarial testing of age-assurance systems (Security and Society)
2025
2025
2024
Joseph Surin— Lattice Cryptanalysis for CTF Challenges (Applied Cryptography)
now Eltam Security — 2022
2022-2023
PhD Academic Siblings
Dr Luke Valenta— Computer security and applied cryptography
Dr Marcella Hastings— Secure multi-party computation and privacy tools
Dr Gabrielle De Micheli— Fully homomorphic encryption and lattice-based cryptography
Dr Josh Fried— Systems security for efficient datacenters
Miscellaneous
- While at Princeton I was a Bass in Voices of Gotham, a competitive barbershop chorus. I spent my PhD in multiple different choirs, the most significant of them being the Penn Glee Club and the Penn Pipers.
- I spend much of my free time playing piano, predominantly works from musical theatre.
- I came second place in a safe cracking tournament, and am working to learn and teach lockpicking.
- I ran the Melbourne Marathon in 2021, having started from not being able to run 1km in 2020.
- I have a finite Bacon-Erdős number of 6.
- Kevin Bacon appeared with Laurence Fishburne in Mystic River, Laurence Fishburne appeared with Christine Anu in The Matrix Reloaded, Christine Anu appeared with me in The Project. Bacon 3.
- I coauthored with Yuval Yarom who coauthored with Amnon B. Barak who coauthored with Paul Erdős. Erdős 3.