# Dr. Shaanan Cohney

I'm recruiting at the University of Melbourne: (1) a funded 3-year PhD position in youth online safety + privacy and (2) expressions of interest for an RA. Start by reading [Joining My Lab](https://cohney.info/joining.html), then see [details here](https://cohney.info/safe-and-sound.html).

I’m a Senior Lecturer (equivalent to a U.S. Associate Professor), DECRA Fellow, and outgoing Deputy Head of School (Academic) in the School of Computing and Information Systems at the University of Melbourne. My research explores how computer systems interact with the law, with a particular focus on security.

In public service, I was the inaugural Geller Fellow placed at the Federal Trade Commission’s Office of Policy Planning and worked on federal technology policy as a Cybersecurity Fellow in the office of U.S. Senator Ron Wyden. I earned my Ph.D. and MSE in Computer & Information Science and a Master in Law from the University of Pennsylvania, and a BSc and DipMus from the University of Melbourne and its Conservatorium.

I am a Senior Lecturer (equivalent to a U.S. Associate Professor), DECRA Fellow, and outgoing Deputy Head of School (Academic) for the School of Computing and Information Systems at the [University of Melbourne](https://unimelb.edu.au). My research centers on the interplay between computer systems and the law, with particular focus on applications of cryptography.

In 2019, I was the inaugural Geller Fellow of the Wharton Public Policy Initiative, placed in the Federal Trade Commission’s Office of Policy Planning, where I assisted in the development of technology strategy for the commission.

In 2018 I served as a Cybersecurity Fellow working on U.S. federal technology policy in the office of Senator Ron Wyden.

I completed my Ph.D. and MSE at the University of Pennsylvania in Computer & Information Science. I obtained a Master in Law from Penn Law, and my BSc and DipMus (Vocal Performance) from the University and Conservatorium of Melbourne respectively.

My research has received recognition in the form of Best Paper Awards at ACM CCS and ACM/IEEE ICSE and a Pwnie Award for Best Cryptographic Attack, along with the faculty Excellence in Mid-Career Research Award. I am also the recipient of many teaching awards at the national and university level including the CORE Award for Teaching (Early Career), the Edward Brown Award, and the Kelvin Medal.

## Positions

![University of Melbourne](https://cohney.info/assets/images/logos/unimelb-arms.svg)

DECRA Fellow

University of Melbourne

2026–present

![University of Melbourne](https://cohney.info/assets/images/logos/unimelb-arms.svg)

Deputy Head of School (Academic)

University of Melbourne

2024–2026

![University of Melbourne](https://cohney.info/assets/images/logos/unimelb-arms.svg)

Senior Lecturer

University of Melbourne

U.S. Associate Professor equivalent

2024–present

![University of Melbourne](https://cohney.info/assets/images/logos/unimelb-arms.svg)

Lecturer

University of Melbourne

U.S. Assistant Professor equivalent

2021–2024

![Harvard University](https://cohney.info/assets/images/logos/harvard-shield.svg)

Teaching Fellow

Harvard University

CS50 for Teachers (Indonesia)

2023–2024

![Princeton University](https://cohney.info/assets/images/logos/princeton-shield.svg)

Postdoctoral Associate

Princeton University

Center for Information Technology Policy

2020–2020

![Federal Trade Commission](https://cohney.info/assets/images/logos/ftc-seal.svg)

Geller Fellow

Placement at Federal Trade Commission, Office of Policy Planning

2019–2019

![Office of Senator Ron Wyden](https://cohney.info/assets/images/logos/wyden-wordmark.svg)

Cybersecurity Fellow

U.S. Senator Ron Wyden

2018–2018

![Facebook](https://cohney.info/assets/images/logos/facebook-wordmark-crop.png)

Security Engineer

Facebook Inc.

Intern

2014–2014

[Publications](#publications)
[Teaching](#teaching)
[Students](#students)
[Elsewhere](#miscellaneous)

## Highlighted Publications

A mix of representative papers and recent releases. See the [full list](https://cohney.info/research.html) for more.

1. “It’s been lovely watching you”: Institutional Decision-Making on Online Proctoring Software. 2025 IEEE Symposium on Security and Privacy (S&P) (2025). *Elisa Shioji, Ani Meliksetyan, Lucy Simko, Ryan Watkins, Adam J. Aviv and Shaanan Cohney*. Security & Privacy Law & Policy
2. SoK: Trusted setups in cryptography, Financial Cryptography and Data Security, (2025), *Faxing Wang, Shaanan Cohney and Joseph Bonneau*. Security & Privacy Cryptography
3. Trailblazer: Practical End-to-end Web API Fuzzing (Registered Report). Proceedings of the 34th ACM SIGSOFT International Symposium on Software Testing and Analysis (2025). *Lianglu Pan, Shaanan Cohney, Toby Murray and Van-Thuan Pham*. Security & Privacy
4. Detecting Excessive Data Exposures in Web Server Responses with Metamorphic Fuzzing, 46th ACM/IEEE International Conference on Software Engineering, (2024), *Lianglu Pan, Shaanan Cohney, Toby Murray and Van-Thuan Pham*, 🏆 **Distinguished Paper Award.** DOI: https://doi.org/10.1145/3597503.3608133. Security & Privacy
5. Watching the watchers: bias and vulnerability in remote proctoring software, 31st USENIX Security Symposium (USENIX Security 22), (2022), *Ben Burgess, Avi Ginsberg, Edward W Felten and Shaanan Cohney*. DOI: https://doi.org/10.48550/arXiv.2205.03009. Security & Privacy Law & Policy
6. Coin-operated capitalism, Columbia Law Review, 3 (2019), *Shaanan Cohney, David Hoffman, Jeremy Sklaroff and David Wishnick*. DOI: https://doi.org/10.2139/ssrn.3215345. Law & Policy
7. A systematic analysis of the Juniper Dual EC incident, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, (2016), *Stephen Checkoway, Jacob Maskiewicz, Christina Garman, Joshua Fried, Shaanan Cohney, Matthew Green, Nadia Heninger, Ralf-Philipp Weinmann, Eric Rescorla and Hovav Shacham*, 🏆 **Best Paper Award**. DOI: https://doi.org/10.1145/2976749.2978395. Security & Privacy Cryptography

## Teaching Snapshot

Selected courses I've led. Visit the [teaching page](https://cohney.info/teaching.html) for full details.

COMP10001

### [Foundations of Computing](https://unimelb-teaching.github.io/foc-website)

University of Melbourne

2024s2

COMP10002

### [Foundations of Algorithms](https://algorithmsare.fun)

University of Melbourne

[2026s1](https://algorithmsare.fun/2026s1/)

[2025s1](https://algorithmsare.fun/2025s1/)

[2024s1](https://algorithmsare.fun/2024s1/)

[2023s1](https://algorithmsare.fun/2023s1/)

[2022s2](https://algorithmsare.fun/2022s2/)

[2021s2](https://algorithmsare.fun/2021s2/)

INFO30006

### Information Security and Privacy

University of Melbourne

2024s2

2023s2

2022s1

2021s1

## Students & Collaborators

Current and past mentees across degrees.

### PhD Students

- Tian (Jack) Zhang 2026-present
- [Yuhao Sun](https://www.linkedin.com/in/yuhao-sun-2a1155269/) — How to mitigate prompt injection 2025-present
- [Viet Hoang Luu](https://www.linkedin.com/in/viet-hoang-luu-05a88624b/) — In what ways can we leverage source-code to improve automated software testing? (Software Security) 2024-present
- [Mike Zhuang](https://cis.unimelb.edu.au/research/computer-science/cs-graduate-researchers/computer-science/mike-zhuang) — Are there ways in which social media and similar actually help creativity and innovation? (Behavioural Science) 2023-present
- [Faxing Wang](https://lingering.github.io/) — Can we make more complex reporting models for secure messaging? (Applied Cryptography) 2022-present
- [Elisa Shioji](https://www.unimelb.edu.au/caide/research/graduate-research/rules-as-code-can-privacy-be-automated) — What is the relationship between socio-technical regulation and the systems-level outcomes? (Law and CS) 2021-present
- [Dr Lianglu Pan](https://pa55er6y.com/) — How can we test challenging-to-test aspect of web applications? (Software Security) University of Melbourne (Academic) 2021-2025

### Masters Researchers

- Tian (Jack) Zhang 2025
- [Han Perry](https://www.linkedin.com/in/han-perry/) — Modern-methods for inference of protocol definitions from network traces (Systems Security) 2024
- [Liam Saliba](https://liamsaliba.github.io) — LLMs for Transpilation into Memory Safe Languages (Software Security) Blackmagic Design 2023
- Xiaocong Zhang 2023
- Qingyun Wu PwC 2023
- Michael Maxwell Wenn — Improving governance reviews of Operational Technology posture (Cybersecurity Policy) 2023
- Haodong Gu 2023
- Zachary Duthie WeGuide 2023
- Simon Kelly 2023

### Undergraduate Researchers

- [Fane Ye](https://www.linkedin.com/in/fane-ye/) — Mutation Testing for Web Applications with Inferred Specifications (Software Security) Commonwealth Bank 2025
- [Lena Habtu](https://www.linkedin.com/in/lenahabtu/) — Adversarial testing of age-assurance systems (Security and Society) 2025
- [Ray Zhang](https://www.linkedin.com/in/rayzhang26/) 2025
- [Chunchun (Rachel) Ye](https://www.linkedin.com/in/chunchun-rachel-ye-640393171/?originalSubdomain=au) 2024
- [Joseph Surin](https://jsur.in/) — Lattice Cryptanalysis for CTF Challenges (Applied Cryptography) Eltam Security 2022
- [Angel He](https://7angel4.github.io/) 2022-2023

### Academic Siblings

- [Dr Luke Valenta](https://www.lukevalenta.com/) — Internet-scale applied crypto: TLS/DH measurements and weak-key digging
- [Dr Marcella Hastings](https://marsella.github.io/) — Making secure multi-party computation practical for privacy-preserving data analysis
- [Dr Gabrielle De Micheli](https://gmicheli.github.io/) — Fully homomorphic encryption and lattice-based cryptography
- [Dr Josh Fried](https://joshfried.io/) — Datacenter OS and network design using kernel-bypass schedulers (Junction OS) PhD (MIT); incoming Assistant Professor, University of Pennsylvania

## Random Facts

Odds and ends that capture the spirit of my work and life.

- While at Princeton I was a Bass in [Voices of Gotham](http://www.voicesofgotham.org/), a competitive barbershop chorus. I spent my PhD in multiple different choirs, the most significant of them being the [Penn Glee Club](http://penngleeclub.website/) and the [Penn Pipers](http://www.pennpipers.com/).
- I spend much of my free time playing piano, predominantly works from musical theatre.
- I came second place in a safe cracking tournament, and am working to learn and teach lockpicking.
- I ran the Melbourne Marathon in 2021, having started from not being able to run 1km in 2020.
- I co-founded [Nice Jewish Runners (NJR) Melbourne](https://www.instagram.com/nicejewishrunners_melbourne/).
- I have a finite Bacon-Erdős number of 6.