Shaanan Cohney PhD

Peer Reviewed Papers

Detecting Excessive Data Exposures in Web Server Responses with Metamorphic Fuzzing, In Submission, (2023), Lianglu Pan, Shaanan Cohney, Toby Murray and Van-Thuan Pham.
```
@article{edefuzz,
  title = {Detecting Excessive Data Exposures in Web Server Responses with Metamorphic Fuzzing},
  author = {Pan, Lianglu and Cohney, Shaanan and Murray, Toby and Pham, Van-Thuan},
  booktitle = {In Submission},
  year = {2023},
  selected = {no},
  pages = {1-14},
  group = {papers},
  preprint = {https://arxiv.org/abs/2301.09258}
}
```

Watching the watchers: bias and vulnerability in remote proctoring software, 31st USENIX Security Symposium (USENIX Security 22), (2022), Ben Burgess, Avi Ginsberg, Edward W Felten and Shaanan Cohney, 220k Twitter Impressions!

@article{watchers,
  title = {Watching the watchers: bias and vulnerability in remote proctoring software},
  author = {Burgess, Ben and Ginsberg, Avi and Felten, Edward W and Cohney, Shaanan},
  booktitle = {31st USENIX Security Symposium (USENIX Security 22)},
  year = {2022},
  selected = {yes},
  group = {papers},
  pages = {571--588},
  link = {https://www.usenix.org/system/files/sec22-burgess.pdf},
  awards = {220k Twitter Impressions!}
}

Virtual Classrooms and Real Harms: Remote Learning at {US}. Universities, Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021), (2021), Shaanan Cohney, Ross Teixeira, Anne Kohlbrenner, Arvind Narayanan, Mihir Kshirsagar, Yan Shvartzshnaider and Madelyn Sanfilippo.

@article{virtual,
  title = {Virtual Classrooms and Real Harms: Remote Learning at $\{$US$\}$. Universities},
  author = {Cohney, Shaanan and Teixeira, Ross and Kohlbrenner, Anne and Narayanan, Arvind and Kshirsagar, Mihir and Shvartzshnaider, Yan and Sanfilippo, Madelyn},
  booktitle = {Seventeenth Symposium on Usable Privacy and Security (SOUPS 2021)},
  pages = {653--674},
  year = {2021},
  selected = {no},
  group = {papers},
  link = {https://www.usenix.org/system/files/soups2021-cohney.pdf}
}

Pseudorandom black swans: Cache attacks on CTR_DRBG, 2020 IEEE Symposium on Security and Privacy (SP), (2020), Shaanan Cohney, Andrew Kwong, Shahar Paz, Daniel Genkin, Nadia Heninger, Eyal Ronen and Yuval Yarom.

@article{blackswans,
  title = {Pseudorandom black swans: Cache attacks on CTR\_DRBG},
  author = {Cohney, Shaanan and Kwong, Andrew and Paz, Shahar and Genkin, Daniel and Heninger, Nadia and Ronen, Eyal and Yarom, Yuval},
  booktitle = {2020 IEEE Symposium on Security and Privacy (SP)},
  pages = {1241--1258},
  year = {2020},
  organization = {IEEE},
  selected = {yes},
  group = {papers},
  link = {https://ieeexplore.ieee.org/iel7/9144328/9152199/09152663.pdf}
}

Practical state recovery attacks against legacy RNG implementations, Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, (2018), Shaanan Cohney, Matthew D Green and Nadia Heninger.
```
@article{duhk,
  title = {Practical state recovery attacks against legacy RNG implementations},
  author = {Cohney, Shaanan and Green, Matthew D and Heninger, Nadia},
  booktitle = {Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security},
  pages = {265--280},
  year = {2018},
  selected = {yes},
  group = {papers},
  link = {https://dl.acm.org/doi/pdf/10.1145/3243734.3243756}
}
```

{DROWN}: Breaking {TLS} Using {SSLv2}, 25th USENIX Security Symposium (USENIX Security 16), (2016), Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar and Yuval Shavitt, Runner-Up, Internet Defense Prize.

@article{drown,
  title = {$\{$DROWN$\}$: Breaking $\{$TLS$\}$ Using $\{$SSLv2$\}$},
  author = {Aviram, Nimrod and Schinzel, Sebastian and Somorovsky, Juraj and Heninger, Nadia and Dankel, Maik and Steube, Jens and Valenta, Luke and Adrian, David and Halderman, J Alex and Dukhovni, Viktor and Käsper, Emilia and Cohney, Shaanan and Engels, Susanne and Paar, Christof and Shavitt, Yuval},
  booktitle = {25th USENIX Security Symposium (USENIX Security 16)},
  pages = {689--706},
  year = {2016},
  selected = {no},
  group = {papers},
  link = {https://drownattack.com/drown-attack-paper.pdf},
  awards = {Runner-Up, Internet Defense Prize}
}

A systematic analysis of the Juniper Dual EC incident, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, (2016), Stephen Checkoway, Jacob Maskiewicz, Christina Garman, Joshua Fried, Shaanan Cohney, Matthew Green, Nadia Heninger, Ralf-Philipp Weinmann, Eric Rescorla and Hovav Shacham, Best Paper Award.

@article{juniper,
  title = {A systematic analysis of the Juniper Dual EC incident},
  author = {Checkoway, Stephen and Maskiewicz, Jacob and Garman, Christina and Fried, Joshua and Cohney, Shaanan and Green, Matthew and Heninger, Nadia and Weinmann, Ralf-Philipp and Rescorla, Eric and Shacham, Hovav},
  booktitle = {Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security},
  pages = {468--479},
  year = {2016},
  selected = {yes},
  group = {papers},
  link = {https://dl.acm.org/doi/10.1145/2976749.2978395},
  awards = {Best Paper Award}
}

Factoring as a service, International Conference on Financial Cryptography and Data Security, (2016), Luke Valenta, Shaanan Cohney, Alex Liao, Joshua Fried, Satya Bodduluri and Nadia Heninger.

@article{faas,
  title = {Factoring as a service},
  author = {Valenta, Luke and Cohney, Shaanan and Liao, Alex and Fried, Joshua and Bodduluri, Satya and Heninger, Nadia},
  booktitle = {International Conference on Financial Cryptography and Data Security},
  pages = {321--338},
  year = {2016},
  organization = {Springer},
  selected = {no},
  group = {papers},
  link = {https://link.springer.com/chapter/10.1007/978-3-662-54970-4_19}
}

Measuring small subgroup attacks against Diffie-Hellman, NDSS, (2016), Luke Valenta, David Adrian, Antonio Sanso, Shaanan Cohney, Joshua Fried, Marcella Hastings, J Alex Halderman and Nadia Heninger.

@article{subgroup,
  title = {Measuring small subgroup attacks against Diffie-Hellman},
  author = {Valenta, Luke and Adrian, David and Sanso, Antonio and Cohney, Shaanan and Fried, Joshua and Hastings, Marcella and Halderman, J Alex and Heninger, Nadia},
  journal = {NDSS},
  year = {2016},
  selected = {no},
  group = {papers},
  pages = {1--15},
  link = {https://www.ndss-symposium.org/wp-content/uploads/2017/09/ndss2017_04A-1_Valenta_paper_0.pdf}
}

Law Review Articles

Transactional scripts in contract stacks, Minn. L. Rev., (2020), Shaanan Cohney and David A Hoffman.

@article{scripts,
  title = {Transactional scripts in contract stacks},
  author = {Cohney, Shaanan and Hoffman, David A},
  journal = {Minn. L. Rev.},
  volume = {105},
  pages = {319--388},
  year = {2020},
  publisher = {HeinOnline},
  selected = {yes},
  group = {lawreviews},
  link = {https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3523515}
}

Coin-operated capitalism, Columbia Law Review, 3 (2019), Shaanan Cohney, David Hoffman, Jeremy Sklaroff and David Wishnick.

@article{coc,
  title = {Coin-operated capitalism},
  author = {Cohney, Shaanan and Hoffman, David and Sklaroff, Jeremy and Wishnick, David},
  journal = {Columbia Law Review},
  volume = {119},
  number = {3},
  pages = {591--676},
  year = {2019},
  publisher = {JSTOR},
  selected = {yes},
  group = {lawreviews},
  link = {https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3215345}
}

Journal Articles

Where did i leave my keys? Lessons from the juniper dual ec incident, Communications of the ACM, 11 (2018), Stephen Checkoway, Jacob Maskiewicz, Christina Garman, Joshua Fried, Shaanan Cohney, Matthew Green, Nadia Heninger, Ralf-Philipp Weinmann, Eric Rescorla and Hovav Shacham.

@article{checkoway2018did,
  title = {Where did i leave my keys? Lessons from the juniper dual ec incident},
  author = {Checkoway, Stephen and Maskiewicz, Jacob and Garman, Christina and Fried, Joshua and Cohney, Shaanan and Green, Matthew and Heninger, Nadia and Weinmann, Ralf-Philipp and Rescorla, Eric and Shacham, Hovav},
  journal = {Communications of the ACM},
  volume = {61},
  number = {11},
  pages = {148--155},
  year = {2018},
  publisher = {ACM New York, NY, USA},
  selected = {no},
  group = {journals},
  link = {https://dl.acm.org/doi/10.1145/3266291}
}

Policy Submissions

Strengthening Australian Consumer Protection in the era of Digital Platforms. Shaanan Cohney, Liam Harding and Suelette Dreyfus. (2023).
```
@misc{accc,
  author = {Cohney, Shaanan and Harding, Liam and Dreyfus, Suelette},
  title = {Strengthening Australian Consumer Protection in the era of Digital Platforms},
  year = {2023},
  selected = {no},
  group = {policy},
  pages = {1--20},
  preprint = {https://cohney.info/static/papers/response-to-accc.pdf}
}
```

Addressing Big Tech Regulation in Australia. Shaanan Cohney, Liam Harding, Gabby Bush, Marc Cheong, Tatiana Cutts, Liam Harding, Toby Murray, Suelette Dreyfus and Sarita Rosenstock. (2023).

@misc{senate,
  author = {Cohney, Shaanan and Harding, Liam and Bush, Gabby and Cheong, Marc and Cutts, Tatiana and Harding, Liam and Murray, Toby and Dreyfus, Suelette and Rosenstock, Sarita},
  title = {Addressing Big Tech Regulation in Australia},
  year = {2023},
  selected = {no},
  group = {policy},
  pages = {1--16},
  preprint = {https://www.unimelb.edu.au/__data/assets/pdf_file/0010/4508956/caide-reponse-to-senate-inquiry.pdf}
}

Submission to the ACCC’s Digital Platform Services Inquiry Discussion Paper. Jeannie Paterson, Shaanan Cohney, Gabby Bush, Liam Harding and Alex Paterson. (2022).

@misc{digitalplatforms,
  author = {Paterson, Jeannie and Cohney, Shaanan and Bush, Gabby and Harding, Liam and Paterson, Alex},
  title = {Submission to the ACCC's Digital Platform Services Inquiry Discussion Paper},
  year = {2022},
  selected = {no},
  group = {policy},
  pages = {1-6},
  link = {https://www.accc.gov.au/system/files/Centre%20for%20AI%20and%20Digital%20Ethics%20and%20Melbourne%20Law%20School.pdf}
}

Response to the Review of the Privacy Act. Jeannie Paterson, Shaanan Cohney, Lars Kulik and Liam Harding. (2022).

@misc{privacyact,
  author = {Paterson, Jeannie and Cohney, Shaanan and Kulik, Lars and Harding, Liam},
  title = {Response to the Review of the Privacy Act},
  year = {2022},
  selected = {no},
  group = {policy},
  pages = {1-9},
  link = {https://www.unimelb.edu.au/__data/assets/pdf_file/0019/4070503/Privacy-Act-Review-Discussion-Paper-Response.pdf}
}

Submission to ANPR R111004 Commercial Surveillance. Nia Brazzell, Jordan Bresinger, Shaanan Cohney, Sayash Kapoor, Mhir Kshirsagar, Jonathan Mayer and Arvind Narayanan. (2022).
```
@misc{surveillance,
  author = {Brazzell, Nia and Bresinger, Jordan and Cohney, Shaanan and Kapoor, Sayash and Kshirsagar, Mhir and Mayer, Jonathan and Narayanan, Arvind},
  title = {Submission to ANPR R111004 Commercial Surveillance},
  year = {2022},
  selected = {yes},
  group = {policy},
  pages = {1--12},
  link = {https://downloads.regulations.gov/FTC-2022-0053-1205/attachment_1.pdf}
}
```

Strengthening Australia’s cybersecurity regulations and incentives: Response to the Department of Home Affairs Discussion Paper. Amit Achrekar, Atif Ahmad, Shanton Chang, Shaanan Cohney, Suelette Dreyfus, Chris Leckie, Toby Murray, Jeannie Paterson, Thuan Pham and Liz Sonenberg. (2021).

@misc{securitypaper,
  author = {Achrekar, Amit and Ahmad, Atif and Chang, Shanton and Cohney, Shaanan and Dreyfus, Suelette and Leckie, Chris and Murray, Toby and Paterson, Jeannie and Pham, Thuan and Sonenberg, Liz},
  title = {Strengthening Australia's cybersecurity regulations and incentives: Response to the Department of Home Affairs Discussion Paper},
  year = {2021},
  selected = {no},
  group = {policy},
  pages = {1--16},
  link = {https://about.unimelb.edu.au/__data/assets/pdf_file/0028/296074/Submission-to-Strengthening-Cybersecurity-Regulations-consultation_University-of-Melbourne.pdf}
}

Comments on Revised Proposed Regulations Implementing the California Consumer Privacy Act. Marshini Chetty, Shaanan Cohney, Mihir Kshirsagar, Arunesh Mathur, Jonathan Mayer, Arvind Narayanan, Ross Teixeira and Ari Ezra Waldman. (2020).

@misc{ccpa,
  author = {Chetty, Marshini and Cohney, Shaanan and Kshirsagar, Mihir and Mathur, Arunesh and Mayer, Jonathan and Narayanan, Arvind and Teixeira, Ross and Waldman, Ari Ezra},
  title = {Comments on Revised Proposed Regulations Implementing the California Consumer Privacy Act},
  year = {2020},
  selected = {no},
  group = {policy},
  pages = {1--8},
  link = {https://citpsite.s3.amazonaws.com/wp-content/uploads/2020/02/27164209/CITP-Clinic-CCPA-Comments-2.pdf}
}

Tutorials & Tools

A Gentle Tutorial for Lattice-Based Cryptanalysis. Joseph Surin and Shaanan Cohney. (2022).

@misc{latticetoolkit,
  author = {Surin, Joseph and Cohney, Shaanan},
  title = {A Gentle Tutorial for Lattice-Based Cryptanalysis},
  year = {2022},
  selected = {yes},
  pages = {1--33},
  group = {tutorials},
  preprint = {https://eprint.iacr.org/2023/032},
  link = {https://github.com/josephsurin/lattice-based-cryptanalysis}
}

Patents

System and Method for Detecting Excessive Data Exposures. Australian Provisional Patent 2022903182. Lianglu Pan, Toby Murray, Thuan Pham and Shaanan Cohney. (2022).
```
@misc{patent,
  author = {Pan, Lianglu and Murray, Toby and Pham, Thuan and Cohney, Shaanan},
  title = {System and Method for Detecting Excessive Data Exposures},
  year = {2022},
  howpublished = {Australian Provisional Patent 2022903182},
  selected = {no},
  pages = {1--53},
  group = {patents}
}
```

Shaanan Cohney

Ph.D. M.L. M.S.E.

shaanan[at]cohney.info

CV | Publications | Teaching Q&A