Suman Jana


S.W. Mudd
Mail Code 0401

Tel(212) 853-0933
Fax(212) 666-0140

Suman Jana works on building secure and privacy-preserving software. More specifically, he builds automated tools for finding and fixing security and privacy vulnerabilities in large real-world systems. Such tools often leverage techniques from diverse domains including machine learning, software engineering, and program analysis. 

Research Interests

Computer security, privacy, software engineering, program analysis, operating systems.

His research has led to reporting and fixing of around 250 high-impact security vulnerabilities across a wide range of popular software. His research software has been incorporated into several open-source software including Mozilla Firefox, Apache Cordova, and cURL.

Jana received a BE in computer science & engineering from Jadavpur University, India in 2003, a MS in computer science from University of Utah in 2009, and a PhD in computer science from the University of Texas, Austin, in 2014. His research has won four best paper awards including the 2014 PET award for Outstanding Research in Privacy Enhancing Technologies. 


  • Postdoctoral fellow, Stanford University, 2014-2015


  • Assistant professor of computer science, Columbia University, 2016–


  • PET Award for Outstanding Research in Privacy Enhancing Technologies, 2014 

  • IEEE Security & Privacy Symposium Best Paper Award, 2012 & 2014 


  • Theofilos Petsios, Adrian Tang, Salvatore Stolfo, Angelos D. Keromytis, and Suman Jana. NEZHA: Efficient Domain-independent Differential Testing. n Proceedings of the 35th IEEE Symposium on Security and Privacy (Oakland), San Jose, CA, 2017. 

  • Suphannee Sivakorn, George Argyros, Kexin pei, Angelos D. Keromytis, Suman Jana. HVLearn: Automated Black-box Analysis of Hostname Verification in SSL/TLS Implementations. n Proceed- ings of the 35th IEEE Symposium on Security and Privacy (Oakland), San Jose, CA, 2017. 

  • George Argyros, Ioannis Stais, Suman Jana, Angelos D. Keromytis, and Aggelos Kiayias. SFADiff: Automated Evasion Attacks and Fingerprinting Using Blackbox Differential Automata Learning. n Proceedings of the 23rd ACM Conference on Computer and Communications Security (CCS), Vienna, Austria, 2016 

  • Suman Jana, Yuan J. Kang, Samuel Roth, and Baishakhi Ray. Automatically Detecting Error Handling Bugs using Error Specifications. In Proceedings of the 25th USENIX Security Symposium (USENIX Security), Austin, TX, 2016. 

  • Richard McPherson, Suman Jana, and Vitaly Shmatikov. No Escape From Reality: Security and Privacy of Augmented Reality Browsers. In Proceedings of the 24th International World Wide Web Conference (WWW), Florence, Italy, 2015. 

  • Chad Brubaker, Suman Jana, Baishakhi Ray, Sarfraz Khurshid, and Vitaly Shmatikov. Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementa- tions. In Proceedings of the 35th IEEE Symposium on Security and Privacy (Oakland), San Jose, CA, 2014.
  • Suman Jana, Arvind Narayanan, and Vitaly Shmatikov. A Scanner Darkly: Protecting User Privacy from Perceptual Applications. In Proceedings of the 34th IEEE Symposium on Security and Privacy (Oakland), San Francisco, CA, 2013. 

  • Martin Georgiev, Subodh Iyengar, Suman Jana, Rishita Anubhai, Dan Boneh, and Vitaly Shmatikov. The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software. In Proceedings of the 19th ACM Conference on Computer and Communications Security (CCS), Raleigh, NC, 2012. 

  • Suman Jana and Vitaly Shmatikov. Memento: Learning Secrets from Process Footprints. In Proceedings of the 33rd IEEE Symposium on Security and Privacy (Oakland), Berkeley, CA, 2012.