Tung Tran

  • I am a PhD candidate in the Computer Science Department at Stony Brook University, New York.
  • I am a member of Secure Systems Lab and my advisor is Prof.R Sekar.
  • My research interests include network security, software security and web security.

  • News

    - Our SBU team ranked third at the CSAW (Cyber Security Awareness Week) Capture the Flag (CTF), September 2010 CSAW CTF
    - In 10 days, we scanned and found half of million websites vulnerable to SQL injection and XSS, April 2010


    Reported Vulnerabilities
    Capability leak: Various built-in functions leak the global object (Chrome/V8), July 2013 [link]
    Multiple Critical Vulnerabilities in Blackboard due to persistent Cross Site Scripting and Authorization bugs, October 2010 [pdf]

    Tung Tran, Riccardo Pelizzi, R. Sekar,  JaTE: Transparent and Efficient JavaScript Confinement, In Annual Computer Security Applications Conference (ACSAC 2015), December 2015 [pdf]
    Tung Tran, Ehab Al-Shaer, Issam Aib and Raouf Boutaba, An Evasive Attack on SNORT Flowbits, The 13th IEEE/IFIP Network Operations and Management Symposium (NOMS), Maui, Hawaii, USA, April 2012 [pdf]
    Issam Aib, Tung Tran, and Raouf Boutaba, Characterization and Solution to A Stateful IDS Evasion, The 29th IEEE Int’l Conference on Distributed Computing Systems (ICDCS), Montreal, Quebec, Canada, June 2009 [pdf]
    Adel El-Atawy, Ehab Al-Shaer, Tung Tran and Raouf Boutaba, Adaptive Early Packet Filtering for Protecting Firewalls against DoS Attacks, IEEE INFOCOM, Brazil, April 2009 [pdf]
    Tung Tran, Ehab Al-Shaer and Raouf Boutaba, PolicyVis: Firewall Security Policy Visualization and Inspection, USENIX LISA, Dallas, Texas, USA, November 2007 [pdf]

    Technical Reports
    Riccardo Pelizzi, Tung Tran, gDork: a XSS vulnerability discovery tool and XSS scanner, 2013, (Available on request)
    Tung Tran, Issam Aib, Ehab Al-Shaer, and Raouf Boutaba, Evasive Attack on Stateful Signature-based Network Intrusion Detection Systems, Techical Report CS-2008-18, University of Waterloo [pdf]

    Tung Tran, Misconfiguration Analysis of Network Access Control Policies, M.Math Thesis, David R. Cheriton School of Computer Science , University of Waterloo, February 2009 [pdf]


    - Niranjan, my labmate, has created a good list of security conferences here


    Available on request.

    Contact Information

    E-mail: ttran [at] cs [dot] sunysb [dot] edu
    Phone: 631-655-1188