Chujiao Ma

Cybersecurity researcher passionate about making security simple and accessible. Proponent of secure by design.

PhD in Computer Science & Engineering from University of Connecticut. Bachelor degree in Electrical and Computing Engineering from Franklin W. Olin College of Engineering. Privacy Engineering certificate from Carnegie Mellon University. My interest in cybersecurity started in cryptography and open source. It has now shifted to be more threat modeling and privacy related. You can contact me on LinkedIn.

In addition to the same interests most people have such as traveling, cooking, music and art, I also enjoy more whimsical things like math jokes and maintaining a playlist of Kpop songs about food.

a sampler of my work

 

Open-Source Security

Open-source code is something that everyone uses. However, the security is often assumed. This can lead to open source supply chain issues and breaches such as log4j. The onus of of ensuring the security of open-source code often falls upon the users. What can we do about it?

Talks & Publications:

Chujiao Ma, Vaibhav Garg. Hidden Risk of Unpopularity in Open Source. SCTE, 2021. Link

Chujiao Ma, Matthew Bosack, Wendy Rothschell, Noopur Davis, Vaibhav Garg. Wanted Hacked or Patched: Bug Bounties for Third Party Open-Source Software Components. ;Login: Usenix Publication, 2022. Link

Chujiao Ma. Wanted Hacked or Patched: Bug Bounties for Third Party Open-Source Software Components. BrightTALK Webinar, 2022. Link

 

 

Crypto-agility & Quantum

Changes in cryptography is inevitable. However, updating our infrastructure to support that change is not so simple. We proposed Crypto Agility Risk Assessment Framework as a way to approach such transition in an optimized manner, especially for post-quantum cryptography.

The availability of a usable quantum computer can render most of our public key cryptography vulnerable. NIST has already published the finalists from the post-quantum cryptography competition, and they are most likely will be required in the near future. What do we need to do about it right now?

Talks & Publications:

Chujiao Ma, Luis Colon, Joe Dera, Bahman Rashidi, Vaibhav Garg, CARAF: Crypto Agility Risk Assessment FrameworkJournal of Cybersecurity, Volume 7, Issue 1, 2021. Link 

Chujiao Ma, Crypto Agility: Adapting and Prioritizing Security in a Fast-Paced World, LISA’21, Usenix Association, 2021. Link  

Chujiao Ma, Post-Quantum Cryptography: What Executives Should Know, Executive Women Forum Annual Conference, 2021. Link

Chujiao Ma, Vaibhav Garg, Navigating the Transition to a Post-Quantum World, SCTE, 2021. Link 

 

Automating privacy

Privacy has became an important area of concern in the past few years. Unlike security, privacy focuses more on the context and usage. Processes and countermeasures for privacy should be separated from but can be complementary to those for security. My work in this area ranges from coming up with de-identification process for data to privacy tools.