Mihai Christodorescu

Senior Director, System Security

Focus areas: Software Security, Program Analysis, and Systems Security

Mihai Christodorescu, Visa Research

Biography

Dr. Mihai Christodorescu joined Visa Research as a Principal Research Scientist in 2017, and shortly thereafter was promoted to Sr. Director in 2018, where he is leading a team in fundamental and applied research in a number of security areas, including advanced cryptography, secure multi-party computation (MPC), post-quantum cryptography (PQC), secure systems, and more. Prior to joining Visa, Mihai was a Senior Researcher at Qualcomm Research Silicon Valley. Before joining Qualcomm, he was a Research Staff Member at IBM, and he also worked as a Principal Scientist at Securitas Technologies, Inc. His previous work focused on internet-scale security analysis of networks, systems and software, and whole-system security hardening for both cloud and mobile endpoints.

He received his Ph.D. and M.S. in Computer Sciences from the University of Wisconsin–Madison in 2007 and 2002, respectively, and received his B.S. in Computer Science, with high honors, from the University of California, Santa Barbara in 1999. His research interests are in fundamental approaches to computer security and privacy problems by combining methods from multiple domains–such as, programming languages, machine learning, behavioral modeling and formal methods. Dr. Christodorescu holds 25 patents and has published more than 35 papers in several international conferences and journals, including the Institute of Electrical and Electronics Engineers Conference on Computer and Communications Security (IEEE CCS), the Institute of Electrical and Electronics Engineers Association for Computing Machinery (IEEE ACM), Annual Computer Security Applications Conference (ACSAC), and many more. 

Conferences

  • Mila Dalla Preda, Mihai Christodorescu, Somesh Jha, & Debray, S. K. (2019). A semantics-based approach to malware detection. ACM Transactions on Programming Languages and Systems, 30(5).
  • Christodorescu, M., & Rubin, S. (2019). Can Cooperative Intrusion Detectors Challenge the Base-Rate Fallacy? Advances in Information Security, 27, 193–209.
  • Yoon, M.-K., Mohan, S., Choi, J., Christodorescu, M., & Sha, L. (2017). Learning Execution Contexts from System Call Distribution for Anomaly Detection in Smart Embedded System. Proceedings of the Second International Conference on Internet-of-Things Design and Implementation.
  • Yoon, M.-K., Salajegheh, N., Chen, Y., & Christodorescu, M. (2016). PIFT: predictive information-flow tracking. International Conference on Architectural Support for Programming Languages and Operating Systems, 50(2), 713–725.

  • Stoecklin, M. P., Singh, K., Koved, L., Hu, X., Chari, S. N., Rao, J. R., Cheng, P. C., Christodorescu, M., Sailer, R., & Schales, D. L. (2016). Passive security intelligence to analyze the security risks of mobile/BYOD activities. IBM Journal of Research and Development, 60(4), 1-13.
  • Yoon, M.-K., Christodorescu, M., Lui, S., & Mohan, S. (2016). The DragonBeam Framework: Hardware-Protected Security Modules for In-Place Intrusion Detection. ACM International on Systems and Storage Conference, 1(1), 1-12.
  • Melicher, W., Sharif, M., Tan, J., Bauer, L., Christodorescu, M., & Leon, P. G. (2016). (Do Not) Track Me Sometimes: Users’ Contextual Preferences for Web Tracking. Proceedings on Privacy Enhancing Technologies, 2016(2), 135–154.
  • Yoon, M.-K., Mohan, S., Choi, J., Christodorescu, M., & Sha, L. (2015). Intrusion Detection Using Execution Contexts Learned from System Call Distributions of Real-Time Embedded Systems.
  • Han, R., Mesa, A., Christodorescu, M., & Zonouz, S. (2014). TroGuard: context-aware protection against web-based socially engineered trojans. Annual Computer Security Applications Conference, 30, 66-75.
  • Schales, D. L., Christodorescu, M., Hu, X., Jang, J., Rao, J. R., Sailer, R., Stoecklin, M. P., Venema, W., & Wang, T. (2014). Stream computing for large-scale, multichannel cyber threat analytic. International Conference on Information Reuse and Integration, 15, 8-15.
  • Paxson, V., Christodorescu, M., Javed, M., Rao, J., Sailer, R., Schales, D., Stoecklin, M. P., Thomas, K., Venema, W., & Weaver, N. (2013). Practical Comprehensive Bounds on Surreptitious Communication Over DNS, 22, 17-32.
  • Leon, P., Ur, B., Wang, Y., Sleeper, M., Balebako, R., Shay, R., Bauer, L., Christodorescu, M., & Cranor, L. (2013). What Matters to Users? Factors that Affect Users’ Willingness to Share Information with Online Advertisers. Symposium on Usable Privacy and Security, 9(7), 1-12.
  • Jha, S., Fredrikson, M., Christodoresu, M., Sailer, R., & Yan, X. (2013). Synthesizing near-optimal malware specifications from suspicious behaviors. International Conference on Malicious and Unwanted Software, 8, 41-50.
  • Butt, S., Ganapathy, V., Baliga, A., & Christodorescu, M. (2011). Monitoring Data Structures Using Hardware Transactional Memory. International Conference on Runtime Verification, 2(7186), 345–359.
  • Fredrikson, M., Christodorescu, M., & Jha, S. (2011). Dynamic Behavior Matching: A Complexity Analysis and New Approximation Algorithms. Lecture Notes in Computer Science, 23(6803), 252–267.
  • Biryukov, A., De Cannière, C., Winkler, W. E., Aggarwal, C. C., Kuhn, M., Bouganim, L., … Smith, S. W. (2011). Dynamic Analysis. Encyclopedia of Cryptography and Security, 2, 365–367.
  • Christodorescu, M., Fredrikson, M., Jha, S., & Giffin, J. (2011). End-to-End Software Diversification of Internet Services. Advances in Information Security, 54, 117–130.
  • Fredrikson, M., Christodorescu, M., Giffin, J., & Jhas, S. (2010). A Declarative Framework for Intrusion Analysis. Advances in Information Security, 46, 179–200.
  • Lanzi, A., Balzarotti, D., Kruegel, C., Christodorescu, M., & Kirda, E. (2010). AccessMiner: using system-centric models for malware protection. ACM Conference on Computer and Communications Security, 17, 399-412.
  • Fredrikson, M., Jha, S., Christodorescu, M., Sailer, R., & Yan, X. (2010). Synthesizing Near-Optimal Malware Specifications from Suspicious Behaviors. IEEE Symposium on Security and Privacy, 10, 45-60.
  • Christodorescu, M., Sailer, R., Schales, D. L., Sgandurra, D., & Zamboni, D. (2009). Cloud security is not (just) virtualization security. ACM Workshop on Cloud Computing Security, 97-102. 
  • Chen, C., Lin, C. X., Fredrikson, M., Christodorescu, M., Yan, X., & Han, J. (2009). Mining graph patterns efficiently via randomized summaries. Proceedings of the VLDB Endowment, 2(1), 742–753.
  • Christodorescu, M. (2009). Private Use of Untrusted Web Servers via Opportunistic Encryption. Web 2.0 Security & Privacy Workshop.
  • Christodorescu, M., Jha, S., & Kruegel, C. (2008). Mining specifications of malicious behavior. Conference on India Software Engineering Conference, 5-14.
  • Martignoni, L., Christodorescu, M., & Jha, S. (2007). OmniUnpack: Fast, Generic, and Safe Unpacking of Malware. Computer Security Applications Conference, 23, 431-441.
  • Christodorescu, M., Jha, S., & Kruegel, C. (2007). Mining specifications of malicious behavior. Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering, 6, 5-14.
  • Christodorescu, M., Jha, S., Kinder, J., Katzenbeisser, S., & Veith, H. (2007). Software transformations to improve malware detection. Journal in Computer Virology, 3(4), 253–265.
  • Preda, M. D., Christodorescu, M., Jha, S., & Debray, S. (2007). A semantics-based approach to malware detection. ACM SIGPLAN Symposium on Principles of Programming Languages, 42(1), 377-388.
  • Christodorescu, M., Kidd, N., & Goh, W.-H. (2006). String analysis for x86 binaries. ACM SIGPLAN-SIGSOFT Workshop o Program Analysis for Software Tools Engineering, 31(1), 88.
  • Giffin, J., Christodorescu, M., & Kruger, L. (2005). Strengthening Software Self-Checksumming via Self-Modifying Code. Computer Security Applications Conference, 21, 18-27.
  • Rubin, S., Christodorescu, M., Ganapathy, V., Giffin, J., Kruger, L., & Wang, H. (2005). An Auctioning Reputation System Based on Anomaly Detection. ACM Conference on Computer and Communications Security, 12, 270-279.
  • Christodorescu, M., Jha, S., Seshia, S. A., Song, D., & Bryant, R. E. (2005). Semantics-Aware Malware Detection. IEEE Symposium on Security and Privacy, 32-46.
  • Christodorescu, M., & Jha, S. (2004). Testing malware detectors. ACM SIGSOFT Software Engineering Notes, 29(4), 34-44.
  • Christodorescu, M., & Jha, S. (2003). Static Analysis of Executables to Detect Malicious Patterns. USENIX Security Symposium, 12, 169–186.
  • Miller, B. P., Michai Christodorescu, Iverson, R., Tevfik Kosar, Mirgorodskii, A., & Popovici, F. (2001). Playing Inside the Black Box: Using Dynamic Instrumentation to Create Security Holes. Parallel Processing Letters, 11(2/3), 267–280.

Books

  • Christodorescu, M., Somesh, J., Maughan, D., Song, D., & Wang, C. (Eds.). (2006). Malware Detection. Advances in Information Security, 27 (5).

Patents

  • Gupta, R. P., Christodorescu, M., Sridhara, V., Salajegheh, M., & Valencia, A. (2016). Adaptive observation of behavioral features on a mobile device. U.S. Patent No. 9,330,257. U.S. Patent and Trademark Office.
  • Gupta, R. P., Christodorescu, M., Chen, Y. C., Sridhara, V., Salajegheh, M., & Yoon, M. K. (2016). Data flow tracking via memory monitoring. U.S. Patent No. 9,519,533. U.S. Patent and Trademark Office.
  • Ting, Z., Sailer, R., Schales, D. L., Christodorescu, M., Stoecklin, M., & Hu, X. (2016). Distributed feature collection and correlation engine. U.S. Patent No. 9,489,426. U.S. Patent and Trademark Office.
  • Ting, Z., Sailer, R., Schales, D. L., Christodorescu, M., Stoecklin, M., & Hu, X. (2016). Distributed feature collection and correlation engine. U.S. Patent No. 9,495,420. U.S. Patent and Trademark Office.
  • Ting, Z., Sailer, R., Schales, D. L., Christodorescu, M., Stoecklin, M., Hu, X. & White, A. M. (2016). Identification and classification of web traffic inside encrypted network tunnels. U.S. Patent No. 9,491,078. U.S. Patent and Trademark Office.

  • Gupta, R. J., Christodorescu, M., Sridhara, V., Fawaz, K., & Fiala, D. J. (2016). Pre-identifying probable malicious rootkit behavior using behavioral contracts. U.S. Patent No. 9,323,929. U.S. Patent and Trademark Office.
  • Pendarakis, D., Christodorescu, M., & Singh, K. K. (2016). Protection of user data in hosted application environments. U.S. Patent No. 9,245,126. U.S. Patent and Trademark Office.
  • Pendarakis, D., Christodorescu, M., & Singh, K. K. (2016). Protection of user data in hosted application environments. U.S. Patent No. 9,430,653. U.S. Patent and Trademark Office.
  • Ting, Z., Sailer, R., Schales, D. L., Christodorescu, M., & Stoecklin, M. (2016). User identification using multifaceted footprints. U.S. Patent No. 9,251,328. U.S. Patent and Trademark Office.
  • Rao, J. R., Cohen, M. A., Amini, L. D., Verscheure, O., Sailer, R., Schales, D. L., Christodorescu, M., Parthasarathy, S., & Venema, W. Z. (2015). Adaptive cybersecurity analytics. U.S. Patent No. 9,032,521. U.S. Patent and Trademark Office.
  • Ting, Z., Sailer, R., Schales, D. L., Christodorescu, M., Stoecklin, M., Hu, X. & White, A. M. (2015). Identification and classification of web traffic inside encrypted network tunnels. U.S. Patent No. 9,100,309. U.S. Patent and Trademark Office.
  • Ting, Z., Sailer, R., Schales, D. L., Christodorescu, M., Stoecklin, M., Hu, X. & White, A. M. (2015). Identification and classification of web traffic inside encrypted network tunnels. U.S. Patent No. 9,106,536. U.S. Patent and Trademark Office.
  • Gupta, R. P., Christodorescu, M., & Fiala, D. J. (2015). Lightweight data-flow tracker for realtime behavioral analysis using control flow. U.S. Patent No. 9,158,604. U.S. Patent and Trademark Office.
  • Davidson, A. E., Sailer, R., Christodorescu, M., & Venema, W. Z. (2015). Malware detection via network information flow theories. U.S. Patent No. 8,935,782. U.S. Patent and Trademark Office.
  • Rao, J. R., Sailer, R., Schales, D. L., & Christodorescu, M. (2015). Method and apparatus for detecting unauthorized bulk forwarding of sensitive data over a network. U.S. Patent No. 8,938,511. U.S. Patent and Trademark Office.
  • Rao, J. R., Sailer, R., Schales, D. L., & Christodorescu, M. (2015). Method and apparatus for detecting unauthorized bulk forwarding of sensitive data over a network. U.S. Patent No. 8,972,510. U.S. Patent and Trademark Office.
  • Gupta, R. P., Christodorescu, M., Sridhara, V., & Fawaz, K. (2015). Method and system for performing behavioral analysis operations in a mobile device based on application state. U.S. Patent No. 9,147,072. U.S. Patent and Trademark Office.
  • Sailer, R., Schales, D. L., Pendarakis, D., Christodorescu, M., & Aaraj, N. (2015). Optimizing performance of integrity monitoring. U.S. Patent No. 8,949,797. U.S. Patent and Trademark Office.
  • Pendarakis, D., Christodorescu, M., & Singh, K. K. (2015). Protection of user data in hosted application environments. U.S. Patent No. 9,098,709. U.S. Patent and Trademark Office.
  • Mohindra, A., Kundu, A., & Christodorescu, M. (2015). System and method for protection from buffer overflow vulnerability due to placement new constructs in C++. U.S. Patent No. 9,069,970. U.S. Patent and Trademark Office.
  • Mohindra, A., Kundu, A., & Christodorescu, M. (2015). System and method for protection from buffer overflow vulnerability due to placement new constructs in C++. U.S. Patent No. 9,081,966. U.S. Patent and Trademark Office.
  • Ting, Z., Sailer, R., Schales, D. L., Christodorescu, M., & Stoecklin, M. (2015). User identification using multifaceted footprints. U.S. Patent No. 9,003,025. U.S. Patent and Trademark Office.
  • Ting, Z., Sailer, R., Schales, D. L., Christodorescu, M., Stoecklin, M., & Korzhyk, D. (2014). Predicting attacks based on probabilistic game-theory. U.S. Patent No. 8,863,293. U.S. Patent and Trademark Office.
  • Christodorescu, M., & Jha, S. (2010). Method and apparatus to detect malicious software. U.S. Patent No. 7,739,737. U.S. Patent and Trademark Office.
  • Christodorescu, M., Jha, S., Kinder, J., Katzenbeisser, S., & Veith, H. (2006). Malware normalization. U.S. Patent in progress. U.S. Patent and Trademark Office.