Shuo Chen is a senior principal researcher at Microsoft Research Asia, where he manages the security research group. His interest is about studying operational systems to understand their security challenges and develop systematic solutions. He worked in the areas of software-as-a-service, browser, web privacy/security and blockchain/smart-contract. His research led to several real-world security pushes, such as a cross-company effort to fix browser bugs that compromise HTTPS security; Microsoft Internet Explorer team’s effort to systematically fix GUI-spoofing (phishing) bugs; a cross-company effort to fix logic bugs in e-commerce, online payment and single-sign-on services. His research was covered by the media, such as CNN, CNET, MIT Tech Review, Ars Technica, etc. He also works in the area of program verification to address real-world security problems. In addition, his team and close collaborators designed and developed several product features for Microsoft Azure Blockchain.
Shuo served on the program committees for IEEE S&P, USENIX Security, ACM CCS, WWW, etc. He obtained his Ph.D. degree in computer science from University of Illinois at Urbana-Champaign, master’s degree from Tsinghua University, and bachelor’s degree from Peking University. Shuo worked in Microsoft’s Redmond lab before joining the Asia lab. His research won two Microsoft Gold Star awards and two paper awards in the IEEE S&P conference and the PETS Symposium.
Reflections about Security Research in an Industrial Lab
In this talk, I will share my thoughts about security research opportunities in an industrial lab. I will briefly explain why a company invests in security research, the differences between an engineer role and a researcher role, and the advantages and disadvantages of a researcher. Based on these thoughts, the main content of my talk is to explain three types of research opportunities in an actual engineering environment: (1) to take a holistic view about a real-world system; (2) to understand engineering challenges for a technology that academics feel overly optimistic about, and develop something that is really feasible; (3) to understand engineering contexts and turn a pessimistic theoretical result into a useful technology in reality. The discussion is mainly based on my own projects, but is also inspired by others. I hope the talk give Ph.D. students a new perspective thinking about “research” as they transition from schools into industrial labs.