Pongsin Poosankam
CONTACT
INFORMATION
1709 Shattuck Ave, Apt 325 Cell: (412) 759-1546
Berkeley CA 94709 USA
E-mail: ppoosank@cs.cmu.edu
WWW: http://www.andrew.cmu.edu/~ppoosank
RESEARCH
INTERESTS
Computer Security, focusing on using dynamic symbolic execution techniques for
security applications including binary program analysis, bug finding, and protocol
reverse engineering, among others.
EDUCATION
Carnegie Mellon University, Pittsburgh, PA
Ph.D. in Computer Science. Entered: August 2006.
Advisor: Dawn Song
Research topics: binary program analysis, dynamic symbolic execution.
Select course work: secure software systems, network security, computer
architecture, compilers for modern architecture, semantics of programming
language, graduate algorithm, machine learning
Carnegie Mellon University, Pittsburgh, PA
M.S. in Computer Science, May 2011
QPA: 3.72/4.00
Carnegie Mellon University, Pittsburgh, PA
B.S. in Computer Science, May 2005
Minor: Mathematical Science, Physics
QPA: 4.00/4.00
Select course work: computer security, computer networks, compiler design,
algorithm design and analysis, software engineering, computer graphics
PUBLICATIONS
MACE: Model-inference-Assisted Concolic Exploration for Protocol and
Vulnerability Discovery.
Chia Yuan Cho, Domagoj Babic, Pongsin Poosankam, Kevin Zhijie Chen,
Edward XueJun Wu, and Dawn Song. To appear in Proceedings of the 20th
USENIX Security Symposium, San Francisco, CA, August 2011.
Differential Slicing: Identifying Causal Execution Differences for Security
Applications.
Noah M. Johnson, Juan Caballero, Kevin Zhijie Chen, Stephen McCamant,
Pongsin Poosankam, Daniel Reynaud, and Dawn Song. In Proceedings of the IEEE
Symposium on Security and Privacy, Oakland, CA, May 2011.
DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation.
Min Gyung Kang, Stephen McCamant, Pongsin Poosankam, and Dawn Song. In
Proceedings of the 18th Annual Network and Distributed System Security
Symposium (NDSS), San Diego, CA, February 2011.
Input Generation via Decomposition and Re-Stitching: Finding Bugs in
Malware.
Juan Caballero, Pongsin Poosankam, Stephen McCamant, Domagoj Babic, and
Dawn Song. In Proceedings of the 17th ACM Conference on Computer and
Communication Security, Chicago, IL, October 2010.
HookScout: Proactive Binary-Centric Hook Detection.
Heng Yin, Pongsin Poosankam, Steve Hanna, and Dawn Song. In Proceedings of
the 7th Conference on Detection of Intrusions and Malware & Vulnerability
Assessment (DIMVA'10), Bonn, Germany, July 2010.
FLAX: Systematic Discovery of Client-side Validation Vulnerabilities in Rich
Web Applications.
Prateek Saxena, Steve Hanna, Pongsin Poosankam, and Dawn Song. In
Proceedings of the 17th Annual Network and Distributed System Security
Symposium (NDSS), San Diego, CA, February 2010.
Dispatcher: Enabling Active Botnet Infiltration using Automatic Protocol
Reverse-engineering.
Juan Caballero, Pongsin Poosankam, Christian Kreibich, and Dawn Song. In
Proceedings of the 16th ACM Conference on Computer and Communication
Security, Chicago, IL, November 2009.
Towards Generating High Coverage Vulnerability-Based Signatures with
Protocol-Level Constraint-Guided Exploration.
Juan Caballero, Zhenkai Liang, Pongsin Poosankam, and Dawn Song. In
Proceedings of the 12th International Symposium on Recent Advances in
Intrusion Detection, Saint-Malo, France, September 2009.
Loop-Extended Symbolic Execution on Binary Programs.
Prateek Saxena, Pongsin Poosankam, Stephen McCamant, and Dawn Song. In
Proceedings of the ACM/SIGSOFT International Symposium on Software
Testing and Analysis (ISSTA), July 2009.
BitBlaze: A New Approach to Computer Security via Binary Analysis.
Dawn Song, David Brumley, Heng Yin, Juan Caballero, Ivan Jager, Min Gyung
Kang, Zhenkai Liang, James Newsome, Pongsin Poosankam, and Prateek
Saxena. In Proceedings of the 4th International Conference on Information
Systems Security, December 2008.
* Invited Paper
Automatic Patch-Based Exploit Generation is Possible: Techniques and
Implications.
David Brumley, Pongsin Poosankam, Dawn Song, and Jiang Zheng. In
Proceedings of the 2008 IEEE Security and Privacy Symposium. Oakland, CA,
May 2008.
Renovo: A Hidden Code Extractor for Packed Executables.
Min Gyung Kang, Pongsin Poosankam, and Heng Yin. In Proceedings of the 5th
ACM Workshop on Recurring Malcode (WORM), October 2007.
FiG: Automatic Fingerprint Generation.
Juan Caballero, Shobha Venkataraman, Pongsin Poosankam, Min Gyung Kang,
Dawn Song and Avrim Blum. In Proceedings of the 14th Annual Network and
Distributed System Security Symposium, San Diego, CA, February 2007.
Design Space and Analysis of Worm Defense Strategies.
David Brumley, Li-Hao Liu, Pongsin Poosankam, and Dawn Song. In ACM
Symposium on InformAtion, Computer and Communications Security
(ASIACCS), Mar 2006.
TEACHING
EXPERIENCE
AWARDS &
HONORS

Teaching assistant for Computer Graphics, Carnegie Mellon University,
Fall 2007 – Spring 2008.

Teaching assistant and grader for Numerical Methods course, Carnegie
Mellon University, Spring 2003 – Spring 2004.

Special Topics in Physics, Math, and Computer Science, Assumption
College Samutprakan, Thailand, 2002.




Royal Thai Government Scholarship, 2000-2006.
Graduated with University Honors and College Honors, 2005.
Thai national team in the 31st International Physics Olympiad, UK, 2000.
Bronze medal and Thai national team in the 1st Asian Physics Olympiad,
Indonesia, 2000.
WORK EXPERIENCE Carnegie Mellon University, Pittsburgh, PA
Computer lab assistant, School of Computer Science, August 2002 – May 2005.
Siemens Medical Solution USA, Malvern, PA
Software engineer intern, SoarianTM Financial Architecture, June – August 2004.
Brewster Academy, Wolfeboro, NH
Computer teacher and dorm supervisor, June – August 2003.
ACTIVITIES
The Mirror Art Group (Volunteer Teacher Program), Chiang Rai, Thailand
Taught Thai and English minor hill tribe children, July 2001.
Carnegie Mellon University, Pittsburgh, PA
Thai Student Organization at Carnegie Mellon University, advisor, webmaster, and
graduate student president. 2002 – 2008.