I am an Offensive Security Researcher at Intel. My research interests are in design automation and functional and security verification of computer systems. My passion is empowering designers with methodologies and frameworks to ensure systems' correctness and security guarantees by leveraging formal modeling and automated verification techniques. Before joining Intel, I received my B.S. from National Taiwan University and my M.A. and Ph.D. from Princeton University.


CV | Google Scholar | DBLP | GitHub
Contact: bo-yuan.huang (at) intel (dot) com


Experiences

Intel (2021 - present)
Offensive Security Researcher, Security Research

Princeton University (2015 - 2021)
Research Assistant, Electrical and Computer Engineering

Microsoft Research (Summer 2018 & Summer 2019)
Research Intern, New Security Ventures & Research in Software Engineer
Research Intern, Research in Software Engineer

Intel (Summer 2016 & Summer 2017)
Security Research Intern, Security Center of Excellence
Technical Intern, Security Center of Excellence

Coast Guard Administration (2014 - 2015)
Second Lieutinant

Taiwan Semiconductor Manufacturing Company (Summer 2013)
Software Engineer Intern, Advanced Process Transferring Group

National Taiwan University (2010 - 2014)
Undergraduate Research Assistant, Applied Logic and Computation Lab
Undergraduate Research Assistant, Wireless and Mobile Networking Lab


Projects

HACK@EVENT (Intel, Synopsys, Texas AMU, and TU Darmstadt)
The HACK@EVENT franchise is a first-of-its-kind hardware security contest held in conjunction with top security and system venues such as USENIX Security, DAC, and CHES. The goal is to foster a broader security mindset and develop the next generation of hardware security experts through boosting community open-sourcing and facilitating research in automatic tools and verification techniques.

UPSCALE (Stanford University and Princeton University)
The UPSCALE project is funded within the DARPA Posh Open Source Hardware (POSH) program. The goal is to develop open-source tools and techniques for verifying and evaluating heterogeneous hardware computing systems. It uses different levels of abstraction—instruction-level interfaces for processors and accelerators, circuit-level models for analog/mixed-signal components, and RTL FSM for other digital modules.

3LA (Princeton University, U. of Washington, and Harvard University)
The 3LA project is funded by the Applications Driving Architectures Center (ADA). The goal is to develop a "plug-and-play" ecosystem for software and hardware development in heterogeneous computer systems. Specifically, we developed an end-to-end verification/validation framework for accelerators and a DSL compiling flow to provide platform portability and allow optimization via standard compiler flows.

Project OneFuzz (Microsoft Research)
OneFuzz is a cross-platform open-source fuzzing framework by Microsoft. The goal is to enable continuous developer-driven fuzzing to harden software security proactively. Among its ventures, RESTler is the first stateful REST API fuzzer that efficiently find security and reliability bugs in cloud services.

Security Risk Detection (Microsoft Research)
The Microsoft Security Risk Detection Service (MSRD) is the first “fuzzing-as-a-service” offering, providing users with a premium software testing experience, searching for vulnerabilities in native code with the power of MSR‘s Scalable Automated Guided Execution (SAGE) tool.

Instruction-Level Abstraction (Princeton University)
The Instruction-Level Abstraction (ILA) provides a software/hardware interface that generalizes the notion of ISAs to accelerators. This project investigates the uses of ILA in modeling, verification, and the automation of software and hardware in heterogeneous computing systems, such as firmware verification, memory-consistency reasoning, protocol verification, and equivalence/refinement checking of RTL implementation.


Publications

For recent publications and professional activities, please visit my Google Scholar and CV.