I am a Professor in the Edward S. Rogers Department of Electrical and Computer Engineering, Department of Computer Science and the Faculty of Law at the University of Toronto. I am the Canada Research Chair in Secure and Reliable Systems (Tier 1), the Director of the Schwartz Reisman Institute for Technology and Society, an Associate Director at the Data Sciences Institute at the Uniersity of Toronto, a Massey College Senior Fellow, and a Faculty Affiliate with the Vector Institute. I received my M.S. and Ph.D from Stanford University and my B.A.Sc from Engineering Science at the University of Toronto.
My research goal is to make computer systems more secure and trustworthy. With the large degree that computing has permeated our lives, from mobile smartphones to ubiquitous cloud computing, it is crucial that this infrastructure that we rely so heavily on be secure and reliable. We trust computer systems more than ever, meaning that they must be secure, transparent and protect our privacy. To achieve this goal, I take a variety of approaches to achieving this goal, including techniques using operating systems, computer architecture, formal verification and networking. I like to research and understand my ideas by building prototypes with my students. Over the years, we’ve built and open-sourced many software projects. More information about my research projects can be found on my Research page.
I previously held a Canada Research Chair (Tier 2) from 2013-2018, and have been the recipient of a Connaught Global Challenge Award (2017), an Ontario Ministry of Research and Innovation Early Researcher Award (ERA) (2008) and an SOSP 2003 best paper award for my work. I served as general chair for the ACM CCS 2018 conference and have served on numerous technical program committees of top conferences, such as IEEE S&P, Usenix Security, ACM CCS, NDSS, OSDI and ASPLOS. I served as associate editor for the IEEE Transcations on Cloud Computing from 2012-2016. I am a founding member of the IT3 Lab, a multidisciplinary lab working on improving transparency through technology and policy. I was a visiting research scientist at Google from 2016-2017 and served as Chief Security Architect at Enomaly, a Toronto-area startup, from 2009-2010, which was subsequently acquired by Virtustream. I was Associate Chair, Graduate Studies from 2012-2015.
I collaborate with top researchers internationally, as well as many of the leading technology companies, such as Google, VMware and Telus. I have been principle investigator on many competitive grants, totaling over $30M of funding.
Selected Publications
- Xiangyu Guo, Akshay Kawlay, Eric Liu and David Lie, "EvoCrawl: Exploring Web Application Code and State using Evolutionary Search", In Proceedings of the 2025 Symposium on Network and Distributed System Security (NDSS), 2025. (To appear) [bibtex]
- He Shuang, Lianying Zhao and David Lie, "Duumviri: Detecting Trackers and Mixed Trackers with a Breakage Detector", In Proceedings of the 2025 Symposium on Network and Distributed System Security (NDSS), 2025. (To appear) [bibtex]
- Shengjie Xu, Eric Liu, Wei Huang and David Lie, "MIFP: Selective Fat-Pointer Bounds Compression for Accurate Bounds Checking", In Proceedings of the 26th International Symposium on Recent Advances in Intrusion Detection (RAID), 2023. [bibtex]
- Eric Liu, Shengjie Xu and David Lie, "FLUX: Finding Bugs with LLVM IR Based Unit Test Crossovers", In Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2023. [bibtex]
- Wenjun Qiu, David Lie and Lisa Austin, "Calpric: Inclusive and Fine-grained Labeling of Privacy Policies with Crowdsourcing and Active Learning", In Proceedings of the 32nd USENIX Security Symposium, 2023. [bibtex]
- Jiaqi Wang, Roei Schuster, Ilia Shumailov, David Lie and Nicolas Papernot, "In Differential Privacy, There is Truth: on Vote-Histogram Leakage in Ensemble Private Learning", In Proceedings of the 36th Conference on Neural Information Processing Systems (NeurIPS), 2022. [bibtex]
- Weicheng Cao, Chunqiu Xia, Sai Teja Peddinti, David Lie, Nina Taft and Lisa M. Austin, "A Large Scale Study of User Behavior, Expectations and Engagement with Android Permissions", In Proceedings of the 30th USENIX Security Symposium, 2021. (Media coverage, Conference presentation) [bibtex]
- Wei Huang, Shengjie Xu, Yueqiang Cheng and David Lie, "Aion Attacks: Manipulating Software Timers in Trusted Execution Environment", In Proceedings of the 18th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2021. (Best Paper Award, Slides, Conference presentation) [bibtex]
- Lucas Bourtoule, Varun Chandrasekaran, Christopher Choquette-Choo, Hengrui Jia, Adelin Travers, Baiwu Zhang, David Lie and Nicolas Papernot, "Machine Unlearning", In Proceedings of the 42nd IEEE Symposium on Security and Privacy, 2021. (source code, blog post, media coverage, 1 minute overview, Conference presentation) [bibtex]
- Shengjie Xu, Wei Huang and David Lie, "In-Fat Pointer: Hardware-Assisted Tagged-Pointer Spatial Memory Safety Defense with Subobject Granularity Protection", In Proceedings of the 26th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2021. (Extended abstract, 20 minute talk, 5 minute talk) [bibtex]
- Rongzhen Cui, Lianying Zhao and David Lie, "Emilia: Catching Iago in Legacy Code", In Proceedings of the 2021 Symposium on Network and Distributed System Security (NDSS), 2021. (Full talk video) [bibtex]
Prospective Students and Open Positions
Post-Doctoral Fellows: I have several post-doctoral fellowship positions open. Please click here for the job description and criteria. Intrested candidates should fill out the Post-Doctoral Fellow Application Form.
Research stream MASc and PhD Students: I am always looking for graduate students who are interested in making the systems we use more secure and private. Required background requires a solid understanding of operating systems and computer systems, with practical experience writing and implementing software. Security background is desirable but not required. Interested students should apply for graduate studies in ECE or CS. If you are specifically interested in joining my research group as a student, I have a standard set of questions I ask all interested applicants, which you can fill out in my Prospective MASc/PhD Information Form. If you are unsure whether to apply to ECE or CS, please fill out the form and indicate in the comments box at the bottom. You can find information on my current graduate students here.
MEng Students: I occasionally accept exceptional MEng students for projects that match my research program. Applicants should have a minimum 3.7 GPA and extensive software development experience. If interested, please fill out an MEng Project Application.
Undergradaute Students: I’m looking for strong undergraduate students with interests in computer security. 2nd and 3rd year students will be given preference. If interested, please fill out this application form.
Teaching
Winter 2025:
- ECE1724S: Privace Problems (Co-taught with Lisa Austin from the Faculty of Law)
Professional Activities
I served as General Chair for CCS 2018, which took place in Toronto, Canada, Oct 15-19 2018.
Here are the current and past technical program committees I am serving or have served on:
Sponsors
Finally, I’d like to acknowledge our wonderful sponsors, who support our research with financial and in-kind contributions. We work closely with our sponsors through collaborative projects, student internships, as well as hiring of students after graduation. I always welcome new sponsorship opportunities. Please do not hesitate to contact me if interested.