I am a Professor in the Edward S. Rogers Department of Electrical and Computer Engineering, Department of Computer Science and the Faculty of Law at the University of Toronto. I am the Canada Research Chair in Secure and Reliable Systems (Tier 1), the Director of the Schwartz Reisman Institute for Technology and Society, an Associate Director at the Data Sciences Institute at the Uniersity of Toronto, a Massey College Senior Fellow, and a Faculty Affiliate with the Vector Institute. I received my M.S. and Ph.D from Stanford University and my B.A.Sc from Engineering Science at the University of Toronto.
My research goal is to make computer systems more secure and trustworthy. With the large degree that computing has permeated our lives, from mobile smartphones to ubiquitous cloud computing, it is crucial that this infrastructure that we rely so heavily on be secure and reliable. We trust computer systems more than ever, meaning that they must be secure, transparent and protect our privacy. To achieve this goal, I take a variety of approaches to achieving this goal, including techniques using operating systems, computer architecture, formal verification and networking. I like to research and understand my ideas by building prototypes with my students. Over the years, we’ve built and open-sourced many software projects. More information about my research projects can be found on my Research page.
I previously held a Canada Research Chair (Tier 2) from 2013-2018, and have been the recipient of a Connaught Global Challenge Award (2017), an Ontario Ministry of Research and Innovation Early Researcher Award (ERA) (2008) and an SOSP 2003 best paper award for my work. I served as general chair for the ACM CCS 2018 conference and have served on numerous technical program committees of top conferences, such as IEEE S&P, Usenix Security, ACM CCS, NDSS, OSDI and ASPLOS. I served as associate editor for the IEEE Transcations on Cloud Computing from 2012-2016. I am a founding member of the IT3 Lab, a multidisciplinary lab working on improving transparency through technology and policy. I was a visiting research scientist at Google from 2016-2017 and served as Chief Security Architect at Enomaly, a Toronto-area startup, from 2009-2010, which was subsequently acquired by Virtustream. I was Associate Chair, Graduate Studies from 2012-2015.
I collaborate with top researchers internationally, as well as many of the leading technology companies, such as Google, VMware and Telus. I have been principle investigator on many competitive grants, totaling over $30M of funding.
Selected Publications
- Xiangyu Guo, Akshay Kawlay, Eric Liu and David Lie, "EvoCrawl: Exploring Web Application Code and State using Evolutionary Search", In Proceedings of the 2025 Symposium on Network and Distributed System Security (NDSS), 2025. (To appear) [bibtex]
- He Shuang, Lianying Zhao and David Lie, "Duumviri: Detecting Trackers and Mixed Trackers with a Breakage Detector", In Proceedings of the 2025 Symposium on Network and Distributed System Security (NDSS), 2025. (To appear) [bibtex]
- Shengjie Xu, Eric Liu, Wei Huang and David Lie, "MIFP: Selective Fat-Pointer Bounds Compression for Accurate Bounds Checking", In Proceedings of the 26th International Symposium on Recent Advances in Intrusion Detection (RAID), 2023. [bibtex]
- Eric Liu, Shengjie Xu and David Lie, "FLUX: Finding Bugs with LLVM IR Based Unit Test Crossovers", In Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2023. [bibtex]
- Wenjun Qiu, David Lie and Lisa Austin, "Calpric: Inclusive and Fine-grained Labeling of Privacy Policies with Crowdsourcing and Active Learning", In Proceedings of the 32nd USENIX Security Symposium, 2023. [bibtex]
- Jiaqi Wang, Roei Schuster, Ilia Shumailov, David Lie and Nicolas Papernot, "In Differential Privacy, There is Truth: on Vote-Histogram Leakage in Ensemble Private Learning", In Proceedings of the 36th Conference on Neural Information Processing Systems (NeurIPS), 2022. [bibtex]
- Weicheng Cao, Chunqiu Xia, Sai Teja Peddinti, David Lie, Nina Taft and Lisa M. Austin, "A Large Scale Study of User Behavior, Expectations and Engagement with Android Permissions", In Proceedings of the 30th USENIX Security Symposium, 2021. (Media coverage, Conference presentation) [bibtex]
- Wei Huang, Shengjie Xu, Yueqiang Cheng and David Lie, "Aion Attacks: Manipulating Software Timers in Trusted Execution Environment", In Proceedings of the 18th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2021. (Best Paper Award, Slides, Conference presentation) [bibtex]
- Lucas Bourtoule, Varun Chandrasekaran, Christopher Choquette-Choo, Hengrui Jia, Adelin Travers, Baiwu Zhang, David Lie and Nicolas Papernot, "Machine Unlearning", In Proceedings of the 42nd IEEE Symposium on Security and Privacy, 2021. (source code, blog post, media coverage, 1 minute overview, Conference presentation) [bibtex]
- Shengjie Xu, Wei Huang and David Lie, "In-Fat Pointer: Hardware-Assisted Tagged-Pointer Spatial Memory Safety Defense with Subobject Granularity Protection", In Proceedings of the 26th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2021. (Extended abstract, 20 minute talk, 5 minute talk) [bibtex]
- Rongzhen Cui, Lianying Zhao and David Lie, "Emilia: Catching Iago in Legacy Code", In Proceedings of the 2021 Symposium on Network and Distributed System Security (NDSS), 2021. (Full talk video) [bibtex]
Prospective Students and Open Positions
Post-Doctoral Fellows: I have several post-doctoral fellowship positions open. Please click here for the job description and criteria. Intrested candidates should fill out the Post-Doctoral Fellow Application Form.
Research stream MASc and PhD Students: I am always looking for graduate students who are interested in making the systems we use more secure and private. Required background requires a solid understanding of operating systems and computer systems, with practical experience writing and implementing software. Security background is desirable but not required. Interested students should apply for graduate studies in ECE or CS. If you are specifically interested in joining my research group as a student, I have a standard set of questions I ask all interested applicants, which you can fill out in my Prospective MASc/PhD Information Form. If you are unsure whether to apply to ECE or CS, please fill out the form and indicate in the comments box at the bottom. You can find information on my current graduate students here.
MEng Students: I occasionally accept exceptional MEng students for projects that match my research program. Applicants should have a minimum 3.7 GPA and extensive software development experience. If interested, please fill out an MEng Project Application.
Undergradaute Students: I’m looking for strong undergraduate students with interests in computer security. 2nd and 3rd year students will be given preference. If interested, please fill out this application form.
Teaching
Winter 2025:
- ECE1724S: Privace Problems (Co-taught with Lisa Austin from the Faculty of Law)
Professional Activities
I served as General Chair for CCS 2018, which took place in Toronto, Canada, Oct 15-19 2018.
Here are the current and past technical program committees I am serving or have served on:
- The 32nd ACM Conference on Computer and Communications Security (CCS), 2025 (as TPC-Chair).
- The 31st ACM Conference on Computer and Communications Security (CCS), 2024 (as TPC-Chair).
- The 30th ACM Conference on Computer and Communications Security (CCS), 2023.
- The 44th IEEE Symposium on Security and Privacy, 2023.
- The 1st IEEE Conference on Secure and Trustworthy Machine Learning (SaTML), 2023.
- The 34th Usenix Security Symposium, 2023.
- The 43rd IEEE Symposium on Security and Privacy, 2022.
- The 33rd Usenix Security Symposium, 2022.
- The 28th ACM Conference on Computer and Communications Security (CCS), 2021.
- The 32nd Usenix Security Symposium, 2021.
- The 41st IEEE Symposium on Security and Privacy, 2020.
- The 11th ACM Asia Pacific Workshop on Systems (ApSys), 2020
- The 27th ACM Conference on Computer and Communications Security (CCS), 2020.
- The 13th International Systems and Storage Conference (SYSTOR), 2020.
- The 26th Network and Distributed System Security Symposium (NDSS), 2019.
- The 11th ACM Cloud Computing Security Workshop (CCSW), 2019.
- The 10th ACM Asia Pacific Workshop on Systems (ApSys), 2019
- The 25th Network and Distributed System Security Symposium (NDSS), 2018.
- The 25th ACM Conference on Computer and Communications Security (CCS), 2018 (as General Chair).
- The 24th Network and Distributed System Security Symposium (NDSS), 2017.
- The 24th ACM Conference on Computer and Communications Security (CCS), 2017.
- The 28th Usenix Security Symposium, 2017.
- The IEEE Workshop on Mobile Security Technologies (MOST), 2016
- The 37th IEEE Symposium on Security and Privacy, 2016.
- The 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI), 2016.
- The 22nd Network and Distributed System Security Symposium (NDSS), 2015.
- The 26th Usenix Security Symposium, 2015.
- The 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM), 2015 (as TPC-Chair)
- The 36th IEEE Symposium on Security and Privacy, 2015.
- The 6th ACM Cloud Computing Security Workshop (CCSW), 2014.
- The 25th Usenix Security Symposium, 2014.
- The International Conference on Parallel Architectures and Compilation Techniques (PACT), 2014
- The 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSEC), 2014.
- The 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2014
- The 35th IEEE Symposium on Security and Privacy, 2014.
- The 32nd International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2013.
- The 5th ACM Cloud Computing Security Workshop (CCSW), 2013.
- The International World Wide Web Conference (WWW), 2013
- The 7th ACM Asia Conference on Computer and Communications Security (AsiaCCS), 2012
- The 3rd ACM Symposium on Cloud Computing (SoCC), 2012.
- The 23rd Usenix Security Symposium, 2012.
- The 6th ACM Asia Conference on Computer and Communications Security (AsiaCCS), 2011
- The ACM SIGMETRICS/IFIP PERFORMANCE Joint International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS), 2011.
- The 22nd International Conference on Trust and Trustworthy Computing, 2011
- The 30th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2011.
- The 8th Conference on Privacy, Security and Trust (PST), 2010
- The 6th International Conference on Virtual Execution Environments (VEE), 2010
- The 29th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2010
- The 20th Usenix Security Symposium, 2009.
- The 30th IEEE Symposium on Security and Privacy, 2009.
- The 20th Usenix Security Symposium, 2009.
- The 6th Conference on Privacy, Security and Trust (PST), 2008
- The 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI), 2008.
- The 3rd Workshop on Embedded Systems Security (WESS), 2008
- The 17th Usenix Security Symposium, 2006
- The 1st Workshop on Architectural and System Support for Improving Software Dependability (ASID), 2006
- The 12th International Conference on Parallel and Distributed Systems (ICPADS), 2006
- The Queen's Biennial Symposium on Communications, 2006
- The 2nd Conference on Privacy, Security and Trust (PST), 2004
- The Workshop on Architectural Support for Security and Anti-Virus (WASSA), 2004
Sponsors
Finally, I’d like to acknowledge our wonderful sponsors, who support our research with financial and in-kind contributions. We work closely with our sponsors through collaborative projects, student internships, as well as hiring of students after graduation. I always welcome new sponsorship opportunities. Please do not hesitate to contact me if interested.