Mihai Christodorescu's Curriculum Vitæ

Hide the Contact Info
Photo of Mihai Christodorescu
Mihai Christodorescu
Doctoral Candidate
1210 W Dayton St
Office 7372
Madison, WI 53706-1685
Curriculum vitæ: online PDF US letter (or A4)
[an error occurred while processing this directive]
Telephone: +1 608 262-6625
Fax: +1 608 262-9777
Website: http://www.cs.wisc.edu/~mihai/
Email: mihai@cs.wisc.edu
ICQ: 3954659
AIM: yodMihai
Yahoo! IM: warkda
Skype: warkdarrior
LinkedIn: view my profile
Google Chat/XMPP: mihaic@gmail.com
Version suitable for printing: PDF (US letter) PDF (A4)

Research Interests

I am interested in all aspects of computer security, with particular emphasis on software security. My current research tackles computer security problems using formal methods that combine program verification and program analysis to provide quantifiable security guarantees. My dissertation introduces techniques for the detection of malicious behavior inside obfuscated binary code.


2003–present Ph.D. in Computer Sciences, expected May 2007.
University of Wisconsin, Madison, WI, USA.
Dissertation: Behavior-based Malware Detection.
Adviser: Prof. Somesh Jha.
M.S. in Computer Sciences, Dec. 2002.
University of Wisconsin, Madison, WI, USA.
Adviser: Prof. Somesh Jha.
1996–1999 B.S. (High Honors) in Computer Science, May 1999.
University of California, Santa Barbara, CA, USA.

Research Experience

2001–present Research Assistant, Wisconsin Safety Analyzer (WiSA) project.
University of Wisconsin, Madison, WI, USA.

The WiSA project focuses on the use of static analysis to detect vulnerabilities in commercial off-the-shelf components (COTS). My research work involves new approaches to the detection of malicious behavior in obfuscated binary code, using program static analysis and formal methods.

2000 Research Assistant, Paradyn project.
University of Wisconsin, Madison, WI, USA.

The Paradyn project develops technology that aids tool and application developers in their pursuit of high-performance, scalable, parallel and distributed software. My research work produced the first reentrant binary instrumentation of running processes using the DynInst API.


Please see the Publications page.

Selected Awards and Achievements

2004 Distinguished ACM SIGSOFT paper award at
International Symposium on Software Testing and Analysis (ISSTA'04), 2004, Boston, MA, USA.
1996–1999 Dean's honor list at University of California, Santa Barbara.

Selected Presentations

Conference Talks

May 2005 “Semantics-Aware Malware Detection”
Presented at the IEEE Symposium on Security and Privacy, Oakland, CA, USA, 2005.
July 2005 “Testing Malware Detectors”
Presented at the International Symposium on Software Testing and Analysis (ISSTA), Boston, MA, USA, 2004.
Aug. 2003 “Static Analysis of Executables to Detect Malicious Patterns”
Presented at the 12th USENIX Security Symposium, Washington, DC, USA, 2003.

Invited Talks

Feb. 2006 “Testing Malware Detectors / Semantics-Aware Malware Detection”
Presented at TrendMicro's “Meeting of the Minds,” Las Vegas, NV, USA, 2006.
Sept. 2005 “Directions in Malware Detection Research”
Presented at the 3rd workshop of the ARDA Malware Roadmap series, Salt Lake City, UT, USA, 2005.
Aug. 2005 “Improved Defenses through Cooperation of Network-based and Host-based Malware Detectors”
Presented at the ARO–DHS Special Workshop on Malware Detection, Arlington, VA, USA, 2005.
Nov. 2003 “Static Analysis of Executables to Detect Malicious Patterns”
Presented at the Software Protection Compilation Workshop, Washington, DC, USA, 2003.

Teaching Experience


Professional Activities

Research community involvement

  • Workgroup on Future Malware Threats, 3rd workshop of the ARDA Malware Roadmap series, Sept. 20–22, 2005, Salt Lake City, UT, USA.
  • Workgroup on Malware Detection, ARO–DHS Special Workshop on Malware Detection, Aug. 10–11, 2005, Arlington, VA, USA.
  • ONR CIP/SW MURI Project Review for Dr. James Whittaker (FIT), “Runtime Neutralization of Malicious Mobile Code,” Feb. 2005.
  • Software Protection Compilation Workshop, Nov. 12–13, 2003, Washington, DC, USA.
  • Student volunteer for the 11th USENIX Security Symposium (Security'02), Aug. 5–9, 2002, San Francisco, CA, USA.

Academic activities

Collaboration with industry

2006–present Co-founder of Securitas Technologies, Inc., a Madison, WI, provider of behavior-based malware-detection products.
2005–present Transfer of technology for “Effective Malware Detection Through Static Analysis” to Grammatech, Inc., Ithaca, NY. (ONR STTR Phases I and II)
2006 Attended TrendMicro's “Meeting of the Minds,” Feb. 13, 2006, Las Vegas, NV, USA.

Industrial Employment

2006–present Principal Scientist, Securitas Technologies, Inc., Madison, WI, USA.

Spearheaded the transition of the semantics-aware malware detector from research prototype to software product.

2000–2001 Senior Software Engineer, Yodlee, Inc., Redwood City, CA, USA.

Optimized performance of financial-data aggregation platform. Created bill-payment prototype integrated into financial website.

Apr.–June 1999 Embedded Systems Developer, Green Hills Software, Inc., Santa Barbara, CA, USA.

Ported a cross-platform linker to new targets. Evaluated existing commonalities among embedded CPUs to simplify linker code and speed link time. Translated C-based linker modules to new C++ architecture.

Feb.–Apr. 1999 Application Software Developer, ZBE, Inc., Goleta, CA.

Redesigning and implementing new printer control and spooling utilities for high-performance and high-quality specialized printers. Studied old code for reusability capabilities.

June–Sep. 1998 SNA Server Developer/Summer Intern, Microsoft, Redmond, WA, USA.

Completely redesigned the single sign-on user management system, improving the response time as well as the recoverability of the Host Security product. Learned new technologies in a short amount of time (such as COM, DCOM, OLE, and OLEDB). Analyzed and proofed the code against threading issues, resource contention, and timing issues.

1997–1998 NT Systems Developer, Pontis Reseach Inc., Camarillo, CA, USA.

Specialized in distributed security in heterogeneous environments, with emphasis on NT security and integration of security systems. Tested CTOS-to-NT security interface. Developed and tested NT NetWare Single Sign-on product. Developed a transaction based unified NT security API with rollback capabilities.

1996–1997 Web Designer, Student Computing Facilities, School of Environmental Science and Management, University of California at Santa Barbara, CA, USA.

Managed the departmental network of Windows NT, Windows 95, and PowerPC computers. Designed web pages for internal use (help pages), as well as a prototype for a database with web interface.

1995–1996 Computer-based Test Technician, Advanced Motion Controls, Camarillo, CA, USA.

Tested the products on computer, using DAQ in-house developed software. Improved the testing technology with regard to speed and accuracy. Full time employment.


References are available upon request.

Valid XHTML 1.0 Strict
Copyright © 2006 Mihai Christodorescu. All rights reserved.
Maintained by Mihai Christodorescu (http://www.cs.wisc.edu/~mihai).
Created: Sun Oct 7 12:14:47 CDT 2006
Last modified: Thu Jul 5 13:32:47 CDT 2007