Skip to main content


Phu Phung

Associate Professor; Director of Cyber Security Lab

Full-Time Faculty

College of Arts and Sciences: Computer Science


Email: Phu Phung
Phone: 937-229-3845
Anderson Hall 149
Website: Visit Site


  • Ph.D., Computer Science, Chalmers University of Technology, Sweden, 2011
  • Licentiate of Engineering, Computer Science, Chalmers University of Technology, Sweden, 2008
  • M.Sc., Computer Science, University of Ulsan, South Korea, 2006
  • B.Eng., Computer Science and Engineering, Ho Chi Minh City Univ. of Technology, Vietnam, 2001


Dr. Phu H. Phung is currently an Assistant Professor of Computer Science, and Director of Cyber Security Lab in the Department of Computer Science at The University of Dayton. Before joining UD, Dr. Phung was a postdoctoral research associate at the University of Illinois at Chicago as a recipient of the International Postdoc Grant awarded by the Swedish Research Council. Prior to that, he was a postdoctoral researcher at Chalmers University of Technology, Sweden, where he received his PhD in Computer Science in 2011. In summer 2010, Dr. Phung was a visiting scholar at Stanford University.

Dr Phung's research leverages programming language and compiler techniques to enforce security policies to defend against cyber attacks in the areas of JavaScript/Web applications, mobile systems, vehicle systems, and cloud-based platforms. His paper on Lightweight Self-Protecting JavaScript is the 7th most cited article in the all ASIACCS’s articles from 2006 ( ). He has been an invited speaker at various research institutions and prestigious conferences. Dr. Phung has served as a peer reviewer for a number of reputable journals, and been a Program Committee member for many international conferences in the field of cyber security. Dr. Phung has been elected a Senior Member of IEEE and IEEE Computer Society.

Professional Activities

  • Societies: Senior Member of IEEE and IEEE Computer Society, Member of ACM,ACM SIGSAC, ACM SIGCSE, ISOC, and OWASP.
  • Conference session chair: SERE'2014, ITMC'2014, ComMantel'2014,MobiWIS'2012.
  • Invited Journal Reviewer: Journal of Computer Security(2013-2015), e-Informatica Software Engineering Journal (EISEJ)(2014), Elsevier Computers & Security (2014), International Journal of Information Security (2012), Journal of Systems and Software (2012), ACM Transactions on the Web (2009-2011).
  • Program Committee member: ICISS'2015, FDSE'2015, ComMantel'2015, QRS'2015, ICWE 2015 , OWASP AppSec EU (Research Track)'2015, ICISS'2014, FDSE'2014, SERE'2014, ISSNIP'2014,ComMantel'2014, ICISS'2013, EUSPN'2013, ComMantel'2013, SERE2012,ICISS'2012, SSIRI'2011.
  • Invited Conference Reviewer: CCS'2015, CCS'2014, SP(Oakland)'2014,W2SP'2013, NDSS'2013, ESORICS'2013, PLAS'2012, ESSoS'2011, ESSoS'2010,CSF'2010, ACSAC'2009.

Research Interests

  • Mobile and hybrid web-based mobile application security
  • Web application security
  • JavaScript Sandboxing
  • Language-based and software security
  • Defensive Optimizing Compilation

Selected Publications

Phu H. Phung, Maliheh Monshizadeh, Meera Sridhar, Kevin W. Hamlen, and V.N. Venkatakrishnan. Between Worlds: Securing Mixed JavaScript/ActionScript Multi-party Web Content. IEEE Transactions on Dependable and Secure Computing (TDSC), September 2014. Forthcoming.

Phu H. Phung, David Sands, and Andrey Chudnov. Lightweight Self-protecting JavaScript. In Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, ASIACCS 2009, Sydney, Australia, March 2009, pages 47-60. ACM, March 2009.

Phu H. Phung and David Sands. Security Policy Enforcement in the OSGi Framework Using Aspect-Oriented Programming. In Proceedings of the 32nd Annual IEEE International Computer Software and Applications Conference, COMPSAC 2008, Turku, Finland, 28 July - 1 August 2008, pages 1076-1082. IEEE Computer Society, August 2008.

Rigel Gjomemo, Kedar Namjoshi, Phu H. Phung, Venkat Venkatakrishnan, and Lenore Zuck. From Verification to Optimizations. In Proceedings of the 16th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI 2015), Mumbai, India, January 12-14, 2015, Lecture Notes in Computer Science (LNCS). Springer Verlag, January 2015.

Pieter Agten, Steven Van Acker, Yoran Brondsema, Phu H. Phung, Lieven Desmet, and Frank Piessens. JSand: complete client-side sandboxing of third-party JavaScript without browser modifications. In Robert H'obbes' Zakon, editor, Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC 2012, Orlando, FL, USA, 3-7 December 2012, pages 1-10. ACM, December 2012.

Jonas Magazinius, Phu H. Phung, and David Sands. Safe Wrappers and Sane Policies for Self Protecting JavaScript. In Tuomas Aura, Kimmo Järvinen, and Kaisa Nyberg, editors, Proceedings of the 15th Nordic Conference in Secure IT Systems, NordSec 2010, Espoo, Finland, October 27-29, 2010, volume 7127 of Lecture Notes in Computer Science (LNCS), pages 239-255. Springer Verlag, October 2010. Revised Selected Papers from the OWASP AppSec Research 2010.

Hong Linh Truong, Phu H. Phung, and Schahram Dustdar. Governing Bot-as-a-Service in Sustainability Platforms - Issues and Approaches. In Proceedings of the 9th International Conference on Mobile Web Information Systems, MobiWIS 2012, Niagara Falls, Ontario, Canada, August 27-29, 2012, volume 10 of Procedia Computer Science, pages 561-568. Elsevier, 2012.

Phu H. Phung and Lieven Desmet. A Two-tier Sandbox Architecture for Untrusted JavaScript. In Proceedings of the Workshop on JavaScript Tools, JSTools 2012, Beijing, China, 13 June 2012, pages 1-10. ACM, 2012.

Phung Huu Phu, DaeSeung Yoo, and Myeongjae Yi. A Framework Supporting Quality of Service for SOA-Based Applications. In Young-Tak Kim and Makoto Takano, editors, Proceedings of the Asia-Pacific Network Operations and Management Symposium, APNOMS 2006, Busan, South Korea, September 27-29, 2006, volume 4238 of Lecture Notes in Computer Science (LNCS), pages 232-241. Springer Verlag, 2006. [ bib | DOI | Abstract ]

Mike Ter Louw, Phu H. Phung, Rohini Krishnamurti, and Venkat N. Venkatakrishnan. SafeScript: JavaScript Transformation for Policy Enforcement. In Proceedings of the 18th Nordic Conference on Secure IT Systems (NordSec 2013), Ilulissat, Greenland, October 18-21, 2013, volume 8208 of Lecture Notes in Computer Science (LNCS), pages 67-83. Springer Verlag, October 2013.

Phu H. Phung, Myeongjae Yi, and Myung-Kyun Kim. Securing AODV Routing Protocol in Mobile Ad-Hoc Networks. In Proceedings of the IFIP TC6 7th International Working Conference on Active and Programmable Networks, IWAN 2005, Sophia Antipolis, France, November 21-23, 2005. Revised Papers, volume 4388 of Lecture Notes in Computer Science (LNCS), pages 182-187. Springer Verlag, 2009.

Dennis K. Nilsson, Phu H. Phung, and Ulf E. Larson. Vehicle ECU Classification Based on Safety-Security Characteristics. In Proceedings of Road Transport Information and Control - RTIC 2008 and ITS United Kingdom Members' Conference, Manchester, UK, 20-22 May 2008, pages 1-7. IET, May 2008.

Full list of publications and citations are on Google Scholar Profile: