Amit Klein

I am an Associate Professor of Computer Science in the Hebrew University of Jerusalem, Israel (HUJI).

Research Interests

• Security of network protocols (specifically layers 3-4 and auxiliary protocols) and their implementations.
• Web/application security.
• System security.
• The security impact of unsafe (concurrency-wise) implementations of PRNG algorithms.

Short bio
Prior to the faculty position in HUJI, I was a post-doctoral researcher at HUJI's School of Computer Science and Engineering, where I was fortunate to be hosted by Prof. Michael Schapira. Prior to that, I completed a Ph.D. in Computer Science in Bar Ilan University. I had the honor and pleasure of having Prof. Benny Pinkas as my Ph.D. advisor. Prior to that, I spent more than 20 years in four cyber security startups, mostly in executive positions (VP Security Research for Safebreach, CTO of Trusteer, Chief Scientist for Cyota, Director of Security for Sanctum). I am a graduate of the IDF Talpiot Programme, with B.Sc. in Mathematics and Physics (double major), magna cum laude, from the Hebrew University.

Grants, Awards and Honors

• Strage-BGU Award for Excellence in Cyber Security Research, 2023. The award is granted to an Israeli scientist for outstanding and potentially influential scientific achievements in cyber security research during the years 2018-2023.
• ISF Personal Research Grant 2023-2027.
• 1st Place, Cyber Security Awareness Week (CSAW) 2020 Applied Research Regional Competition for the paper “Flaw Label: Exploiting IPv6 Flow Label”, J. Berger, A. Klein, B. Pinkas.
  
• 1st Place, Cyber Security Awareness Week (CSAW) 2019 Applied Research Regional Competition for the paper “From IP ID to Device ID and KASLR Bypass”, A. Klein, B. Pinkas.
  
• INFOCOM 2017 “Best in Session” Award for the paper “Internet-wide study of DNS cache injections”, A. Klein, H. Shulman, M. Waidner.
  
• Hebrew University Rector Prize, 1990.
  
• Hebrew University Math and Sciences Dean Prize, 1989.
  

Academic Service

• Program committee member, NDSS 2026.
• Program committee member, SYSTOR 2023.
• Co-chair, Israeli Networking Day 2022.
• Referee, Cyber Security Awareness Week (CSAW) 2018 Applied Research Regional Competition, 2018.
  
• Program committee member, “Security, Privacy, Trust and Abuse” track, WWW2012, 2012.
  
• Program committee member, WOOT’11 (5th USENIX Workshop on Offensive Technologies), 2011.
  

(see also in Google Scholar and DBLP)

Academic publications:

• Gilad Moav, Yehuda Afek, Anat Bremler-Barr and Amit Klein. "DNS FLaRE: A Flush-Reload Attack on DNS Forwarders". In 34th Usenix Security Symposium (USENIX Security 2025).
• Inon Kaplan, Ron Even and Amit Klein. "You Can Rand but You Can’t Hide: A Holistic Security Analysis of Google Fuchsia’s (and gVisor’s) Network Stack". In The Network and Distributed System Security Symposium (NDSS) 2025.
• Moshe Kol, Amit Klein and Yossi Gilad. “Device Tracking via Linux's New TCP Source Port Selection Algorithm”. In 32nd USENIX Security Symposium (USENIX Security 2023). Extended version is available here.
• Amit Klein. “Subverting Stateful Firewalls with Protocol States”. 29th Annual Network and Distributed System Security Symposium (NDSS 2022). Extended version is available here
• Amit Klein. “Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More)”. 2021 IEEE Symposium on Security and Privacy (SP).
• Amit Klein, Elias Heftrig, Haya Shulman, and Michael Waidner. “POSTER: Blackbox caches fingerprinting”. CoNEXT ’20: The 16th International Conference on emerging Networking EXperiments and Technologies.
• Jonathan Berger, Amit Klein, and Benny Pinkas. “Flaw Label: Exploiting IPv6 Flow Label”. 2020 IEEE Symposium on Security and Privacy (SP).
• Amit Klein and Benny Pinkas. “From IP ID to Device ID and KASLR Bypass”. 28th USENIX Security Symposium (USENIX Security 19). Extended version is available here.
• Amit Klein and Benny Pinkas. “DNS Cache-Based User Tracking”. 26th Annual Network and Distributed System Security Symposium, NDSS 2019.
• Markus Brandt, Tianxiang Dai, Amit Klein, Haya Shulman, and Michael Waidner. “Domain Validation++ For MitM-Resilient PKI”. 2018 ACM SIGSAC Conference on Computer and Communications Security. CCS ’18.
• Amit Klein, Vladimir Kravtsov, Alon Perlmuter, Haya Shulman, and Michael Waidner. “POSTER: X-Ray Your DNS”. 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017.
• Amit Klein, Haya Shulman, and Michael Waidner. “Counting in the Dark: Caches Discovery and Enumeration in the Internet”. IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2017).
• Amit Klein, Haya Shulman, and Michael Waidner. “Internet-wide study of DNS cache injections”. 2017 IEEE Conference on Computer Communications, INFOCOM 2017.
• Yonit Kesten, Amit Klein, Amir Pnueli, and Gil Raanan. “A Perfecto Verification: Combining Model Checking with Deductive Analysis to Verify Real-Life Software”. FM’99 - Formal Methods, World Congress on Formal Methods in the Development of Computing Systems.
• Amit Klein. “Web Cache Poisoning Attacks”. Encyclopedia of Cryptography and Security.

Non-academic publications:

• Amit Klein. “HTTP Request Smuggling in 2020 – New Variants, New Defenses and New Challenges”. 23rd BlackHat USA Conference, 2020.
Amit Klein and Itzik Kotler. “Windows Process Injection in 2019”. 22nd BlackHat USA Conference, 2019.
• Amit Klein and Itzik Kotler. “The Adventures of AV and the Leaky Sandbox”. 20th BlackHat USA Conference, 2017.
• Amit Klein and Itzik Kotler. “In Plain Sight – The Perfect Exfiltration”. Hack-in-the-Box Amsterdam, 2016.
• Amit Klein. The localhosed attack – Stealing Internet Explorer 11-7 cookies for hosts on the local machine (and leaking the IP address as a byproduct). June 2015.
• Amit Klein. Detecting virtualization over the web with IE9 (platform preview) and Semi-permanent computer fingerprinting and user tracking in IE9 (platform preview). . 2010.
• Amit Klein. Cross-domain information leakage and Temporary user tracking attacks in Apple Safari 4.0.2-4.0.5 and Apple Safari 5.0-5.0.2 (Windows), 2010.
• Amit Klein. Google Chrome 6.0 and above Math.random vulnerability, 2010.
• Amit Klein. Cross-domain information leakage and Temporary user tracking attacks in Apple Safari 4.0.2-4.0.5 and Apple Safari 5.0-5.0.2 (Windows), 2010.
• Amit Klein. Google Chrome 3.0 (Beta) Math.random vulnerability, 2009.
• Amit Klein. Temporary user tracking in major browsers and Cross domain information leakage and attacks, 2009.
• Amit Klein. Microsoft Windows DNS Stub Resolver Cache Poisoning, 2008.
• Amit Klein. PowerDNS Recursor DNS Cache Poisoning, 2008.
• Amit Klein. OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability, Feb. 2008.
• Amit Klein. Windows DNS Server Cache Poisoning, 2007.
• Amit Klein. BIND 8 DNS Cache Poisoning, 2007.
• Amit Klein. BIND 9 DNS Cache Poisoning, 2007.
• Amit Klein. Domain Contamination, 2006.
• Chaim Linhart, Amit Klein, Ronen Heled, and Steve Orrin. “HTTP request smuggling”. Computer Security Journal 22.1, 2006.
• Amit Klein. The Insecure Indexing Vulnerability – Attacks Against Local Search Engines, 2005.
• Amit Klein. DOM based Cross Site Scripting, or XSS of the Third Kind, 2005.
• Amit Klein. Divide and conquer: HTTP response splitting, Web cache poisoning attacks, and related topics, 2004.
• Amit Klein. Blind XPath Injection, 2004.
• Amit Klein. Cross Site Scripting Explained, 2002.
• Amit Klein. Hacking Web Applications Using Cookie Poisoning, 2002.

2022 –	The Hebrew University of Jerusalem, Israel (HUJI) Associate Professor of Computer Science. Faculty position (tenure track).
2015 – 2022	Safebreach (enterprise security software). Vice President, Security Research (part time). Thought-leadership security research.
2013 – 2015	IBM Trusteer (acquired company). Chief Technology Officer. Product content expertise and innovation leadership.
2006 – 2013	Trusteer (financial malware fraud detection and prevention for banks, acquired by IBM for $650,000,000). Chief Technology Officer. Management of the security research group. Grew the research group from 0 to 20 researchers.
2005 – 2006	RSA Security, Cyota Division (acquired company). Chief Scientist. Innovation, patents and new technology.
2004 – 2005	Cyota (anti online-banking fraud SaaS startup, acquired by RSA for $145,000,000). Chief Scientist. Innovation, patents and new technology.
1997 – 2004	Sanctum (web application security startup, acquired by Watchfire which was in turn acquired by IBM). Director of Security Research. Management of the product security content team.
1995 – 1997	Israeli Ministry of Defense. Software Project Manager. Management of software and network security projects.
1991 – 1994	Israel Defense Forces. Research officer (Captain) in the Signal Corps. Research in applied computer science and mathematics.

• Spring 2026: Lecturer (with Prof. Guy Katz), "Operating Systems" (67808), The Hebrew University.
• Fall 2025: Lecturer, "Introduction and topics in cyber security" (67607), The Hebrew University.
• Spring 2025: Lecturer (with Prof. Guy Katz), "Operating Systems" (67808), The Hebrew University.
• Fall 2024: Lecturer, "Introduction and topics in cyber security" (67607), The Hebrew University.
• Fall 2024: Lecturer, "Distributed Algorithms, Networking and Secure Systems Seminar (DANSS)" (67861), The Hebrew University.
• Spring 2024: Lecturer (with Prof. Guy Katz), "Operating Systems" (67808), The Hebrew University.
• Fall 2023: Lecturer, "Advanced topics in cyber security" (67607), The Hebrew University.
• Fall 2023: Lecturer, "Distributed Algorithms, Networking and Secure Systems Seminar (DANSS)" (67861), The Hebrew University.
• Spring 2023: Lecturer, “Seminar and Mini-Project in Cyber Security” (67855), The Hebrew University.
• Fall 2021: Lecturer, “Securing Information Systems” (3004), Reichmann University (IDC).
• Fall 2020: Teaching Assistant, “Cryptography Workshop” (89695), Bar Ilan University.

So you want to join my research team

Glad to hear that!
The information below is intended for MSc and PhD students of computer science/engineering in the Hebrew University (or to people about to enroll into one of these programs), pursuing a thesis under my supervision. In the following paragraphs, I will walk you through the prerequisites, my expectations from you, what you can expect from me, and how to proceed. Please read the entire text carefully and carry out the instructions at the bottom.
At this point, if you haven't already, I highly recommend that you watch Prof. Guy Katz's excellent video tutorial on finding an MSc thesis advisor. Go on, do that. I'll wait right here.

Prerequisites:

• Near full-time commitment to research
• Relevant hands-on experience (e.g. past militray service in relevant units, past employment in cyber-security companies, past research in systems/networks, etc.)
  OR: Very high grade in my 67607 course ("Introduction and Topics in Information security (Cyber)") in the academic year 2024/2025 or later. I may still require a completion of some tasks to strengthen your skill set before starting the actual research.
  OR: a lab under my supervision, in which you will gain some hands-on experience.

On relevant hands-on experience

The research projects I engage in require some hands-on work with systems and networks. Here are some recent examples of tasks my students had to carry out during their research:

• Compile a modified kernel of a half-baked (pre-beta) version of an operating system kernel
• Capture and generate network packets (TCP/UDP, IPv4/IPv6) in real-time (C/C++ code)
• Add logs/measurements to a kernel to study its behavior
• Build a small proof of concept website that uses some HTML5 APIs, and combine it with packet capturing
• General Linux system programming (and also Windows and other operating systems) and operation, including in cloud VMs
• Studying browser, OS kernel and OS utilities source code to understand how they work
• Reverse engineering of small pieces of kernel code, in x64 and ARMv8 architectures
• Measuring Internet behavior (noise, packet drops, filtering) from various locations
• Preparing a security patch for the Linux kernel

Of course, no research project requires all these tasks, and of course, each research project may have its own set of interesting hands-on requirements, but if you (the prospective student) don't have any experience with at least a few such tasks (or similar ones), and you haven't taken my 67607 course then you're probably not ready for the kind of research I conduct. But despair not. I designed a lab course in which you can gain a lot of relevant hands-on experience. Please consult me if you're interested!.

My expectations from you

In general, I expect the student to be committed to the research project. This is difficult to achieve if the student is also employed in a non-negligible capacity, and more so if the student also has to take courses in parallel (on top of the employment). I expect the student to be a self learner and to fulfill tasks (that we agree upon) quite independently. I expect the student to manage his/her own time. I expect the student to ask questions when he/she gets stuck (but only after he/she made a reasonable effort to solve the problem independently). I expect the student to exhibit perseverance -- in our research we sometimes face annoying/difficult obstacles (kernels don't compile out of the box, networks interfere with our measurements, etc.), but we do not give up. I expect students to communicate with me on a regular basis. I expect students to be responsive (i.e. respond to emails in a timely fashion). Students should exhibit a "scientific spirit": seek to get to the bottom of things, understand and explain experiment results (both success and failure), strive for accurate and reproducible results, and clear and faithful representation of the methodology, experiments, and results.
My students are seated in the security research lab room, A316.

In terms of research project deliverables, the way I see it, there are 3 "products" from the research:

• A thesis
• A paper, accepted to a (ideally, top-tier) conference
• A presentation, presented by the student at the above conference

It is important to stress that all three are needed, from my perspective. And while you may consider the thesis as the main product, if you want to pursue an academic career (or for an MSc student -- even a PhD) then an MSc thesis based on a top-tier conference paper is a good start. And presenting your research in a conference is a great way to become known academically and to jump-start your network of academic connections.
To be explicit: I expect the student to write all the above (in English), with my help of course. And delivering all three is mandatory for the completion of the degree. Typically, the thesis is derived from a paper version that got accepted to a conference.

What you can expect from me

I am genrally responsive to emails and other means of communication. You can ask me questions and I will usually relpy kindly and quickly. We work together on research directions (in most cases, I come up with the initial research direction/idea, but it can evolve; and you can always suggest new ideas). if you're stuck, I will do my very best to help. I will guide you in all things academia, and I will help you define and pursue your academic career.

Scholarships

Usually, I am able to offer scholarships to my students. The amount and duration of the scholarship are subject to the academic and university regulations, as well as to the availability of funding and budgets. While not on-par with hi-tech full-time salaries, scholarships can provide significant financial support for students.

What to do next?

If you read through all the above, and you'd like to proceed, then please send me:

• CV
• Academic status (how far are you into your degree, what's still left), employment status (are you employed? where?, in what capacity?)
• A sample of a scientific (academic) text you wrote (all by yourself) in English. This can be a project or a term paper you submitted, etc.
• Any additional info that you find relevant

Once you do, I will respond quickly. If I think you are potentially a good fit, I will set up an interview (Zoom or face-to-face), and if this phase is successful, we will probably proceed with a lab. This lets both of us work together and get an idea of whether we do that well. It is also a good opportunity for you to see if the topics I research are of interest to you, and for me to see how well you function as a researcher. At the end of the lab you will submit a lab report and get academic credit points.
If we're both satisfied at the end of the lab, I will register you as my student, and we can continue the research together.

When to approach me

TL;DR - as soon as possible!
A research project (possibly including a ramp-up phase and usually ending in a paper submission to a top-tier conference) takes around 1 year (ballpark figure only). Then there's a phase of revising and resubmitting the paper, which can take additional 0.5-1 year. So we're looking at 1.5-2 years overall. If you don't want the research to delay your eligibility for a degree (or to only minimally delay it), you should start as early as possible. And yes, this is in contrast to some advice you're typically given about deferring the thesis reseach until you get to know the research topics in the faculty (and the faculty researchers as well), but again, see the above back-of-the-envelope calculation for reasoning.
So - ideally you should contact me as soon as you are accepted to the degree studies (you can contact me earlier, but I usually don't support/vouch for candidates).

General information

My students are seated in my lab, room A-316. We use my lab account under HUJI CSE's github to host our projects. We use my Overleaf account for papers, theses, etc. Most research projects involve writing low-level C/C++ code, combined with some scripting (typically Python). Most code is developed for Linux (we mostly use Ubuntu). We mostly use Azure for cloud services, though this may change in the future.