Security and Privacy Research at the University of Virginia

Our research seeks to empower individuals and organizations to control how their data is used. We use techniques from cryptography, programming languages, machine learning, operating systems, and other areas to both understand and improve the privacy and security of computing as practiced today, and as envisioned in the future. A major current focus is on adversarial machine learning.

SRG lunch
SRG Leap Day Lunch (29 February 2024)

We are part of the NSF AI Institute for Agent-based Cyber Threat Intelligence and Operation (ACTION) which seeks to change the way mission-critical systems are protected against sophisticated security threats. Collaboration with UC Santa Barbara (lead), Purdue, UC Berkeley, U Chicago, Georgia Tech, NSU, Rutgers, UIUC, UIC, UW, and WWU.
We are members of the NSF SaTC Frontier Center for Trustworthy Machine Learning (CTML) focused on developing a rigorous understanding of machine learning vulnerabilities and producing tools, metrics, and methods to mitigate them. Collabortion with the University of Wisconsin (lead), UC Berkeley, UC San Diego, and Stanford.
Active Projects

Inference Privacy
Security ML
Auditing ML Systems

Past Projects
Secure Multi-Party Computation
   Obliv-C · MightBeEvil

N-Variant Systems · Splint · More…

Recent Posts

Steering the CensorShip

Hannah Cyberey, David Evans, censorship, large language models, steering, alignment
Steering Censorship Examples

Orthodoxy means not thinking—not needing to think.
(George Orwell, 1984)

Uncovering Representation Vectors for LLM ‘Thought’ Control

Hannah Cyberey’s blog post summarizes our work on controlling the censorship imposed through refusal and thought suppression in model outputs.

Paper: Hannah Cyberey and David Evans. Steering the CensorShip: Uncovering Representation Vectors for LLM “Thought” Control. 23 April 2025.

Demos:

Code: https://github.com/hannahxchen/llm-censorship-steering

US v. Google

law, privacy, Google, remedies

Now that I’ve testified as an Expert Witness on Privacy for the US (and 52 state partners), I can share some links about US v. Google. (I’ll wait until the judgement before sharing any of my own thoughts other than to say it was a great experience and a priviledge to be able to be part of this.)

The Department of Justice Website has public posts of many trial materials, including my demonstrative slides (with only one redaction).



This article has the most detailed and accurate account I’ve seen so far: Google Case Judge Weighs Rivals’ Data Needs Against Privacy [PDF]

New Classes Explore Promise and Predicaments of Artificial Intelligence

David Evans, law, explanability, machine learning, Tom Nachbar

The Docket (UVA Law News) has an article about the AI Law class I’m helping Tom Nachbar teach:

New Classes Explore Promise and Predicaments of Artificial Intelligence
Attorneys-in-Training Learn About Prompts, Policies and Governance
The Docket, 17 March 2025

Nachbar teamed up with David Evans, a professor of computer science at UVA, to teach the course, which, he said, is “a big part of what makes this class work.”

“This course takes a much more technical approach than typical law school courses do. We have the students actually going in, creating their own chatbots — they’re looking at the technology underlying generative AI,” Nachbar said. Better understanding how AI actually works, Nachbar said, is key in training lawyers to handle AI-related litigation in the future.

“I want my students to have a solid understanding about what’s actually happening under the hood, as it were, so that when they confront a case, they know what kinds of questions to start asking,” he said.

Full Article

Tom and I will co-teach a jointly-listed Law and Computer Science AI Law class in the fall.

Is Taiwan a Country?

David Evans, Hannah Cyberey, Yangfeng Ji, censorship, LLM, steering, fairness

I gave a short talk at an NSF workshop to spark research collaborations between researchers in Taiwan and the United States. My talk was about work Hannah Cyberey is leading on steering the internal representations of LLMs:

Steering around Censorship
Taiwan-US Cybersecurity Workshop
Arlington, Virginia
3 March 2025

Can we explain AI model outputs?

David Evans, law, explanability, machine learning

I gave a short talk on explanability at the Virginia Journal of Social Policy and the Law Symposium on Artificial Intelligence at UVA Law School, 21 February 2025.

Can we explain AI model outputs? (PDF)

There’s an article about the event in the Virginia Law Weekly: Law School Hosts LawTech Events, 26 February 2025.

SRG Logo University of Virginia
Security Research Group

Team
   Prospective Students
   Awards
   Director: David Evans

Publications
   Videos

Recent News

Steering the CensorShip
US v. Google
New Classes Explore Promise and Predicaments of Artificial Intelligence
Is Taiwan a Country?
Can we explain AI model outputs?
Une expérience immersive et enrichissante
Reassessing EMNLP 2024’s Best Paper: Does Divergence-Based Calibration for Membership Inference Attacks Hold Up?
Common Way To Test for Leaks in Large Language Models May Be Flawed
Meet Professor Suya!
Poisoning LLMs
The Mismeasure of Man and Models
Google's Trail of Crumbs
Technology: US authorities survey AI ecosystem through antitrust lens
John Guttag Birthday Celebration
Congratulations, Dr. Suri!
Graduation 2024
SaTML Talk: SoK: Pitfalls in Evaluating Black-Box Attacks
Congratulations, Dr. Lamp!
Do Membership Inference Attacks Work on Large Language Models?
SoK: Pitfalls in Evaluating Black-Box Attacks
NeurIPS 2023: What Distributions are Robust to Poisoning Attacks?
Adjectives Can Reveal Gender Biases Within NLP Models
Congratulations, Dr. Suya!
SoK: Let the Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning
CVPR 2023: Manipulating Transfer Learning for Property Inference

Older Posts
Posts by Tag
Posts by Category
Old Blog