My research confronts issues of security and transparency in computer systems and networks.

My major research thrusts are:

Detecting and Investigating Intrusions

Data provenance can be aggregatedfrom multiple operational layers of complex systems.

Modern computing systems are sprawling and complex, creating many opportunities for would-be intruders to break-in and remain undetected. Attackers can now dwell inside of networks for months or years before being noticed, as evidenced by numerous high-profile data breaches in the news. Our research seeks to empower system defenders by improving the ways in which we audit computers, allowing them to understand and react to attacks before serious damage is inflicted. A key technique we leverage in this work isf data provenance, which iteratively parses low-level events (e.g., Process A read File 1) into a causal dependency graph that describes the entire history of system execution. These graphs allow security analysts to identify the root causes of suspicious activities through causal analysis, and can also be used to improve automated intrusion/anomaly detection systems.

Recent Papers:

Consumer Device Security

Through the USB Interface, mobile phones can be used to attest the identity of the machines to which they connect.

Spanning smart phones and the Internet of Things, consumer-oriented computing devices are diverse and pervasive. While these technologies create unprecedented opportunity for innovation, they also expose novel attack surfaces that must be better understood in order to provide adequate protection to end users. Our work in this space is two fold: first, to reason about the security challenges created by consumer devices, but also to identify ways in which these technologies can be leveraged to address the broader goals of computer security.

Recent Papers:

Network & Communications Security

Our research has evaluated novel techniques for verifying identity on the Internet.

An increasing proportion of the global economy is dependent on the security of network communications and infrastructures. Unfortunately, these security properties are violated with alarming frequency due to implementation errors or developer confusion, or because systems are made use of in unanticipated ways. This research seeks to better understanding this breakdown between theory and practice, and identify ways to restore correct functionality in vulnerable networked systems.

Recent Papers: