From 2001 to 2017, I was Associate Professor and Director of the Network Security Lab in the Computer Science department at Columbia University. My research interests include systems and network security and applied cryptography. I received my Ph.D. in Computer Science from the University of Pennsylvania. In 2012, I was elected ACM Distinguished Scientist. In 2017, I was named ACM Fellow, with the citation "for contributions to the theory and practice of systems and network security". I was also named IEEE Fellow in the Class of 2018, with the citation "for contributions to network security systems". Since 2014, I have been serving as Program Manager with the Information Innovation Office (I2O) at the Defense Advanced Research Projects Agency (DARPA), part of the Department of Defense. At DARPA, I conceived and launched several new programs.
I am also managing (or managed) the Active Authentication (AA), Active Cyber Defense (ACD), Anomaly Detection at Multiple Scales (ADAMS), and Computer Science Study Group (CSSG) programs. From July 2013 to July 2014, I served as Program Director with the National Science Foundation (NSF), in the Computer and Network Systems (CNS) Division, Directorate for Computer & information Science & Engineering (CISE). My primary responsibility was with the Secure and Trustworthy Cyberspace (SaTC) program, which is the primary NSF source of funding for academic research in cybersecurity across the nation. With colleagues from the SBE and ENG Directorates, I helped create the Resilient Interdependent Infrastructure Processes and Systems (RIPS) program, which seeks to enhance the understanding and design of interdependent critical infrastructure systems (ICIs) and processes that provide essential goods and services despite disruptions and failures from any cause, natural, technological, or malicious. I also led the creation of the NSF/Intel Partnership on Cyber-Physical Systems Security and Privacy (CPS-Security) program, which seeks to foster a research community committed to advancing research and education at the confluence of cybersecurity, privacy, and cyber-physical systems, and to transitioning its findings into engineering practice. I was also involved in the Secure, Trustworthy, Assured and Resilient Semiconductors and Systems (SaTC: STARSS) track, which represented a joint partnership between NSF and the Semiconductor Research Corporation (SRC) that supports research on new strategies for architecture, specification and verification, especially at the stages of design in which formal methods are currently weak or absent, with the aim of decreasing the likelihood of unintended behavior or access, increasing resistance and resilience to tampering, and improving the ability to provide authentication throughout the supply chain and in the field. During my time at Columbia, I led a number of projects. Some of these were:
During my 2009 sabbatical leave, I educated myself on Voice over IP security (eventually producing a comprehensive survey), and helped analyze rogue anti-virus software campaigns. In the distant past, I worked on Active Networks, the predecessor to what is now called Software Defined Networks (SDN). Active Networks explored the idea of allowing routing elements to be extensively and securely programmed, thus enabling optimizations and extensions of current protocols as well as the development of fundamentally new protocols. At the same time, I co-developed the KeyNote trust-management system, which is a widely used and cited decentralized access control mechanism used in a variety of tasks, including network-layer access control, distributed file systems, offline micro-payments, MANET security, network QoS, distributed firewalls, and the STRONGMAN access control management system. I also designed and implemented a large part of a high-performance and full-functionality open-source IPsec stack (which is still in use as part of the OpenBSD project. This included a new kernel architecture for hardware-accelerated cryptography and firewall functionality. I had a part in developing a secure bootstrap architecture. I was also an active participant in the IETF (Internet Engineering Task Force), and in particular the IPsec and IPSP Working Groups. My recent and current research projects include software hardening, system self-healing, high-performance dynamic information flow tracking, clean-slate system design, cloud security, information/network/system deception, virtual private social networks, auditable cloud services, and private information retrieval. An up to date CV, including a complete list of publications, can be found here. |
|
Useful/Interesting Links"Networking
on the network" |