Research
I previously worked on security topics within the GraalVM at Oracle Labs. The GraalVM is an ambitious project that provides efficient just-in-time (JIT) and native compilation for Java programs and also a framework for implementing programming languages on top of the Java Virtual Machine (JVM).
I completed my PhD in Computer Science at Boston University where I was supervised by Manuel Egele and Hongwei Xi. At BU, I was a member of the Secure Systems Lab and Principles of Programming and Verification (POPV) research group.
During my PhD, I researched language-based security techniques to protect cloud services. I had the opportunity to investigate this cloud security topic while interning with the Cyber Security Intelligence (CSI) team at IBM Research where I participated in the DARPA Cyber-Hunting at Scale (CHASE) program. I also worked on defenses that use memory protection keys (MPKs) available on recent Intel CPUs to improve applications' memory safety. This architectural security work was done as a part of the NSF Secure and Trustworthy Cyberspace (SaTC) Taming Memory Corruption with Security Monitors program.
I also worked on a novel fuzz testing technique called micro-fuzzing to detect algorithmic complexity (AC) vulnerabilities in Java programs and libraries. This was done in collaboration with researchers from Boston University, Northeastern University, and UC Santa Barbara under the DARPA Space and Time Analysis for Cybersecurity (STAC) program. In addition to being used on challenges designed by defense contractors throughout the STAC program, our micro-fuzzing prototype, HotFuzz, has discovered AC bugs in widely used production Java libraries.
I am also interested in how advanced type systems can be used to improve the reliability and security of systems software. To test this idea, I periodically work on ATSFlight, a firmware for first person view (FPV) drones implemented in ATS, a statically typed functional programming language that features both dependent and linear types. This work grew out of my experience using ATS on embedded microcontrollers during graduate school, and was influenced by the Fox Project.