I am a PhD candidate studying Computer Science at Boston University under the supervision of Manuel Egele and Hongwei Xi.
Recently, I have been researching language based security techniques to protect cloud services. I had the opportunity to investigate this cloud security topic while interning with the Cyber Security Intelligence (CSI) team at IBM Research where I participated in the DARPA Cyber-Hunting at Scale (CHASE) program. I also work on defenses that use memory protection keys (MPKs) available on recent Intel CPUs to improve applications' memory safety. This architectural security work was done as a part of the NSF Secure and Trustworthy Cyberspace (SaTC) Taming Memory Corruption with Security Monitors program.
Previously, I worked on a novel fuzz testing technique called micro-fuzzing to detect algorithmic complexity (AC) vulnerabilities in Java programs and libraries. This was done in collaboration with researchers from Boston University, Northeastern University, and UC Santa Barbara under the DARPA Space and Time Analysis for Cybersecurity (STAC) program. In addition to being used on challenges designed by defense contractors throughout the STAC program, our micro-fuzzing prototype, HotFuzz, has discovered AC bugs in widely used production libraries.
I am also interested in how advanced type systems can be used to improve the reliability and security of systems software. To test this idea, I periodically work on ATSFlight, a firmware for first person view (FPV) drones implemented in ATS, a statically typed functional programming language that features both dependent and linear types.