I am an Assistant Professor in the UCSD CSE Department. My research interests are in building principled and practical secure systems. More broadly, I am interested in research that spans security, programming languages, and systems. My students and I work on on secure systems (from Web frameworks, to new browser designs, and runtime systems), language-based security (constant-time programming, memory safety, and information flow control), verification for security, and (static and symbolic) bug finding tools.
I am also a member of the W3C WebAppSec Working Group and Node.js Security Working Group.
I was also a co-founder and the Chief Scientist at Intrinsic a web-security startup (aquired by VMWare).
I completed my Ph.D. in Computer Science at Stanford under David Mazières and John C. Mitchell and (unofficially) Alejandro Russo. Prior to Stanford, I obtained a B.E. and M.E. in Electrical Engineering at Cooper Union. At Cooper, I worked on GPU and FPGA crypto implementations. I am still generally interested in hardware architectures, especially in the context of security.
I have served, or am serving, on the program committees for:
Prior to UCSD, I was also an instructor and teaching assistant for several courses at Stanford and Cooper.
Below you will find a select list of papers. DBLP has a a slightly more complete list.
The following three papers are representative: