I am an Assistant Professor in the UCSD CSE Department. I am also the Chief Scientist at Intrinsic (formerly GitStar), a web security start-up I co-founded. My research interests are in building principled and practical secure systems. More broadly, I am interested in research that spans systems, security, and programming languages. My students and I work on on secure systems (from Web frameworks, to new browser designs, and runtime systems), language-based security (constant-time programming, memory safety, and information flow control), verification for security, and (static and symbolic) bug finding tools. At Intrinsic, I am putting research into practice by similarly building systems, tools, and languages that ultimately make it easier for developers to build and deploy web applications with minimal trust.
I am also a member of the W3C WebAppSec Working Group and Node.js Security Working Group.
I completed my Ph.D. in Computer Science at Stanford under David Mazières and John C. Mitchell and (informally) Alejandro Russo. Prior to Stanford, I obtained a B.E. and M.E. in Electrical Engineering at Cooper Union. At Cooper, I worked on GPU and FPGA crypto implementations. I am still generally interested in hardware architectures, especially in the context of security.
I have served, or am serving, on the program committees for:
Prior to UCSD, I was also an instructor and teaching assistant for several courses at Stanford and Cooper.
Below you will find a select list of papers. DBLP has a a slightly more complete list.
The following three papers are representative: