I am an associate professor in the UCSD CSE Department. I like building principled and practical secure systems. I am interested in research that spans security, programming languages, and systems. My students and I work on on secure systems (from Web frameworks, to new browser designs, sandboxing, and runtime systems), language-based security (constant-time programming, memory safety, and information flow control), verification for security, and (static and symbolic) program analysis tools. I spend a lot of my time thinking about WebAssembly and JavaScript JITs.
I was a co-founder and the Chief Scientist at Intrinsic a web-security startup (acquired by VMWare). I also spent a bit of time on the W3C WebAppSec and Node.js Security Working Groups.
I completed my PhD in Computer Science at Stanford under David Mazières, John C. Mitchell and Alejandro Russo. Prior to Stanford, I obtained a BE and ME in Electrical Engineering at Cooper Union.
Prior to UCSD, I was also an instructor and teaching assistant for several courses at Stanford and Cooper.
Below you will find most papers I've worked on. DBLP has a slightly more complete list.
The following three papers are representative: