About me

I'm a PhD candidate in the Computer Sciences Department at the University of Wisconsin-Madison and a research assistant in the Security & Privacy Research Group, advised by Prof. Patrick McDaniel. My research interests are in systems and network security. I'm particularly excited about the new use cases and security problems introduced by emerging confidential computing technology. My recent research focuses on designing efficient integrity checking protocols for cloud storage systems in this setting.

Research philosophy

I'm a systems security researcher. The central goal of my PhD research has been to design low-cost defensive techniques for users deploying applications on public cloud infrastructure. I enjoy revisiting long-standing, fundamental security problems with a fresh perspective (e.g., checking the integrity of storage), especially as emerging technologies like confidential computing continue to radically reshape the way applications are deployed on the cloud, edge, and everything in between. I also enjoy taking a more visionary perspective, identifying imminent security problems and designing for the future (e.g., developing flexible security protocols for next-gen storage, memory, and network devices).

My research involves building and benchmarking real-world systems---primarily secure file systems and block device drivers. My toolkit often includes techniques in system design, applied cryptography, and formal optimization. I leverage deep insights about operating system internals to design optimized data structures and algorithms, apply optimization techniques as both a system design methodology and an evaluation framework, and perform deep explorations into trade-off spaces to identify where certain designs perform well or begin to break down. Generally speaking, I will find, learn, and use any tool at my disposal to solve the problem at hand. I often draw connections between communities, blending techniques in creative ways to reason about security problems in ways that were previously unexplored.

My recent research best reflects this philosophy. For example, I recently revisited the fundamental problem of providing integrity protection over untrusted storage devices---this time in the context of modern confidential virtual machines, which introduce new trust assumptions and performance constraints. I demonstrated that while state-of-the-art integrity protocols are theoretically efficient, their hashing costs become prohibitive in practice. I formulated this as an optimization problem, then designed a new adaptive data structure that learns and exploits workload patterns to reduce integrity verification costs. Building on this, I then leveraged asynchronous techniques (which are a building block of modern storage systems) to break through performance ceilings by carefully (and securely) scheduling integrity verification work. In past work, I have also examined vulnerabilities and defenses in emerging software-defined networking (SDN) infrastructure, and designed robust defenses for IoT devices, among other topics.

I care deeply about real-world impact and strive to build usable, well-documented prototypes that run on real systems. All of my research artifacts are open-sourced to enable reproducibility and independent study.

Publications

Complete list available on the publications page.