In September 2011 I joined the Computer Science PhD program at Stanford University. Currently I work with David Mazières in the Secure Computer Systems group on a new framework for building secure web platforms called Hails. I’m generally interested in distributed systems security, privacy, distributed storage and good will towards people.
In December 2010 I graduated from the University of Washington with an MSc in Computer Science and a BSc in Computer Science and Economics (double major). I worked with Hank Levy, Tadayoshi Kohno, Arvind Krishnamurthy, and Roxana Geambasu on web privacy and distributed systems. I’ve interned at Google, once developing distributed testing tools and again building tools to help developers schedule their cluster jobs. Before that I worked at the Grameen Foundation as an intern on the MIFOS (Micros Finance Open Source) project.
Hails is a web platform framework that obivates the traditional tradeoff in extensible web applications between privacy/confidentiality and extensibility. Hails leverages language-level information flow control in Haskell to enable feature rich applications to share data while ensuring that security policies are carried over and enforced along with the data. Traditionally, web applications allow extensibility by exposing an API. “Blessed” third-party apps that granted access to the API (or a subset of the API) are entrusted with (often senstive) user data to do what they please. This is problematic not only because third-party app developers may be malicious, but more practically because it reduces the trustworthiness of a platform to the least trustworthy third-party developers (who is often incetivized to prioritize features over security). Hails addresses this problem by tying security policies to data using information-flow-control labels. In Hails, a common, trusted, platform ensures that apps that have seen sensitive data may communicate with users, files, database etc, that are not privileged to see that data. Moreover, as opposed to traditional platforms where there is a host application that has more access to data than third-party apps, in Hails all apps have the same access to data. This enables developers to build complete alternatives to applications without requiring users to migrate their data or give up network effects.
Comet extended the distributed key-value storage abstraction to facilitate the sharing of a single storage system by applications with diverse needs, allowing them to reap the consolidation benefits inherent in today’s massive clouds. Distributed key-value storage systems are widely used in corporations and across the Internet. We wanted to greatly expand the application space for these systems through application-specific customization. We designed and implemented Comet, an extensible, distributed key-value store. Each Comet node stores a collection of active storage objects (ASOs) that consist of a key, a value, and a set of handlers. Comet handlers run as a result of timers or storage operations, such as get or put, allowing an ASO to take dynamic, application-specific actions to customize its behavior. Handlers are written in a simple sandboxed extension language, providing safety and isolation properties. We implemented a Comet prototype for the Vuze distributed hash table, deployed Comet nodes on Vuze from PlanetLab, and built and evaluated over a dozen Comet applications.
Today’s technical and legal landscape presents formidable challenges to personal data privacy. First, our increasing reliance on Web services causes personal data to be cached, copied, and archived by third parties, often without our knowledge or control. Second, the disclosure of private data has become commonplace due to carelessness, theft, or legal actions. In Vanish our goal was to protect the privacy of past, archived data - such as copies of e-mails maintained by an email provider - against accidental, malicious, and legal attacks. Specifically, we wanted to ensure that all copies of data become unreadable after a user-specified time, without any specific action on the part of a user, and even if an attacker obtains both a cached copy of that data and the user’s cryptographic keys and passwords. Vanish achieved this by integrating cryptographic techniques with global-scale, peer-to-peer, distributed hash tables.
During summer 2010, I worked with Joseph L. Hellerstein at Google. We targeted a set of key questions that developers scheduling jobs on a cluster care about, but are hard or impossible to answer with existing tools: Will a job schedule? What changes to a job would make it more likely to schedule? Which resources can a job consume more of without impacting the ability to schedule it? Our challenge was to define metrics that accurately and predictively describe a job given the cluster it was scheduled on, and to compute those metrics efficiently enough to allow for interactive exploration of job configuration. We chose to estimate the number of scheduling slots available to a job over the past two weeks. However, computing the actual count is too expensive to do interactively. Our approach was to perform continuous statistical characterization of machine loads, and to compute an estimate of the number of slots based on that characterization. As a result we were able to build tools that give developers a meaningful way to compare different job configurations.
Hails: Protecting Data Privacy in Untrusted Web Applications. With Daniel Giffin, Deian Stefan, David Terei, David Mazières, John Mitchell, Alejandro Russo. In Proceedings of OSDI, Los Angeles, USA, October 2010. Paper: [PDF] Talk: [CRASH Talk (PDF)]
Addressing Covert Termination and Timing Channels in Concurrent Information Flow Systems. With Deian Stefan, Alejandro Russo, Pablo Buiras, John Mitchell, David Mazières. In In Proceedings of ICFP, Copenhagen, Denmark . 2012. Paper: [PDF]
Comet: An active distributed key-value store. With Roxana Geambasu, Tadayoshi Kohno, Arvind Krishnamurthy and Hank Levy. In Proceedings of OSDI, Vancouver, Canada, October 2010. Paper: [PDF] Poster: [PDF]
Vanish: Increasing Data Privacy with DHTs that forget. With Roxana Geambasu, Tadayoshi Kohno, and Hank Levy. In Proceedings of the USENIX Security Symposium, Montreal, Canada, August 2009. Won the Outstanding Student Paper Award. Paper: [PDF]
University of Washington
Selected Undergraduate Coursework
I have been a teaching assistant for three courses over seven quarters
Wai-Lite (working title)
My second attempt at a Haskell web-framework, this time based on the WAI web server interface. Wai-lite takes a more deliberate approach, specifically everything is implemented in terms of a basic
Routeable type-class, making all components (various kinds of routes and controllers) composable and nestable. Even a native WAI
Application is an instance of
Routeable and can be embedded at any stage. It features a Monadic
Route type that enables readable route specifications, Sinatra-inspired shorthands, a REST-Controller Monad for simplifying resource routing and a controller Monad that simplifies such tasks as cookie and form parsing.
MemJS is a pure Node.js client library for accessing the MemCachier service and other memcache servers. It uses the binary protocol and support SASL authentication.
Coypond is a semantic grep-like tool for Ruby. You can use coypond to search through ruby code for class, module, or method definitions. It indexes the class, module and method names in a Ruby code base, noting the files they were found in and the locations within those files. It can search through specific files, source code directory trees, or through locally installed gems.
Coypond uses ripper (a built in library as of Ruby 1.9) to generate parse trees from Ruby source files. These parse trees are then use to create an inverted index of the code, annotated with semantic information like whether the definition is a class, module or method.
n shares, such that only
k (<=n) are needed to reconstruct the original data. Possession of any fewer than
k shares discloses nothing about the original data. The algorithm generates shares by evaluating a
k-1 polynomial, based on the data, at
n arbitrary points. We get the data back by performing polynomial interpolation over
k of the shares.
Check it out! VoteLight.com
VoteLight was a project I hacked together with Aaron when I visited him in LA. The company where Aaron previously worked, GridPoint, used MS Outlook & Exchange for e-mail, which has built in mini-surveys that can be attached to e-mails and update in-message when respondents vote. GridPoint used this feature to plan after-work happy hours etc, which is awesome! His new company, SkylineInnovations, is getting with the cloudy goodness by using Google Apps for hosted e-mail, which is also awesome! However, Google has no similar feature, which is not awesome :(…
VoteLight does just this. It’s super simple, and runs on AppEngine. It uses a Google Charts for the graphs, and just embeds a dynamic image in e-mail messages sent, which update to the latest state of the survey every time the message is viewed.
Breadcrumbs - a travel blog CMS
I built the first version of this when I was in Central America in Winter 2011, used it to put up a bunch of content for that trip and my visits to grad schools - it was great. Later, I rebuilt it to use Rails 3.1, lost all of my data and started using the new version for my trip to Berlin with Courty.
The only real benefit over any other CMS is that checking into a location (like a city somewhere in Nicaragua) is a built in feature and pretty easy. It means that I can update my blog without writing anything, and have to checkin with my family a little less often. Checkins are strung together into trips, and posts can be tied to those trips, or even specific checkins. This means that getting an overview of where/how someone has traveled and what they did along the way is easy. Unfortunately, it is highly feature incomplete…
UPDATE: I moved to the bay area in September, so this page is pretty out of date (particularly the part about any of the people listed below being my friends). I plan on adding more current details as soon as I develop a personality.
When I’m not hacking on software, I might be playing guitar or piano, planning my next escape (see travel below), or enjoying the wonderful coffee, food and beer that Seattle has to offers. I like any and all water sports (including floating) and also try to hike or ski as much as possible. I used to row, but now I mostly use faster methods of transportation.
Some Friends’ Websites:
- Kaitlin Morrison
- Courtlandt Stanton
- Justine Sherry
- Gilbert Bertstein
- Shiri Raphaely
- Alex Loddengaard
- Lucie Baker
- Goni Eshed
- Daniel Dor
- Ronen Shmueli
- Silvio Lattanzi
- Sascha Trifunivic
- Aaron Block
A Partial List of Awesome Movies…
- Pulp Fiction
- Y tu mamá también
- The Diving Bell & The Butterfly
- Eternal Sunshine of the Spotless Mind
- Annie Hall
- I Heart Huckabees
- The Life Aquatic, The Royal Tenenbaums, Fantastic Mr. Fox, and everything else Wes Anderson…
- The Bubble
- Le Placard
Special Category: The Room
Places I’ve Traveled
I try to travel as much as possible - usually alone, but sometimes with friends. Sometimes I relate my experiences in my travel blog, but not often. Alphabetically by region, then country, I’ve been to:
- Canada: Vancouver, Victoria, Montreal, Jasper, Lake Louise
- Mexico: Cancun, Chichen Itza, Tulum, Valladolid, Playa del Carmen, Cozumel
- Guatemala: Antigua
- El Salvador: San Salvador, Los Cobanos, Morazan
- Honduras: San Pedro Sula, Utila
- Nicaragua: Leon, San Juan Del Sur
- Costa Rica: San Jose, Alajuale, Monteverde, Tamarindo, Samara
- Belgium: Bruges
- France: Paris, La Plagne, Chamonix
- Germany: Frankfurt
- Italy: Rome, Florence, Bologna, Milan, Venice, Padua, Treviso, Trieste, Ischia
- Spain: Barcelona, Granada, Seville
- Switzerland: Geneva, Zurich, Gimmelwald
- Netherlands: Amsterdam
- UK: London, Edinburgh
Middle East: - Jordan: Petra
My resume is available in PDF format here. If you need a more up to date version please e-mail me.