I am a Ph.D. candidate in computer science, primarily interested in
security, programming languages, software engineering, and the
intersection thereof. I am advised by
Dawn Song.
My graduate research primarily focuses on making the Web a safer place. Check out WebBlaze for more like-minded folk.
This summer, I will be interning at Coverity
to work on static analysis tool research.
During the summer of 2011, I was a research intern at
Microsoft Research.
While at Microsoft, I worked in the
Research in Software Engineering (RiSE)
group with
Ben Livshits,
Juan Chen,
and Nikhil Swamy.
Previously, I received a B.S. and M.S. from
Brown University.
From 2007 to 2008, I worked in the
Fishworks
group at Sun Microsystems. For posterity's sake, you can view my old Brown University
undergraduate home page here.
Currently, I am a teaching assistant for cs161,
the undergraduate computer security course, under my adviser, professor Dawn Song.
In the spring of 2010, I was a teaching assistant for
the same course,
but as taught by professors
Vern Paxson and
David Wagner.
I am a big fan of the version control system
Git. I have written several scripts
that I find helpful in my day to day Git workflow. Check them out along
with the other minor utilities that I have written
here. Traditionally, I have really
loved using Arch Linux for its
minimalist approach and awesome
package management system
(and
related tools).
However, I have recently come to believe that
FreeBSD
Ubuntu with
ZFS on Linux is the way to go. The
project is still not stable enough for general release, but for the
hackers among us, ZFS + Linux's software stack is a hard to beat combo.
For a retrospective on my nuptials, please visit here. When I'm not doing research, I
run,
rock climb,
ski,
take photos,
roast coffee,
and
tap dance.
I am also working on my
Hebrew,
but it currently leaves much to be desired.
Refereed Publications
-
A Systematic Analysis of XSS Sanitization in Web Application Frameworks. Proc. of 16th European Symposium on Research in Computer Security (ESORICS), 2011.ESORICS presentation slides (with notes).
-
Towards Client-side HTML Security Policies. Proc. of the Workshop on Hot Topics in Security (HotSec), 2011.HotSec presentation slides (with notes).
-
Diesel: Applying Privilege Separation to Database Access. In Proc. of ACM Symposium on Information, Computer and Communications Security (ASIACCS), 2011.
-
Preventing Capability Leaks in Secure JavaScript Subsets. In Proc. of Network and Distributed System Security Symposium (NDSS), 2010.Visit the project page for code and more information.
-
Cross-Origin JavaScript Capability Leaks: Detection, Exploitation, and Defense. In Proc. of USENIX Security Symposium, 2009.Visit the project page for code and more information.USENIX presentation slides (with notes).
-
Composition with Consistent Updates for Abstract State Machines. In Proc. of the International ASM Workshop, 2007.
Non-Refereed Papers
-
Monadic Refinement Types for Verifying JavaScript Programs. Microsoft Research Technical Report, 2012.
-
ASM Relational Transducer Security Policies. Brown University Technical Report CS-06-12, 2006.
