Measuring and Improving Internet Security

Assistant Professor Computer Science
Co-Chair, CS Undergraduate Honors Program

Originally, the Internet was a collaborative effort among researchers, but has since evolved into a marketplace comprising millions of commercial entities and billions of users who often have conflicting goals. My work builds off of the belief that we can secure the Internet by understanding and accounting for these competing interests.

I empirically measure security on the Internet to understand how security breaks down, and I apply economics and cryptography to design and build new systems with provable and usable security. I study the web's PKI, censorship avoidance, DNS root servers, and more. I have been fortunate to work with many wonderful collaborators. See my CV for more information.

I'm looking for students

I am an Assistant Professor at the University of Maryland. I am looking for ambitious, motivated PhD and undergraduate students to work with. If you're interested in systems and network security, then:

Drop me a line

Announcing Breakerspace

I am the founder of Breakerspace, a lab for group undergraduate research in computer and network security. CS enrollment is skyrocketing: Breakerspace's goal is to scale research so more students can try it. We are actively looking for participants: swing by the lab in AVW 3270.

Learn More

Join CS Honors

I am the Chair of the UMD CS Departmental Honors. This program helps students get involved in research, get more engaged with the department, and overall Do Good. If you are a UMD CS student with a good GPA and are looking for a challenge, please apply!

Learn More



Our paper studying Hajime, the successor to the powerful Mirai IoT botnet, was accepted to NDSS 2019. Congrats to Stephen, Katura, George, and Richie on our first NDSS paper!


I am very excited to announce Breakerspace a new lab geared towards group undergraduate research projects in computer and network security. The goal is to scale undergrad research to meet the increasing number of awesome students who want (and ought) to try research.


Our paper (UMD, Northeastern, Duke, and Cloudflare) on whether the web is ready to adopt OCSP Must-Staple was accepted to IMC 2018 (spoiler alert: there's still a ways to go).


Our paper (UMD and Northeastern) studying Ethereum's contracts was accepted to IMC 2018 (spoiler alert: there's a lot of code reuse).


Two of my students wrote a paper about a novel security competition they piloted in a pen-testing class they taught. The paper was just accepted to ASE 2018. Congrats, Kevin Bock and George Hughey!


Our work on analyzing the web's (non)response to Heartbleed is appearing in Communications of the ACM Research Highlights.


My research measures and improves real-world security. I envision an Internet where users have greater control and understanding of what happens to their data. Recently, I've been studying the web's certificate ecosystem, cloud computing, and censorship-avoidance.

Projects Papers


This Fall, I'm teaching:

I also helped design and run the Build it, break it, fix it secure programming competition that gives students firsthand experience with building secure code.

All My Classes


I'm on the committee for IEEE S&P 2019 (Oakland). Submit your work!

I was the General Chair for the ACM Symposium on SDN Research (SOSR) 2017 and for HotNets 2013. I regularly serve on program committees and NSF panels, and have also visited Congress to discuss increasing nationwide funding for scientific research.

All Service


    3411 A.V. Williams Bldg. (in MC2)
    301-405-8515 (I rarely check vmail)