Originally, the Internet was a collaborative effort among researchers, but has since evolved into a marketplace comprising millions of commercial entities and billions of users who often have conflicting goals. My work builds off of the belief that we can secure the Internet by understanding and accounting for these competing interests.
I empirically measure security on the Internet to understand how security breaks down, and I apply economics and cryptography to design and build new systems with provable and usable security. I study the web's PKI, censorship avoidance, DNS root servers, and more. I have been fortunate to work with many wonderful collaborators. See my CV for more information.
I am a new Assistant Professor at the University of Maryland. I am looking for ambitious, motivated PhD and undergraduate students to work with. If you're interested in systems and network security, then:
Two of my students wrote a paper about a novel security competition they piloted in a pen-testing class they taught. The paper was just accepted to ASE 2018. Congrats, Kevin Bock and George Hughey!
Our work on analyzing the web's (non)response to Heartbleed is appearing in Communications of the ACM Research Highlights.
An article giving an overview of our work on DNSSEC measurement is appearing in USENIX ;login:
Our paper measuring the fork in Ethereum was accepted to HotNets – congrats to first author, Lulu!
This Spring, I'm teaching:
I also helped design and run the Build it, break it, fix it secure programming competition that gives students firsthand experience with building secure code.All My Classes
I was the General Chair for the ACM Symposium on SDN Research (SOSR) 2017 and for HotNets 2013. I regularly serve on program committees and NSF panels, and have also visited Congress to discuss increasing nationwide funding for scientific research.All Service