I am an associate professor in the Computer Science department at Columbia University, in New York, which I joined in 2001. I am also the director of the Network Security Lab. My research interests include systems and network security and applied cryptography. I received my Ph.D. in Computer Science from the University of Pennsylvania. In 2012, I was elected ACM Distinguished Scientist.
I am currently on leave from Columbia, serving as Program Manager with the Information Innovation Office (I2O) at the Defense Advanced Research Projects Agency (DARPA), part of the Department of Defense. At DARPA, I conceived and launched two new programs.
From July 2013 to July 2014, I served as Program Director with the National Science Foundation (NSF), in the Computer and Network Systems (CNS) Division, Directorate for Computer & information Science & Engineering (CISE). My primary responsibility was with the Secure and Trustworthy Cyberspace (SaTC) program, which is the primary NSF source of funding for academic research in cybersecurity across the nation. With colleagues from the SBE and ENG Directorates, I helped create the Resilient Interdependent Infrastructure Processes and Systems (RIPS) program, which seeks to enhance the understanding and design of interdependent critical infrastructure systems (ICIs) and processes that provide essential goods and services despite disruptions and failures from any cause, natural, technological, or malicious. I also led the creation of the NSF/Intel Partnership on Cyber-Physical Systems Security and Privacy (CPS-Security) program, which seeks to foster a research community committed to advancing research and education at the confluence of cybersecurity, privacy, and cyber-physical systems, and to transitioning its findings into engineering practice. I was also involved in the Secure, Trustworthy, Assured and Resilient Semiconductors and Systems (SaTC: STARSS) track, which represented a joint partnership between NSF and the Semiconductor Research Corporation (SRC) that supports research on new strategies for architecture, specification and verification, especially at the stages of design in which formal methods are currently weak or absent, with the aim of decreasing the likelihood of unintended behavior or access, increasing resistance and resilience to tampering, and improving the ability to provide authentication throughout the supply chain and in the field.
During my time at Columbia, I conceived and worked on a number of projects. Some of these include:
In the distant past, I worked on Active Networks, the predecessor to what is now called Software Defined Networks (SDN). Active Networks explored the idea of allowing routing elements to be extensively programmed by the packets passing through them, thus enabling optimizations and extensions of current protocols as well as the development of fundamentally new protocols. At the same time, I co-developed the KeyNote trust-management system, which is a widely used and cited decentralized access control mechanism used in a variety of tasks, including network-layer access control, distributed file systems, offline micro-payments, MANET security, network QoS, distributed firewalls, and the STRONGMAN access control management system. I also designed and implemented a large part of a high-performance and full-functionality open-source IPsec stack (which is still in use as part of the OpenBSD project. This included a new kernel architecture for hardware-accelerated cryptography and firewall functionality. I had a part in developing a secure bootstrap architecture. I was also an active participant in the IETF (Internet Engineering Task Force), and in particular the IPsec and IPSP Working Groups.
My recent and current research projects include software hardening, system self-healing, high-performance dynamic information flow tracking, clean-slate system design, cloud security, information/network/system deception, virtual private social networks, auditable cloud services, and private information retrieval.
An up to date CV, including a complete list of publications, can be found here.
Contact InformationDepartment of Computer Science
1214 Amsterdam Avenue, M.C. 0401
New York, NY 10027-7003
+1 212 939 7095 (voice)
+1 212 666 0140 (fax)
on the network"