Roxana Geambasu

Navigation

• Overview
• Research
• Publications
• Teaching
• Resume

Research

Broadly speaking, I am interested in computer systems research, including distributed systems, the Web, security and privacy, operating systems, and databases. More specifically, my current research focuses on the challenges and opportunities created by today's emerging technologies, such as the Web, cloud computing, and powerful mobile devices.

Brief descriptions of my research projects are included below. For a detailed description of my high-level research mission, please refer to my research statement. Also, see my resume for a description of my other activities.

For descriptions of the exciting projects in our broader systems group at Columbia, please see our Software Systems Lab page.

Current or Recent Projects

• CleanOS: New Mobile OS Abstractions for Managing Sensitive Data. Today's mobile OSes, such as Android, mismanage sensitive data in a variety of ways, placing it at great risk in face of physical or software attacks. For example, OSes accumulate significant amounts of sensitive data in cleartext memory; file systems retain deleted files by not purging their contents; and applications cache sensitive data indefinitely in memory for performance or convenience. CleanOS is a new mobile operating system designed to manage sensitive data rigorously and maintain a clean environment at any point in time. CleanOS introduces a new abstraction, called a sensitive data object, which tracks sensitive data in RAM and on disk and automatically encrypts it if it's not used for a period of time. Read about our initial steps on CleanOS in our upcoming OSDI 2012 paper.
• Keypad: Auditing File System for Mobile Devices. With today's limited anti-theft tools, users can neither assuredly restrict nor remotely monitor a thief's data accesses on a stolen or lost mobile device. I am currently building Keypad, a new file system that enhances data security on mobile devices by providing users with post-theft remote control and fine-grained access auditing. Details about Keypad are available in our EuroSys 2011 paper, which won a "Best Student Paper" award.
• Comet: Active Distributed Storage Systems. Today's cloud storage services, such as Amazon S3 or peer-to-peer DHTs, are highly inflexible and impose a variety of constraints on their clients: specific replication and consistency schemes, fixed data timeouts, limited logging, etc. We witnessed such inflexibility first-hand as part of our Vanish work (see below), where we used a DHT to store encryption keys temporarily. To address this issue, we built Comet, an extensible storage service that allows clients to inject snippets of code that control their data's behavior inside the storage service. Details about Comet can be found in our OSDI 2010 paper.
• Vanish: Self-destructing Data. Users' migration to cloud and Web services is causing them to lose control over the lifetime of their data. Vanish is a self-destructing data system that allows users to impose timeouts on their Web data, such as emails, Facebook messages, or Google Docs. The project's web page includes a detailed description of our Vanish work and links to our prototype. Our initial Vanish design was described in our USENIX Security 2009 paper, which received an "Outstanding Student Paper" award.