Broadly speaking, I am interested in computer systems research, including
distributed systems, the Web, security and privacy, operating systems, and
databases. More specifically, my current research focuses on the challenges
and opportunities created by today's emerging technologies, such as the Web,
cloud computing, and powerful mobile devices.
Brief descriptions of my research projects are included below. For
a detailed description of my high-level research mission, please refer to
my research statement. Also, see my resume for a description of my other activities.
For descriptions of the exciting projects in our broader systems group
at Columbia, please see our Software
Systems Lab page.
Current or Recent Projects
- CleanOS: New Mobile OS Abstractions for Managing Sensitive Data.
Today's mobile OSes, such as Android, mismanage sensitive data in a variety of
ways, placing it at great risk in face of physical or software attacks. For
example, OSes accumulate significant amounts of sensitive data in cleartext
memory; file systems retain deleted files by not purging their contents; and
applications cache sensitive data indefinitely in memory for performance or
convenience. CleanOS is a new mobile operating system designed to manage
sensitive data rigorously and maintain a clean environment at any
point in time. CleanOS introduces a new abstraction, called a sensitive
data object, which tracks sensitive data in RAM and on disk and
automatically encrypts it if it's not used for a period of time.
Read about our initial steps on CleanOS in our upcoming
OSDI 2012 paper.
- Keypad: Auditing File System for Mobile Devices.
With today's limited anti-theft tools, users can neither assuredly restrict
nor remotely monitor a thief's data accesses on a stolen or lost mobile device.
I am currently building Keypad, a new file system that enhances data security
on mobile devices by providing users with post-theft remote control and
fine-grained access auditing. Details about Keypad are available in our
EuroSys 2011 paper,
which won a "Best Student Paper" award.
- Comet: Active Distributed Storage Systems.
Today's cloud storage services, such as Amazon S3 or peer-to-peer DHTs,
are highly inflexible and impose a variety of constraints on their clients:
specific replication and consistency schemes, fixed data timeouts,
limited logging, etc. We witnessed such inflexibility first-hand as part of our
Vanish work (see below), where we used a DHT to store encryption keys
temporarily. To address this issue, we built Comet, an extensible storage
service that allows clients to inject snippets of code that control their
data's behavior inside the storage service. Details about Comet can be found
in our OSDI 2010 paper.
- Vanish: Self-destructing Data.
Users' migration to cloud and Web services is causing them to lose
control over the lifetime of their data. Vanish is a self-destructing data
system that allows users to impose timeouts on their Web data, such as emails,
Facebook messages, or Google Docs. The project's
web page includes a detailed
description of our Vanish work and links to our prototype. Our initial Vanish
design was described in our
USENIX Security 2009
paper, which received an "Outstanding Student Paper" award.
- CloudViews: Web Service Composition in Public Clouds.
Today's migration of Web services to public clouds such as Amazon AWS creates
an unprecedented environment where a myriad of Web services are co-located on
the same cloud or the same data center. CloudViews investigates the unique
opportunities for Web service sharing and composition that is spawned
by the public-cloud environment. CloudViews' vision is described in our
HotCloud 2009 paper.
- Menagerie: Personal Web-Data Organization.
The radical shift from the desktop to Web-based services is scattering
personal data across a myriad of Web sites, such as Yahoo! Mail, Google Docs,
Facebook, and Amazon S3. Menagerie addresses some of the data management
challenges raised by this dispersion by providing users and applications
with a uniform view of all scattered Web data. More details about Menagerie
can be found in our
WWW 2008 paper.
- Fault-tolerant File System Specifications.
During my summer internship with
Research (Silicon Valley) in 2007, I worked on creating and analyzing
formal specifications for several fault-tolerant file systems: Niobe, GFS,
and Chain Replication. Our goal was to explore the extent to which formal
methods could help in fault-tolerant file system analysis, design, and
comparison. Our results and experience are described in our
DSN-DCCS 2008 paper.
- HomeViews: Personal File Organization and Sharing.
Today's users possess enormous amounts of data. To facilitate the organization
and sharing of their data, we designed HomeViews, a peer-to-peer data
management system that allows users to create database-style views of their
data and share them securely with other users. Details about this system are
available in our SIGMOD
- FlowDB: Using Relational Databases in Network Intrusion Analysis.
In the FlowDB
project, we investigated whether out-of-the-box relational databases are
amenable for use as backends for network intrusion detection systems (NIDSs).
To cope with high input rates, these systems typically come with their own
custom storage backends. These custom solutions, however, impose severe
limitations on query processing at forensic analysis time. In FlowDB, we
evaluated a set of techniques for making relational databases amenable for use
under NIDSs. Our results are described in our
NetDB 2007 paper.