Bio
|
I am a Ph.D. candidate in the Department of Computer Science at Columbia University, and am advised by Simha Sethumadhavan. My research is focused on taking a technology-first approach towards identifying, measuring, and distributing the costs of computer security. I use a big-picture definition of "costs" but am particularly interested in the systems-level tradeoffs between security and performance. Some of the work I've done towards this end: Can we utilize computer architecture and systems design to lower the performance costs of security operations? I designed novel L1/L2 cache protocols to leverage in-line cache compression for reducing program checkpoint + recovery times. I also leveraged system checkpointing for crafting dynamic runtime security seccomp filters on Linux systems. Why are the same few vulnerabilities (like buffer overflows) exploited year-after-year when we have the technical means to solve them? I have been advocating for viewing security as sociotechnical problem to illustrate why technical security failures persist, and developed a framework for identifying where and how to distribute the "shared burden" of security. What is the opportunity cost of exchanging performance for security? I built desktop and web apps that experimentally quantify the dollar amount that users place on device performance. How can we make security cheap and available for everyone? I researched auth protocols (FIDO2/U2F) to determine the feasibility of building open source hardware authenticator devices. Can we leverage computer architecture and systems design to avoid "security theater" regulations? I demonstrated the feasibility of using neural networks to estimate the in situ performance overhead of security. Using this primitive, I designed a regulatory system that provisions a system-level security "budget" and incentivizes the efficient use of security resources (like CPU cycles or power). What techniques from economics research can we use to study the costs of security? I'm currently using game theory and simulation methods to understand the tradeoffs of security investments. I am currently on the job market! Please see my resume here and reach out if you'd like to chat. Email: <my last name>@cs.columbia.edu |
Writings
The Economics of Hardware Security Columbia PhD thesis proposal, 2023
(slides)
A. Hastings
Architectural Security Regulation, IEEE Computer Architecture Letters, Vol. 22 Issue 2, 2023
A. Hastings, R. Piersma, S. Sethumadhavan
How Much is Performance Worth to Users?, Computing Frontiers 2023 (video)
A. Hastings, L. Chilton, S. Sethumadhavan
Mechanism Design for Improving Hardware Security, CCC Workshop Report, 2022
S. Sethumadhavan, T. Sherwood, A. Hastings, et al.
Revisiting Residue Codes for Modern Memories, MICRO 2022
E. Manzhosov, A. Hastings, M. Pancholi, R. Piersma, M. Tarek Ibn Ziad, S. Sethumadhavan
A New Doctrine for Hardware Security, ASHES 2020
A. Hastings, S. Sethumadhavan
Are Computer Architects to Blame for the State of Security Today?, SIGARCH blog post, 2019
A. Hastings, S. Sethumadhavan
Checkpointing at System Calls using BDI Compression, Technical report, 2019
A. Hastings, H. Sasaki, M. Arroyo, K. Williams-King, V. Kemerlis, S. Sethumadhavan
Assuring Intellectual Property Through Physical and Functional Comparisons, Master's thesis,
2018
A. Hastings
Using Physical and Functional Comparisons to Assure 3rd-Party IP for Modern FPGAs, IVSW 2018
A. Hastings, S. Jensen, J. Goeders, B. Hutchings
Looking for something more...adventurous?