linkedin_logo github_logo twitter_logo

I am a Ph.D. candidate in the Department of Computer Science at Columbia University, and am advised by Simha Sethumadhavan. My research is focused on taking a technology-first approach towards identifying, measuring, and distributing the costs of computer security. I use a big-picture definition of "costs" but am particularly interested in the systems-level tradeoffs between security and performance.

Some of the work I've done towards this end:

Can we utilize computer architecture and systems design to lower the performance costs of security operations? I designed novel L1/L2 cache protocols to leverage in-line cache compression for reducing program checkpoint + recovery times. I also leveraged system checkpointing for crafting dynamic runtime security seccomp filters on Linux systems.

Why are the same few vulnerabilities (like buffer overflows) exploited year-after-year when we have the technical means to solve them? I have been advocating for viewing security as sociotechnical problem to illustrate why technical security failures persist, and developed a framework for identifying where and how to distribute the "shared burden" of security.

What is the opportunity cost of exchanging performance for security? I built desktop and web apps that experimentally quantify the dollar amount that users place on device performance.

How can we make security cheap and available for everyone? I researched auth protocols (FIDO2/U2F) to determine the feasibility of building open source hardware authenticator devices.

Can we leverage computer architecture and systems design to avoid "security theater" regulations? I demonstrated the feasibility of using neural networks to estimate the in situ performance overhead of security. Using this primitive, I designed a regulatory system that provisions a system-level security "budget" and incentivizes the efficient use of security resources (like CPU cycles or power).

What techniques from economics research can we use to study the costs of security? I'm currently using game theory and simulation methods to understand the tradeoffs of security investments.

I am currently on the job market! Please see my resume here and reach out if you'd like to chat.

Email: <my last name>


The Economics of Hardware Security
PhD thesis proposal, Columbia University, 2023 (slides)
A. Hastings

Architectural Security Regulation
IEEE Computer Architecture Letters, Vol. 22 Issue 2, 2023
A. Hastings, R. Piersma, S. Sethumadhavan

How Much is Performance Worth to Users?
ACM Computing Frontiers 2023 (video)
A. Hastings, L. Chilton, S. Sethumadhavan

Mechanism Design for Improving Hardware Security
Computing Community Consortium Workshop Report, 2022
S. Sethumadhavan, T. Sherwood, A. Hastings, et al.

Revisiting Residue Codes for Modern Memories (IEEE Top Picks award winner)
IEEE/ACM International Symposium on Microarchitecture (MICRO), 2022
E. Manzhosov, A. Hastings, M. Pancholi, R. Piersma, M. Tarek Ibn Ziad, S. Sethumadhavan

A New Doctrine for Hardware Security
ACM Attacks and Solutions in Hardware Security (ASHES), 2020
A. Hastings, S. Sethumadhavan

Are Computer Architects to Blame for the State of Security Today?
ACM SIGARCH article, 2019
A. Hastings, S. Sethumadhavan

Checkpointing at System Calls using BDI Compression
Technical report, Columbia University, 2019
A. Hastings, H. Sasaki, M. Arroyo, K. Williams-King, V. Kemerlis, S. Sethumadhavan

Assuring Intellectual Property Through Physical and Functional Comparisons
Master's thesis, Brigham Young University, 2018
A. Hastings

Using Physical and Functional Comparisons to Assure 3rd-Party IP for Modern FPGAs
IEEE International Verification and Security Workshop (IVSW), 2018
A. Hastings, S. Jensen, J. Goeders, B. Hutchings

Looking for something more...adventurous?