Research

Broadly speaking, my research focuses on the best ways to design, build, and secure complicated pieces of software. I am interested in single-machine software (e.g., operating systems and web browsers) as well as distributed systems (e.g., large-scale storage systems and decentralized communication frameworks). Much of my initial work focused on improving the performance and debuggability of these systems, but my recent work has expanded to look at the security and privacy of large-scale software. Here are a few of the topics that I’m currently interested in:

  • Hypervisors for potentially malicious AI models: Traditional work on inference-time AI safety focuses on (1) mathematical definitions for model misbehavior, and (2) conceptual techniques by which faulty inferences can be detected and fixed. However, this traditional work assumes by fiat that alignment-enforcing code is isolated from an untrusted model that might wish to tamper with the alignment code. In ongoing research, I am demonstrating why this assumption is more difficult to enforce than one might think; I am also leading the design and implementation of new hardware and software that provides rigorous oversight of potentially malicious models.
  • Hardware-based security mechanisms: More generally, I am interested in the design of low-level hardware features that can improve the security of the code which runs atop that software. Such hardware features are particularly important in the context of datacenters, where a single physical machine often must simultaneously run code from a variety of tenants that distrust each other (and possibly the datacenter operator too).
  • Decentralized communication networks for secure, private communication: During protests (or any scenario in which communicating users do not trust centralized Internet infrastructure), users can exchange messages by leveraging point-to-point, short-range wireless communications between user smartphones. However, doing so in a safe way requires careful understanding of cryptography and network dynamics, as I explore in the Mirage and Amigo projects.
  • Improving the practical robustness of theoretical frameworks for security and privacy: For example, differential privacy offers a rigorous mathematical framework for understanding how an algorithm which computes over multiple users’ data might leak information about a particular user. However, algorithms which provide differential privacy guarantees in theory may nonetheless have implementations which violate those promises, as demonstrated in one of my recent papers. Another paper showed how the notion of cryptographic file deletion (in which a file is securely deleted by discarding the associated encryption key) must be adapted to provide the crash consistency that users and applications expect.
  • Secure delegation of sensitive user data: Popular user-facing applications often have a client-side portion and a server-side portion; the client-side code runs on a user device like a smartphone and exchanges user data with the servers in exchange for new or interesting content from the servers. User data is often privacy-sensitive (e.g., photos or a user’s physical location). Unfortunately, on the server-side, users have little influence on how their data is shared within different parts of an application, or across different applications that may belong to different companies. Access control mechanisms like OAuth provide users with a modicum of control, but those mechanisms are plagued with security vulnerabilities, and they do not provide strong, cryptographic limits on how third parties can manipulate user data. Thus, in practice, users cede control of their data to service providers. I’m interested in using techniques like information flow control, attribute-based encryption, and remote attestation to provide users with cryptographically strong control over which third parties gain access to particular pieces of user data.