Broadly speaking, I study distributed systems—how to make them faster, more robust, and more secure. Much of my work focuses on large-scale web services, and how to design principled system interfaces for those services. Here are some of the specific topics which currently interest me:
- Private browsing modes ostensibly hide evidence of browsing activity. Unfortunately, implementations of incognito browsing still leak information. Veil is a new system which allows web developers to reduce the likelihood of such leaks. Developers pass their web content to the Veil compiler; the compiler outputs a new version of a page which intentionally limits the spread of sensitive information. For example, Veil pages only store encrypted data in the traditional browser cache. Veil pages also garble in-memory RAM artifacts, to prevent the likelihood that greppable page content leaks to the swap file.
Secure delegation of sensitive user data: On the server-side, users have little influence on how their data is shared within different parts of an application, or across different applications that may belong to different companies. Access control mechanisms like OAuth provide users with a modicum of control, but those mechanisms are plagued with security vulnerabilities, and they do not provide strong, cryptographic limits on how third parties can manipulate user data. Thus, in practice, users cede control of their data to service providers. I'm interested in using techniques like attribute-based encryption and remote attestation to provide users with cryptographically strong control over which third parties gain access to particular pieces of user data.
Storage architectures for large-scale web services: What is the best way to organize user data for services that must scale to millions of users? For example, how can we maximize IO throughput, and minimize IO latency, for block-based storage abstractions? How can datacenters take advantage of new storage technologies like SSDs and shingled magnetic drives? How does application design change when cloud storage is user-centric instead of application-centric, i.e., when a user's data is located in a single, user-controlled storage silo, instead of scattered across multiple, application-controlled silos?