I am a software engineer at Facebook working on the Security Infrastructure team and focus on keeping data safe. I have just recently made a shift from academia to industry, so I'm still getting my feet wet. With that being said, I am still active in the research community. My interests range from topics such as grids, distributed computing, P2P, anonymous communication, and security and privacy. My studies began at the University of Florida's Electrical and Computer Engineering Department in August 2001. I obtainied a bachelors of science degree in the spring of 2005, masters of science degree in the spring of 2007, and finished my doctorate of philosophy in May 2011. My adviser was Professor Renato Figueiredo, whom I began working with in the spring of 2006 at the Advanced Computing and Information Systems Lab. From June 2011 to August 2015, I worked with with Professor Bryan Ford, as a Research Scientist in the dedis group at Yale University.
My PhD focused on network virtualization using structured P2P overlays and grid computing. My networking research has been realized in IPOP, a free (BSD) network virtualization software. I have built systems supporting DHTs, decentralized NAT traversal, software models for improved network virtualization, and autonomic virtual networking stacks (DHCP, DNS, etc). This work is a major contribution to my grid computing research focus, Grid Appliance, which enables the creation of decentralized, distributed grids using virtualized, physical, and cloud resources. In paper at SC'09, I demonstrated one of the first examples of combining resources across clouds into a common LAN using virtual networking. I also spent significant time experimenting securing P2P systems with DTLS and an Photuris derived security specification, experience leveraged in my work on security, privacy, and anonymity a Yale.
As a Research Scientist at Yale, I have taken up a new research interest in security, privacy, and anonymity. Much of my effort has been in designing and developing Dissent, an anonymous group communication system. The initial thrust has been getting a reasonable software foundation available. The research behind this software, OSDI'12 improved the scalibility of strong anonymous group communication by two orders of magnitude greater than previous work. With more users come more problems, to address denial of service attacks, we designed and implemented mechanism that uses zero-knowledge proofs to prevent jamming while still maintaining the provable anonymity guarantees, USENIX SEC'13. Despite the promises of strong anonymity, an adversary can easily correlate message across anonymous exchanges to determine the party responsible. To prevent these type of intersection or correlation attacks, we introduced Buddies, CCS'13. In Buddies, anonymous communication servers ensure that all active anonymous communication streams can be potentially owned by at least K users, such that, even a global active adversary could not further reduce the set. We are currently investigating potential deployment models for Dissent and, in general, hardening anonymous communication systems using a strong anonymous environment called WiNoN. We also making efforts to deal with liveness of servers in Dissent and other similar systems.
At Yale, I have been lucky to work with many different students on projects including anonymous authentication, biometric authentication, and cloud reliability. We have been looking at two aspects of anonymous communications: bootstrapping them in CryptoBook and a composite theoretical approach that offers a unique set of features in DAGA. CryptoBook takes an existing federated login system, like Facebook, and creates anonymous identities who remain anonymous even among users who have not used CryptoBook. DAGA, or deniable anonymous group authentication, combines anonymity, linkability, and deniability, so that a user can be authenticated across multiple session as the same anonymous user without fear that his compromised key could trace him back to any of his earlier authentications. In the biometric authentication project, we are designing and implementing a novel approach to biometric authentication that never requires the user to divulge his biometrics to the authenticating source. Finally, in the cloud reliability project, we have been investigating structural reliability auditing as a means to detect potential correlated failures before they occur.
During my free time, I enjoy time running, playing basketball and badminton, and occassionally playing video games. I have done the Insanity Workout four times. I briefly rested my weary joints and enjoyed, perhaps, too many sweets with Miss Xiaofei Xu. At one point, I was ranked in the top 20 on the US East Warcraft III Free For All Ladder.