I am an applied researcher and developer in the Security and Cryptography team. My role, much like my group, spans the space between pure research and pure development, giving my job aspects of both. In my group, we work on new and novel security methods in operating systems, virtualization architectures, and cloud computing platforms.
I am currently working on post-quantum cryptography, as is much of my team, and you can learn about all of our work here. We just shipped VPN software with post-quantum cryptography enabled as a way for people to start playing with it now. I’m now working on automatically, formally verified implementations of these algorithms using the F* language as part of Project Everest, and in particular, the HACL* library of verified cryptographic primitives.
In parallel, I am joining a project to examine trust failures in the Public Key Infrastructure (PKI) from a variety of perspectives, not only technical ones. More on that as it evolves.
Before this, my activities primarily focused on the Internet of Things. In particular, I worked on security models and automated security and credential management for IoT, primarily in the consumer space. My activities focus on two industry-wide collaborative efforts: the AllSeen Alliance and its protocol stack AllJoyn, and the Open Connectivity Foundation and its implementation IoTivity.
I’ve previously worked in distributed systems/network security, protocol design, and mobile device security, especially the use of mobile devices as credentials and authenticators, when mobile devices have hardened hardware security processors like TPMs. I’ve also spent a lot of time doing code for and consulting on X.509 certificates and the Public Key Infrastructure.
I completed my B.S. with Honors at the University of Maryland, and my M.S. and Ph.D. at the University of Texas at Austin. My thesis focused on theoretical and experimental methods of access control in distributed systems.