NOTE: I am actively looking for post-docs, graduate students, and undergraduate students to work in the below research areas with me.
My research focuses on the science of cybersecurity. I believe that we are losing the cybersecurity arms-race, and that a combination of basic research and operational innovation is needed to give us the tools we need to combat today's and tomorrow's cybersecurity threats. The Internet we rely upon today requires us to build online networked systems using composable architectures. These are increasingly complex architectures that are built on top of other complex substrates, and lead to deep systemic dependencies and increased attack surfaces. This has allowed miscreants to find unforeseen vulnerabilities and they have had the inherent advantage that they can hit and miss, but we can’t miss once. Now, we are enduring ever larger Distributed Denial of Service (DDoS) attacks, large scale routing hijacks that are facilitating Man in the Middle (MitM) attacks, enormous data exfiltration attacks that threaten our data while it is at rest, widescale simultaneous destructive malcode attacks of companies’ entire IT infrastructures, and many other attacks. These few examples beg a deep research question: can we find security models and techniques that support our efforts to build complex systems using composable components while also providing composable security assurances?
I believe basic research that comes from large-scale measurements synergizes well with operationalizing new solutions and conducting structured research investigations into real-world cybersecurity and Internet security problems. Areas and protocols that I work most directly with include securing core Internet protocols like the Domain Name System (DNS) with DNSSEC, security approaches to inter-domain routing in the Border Gateway Protocol (BGP), Distributed Denial of Service (DDoS) attacks, secure cryptographic key learning for dependent systems using DNS-based Authentication of Named Entities (DANE), and ways to apply DANE to opportunistic object-level and session-level security to these and other arenas. My research has applicability in settings like cybersecurity information sharing (STIX/TAXII, Communities of Trust, etc.), securing email, a security substrate for Internet of Things (IoT) deployments, mobile Healthcare (mHealth), and CyberPhysical Systems (CPS).
As part of my past, present, and future research, I maintain a number of sites and tools. For example, I have monitored, analyzed and produced research findings about DNSSEC for over 13 years (since shortly after it was standardized), and maintain the public archive of these measurements and results at SecSpider. This is the longest running (and still active) monitoring and longitudinal tracking system of the global rollout of DNSSEC (it is currently 13 years old). Its longitudinal database has over 9,282,133,723 records in it that date back to the very beginning of the DNSSEC global rollout. I am also the maintainer of libSmaug, which is a programmatic API for a reference implementation for the DANE protocol suite (S/MIME, OPENPGP, and a few other components from DANE), and a Thunderbird extension to libSmaug that is a proof of concept for securing end-to-end email.
I am an assistant professor in the Computer Science Department at George Mason University. I studied physics and computer science at the Johns Hopkins University and earned my Ph.D. from the University of California, Los Angeles. Between these degrees I worked as a professional software engineer for many years, building large-scale production systems at a variety of companies. After earning my doctorate, I conducted research and led investigations as a principal scientist Verisign. While there I studied and published works on inter-domain routing security in the Internet, researched/designed/implemented/operationalized a large-scale DDoS detection and defense system for DNS attacks, and researched the previously unrecogonized threats posed by name collisions with the DNS.