NOTE: I am actively looking for post-docs, graduate students, and undergraduate students to work in the below research areas with me.
My research focuses on measurable security and data science in core Internet protocols, cybersecurity systems, and application-level/endpoint protections that can be derived from these. I am the director of the Measurable Security Lab (MSL), and this is the link to the lab's webpage.
Research in the MSL focuses on discovering and innovating protections by using measurements and data analysis: measurement-based (or measurable) security. This research is rooted in scientific rigor, and then applied to Internet-scale cybersecurity. It is focused on Big Data analytics, development and deployment of monitoring infrastructures (building measurement apparatuses), innovations to networks and systems, and ultimately developing Internet-scale cybersecurity that works. As one example, MSL maintains the world’s only complete longitudinal measurements of the Internet’s first deployment of a secure core protocol: the Domain Name System’s (DNS’) Security Extensions (DNSSEC). This is a 30.8 billion row database that spans 15+ years, and is actively growing. We conduct research to understand what has worked yesterday, in order to propose cybersecurity for tomorrow.
I have been conducting basic research while also being involved in industry/policy settings for almost 20 years. I believe basic research that comes from large-scale measurements and data analyses synergizes well with operationalizing new solutions and conducting structured research investigations into real-world cybersecurity and Internet security problems. My research involves large-scale measurements, data analyses, and system development. Areas and protocols that I work most directly with include securing core Internet protocols like the Domain Name System (DNS) with DNSSEC, security approaches to inter-domain routing in the Border Gateway Protocol (BGP), Distributed Denial of Service (DDoS) attacks, secure cryptographic key learning for dependent systems using DNS-based Authentication of Named Entities (DANE), and ways to apply DANE to opportunistic object-level and session-level security to these and other arenas. My research has applicability in settings like cybersecurity information sharing (STIX/TAXII, Communities of Trust, etc.), securing email, a security substrate for Internet of Things (IoT) deployments, mobile Healthcare (mHealth), and CyberPhysical Systems (CPS).
if you are interested in exploring Big Data Security Analytics using massive operational data sets, interested in inventing some of the world’s next Internet-scale security and privacy protections, and are excited to do core scientific research that has a tangible impact on the world, inquire about research opportunities.
I am an assistant professor in the Computer Science Department at George Mason University, with almost 20 years of work in the industry. I studied physics and computer science at the Johns Hopkins University and earned my Ph.D. from the University of California, Los Angeles. Between these degrees I worked as a professional software engineer for many years, building large-scale production systems at a variety of companies. After earning my doctorate, I conducted research and led investigations as a principal scientist Verisign. While there I studied and published works on inter-domain routing security in the Internet, researched/designed/implemented/operationalized a large-scale DDoS detection and defense system for DNS attacks, and researched the previously unrecognized threats posed by name collisions with the DNS.
As part of my past, present, and future research, I maintain a number of measurement sites and tools. For example, I have monitored, analyzed and produced research findings about DNSSEC for over 13 years (since shortly after it was standardized), and maintain the public archive of these measurements and results at SecSpider. This is the longest running (and still active) monitoring and longitudinal tracking system of the global rollout of DNSSEC (it is currently 13 years old). Its longitudinal database has over 10 billion records in it, which date back to the very beginning of the DNSSEC global rollout. I am also the maintainer of libCanute, which is a programmatic API for a reference implementation for the DANE protocol suite (S/MIME, OPENPGP, and a few other components from DANE), and a Thunderbird extension to libSmaug that is a proof of concept for securing end-to-end email.