NOTE: I am actively looking for post-docs, graduate students, and undergraduate students to work in the below research areas with me.
My research focuses on the science of cybersecurity. I believe that we are losing the cybersecurity arms-race, and that a combination of basic research, conscientious measurement + data analyses, and operational innovation is needed to give us the tools we need to combat today's and tomorrow's cybersecurity threats. The Internet we rely upon today requires us to build online networked systems using composable architectures. These are increasingly complex architectures that are built on top of other complex substrates, and lead to deep systemic dependencies and increased attack surfaces. This has allowed miscreants to find unforeseen vulnerabilities and they have had the inherent advantage that they can hit and miss, but we can’t miss once. Now, we are enduring ever larger Distributed Denial of Service (DDoS) attacks, large scale routing hijacks that are facilitating Man in the Middle (MitM) attacks, enormous data exfiltration attacks that threaten our data while it is at rest, widescale simultaneous destructive malcode attacks of companies’ entire IT infrastructures, and many other attacks. These few examples beg a deep research question: can we find security models and techniques that support our efforts to build complex systems using composable components while also providing composable security assurances?
I believe basic research that comes from large-scale measurements and data analyses synergizes well with operationalizing new solutions and conducting structured research investigations into real-world cybersecurity and Internet security problems. My research involves large-scale measurements, data analyses, and system development. Areas and protocols that I work most directly with include securing core Internet protocols like the Domain Name System (DNS) with DNSSEC, security approaches to inter-domain routing in the Border Gateway Protocol (BGP), Distributed Denial of Service (DDoS) attacks, secure cryptographic key learning for dependent systems using DNS-based Authentication of Named Entities (DANE), and ways to apply DANE to opportunistic object-level and session-level security to these and other arenas. My research has applicability in settings like cybersecurity information sharing (STIX/TAXII, Communities of Trust, etc.), securing email, a security substrate for Internet of Things (IoT) deployments, mobile Healthcare (mHealth), and CyberPhysical Systems (CPS).
As part of my past, present, and future research, I maintain a number of measurement sites and tools. For example, I have monitored, analyzed and produced research findings about DNSSEC for over 13 years (since shortly after it was standardized), and maintain the public archive of these measurements and results at SecSpider. This is the longest running (and still active) monitoring and longitudinal tracking system of the global rollout of DNSSEC (it is currently 13 years old). Its longitudinal database has over 10 billion records in it, which date back to the very beginning of the DNSSEC global rollout. I am also the maintainer of libSmaug, which is a programmatic API for a reference implementation for the DANE protocol suite (S/MIME, OPENPGP, and a few other components from DANE), and a Thunderbird extension to libSmaug that is a proof of concept for securing end-to-end email.
I am an assistant professor in the Computer Science Department at George Mason University. I studied physics and computer science at the Johns Hopkins University and earned my Ph.D. from the University of California, Los Angeles. Between these degrees I worked as a professional software engineer for many years, building large-scale production systems at a variety of companies. After earning my doctorate, I conducted research and led investigations as a principal scientist Verisign. While there I studied and published works on inter-domain routing security in the Internet, researched/designed/implemented/operationalized a large-scale DDoS detection and defense system for DNS attacks, and researched the previously unrecognized threats posed by name collisions with the DNS.