The goal of my research is to make it possible to reason about the security of systems. I seek to identify principles and methods for defining security and for building systems that offer security assurance. I employ mathematical models, programming language theory, and logics. I build real systems and analyze their security. I'm specifically interested in the following areas:
- Security: Electronic voting, security policies, information flow, and cryptography.
- Programming languages: Semantics, logics, and language-based security; specification and verification of programs.
Publications and talks: Complete list of my publications.
- Spring 2016: CS 5430 System Security (and CS 5431 Practicum in System Security)
- Fall 2015: CS 3110 Data Structures and Functional Programming
- Summer 2015: SJTU Functional Programming
- Spring 2015: CS 3110 Data Structures and Functional Programming, CS 5430 System Security
- Fall 2014: CS 3110 Data Structures and Functional Programming
- Summer 2014: SJTU Software Foundations
- Spring 2014: CSCI 3907/6907.85 Software Foundations
- Fall 2013: CSCI 6545 Software Security
- Spring 2013: CSCI 4223/6223 Principles of Programming Languages
- Fall 2012: CSCI 3907/6907.85 Software Systems Security
- Spring 2012: CSCI 3907/6907.81 Advanced Security Seminar
- Fall 2011: CSCI 4531/6531 Computer Security
- Spring 2011: CS 5431 Practicum in System Security
- Program Committees: POST 2016 (International Conference on Principles of Security and Trust), PLAS 2015 (Co-chair, ACM Workshop on Programming Languages and Analysis for Security), ESORICS 2015 (European Symposium on Research in Computer Security), POPL 2015 ERC (ACM Symposium on Principles of Programming Languages), ASIACCS 2014 (ACM Symposium on Information, Computer, and Communications Security), FCS–FCC 2014 (Co-chair, Workshop on Foundations of Computer Security and on Formal and Computational Cryptography), RV 2014 (Conference on Runtime Verification), QASA 2013 (Workshop on Quantitative Aspects in Security Assurance), FCS 2013 (Co-chair, Workshop on Foundations of Computer Security), CSF 2012 (Short talk chair, IEEE Computer Security Foundations Symposium), FAST 2011 (Workshop on Formal Aspects of Security and Trust), CSF 2011 (IEEE Computer Security Foundations Symposium), VOTE-ID'09 (International Conference on E-voting and Identity), WOTE'06 (Workshop on Trustworthy Elections)
- Florida Division of Elections, 2008: Member of team commissioned by FL DoE for security review of Scytl Remote Voting Software, which was used by about 900 overseas voters in the 2008 U.S. General Election. [Final report]
- Civitas, a secure electronic voting system.
- PolyJ, improved generics for Java.
- Polyglot, an extensible compiler framework.
- Cornell University College of Engineering Robert '55 and Vanne '57 Cowie Excellence in Teaching Award, 2015.
- AFOSR YIP Award, 2012.