Associate Professor

438 Gates Hall
Computer Science Dept.
Cornell University
Ithaca, NY 14853

(607) 255-7673
(607) 255-4428 fax

Twitter: el33th4xor
Blog: Hacking, Distributed


My research spans operating systems, networking and distributed systems. My current projects involve a novel secure operating system and system infrastructure for high-performance cloud computing applications. I like building things, especially systems that have some principled reason for why they should work.

Here is some information for prospective students interested in working with me.

Recent Work

HyperDex HyperDex is a new NoSQL key-value store. It is fast, consistent, and fault tolerant, with a rich API that includes an efficient search primitive. It is significantly faster than Cassandra, MongoDB and Redis; scales well; and provides a level of consistency and fault tolerance not found in other systems.
OpenReplica OpenReplica is a service for replicating objects based on our ConCoord Paxos imlementation for replica coordination. The OpenReplica service enables anyone to quickly and easily replicate objects, to locate replicas through DNS, and to dynamically modify the replica set. It's comparable to Yahoo's ZooKeeper and Google's Chubby, except we run the system as a service, therefore anyone can deploy replicated objects simply by uploading a Python object. OpenReplica achieves performance that is comparable to or better than ZooKeeper for less than 6 replicas.
Nexus I am building a new operating system called Nexus. Nexus introduces a new driver architecture, new abstractions and new mechanisms that enable secure, trustworthy applications. The system boots standalone on x86 platforms ideally equipped with TPMs; it can send mail, play movies, run cloud applications and execute Linux programs.
Merlin Merlin is a new network management framework that allows administrators to express policies in a high-level, declarative language. Overall, Merlin simplifies the task of network administration by providing high-level abstractions for specifying network policies and scalable infrastructure for enforcing them.

Peer-to-peer Systems

Cubit Cubit is a peer-to-peer overlay that enables approximate searches in large networks with no centralized components. Given a potentially misspelled keyword, Cubit finds all objects containing that keyword. The project was inspired by the various legal attacks and attempts to take down torrent sites. The key idea behind Cubit is to construct a metric space for keywords, map it onto nodes in a small world, and then to traverse the nodes using a greedy routing algorithm. We have implemented Cubit as an Azureus plugin.
Octant Octant is a system for determining the physical location of Internet hosts. Given a host, Octant determines the boundaries of the region in which the node is likely to lie. Behind the scenes, Octant consists of two parts: a comprehensive framework for efficiently representing and combining a system of constraints, and a set of mechanisms for extracting tight constraints on node locations without resulting in an overconstrained system.
Meridian Meridian is a peer-to-peer overlay network for performing location-aware node and path selection in large-scale distributed systems. It is simple to deploy, robust to churn, and can accurately find the nearest node, pick the most centrally placed node, and find a node that fits latency constraints.
Beehive CoDoNS CobWeb CorONA

Beehive is a high-performance distributed hash table. A novel optimization technique enables Beehive to respond to queries quickly, tolerate denial of service attacks, and balance load. Beehive provides strong performance guarantees even in the presence of queries drawn from Power Law distributions, previously thought to be difficult because heuristics-based approaches tried in the past do not work well with such distributions.

We have used Beehive to build new, resilient infrastructure services for the Internet. CoDoNs is a safety net and a replacement for the Domain Name System that provides strong security, performance, and fast dynamic updates for existing Internet names. CobWeb is an Akamai-like open-access content distribution network. CorONA is a high-performance publish-subscribe system for web micronews.

Sqrt(S) sqrt-s is a practical and efficient failure detector. It is particularly suitable for systems where a node is tasked with monitoring the liveness status of a large number of other nodes, such as peer-to-peer systems. It determines how often to monitor each node such that failure detection latency is minimal while bandwidth usage remains below a user-specified limit. Unlike most other work on theoretical failure detectors, it is not only usable in real systems, but also simple and efficient.
Credence Credence is a reputation system for peer-to-peer networks, designed to provide an accurate metric for the trustworthiness of labels associated with shared files. It differs from previous work in that it derives its trust metric from principled measures that reflect likelihood of similar behavior between peers, has a completely distributed architecture with no trusted nodes, and a concrete implementation. Credence can guard against Sybil attacks and other malicious behavior from spammers. The Credence implementation is free, open-source, and backwards compatible with Gnutella.
CorSSO CorSSO is a distibuted authentication service that provides network identities that span multiple application services, also known as single sign-on. It enables authentication functionality to be factored out of application services and delegated to combinations of authentication servers. It uses threshold cryptography for efficiency, fault tolerance and resiliance against attackers.
Karma Karma is a virtual currency for use in keeping track of users' resource contribution and consumption in peer-to-peer systems. The karma system provides a secure exchange mechanism for a self-regulating, incentive-compatible, decentralized currency.
Herbivore Herbivore is a peer-to-peer, self-organizing, robust system for anonymous communication. It uses dining cryptographer networks to provide anonymity guarantees even in the presence of attackers which can eavesdrop on every packet in the network. It's a follow-on to the CliqueNet project.

Operating Systems and Virtual Machines

Nexus I am building a new operating system called Nexus. Nexus introduces a new driver architecture, new abstractions and new mechanisms that enable secure, trustworthy applications. The system boots standalone on x86 platforms ideally equipped with TPMs; it can send mail, play movies, run cloud computing applications and execute Linux programs.
Trickles Trickles is a high-performance protocol for stateless, connection-oriented communication. It comprises a transport protocol to replace TCP and a new interface to replace sockets that allow all server-side state to be shipped to clients. This leads to applications that are more scalable and robust against denial-of-service attacks. And it enables a new class of services: since a stateless network stack allows packets to be serviced at any server replica regardless of past history, Trickles enables fast transparent failover, fine-grain load balancing and connection-oriented anycast services to be implemented transparently inside the network fabric.
Portos Portos is an emulation-based system and a set of corresponding projects that I use to teach introductory-level operating systems. The projects cover traditional topics, as well as new issues (such as routing and self-organization) raised by mobile, ubiquitous computing. The base emulation framework emulates a virtual processor, with attached virtual devices, on Windows NT (including 98/ME/XP/etc.) and CE. It runs on x86 and StrongArm processors. It's freely available.
Kimera The goal of the Kimera project is to enable networks of computers that are cheaper, more secure and more manageable than what we have now. The problem with current state of the art systems, like Java, is that network clients are monolithic, that is, they implement all requisite system services locally. Consequently, every endpoint needs to have sufficient resources to support services like verification, compilation and security management, which require too much memory and processing power for embedded devices. Further, each endpoint entails associated software state that is hard to secure and manage. These problems become particularly acute as the number of clients increases.

The Kimera project addresses these problems by factoring system components out of clients into network servers. The clients can thus be smaller because they do not have to support complex services locally. Further, the overall network is easier to manage because service functionality is centralized. The services operate by intercepting applications as they are fetched by clients; they inspect applications, and where necessary, inject code snippets into them to provide the requisite service functionality. Digital signatures ensure that only applications that have been vetted by centralized services execute on the clients.

SPIN The goal of the SPIN project is to enable applications to customize operating system functionality by downloading application-specific extensions dynamically into the kernel. The extensions, as well as the core system, are written in Modula-3, whose type-safety ensures load and store protection. A namespace management interface restricts the interfaces that applications can access, and creates multiple software protection domains within a single privileged address space.

The SPIN execution model enables applications to safely extend the kernel with thread packages and hierarchical scheduling policies. A combination of language and system mechanisms provide security and fault-isolation while mediating access to processors. The SPIN protection domain interface simultaneously allows isolation and safe fine-grain sharing within a privileged address space. Extensions reside in hierarchical namespaces which they can use to share or to hide code and data at the granularity of interfaces. Use of hierarchical capabilities simplifies security management. Extensions that want to safely share code and data can do so without dynamic protection enforcement overhead. The SPIN web server uses all of these mechanisms to implement high-performance web service.

MIPSI MIPSI is a robust and extensive MIPS instruction set simulator. It has been used in many classes and research projects.

Ad Hoc Networks

MagnetOS MagnetOS is an operating system for ad hoc networks. It makes the entire network appear as a single Java virtual machine. It enables applications to be constructed easily and to execute efficiently.
Sextant Sextant is a general framework for discovering the location of nodes and events in wireless networks. Sextant enables nodes without specialized hardware, such as GPS, to efficiently discover their approximate locations. Further, given a sensor network where each node can sense events in its immediate vicinity, Sextant pinpoints the location of events with high fidelity.
SHARP SHARP is a hybrid routing protocol that dynamically finds the optimal mix of proactive route dissemination and reactive route discovery to achieve application-specific performance goals.
SNS SNS is a scalable, high-performance wireless network simulator, based on ns2. It vastly outperforms standard ns2 in speed and scale through a new technique we developed called staged simulation. It achieves its improvements in speed and scale by eliminating redundant computations both within a single and across multiple simulation runs. It has been carefully validated against ns2 - staging preserves accuracy while speeding up simulations.


Fall 2012 CS 4410, Operating Systems Introduction to operating systems.
The Cornell Systems Lunch We will be reading recent papers on systems topics.

Previous courses I have taught.


[chronological] [by category] [by project] [by year] [by author] [by title] (these pages generated by CrossTeX)



A list of all my talks can be found here.

Software and Services

Professional Activities

Former Students

I have worked with some really bright people.


List of my past affiliations.


Ph.D. & M.S. University of Washington; B.S.E. Princeton University; High school, Robert College.

I enjoy sailing (minitransats, I14s, sailboards), backcountry skiing and photography.

For visitors: Directions to the Cornell CS Department.