I primarily teach courses in the areas of computer security and programming languages.
CS 3110: Data Structures and Functional Programming
This course is the third and final course in the programming sequence for the CS major. It has a long history in the Cornell Computer Science curriculum, evolving from Scheme to SML to OCaml. In my conception of the course, its primary objective is to form students as excellent programmers. The topics in the course title are important but secondary to that objective.
I have evolved the course over the last couple years to strengthen students' programming skills. The twice weekly recitation sections now center on students solving coding exercises with one another and with the assistance of TAs. The programming assignments now usually involve building a cohesive piece of loosely specified software. Students thus get practice with solving small, well specified problems in the recitations, and with creative design and implementation in the out-of-class assignments.
In the first unit of the course when students are learning the basics of functional programming, which is new to most of them, I frame the material as not just learning a new language, but learning how to learn a new language, because that is something they will be doing multiple times throughout their career. We move from informal but careful descriptions of the language syntax and semantics, to a rigorous operational semantics, to a programming assignment in which they implement a substantial fragment of OCaml inside of OCaml itself.
The final project in the course is now open ended: students choose their own requirements, write a design document that is critiqued by TAs, and implement over the course of a month. This process is supported by the integration of some software engineering material into the rest of the course, including architecture, design, testing, and teamwork. In the first trial run of this project, three teams built particularly impressive systems: a sophisticated Pokémon game, an extensible editor in the style of Emacs, and a computer algebra system in the style of Mathematica.
CS 5430: System Security
This course is a Master's level introduction to computer security. In my conception of the course, its primary objective is to teach principles for building secure software systems. A principled approach is a quintessential part of the Cornell Computer Science ethos. Students may come from diverse backgrounds but are expected to be familiar with computer systems at the level of a undergraduate senior operating systems course.
The first unit of the course is devoted to teaching students to think clearly about security, with an emphasis on requirements and analysis. Then we cover applied cryptography as a tool: not how to implement or create cryptographic primitives, but how to use them responsibly. The rest of the course is organized around the Gold Standard: audit, authentication and authorization.
Course assignments have included thinking through the security goals for computer systems, learning to program with cryptographic primitives correctly, and solving real-world problems that have no "right" answer such as automated detection of intrusion attempts and password strength estimation.
Historically the course has included a team project in which students built a piece of software and attempted to secure it. To better provide close mentoring of the project, I have now factored it out into a separate practicum. Teams build their software over the course of five deliverables, inspired by a SCRUM-based agile software development process. At each deliverable, the teams receive peer feedback from one another on the security and usability of their software, as well as detailed feedback from me.
I often lecture at summer schools, sometimes lecturing on my own research, and sometimes teaching material from courses that I regularly teach during the academic year.
- Spring 2017: CS 5430 System Security
- Fall 2016: CS 3110 Data Structures and Functional Programming
- Spring 2016: CS 5430 System Security (and CS 5431 Practicum in System Security)
- Fall 2015: CS 3110 Data Structures and Functional Programming
- Spring 2015: CS 3110 Data Structures and Functional Programming, CS 5430 System Security
- Fall 2014: CS 3110 Data Structures and Functional Programming
- Spring 2014: CSCI 3907/6907.85 Software Foundations
- Fall 2013: CSCI 6545 Software Security
- Spring 2013: CSCI 4223/6223 Principles of Programming Languages
- Fall 2012: CSCI 3907/6907.85 Software Systems Security
- Spring 2012: CSCI 3907/6907.81 Advanced Security Seminar
- Fall 2011: CSCI 4531/6531 Computer Security
- Spring 2011: CS 5431 Practicum in System Security
- SSL: The GW Systems and Security Seminar [fall 2013][spring 2013][fall 2012][fall 2011]
I am interested in reasoning about software systems and their security. Topics of particular interest include electronic voting, security policies, information flow, cryptography, semantics, logics, language-based security, and specification and verification of programs. A complete list of my publications and talks is available.
- Cornell University College of Engineering Robert '55 and Vanne '57 Cowie Excellence in Teaching Award, 2015.
- AFOSR YIP Award, 2012.
- Program Committees: POST 2016 (International Conference on Principles of Security and Trust), PLAS 2015 (Co-chair, ACM Workshop on Programming Languages and Analysis for Security), ESORICS 2015 (European Symposium on Research in Computer Security), POPL 2015 ERC (ACM Symposium on Principles of Programming Languages), ASIACCS 2014 (ACM Symposium on Information, Computer, and Communications Security), FCS–FCC 2014 (Co-chair, Workshop on Foundations of Computer Security and on Formal and Computational Cryptography), RV 2014 (Conference on Runtime Verification), QASA 2013 (Workshop on Quantitative Aspects in Security Assurance), FCS 2013 (Co-chair, Workshop on Foundations of Computer Security), CSF 2012 (Short talk chair, IEEE Computer Security Foundations Symposium), FAST 2011 (Workshop on Formal Aspects of Security and Trust), CSF 2011 (IEEE Computer Security Foundations Symposium), VOTE-ID'09 (International Conference on E-voting and Identity), WOTE'06 (Workshop on Trustworthy Elections)
- Chair of panel on Cybersecurity Education at New England Security Day, Harvard University, April 28, 2016.
- Florida Division of Elections, 2008: Member of team commissioned by FL DoE for security review of Scytl Remote Voting Software, which was used by about 900 overseas voters in the 2008 U.S. General Election. [Final report]