Experimentation to discover cutting edge vulnerabilities and security solutions.
Software Engineering
Develop tools to measure and enhance the security of computer systems and networks.
Security Consulting
Penetration testing to evaluate the security of infrastructure.
Research
Experiments I've Performed
Control-Flow Integrity
Address Space Layout Randomization
Electronic Voting Security
Security Evaluation of Scantegrity II
Measuring Network Retransmits
Performance Evaluation of Monitors
Resilient Multipath Routing
Recovery Delay Affected by QoS
Malicious Media Sanitization
Removing Steganographic Content
My Next Project
Something in the Future
Experience
Academic History and Work Experience
2007-2011
Computer Engineering
Studied computer engineering at UC Davis, graduating in 2011. This major provided an excellent
background in both hardware and software. Though I was interested in computer security even
before beginning my degree, I became determined to focus on this field after taking an
introductory computer security course.
2011-2017
Computer Science Doctorate
In 2011 I began my doctoral studies in computer science. Through various research projects and
internships, I explored many areas of computer and network security.
Summer 2012
Internship at Sandia
Between June and September 2012 I interned as a security researcher at Sandia National Labs.
I worked on detecting malicious content hidden in media files and developed an interface that
efficiently sanitizes data while preserving a high degree of fidelity.
Summer 2013
Internship at Lawrence Livermore
My next summer internship was at Lawrence Livermore. Here, I investigated the feasibility of
a generic metric for network resilience. Though a unified metric ultimately was not developed,
I was able to thoroughly detail the technical, computational, and theoretical challenges in
producing such a metric. I then focused on exploring quantitative metrics for specific
security properties.
Summer 2014
Internship at Lawrence Livermore
Continuing my work from last summer, I began researching multipath routing to fill the gaps
in quantitative security metrics. Specifically I measured the recovery delay of data transfers
over multipath networks with different quality of service levels.
Summer 2015
Internship at Lawrence Berkeley
At Lawrence Berkeley, I evaluated the performance of network monitors. The goal was to determine
which tool scales the best with high-performance network traffic. This analysis can also be applied
to other network tools, such as intrusion detection systems.
2017-
Application Security Engineer at Cloudflare
I am currently working as an Application Security Engineer at Cloudflare. In my role, I get the
opportunity to work with several different engineering teams, helping them to ensure that the
products they launch are secure. Cloudflare is an amazing company with great people and we're
making a fantastic impact on our customers' sites, as well as on the general internet community.
Contact Me
Control-Flow Integrity
Entropy Analysis of Different Address Space Layout Randomization Implementations
In this experiment, I examine the security provided by different implementations of Address Space Layout
Randomization (ASLR). ASLR is a security mechanism that increases control-flow integrity by making it more difficult for
an attacker to properly execute a buffer-overflow attack, even in systems with vulnerable software. The strength of ASLR
lies in the randomness of the offsets it produces in memory layouts. I compare multiple operating systems by measuring
the amount of entropy provided to a vulnerable application. This project is the first of its kind to quantitatively
compare the entropy of different ASLR implementations. In performing this experiment, I also provide a method for
remotely assessing the efficacy of a particular security feature on systems that are otherwise unavailable for analysis.
The results obtained highlight the need for independent evaluation of security mechanisms.
Figure 1. Stack Layout of a Program Vulnerable to Buffer Overflows
As we can see in Figure 1, a buffer overflow (illustrated by the figure on the right) can wreak havok on
the proper execution of targeted applications. When a vulnerable function is exploited in the way shown above, with an
excessive amount of input, it will generally cause the program to crash. The return address stored in the extended
instruction pointer (register EIP) is overwritten with a value (in the above case, "AAAA" = 0x41414141) that will not
dereference to a valid location. But the main goal of a buffer overflow attack is to redirect the control-flow of the
target executable, a task that requires more precision.
Figure 2. Successful Buffer Overflow Attacks Require an Attack String that's Just Right
Figure 2 symbolizes the three possible outcomes of an attempted buffer overflow attack. Too hot and the
program crashes. Too cold and the program executes nominally, with no unintended effects. When an attacker crafts an
attack string with just the right number of characters to overwrite the return address, and overwrites that return
address with just the right value, the attack will successfully hijack the program's control-flow.
There are several ways to defend against buffer overflow attacks. One way is to ensure that any
applications used are written in memory-safe languages, avoiding programs written in C. This can greatly limit the
software that can be run. Another option is to properly check the bounds on all dynamic input to prevent it from writing
passed the memory buffer allocated for it. Static analysis of the source code can easily identify flaws regarding the
lack of stringent bounds-checking, but fixing these flaws requires availability of the source code for all (memory-unsafe)
software that is run.
Instead of attempting to secure all applications against buffer overflow attacks, one can add a now common
security feature to the system's operating system, making it harder for an attacker to successfully execute a buffer
overflow attack. Address Space Layout Randomization (ASLR) adds random offsets in the memory layout of applications that
are compiled with support for position-independent execution. The values of these random offsets are determined at runtime,
so if the daemonization of services is configured properly, an attack that crashes the vulnerable program will gain no
knowledge of how to effectively hijack its control flow.
Address Space Layout Ranomization does not prevent buffer overflows. It does not patch vulnerable programs.
But it does make it harder for attackers to successfully exploit those vulnerabilities. The key to ASLR's effectiveness is
in the randomness of the offsets added to memory layouts. If these offsets are predictable, then a buffer overflow attack
would be only marginally more difficult, and take possibly only slightly more time to execute, on a system with ASLR, as
compared to a system without such a security feature.
Figure 3. Diagram of Attack Technique
Electronic Voting System Security
Security Evaluation of Scantegrity II
Experimental details to come!
Measuring Network Retransmits
Performance Evaluation of Tools for Network Retransmit Analysis
Experimental details to come!
Resilient Multipath Routing
Recovery Delay in Multipath Routing Networks
Experimental details to come!
Malicious Media Sanitization
Automatic Removal of Malicious Content Hidden in Media Files
