I am pursuing a Ph.D. in the Department of Computer Science at the University of Illinois at Chicago with Professor Chris Kanich in the BITS Networked Systems Laboratory. I received my undergraduate degree from Lawrence University in political science, with a focus on economics. I then briefly attended Boston College Law School, then worked professionally doing web and iOS contract work.

Research Interests

My research focuses on the security and privacy of systems, and how the security guarantees of those systems can be improved through simplification, attack surface reduction, and by identifying seldom used features and code paths that pose more risk than benefit to their users.

Current projects include measuring the popularity, desirability and security costs of browser complexity, and investigating alternative web systems that prioritize client security and code predictability at minimal cost to web-author expressiveness.

I am also interested in better understanding and measuring the costs to users of security violations. My work in this area includes measuring the frequency and affects of doxxing, and the security risks of long term cloud storage.

Publications

Teaching

  • Instructor for Software Design – UIC CS342 2017
  • TA for Computer Networks – UIC CS450 2017, 2015

Talks, Posters and Presentations

Other Significant Writing

Other Positions and Accomplishments

Signifigant Programs and Code

  • Cloudsweeper Webservice to encrypting and warning users of plain text passwords sent through their GMail accounts.
  • Improved feature blocking in the Brave Browser This patch improves the technique Brave was using to limit access to Web API features commonly used for tracking users online. Previously, the project would replace tracking-related Web API methods (e.g. gl.getShaderPrecisionFormat(gl.VERTEX_SHADER, gl.MEDIUM_FLOAT) with null.

    This successfully prevented websites from accessing these problematic functions, but would cause issues when code tried to interact with these now removed methods. For example, the if the getShaderPrecisionFormat method had been replaced with null, code expecting to call getShaderPrecisionFormat and do something with the results, such as accessing the rangeMin property on the returned format object, would crash.

    My solution, described in our CCS, 2017 paper, Most Websites Don’t Need to Vibrate: A Cost–Benefit Approach to Improving Browser Security, was to be more clever with what we replace these blocked / problematic methods with. Instead of replacing them with null, we create a specially configured version of the ES6 Proxy object.

    This specially configured Proxy object traps all ways that objects are interacted with in the Web API, such as being coerced into a string (String(x)), being indexed into like an array (x[y]), being called as a function (x()), etc. We configured our proxy objects to return themselves on most language operations. We then replaced the problematic Web API functions with these self-yielding proxy objects.

    As a result, code like gl.getShaderPrecisionFormat(gl.VERTEX_SHADER, gl.MEDIUM_FLOAT).rangeMin would run in normal browsers as usual (harming users privacy). Before our patch, the Brave browser would prevent the above code from executing, protecting users privacy, but at the cost crashing the program, and preventing later, benign parts of the program to continue running. With our research and code, Brave users now have the best of both worlds: websites are prevented from accessing harmful functionality, but without crashing other, benign parts of the site.

    More details about our approach are available in our paper.

  • Machine Learning for Automatic 8bit Song Generation Library to write original NES chip-style soundtracks using a corpus of 39 classic NES games and machine learning.
  • Objective-C Dijkstra implementation Library to perform Dijkstra in Objective-C (for iOS and OSX).
  • FormBug A Firefox extension to make dealing and developing form based applications easier. I just maintain it now, but wrote it back when I was doing web development work.

Non-CS Bits