I am an assistant professor in the College of Computer and Information
Science at Northeastern University. My research is primarily in the areas of distributed systems and
networking, with a recent focus on mobile systems. Much of my work
entails crowdsourcing measurement and performance evaluation of
Internet systems by deploying software to users at the scale of tens
or hundreds of thousands of users. To date, more than 1 million users
have installed software produced from my research and more than 15
research groups worldwide have integrated my datasets into their
research projects. Please click around to check out more details about
me and my work.
- 7/3/18 Coverage of our work on apps that spy on you. TL;DR: We didn't see abuse of microphone or cameras, but we did see how apps are recording your every move and sending images/videos of this to third parties. We responsibly disclosed to Google and others, they took action to mitigate this privacy risk. More details in our paper.
- 5/4/18 My recently graduated Ph.D. student, Dr. Arash Molavi Kakhki, won the 2018 Northeastern CCIS Excellence in Research Award. Congrats, Arash!
- 5/2/18 Just a few end-of-semester updates:
- Our paper "Panoptispy: Characterizing Audio and Video Exfiltration from Android Applications" was accepted to PETs 2018. We found some scary stuff and are in the process of responsible disclosure, so stay tuned.
- Our paper "A First Look at Certification Authority Authorization (CAA)" appeared in SIGCOMM CCR's April issue. This is joint work with TUM, RWTH Aachen, University of Twente, and University of Sydney.
- I'm co-chairing the IRTF Applied Networking Research Workshop to be held at IETF 102. We received over 40 submissions in this reboot of the workshop, which promises to feature a great program.
- My PhD student Jingjing Ren presented her NDSS work on privacy leaks over time at the FTC's annual PrivacyCon event.
- I testified again at the MA state legislature on the topic of net neutrality.
- We've now received more than a half million tests from our Wehe app. Download it now for iOS and Android, learn if your ISP is violating net neutrality.
- 2/20/18 Our paper, Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach, won the Cisco Network Security Best Paper Award at NDSS! Joint work with Samuel Jero, Endadul Hoque, Alan Mislove, and Cristina Nita-Rotaru.
- 2/12/18 First update of the new year. Just a few things happened...
- Our Wehe app for detecting net neutrality violations got quite a bit of attention, in large part due to Apple rejecting our app and then later reversing its decision. Our work was subsequently covered by dozens of news outlets, and a piece about net neutrality featuring this work appeared on VICE News. Thanks to this publicity we have received over 100,000 tests worldwide, and we will be updating our website with our findings as we process the data.
- I testified to the Massachusetts State Senate Committee on Net Neutrality and Consumer Protection, you can find coverage here.
- Arash Molavi Kakhki, my recently graduated PhD student, won the IRTF's Applied Networking Research Prize for his work on QUIC that was published at IMC 2017.
- 12/24/17 Year-end update:
- Our longitudinal study on app privacy (to appear in NDSS'18) was selected for presentation at FTC PrivacyCon 2018.
- A first look at in-flight WiFi (joint work with Northwestern) was accepted to WWW'18.
- I led a panel on tools for data transparency at the DTL'17 conference, featuring Ashkan Soltani, Kashmir Hill, Justin Brookman, Franck Baudot, and Andrea Martens.
- ReCon was awarded a grant from the Comcast Innovation Fund.
- Wehe, our tool for detecting net neutrality violations, has been selected by ARCEP (the French telecom regulator) for providing consumers in France the ability to monitor and report ISPs that unlawfully differentiate network traffic.
- More exciting news to report in 2018!
- 10/30/17 Excited to report that I will have two papers appearing at NDSS 2018! "Bug Fixes, Improvements, ... and Privacy Leaks - A Longitudinal Study of PII Leaks Across Android App Versions" -- joint work with UCSB, U of Helsinki and IMDEA/ICSI -- explores how app privacy leaks change over time. "Automated Attack Discovery in TCP Congestion Control Using a Model-guided Approach" -- joint work with Purdue and FIU -- combines the generality of implementation-agnostic fuzzing with the precision of runtime analysis to find attacks against implementations of TCP congestion control.
- 9/8/17 I gave a talk about DPI middleboxes and their implications for policymakers at TPRC 45. Read my paper on the topic here.
- 8/21/17 The Harvest documentary film, which is based on data gathered from the ReCon Project, is now available online for free! This short film (11 minutes) appeared at several presitigious film festivals, including Aspen Shortsfest, HotDocs, Seattle International Film Festival, and Rooftop Films summer series.
- 8/16/17 Our paper on studying DNSSEC and its improper deployments won the Distinguished Paper award at USENIX Security '17! Congratulations to the lead author, Taejoong Chung, and all the rest of our coauthors!
- 7/28/17 Northeastern continues its strong presence in IMC, with four papers appearing in the conference! I am involved all four of them:
More details to come after camera-ready versions are prepared.
- "Taking a Long Look at QUIC: An Approach for Rigorous Evaluation of Rapidly Evolving Transport Protocols"
- "lib·erate, (n): A library for exposing (traffic-classification) rules and avoiding them efficiently" (with UMass-Amherst)
- "Understanding the Role of Registrars in DNSSEC Deployment" (with Maryland, Duke/Akamai, University of Twente)
- "The Record Route Option is an Option!" (with Rutgers/USC/Columbia/Microsoft and Waikato)
- 6/23/17 Many updates after a long hiatus.
- Harvest will appear at Rooftop Films in NYC, where we will be running an interactive event using ReCon. It's a free event, register here.
- Our paper on studying DNSSEC and its improper deployments was accepted to USENIX Security. This completes my first-ever "cycle" for top security conferences (CCS, NDSS, Oakland, USENIX). Wouldn't have been able to do it without the my ridiculously talented collaborators.
- Our poster on studying the DNSSEC root key rollover event was accepted to the SIGCOMM poster session.
- Our traffic differentiation work was covered in the ARCEP (French national telecom regulator) annual report (page 73).
- ReCon was in the news (again)! A great article by Fast Company and a TV story by NBC News Boston.
- 5/4/17 Harvest continues its film festival appearances, with announcments today that it will appear at BAMcinemaFest in NYC and the Seattle International Film Festival.
- 4/26/17 After a successful world premiere in Aspen, the Harvest documentary film will have its international premeiere at the HotDocs Film Festival in Toronto this weekend!
- 3/14/17 Thrilled to announce that Harvest, a documentary film that used our ReCon project to identify and highlight privacy risks when using mobile apps, will be premiering at the Aspen Film Festival in April!
- 3/10/17 ReCon was mentioned in the Danish news site Version2.
- 2/15/17 Our ReCon project was mentioned in a Boston Globe article about mobile privacy.
- 2/14/17 Renata Teixeira (Inria) and I were awarded a Google Faculty Research Award for our proposal on diagnoising and improving QoE. Thanks, Google!
- 2/9/17 Our work on efficiently and scalably pushing all revocations to browsers was accepted to IEEE S&P (Oakland) 2017! This is joint work with the lead author (and undergraduate) James Larisch along with Christo Wilson, Alan Mislove, Dave Levin (UMD), and Bruce Maggs (Duke/Akamai).
- 1/12/17 I presented ReCon at the FTC's PrivacyCon 2017. You can find the video here.
- 10/22/16 Our work on measuring the ecosystem of socially engineered exploit
documents (joint with MPI-SWS) was accepted to NDSS!
- 9/10/16 My paper titled "A Case for Personal Virtual Networks" was selected to appear at HotNets '16! Looking forward to an interactive workshop!
- 8/31/16 Our work on next-generation anonymity systems (beyond Tor) was covered in Ars Technica!
- 7/30/16 Deja Vu all over again! Northeastern, for a second year in a row, has a whopping 7 papers appearing at IMC (more than 1/7 of the program)! I am involved in five of the papers:
Congrats to all of our collaborators, and particularly to the students and postdocs who did all the hard work! More details to come when the camera ready versions are available.
- "Should You Use the App for That? Comparing the Privacy Implications of Web- and App-based Online Services",
- "Classifiers Unclassified: An Efficient Approach to Revealing IP-Traffic Classification Rules" (with Stony Brook),
- "Tunneling for Transparency: A Large-Scale Analysis of End-to-End Violations in the Internet",
- "Measuring and Applying Invalid SSL Certificates: The Silent Majority" (with U of Maryland, Duke), and
- "Inspecting the Free Bridge Across the Digital Divide: Assessing the Quality of Facebook's Free Basics Service" (with MPI, University of Cape Town, LUMS, and IIT Kharagpur).
- 7/22/16 Our work on measuring and analyzing private key sharing in the HTTPS
ecosystem was accepted to CCS! This is joint work with U. Marlyand, Duke/Akamai, and Northeastern.
- 6/22/16 I gave a talk about ReCon at the Mozilla Privacy Lab at ICSI. Watch the video here!
- Older news...
For those who don't know me, the following passage has become a theme
that runs through my life. In short, I "push the rock," just like Sisyphus from Greek
mythology. But Camus tells it better:
As for this myth, one
sees merely the whole effort of a body straining to raise the huge
stone, to roll it and push it up a slope a hundred times over; one sees
the face screwed up, the cheek tight against the stone, the shoulder
bracing the clay-covered mass, the foot wedging it, the fresh start
with arms outstretched, the wholly human security of two earth-clotted
hands. At the very end of his long effort measured by skyless space and
time without depth, the purpose is achieved. Then Sisyphus watches the
stone rush down in a few moments toward that lower world whence he will
have to push it up again toward the summit. He goes back down to the
plain. It is during that return, that pause, that Sisyphus interests
me. A face that toils so close to stones is already stone itself! I see
that man going back down with a heavy yet measured step toward the
torment of which he will never know the end. That hour like a
breathing-space which returns as surely as his suffering, that is the
hour of consciousness. At each of those moments when he leaves the
heights and gradually sinks toward the lairs of the gods, he is
superior to his fate. He is stronger than his rock.
-- Albert Camus, The Myth of Sisyphus