Participate in Research

Do you use the Internet? Are you interested in making it work better? Then you already meet the minimum requirements for working with me!

But to be less glib, I'm interested in measuring networked systems, understanding problems that arise in these systems and solving them. I am always looking for curious, passionate and hard-working collaborators.

Ph.D. students

What I'm looking for

I'm currently looking to admit graduate students for my research group. I'm looking for students with strong interest in networked and distributed systems, particularly those who are passionate about privacy and security in the mobile and IoT environments. If you are interested in working with me, you should read my recent conference publications and understand whether these are the kinds of projects you are qualified for and excited about.

Of course, it's often difficult to acquire extensive experience in research before grad school. While having research experience is helpful, note that not even I had such experience (or even a degree in CS) before entering grad school. More important than that, I'm looking for people who are both "thinkers" and "doers". To be a successful PhD in my group you need not only to write code efficiently, but also have curiousity about how things work and how to make them better. Above all else, you need strong communication and writing skills, otherwise no one will understand all the great work you are doing. Part of my job is to help you improve in all these areas, but you need to start wtih a solid foundation.

Why work with me?

Northeastern is already one of the top security and privacy programs in the country, boasting world-class researchers and a location in one of the best cities in the US. I publish in top-tier venues such as SIGCOMM, IMC, NDSS, and CCS, and focus on projects that produce software people can use -- to date more than a million people benefit from my research. My students will have opportunities to do summer internships at top institutions such as Google, Facebook, and Telefonica.

I place a premium on research that has real-world impact. Since I joined Northeastern, my team has conducted 30 responsible disclosures of security and privacy vulnerabilities affecting hundreds of millions of users. Our work has received worldwide attention from hundreds of articles in the popular press, several pieces for television news, and was even the topic of an award-winning short documentary film. My team's software has been installed by more than 130,000 users worldwide, and our net neutrality project is used by the French national telecom regulator to audit net neutrality compliance.

In short, if you want to conduct high-profile research and make an impact on the world, I can help with that :)

How to apply?

You have to apply through the official application site. If you send an application directly to me, it will be ignored.

Want to successfully contact me via e-mail?

If you want to reach out to me, please don't be shy! That said, there are many ways to do so in a counterproductive way. For example, sending me a generic email stating that you are interested in some related research area is not going to get my attention.

Instead, take the time to look at my research projects, visit their webpages, read the associated publications. Get a good feel for what kind of work we're doing and how you might be able to contribute. Then write an email that convinces me that you understand the research, you're interesting in concrete ideas to advance such research, and you are qualifiied to do so. See the list of questions below (for Grad students at NEU) to get a sense of what I'm looking for.

Finally, please be aware that I simply don't have time to respond to all e-mails. In the likely event that I don't reply, do not take it personally.

Grad students at NEU

The best way to figure out if you're a good fit for my group is to take one of my classes. I integrate my research in class, so it will give you a taste of what it would be like to do research with me, and I will learn how well you absorb networking/privacy/security topics. If you want to do a research project or MS thesis with me, please read carefully below.

Our current list of Internet of Things and privacy/security projects is on a separate page, please visit this site if this is your main interest.
If you are interested in computer networking projects, you are a current active student at Northeastern University, and you satisfy the prerequisites for the project you are interested in, please send an email to choffnes@ccs.neu.edu with subject “Spring 2025 Networking Research” and a recent resume attached (with GPA), specifying the following:

Please note that, in general, we have a preference for projects that are on-site, that last the whole semester (15 weeks), and for a minimum of 10 hours per week.

We will be reviewing applications for Spring 2025 during December 2024 or until the positions are filled. Sometimes it may take us up to two weeks to get back to you, so please be patient if you do not hear back by then.

If you are interested to apply for Fall 2025 or later, we cannot guarantee that this list of projects will still be valid, and therefore we suggest to wait for the projects to be updated before applying (usually one month before the semester starts).

Project 1. Anchor institutional networks

Access to digital information is an essential requirement for individuals to access critical services, such as to effectively participate in education and receive adequate healthcare. Since the Internet plays a central role in the transmission of information, differences in connection quality at schools and hospitals may lead to increased educational and healthcare inequality, especially between privileged and marginalized groups (that is, the digital divide). In this project, you will be responsible for designing, collecting and analyzing Internet measurement campaigns that reveal the state of the digital divide across critical sectors in the United States, as well as reviewing relevant literature, and documenting and presenting the findings of their research.

In more detail, the central research goal of this project is the identification of disparities in access to a reliable Internet connection at anchor institutions: those that tend to be constrained to a specific geography, and which are crucial employers and service providers in local communities. These disparities may lead to corresponding inequities in access to an array of critical services. We aim at quantifying these disparities using a characterization of the end-to-end Internet infrastructure serving anchor institutions.

Prerequisites

  1. Familiarity with the most important Internet and networking protocols and measurement tools (TCP/IP, DNS, ping, traceroute).
  2. Extensive programming experience (python recommended).
  3. Strong interest in network measurement
  4. Familiarity with basic machine-learning algorithms
Project 2. Isolating net neutrality violations

Net neutrality, or the notion that Internet service providers (ISPs) should give all network traf- fic equal service (with a notable exception being reasonable network management), has driven active discussions, laws, and policies. However, there have been few empirical studies of ISPs' traffic management policies that violate net neutrality principles, or their impact on stakeholders such as consumers, content providers, regulators, and legislators. The Wehe project fills this gap by studying of a common form of net neutrality violations: content-based traffic differentiation that limits throughput for specific applications.

While Wehe has successfully provided monitoring of net neutrality violations continuously since 2017, the project faces challenges that threaten its success. For one, Wehe requires continual maintenance in the form of addressing compatibility issues for servers and client software as operating systems evolve, identifying new types of net neutrality violations not conceived in the original work, and updating the network traces recorded from affected apps so that Wehe tests continue to correctly identify when they experience differentiation. Second, Wehe does not isolate which network is responsible for differentiation—though in many cases we assume through the law of large numbers that the ISP responsible is at the network edge. To improve Wehe's ability to identify the correct network responsible for net neutrality violations, we need to add new technique for localizing differentiation.

In this project, you will help address one of these challenges using one of the following strategies: (i) bringing Wehe software into compliance with current operating systems and apps that experience differentiation, (ii) developing strategies to make Wehe more resilient to future changes, and (iii) implementing differentiation localization algorithms based on performance tomography.

Prerequisites

  1. Familiarity with the most important Internet and networking protocols and measurement tools (TCP/IP, DNS, ping, traceroute).
  2. Extensive programming experience (python recommended, knowledge of Java/Swift needed for app development).
  3. Strong interest in network measurement
  4. Familiarity with bash

Undergraduates

If you are considering graduate school, or if you are just curious about building real systems that solve new problems, undergraduate research experience is for you. You don't need much experience with networking, but you do need to have a knack for figuring things out without too much help, particularly when it comes to comptuer systems.

All you need to get started is to do the following and send me an email with the info mentioned below:

Send me an email with this info, and we'll take it from there.