I am a Professor in the Edward S. Rogers Department of Electrical and Computer Engineering, Department of Computer Science and the Faculty of Law at the University of Toronto. I am the Canada Research Chair in Secure and Reliable Systems (Tier 1), a member of with the Computer Group, an Associate Director at the Data Sciences Institute at the Uniersity of Toronto, a Research Lead at the Schwartz Reisman Institute for Technology and Society, a Massey College Senior Fellow, and a Faculty Affiliate with the Vector Institute. I received my M.S. and Ph.D from Stanford University and my B.A.Sc from Engineering Science at the University of Toronto.
My research goal is to make computer systems more secure and trustworthy. With the large degree that computing has permeated our lives, from mobile smartphones to ubiquitous cloud computing, it is crucial that this infrastructure that we rely so heavily on be secure and reliable. We trust computer systems more than ever, meaning that they must be secure, transparent and protect our privacy. To achieve this goal, I take a variety of approaches to achieving this goal, including techniques using operating systems, computer architecture, formal verification and networking. I like to research and understand my ideas by building prototypes with my students. Over the years, we’ve built and open-sourced many software projects. More information about my research projects can be found on my Research page.
I previously held a Canada Research Chair (Tier 2) from 2013-2018, and have been the recipient of a Connaught Global Challenge Award (2017), an Ontario Ministry of Research and Innovation Early Researcher Award (ERA) (2008) and an SOSP 2003 best paper award for my work. I served as general chair for the ACM CCS 2018 conference and have served on numerous technical program committees of top conferences, such as IEEE S&P, Usenix Security, ACM CCS, NDSS, OSDI and ASPLOS. I served as associate editor for the IEEE Transcations on Cloud Computing from 2012-2016. I am a founding member of the IT3 Lab, a multidisciplinary lab working on improving transparency through technology and policy. I was a visiting research scientist at Google from 2016-2017 and served as Chief Security Architect at Enomaly, a Toronto-area startup, from 2009-2010, which was subsequently acquired by Virtustream. I was Associate Chair, Graduate Studies from 2012-2015.
I collaborate with top researchers internationally, as well as many of the leading technology companies, such as Google, VMware and Telus. I have been principle investigator on many competitive grants, totaling over $20M of funding.
Selected Publications
- , "MIFP: Selective Fat-Pointer Bounds Compression for Accurate Bounds Checking", In Proceedings of the 26th International Symposium on Recent Advances in Intrusion Detection (RAID), 2023. (To appear.)
- , "FLUX: Finding Bugs with LLVM IR Based Unit Test Crossovers", In Proceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering (ASE), 2023.
- , "Calpric: Inclusive and Fine-grained Labeling of Privacy Policies with Crowdsourcing and Active Learning", In Proceedings of the 32nd USENIX Security Symposium, 2023.
- , "vWitness: Certifying Web Page Interactions with Computer Vision", In Proceedings of the 53rd IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2023. (Conference talk video.)
- , "In Differential Privacy, There is Truth: on Vote-Histogram Leakage in Ensemble Private Learning", In Proceedings of the 36th Conference on Neural Information Processing Systems (NeurIPS), 2022.
- , "Modulo: Finding Convergence Failure Bugs in Distributed Systems with Divergence Resync Models", In Proceedings of the 2022 Annual Conference on USENIX Annual Technical Conference (ATC), 2022. (Conference presentation, Source code)
- , "A Large Scale Study of User Behavior, Expectations and Engagement with Android Permissions", In Proceedings of the 30th USENIX Security Symposium, 2021. (Media coverage, Conference presentation)
- , "Aion Attacks: Manipulating Software Timers in Trusted Execution Environment", In Proceedings of the 18th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2021. (Best Paper Award, Slides, Conference presentation)
- , "Machine Unlearning", In Proceedings of the 42nd IEEE Symposium on Security and Privacy, 2021. (source code, blog post, media coverage, 1 minute overview, Conference presentation)
- , "In-Fat Pointer: Hardware-Assisted Tagged-Pointer Spatial Memory Safety Defense with Subobject Granularity Protection", In Proceedings of the 26th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2021. (Extended abstract, 20 minute talk, 5 minute talk)
- , "Emilia: Catching Iago in Legacy Code", In Proceedings of the 2021 Symposium on Network and Distributed System Security (NDSS), 2021. (Full talk video)
Prospective Students and Open Positions
Post-Doctoral Fellows: I have several post-doctoral fellowship positions open. Please click here for the job description and criteria. Intrested candidates should fill out the Post-Doctoral Fellow Application Form.
Research stream MASc and PhD Students: I am always looking for graduate students who are interested in making the systems we use more secure and private. Required background requires a solid understanding of operating systems and computer systems, with practical experience writing and implementing software. Security background is desirable but not required. Interested students should apply for graduate studies in ECE or CS. If you are specifically interested in joining my research group as a student, I have a standard set of questions I ask all interested applicants, which you can fill out in my Prospective MASc/PhD Information Form. If you are unsure whether to apply to ECE or CS, please fill out the form and indicate in the comments box at the bottom. You can find information on my current graduate students here.
MEng Students: I occasionally accept exceptional MEng students for projects that match my research program. Applicants should have a minimum 3.7 GPA and extensive software development experience. If interested, please fill out an MEng Project Application.
Undergradaute Students: I’m looking for strong undergraduate students with interests in computer security. 2nd and 3rd year students will be given preference. If interested, please fill out this application form.
Teaching
Winter 2024:
- ECE1776F: Computer Security, Cryptography and Privacy
Professional Activities
I served as General Chair for CCS 2018, which took place in Toronto, Canada, Oct 15-19 2018.
Here are the current and past technical program committees I am serving or have served on:
Sponsors
Finally, I’d like to acknowledge our wonderful sponsors, who support our research with financial and in-kind contributions. We work closely with our sponsors through collaborative projects, student internships, as well as hiring of students after graduation. I always welcome new sponsorship opportunities. Please do not hesitate to contact me if interested.
