I am a Professor in the Edward S. Rogers Department of Electrical and Computer Engineering, Department of Computer Science and the Faculty of Law at the University of Toronto. I am the Canada Research Chair in Secure and Reliable Systems (Tier 1), a member of with the Computer Group, a Massey College Senior Fellow, and a research lead at the Schwartz Reisman Institute for Technology and Society. I received my M.S. and Ph.D from Stanford University and my B.A.Sc from Engineering Science at the University of Toronto.
My research goal is to make computer systems more secure and trustworthy. With the large degree that computing has permeated our lives, from mobile smartphones to ubiquitous cloud computing, it is crucial that this infrastructure that we rely so heavily on be secure and reliable. We trust computer systems more than ever, meaning that they must be transparent and protect our privacy. To achieve this goal, I take a variety of approaches to achieving this goal, including techniques using operating systems, computer architecture, formal verification and networking. I like to research and understand my ideas by building prototypes with my students. Over the years, we’ve built and open-sourced many software projects. More information about my research projects can be found on my Research page.
I previously held a Canada Research Chair (Tier 2) from 2013-2018, and have been the recipient of a Connaught Global Challenge Award (2017), an Ontario Ministry of Research and Innovation Early Researcher Award (ERA) (2008) and an SOSP 2003 best paper award for my work. I served as general chair for the ACM CCS 2018 conference and have served on numerous technical program committees of top conferences, such as IEEE S&P, Usenix Security, ACM CCS, NDSS, OSDI and ASPLOS. I served as associate editor for the IEEE Transcations on Cloud Computing from 2012-2016. I am a founding member of the IT3 Lab, a multidisciplinary lab working on improving transparency through technology and policy. I was a visiting research scientist at Google from 2016-2017 and served as Chief Security Architect at Enomaly, a Toronto-area startup, from 2009-2010, which was subsequently acquired by Virtustream. I was Associate Chair, Graduate Studies from 2012-2015.
I collaborate with top researchers internationally, as well as many of the leading technology companies, such as Google, VMware and Telus. I have been principle investigator on many competitive grants, totaling over $15M of funding.
- A large scale study of user behavior, expectations and engagement with Android permissions", In Proceedings of the 30th USENIX Security Symposium, 2021. (Media coverage, Conference presentation) , "
- Aion attacks: Manipulating software timers in trusted execution environment", In Proceedings of the The 18th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA), 2021. (Best Paper Award, Slides, Conference presentation) , "
- Machine unlearning", In Proceedings of the 42nd IEEE Symposium on Security and Privacy, 2021. (source code, blog post, media coverage, 1 minute overview, Conference presentation) , "
- In-Fat Pointer: Hardware-assisted tagged-pointer spatial memory safety defense with subobject granularity protection", In Proceedings of the 26th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), 2021. (Extended abstract, 20 minute talk, 5 minute talk) , "
- Emilia: Catching Iago in legacy code", In Proceedings of the 2021 Symposium on Network and Distributed System Security (NDSS), 2021. (Full talk video) , "
- Ex-vivo dynamic analysis framework for Android device drivers", In Proceedings of the 41st IEEE Symposium on Security and Privacy, 2020. (1 minute overview, Full talk video.) , "
- Using safety properties to generate vulnerability patches", In Proceedings of the 40th IEEE Symposium on Security and Privacy, 2019. , "
- Tackling runtime-based obfuscation in Android with TIRO", In Proceedings of the 27th USENIX Security Symposium, 2018. (slides, source code) , "
Prospective Students and Open Positions
Post-Doctoral Fellows: I have several post-doctoral fellowship positions open. Please click here for the job description and criteria. Intrested candidates should fill out the Post-Doctoral Fellow Application Form.
Research stream MASc and PhD Students: I am always looking for graduate students who are interested in making the systems we use more secure and private. Required background requires a solid understanding of operating systems and computer systems, with practical experience writing and implementing software. Security background is desirable but not required. Interested students should apply for graduate studies in ECE or CS. If you are specifically interested in joining my research group as a student, I have a standard set of questions I ask all interested applicants, which you can fill out in my Prospective MASc/PhD Information Form. If you are unsure whether to apply to ECE or CS, please fill out the form and indicate in the comments box at the bottom. You can find information on my current graduate students here.
MEng Students: I occasionally accept exceptional MEng students for projects that match my research program. Applicants should have a minimum 3.7 GPA and extensive software development experience. If interested, please fill out an MEng Project Application.
Undergradaute Students: I’m looking for strong undergraduate students with interests in computer security. 2nd and 3rd year students will be given preference. If interested, please fill out this application form.
- ECE568F: Computer Security
- ECE1776F: Computer Security, Cryptography and Privacy
I recently served as General Chair for CCS 2018, which took place in Toronto, Canada, Oct 15-19 2018.
Here are the current and past technical program committees I am serving or have served on:
- The 27th ACM Conference on Computer and Communications Security (CCS 2020)
- The 13th ACM International Systems and Storage Conference (SYSTOR 2020)
- The 11th ACM SIGOPS Asia-Pacific Workshop on Systems (APSys2020)
- The 2020 Network and Distributed System Security Symposium (NDSS 2020)
- The 26th ACM Conference on Computer and Communications Security (CCS 2019)
- The 10th ACM SIGOPS Asia-Pacific Workshop on Systems (APSys 2019)
- The 2019 Network and Distributed System Security Symposium (NDSS 2019)
- The 2018 Network and Distributed System Security Symposium (NDSS 2018)
- ACM 2017 Conference on Computer and Communications Security (CCS 2017)
- USENIX Security Symposium (2017)
- Mobile Security Technologies (MOST) 2017
- Mobile Security Technologies (MOST) 2016
- 37th IEEE Symposium on Security and Privacy (2016)
- 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’16)
- 24th USENIX Security Symposium (2015)
- 5th Annual ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices (SPSM) (PC co-chair)
- The 2016 Network and Distributed System Security Symposium (NDSS 2016)
- The 36th IEEE Symposium on Security and Privacy (Oakland 2015)
- CCSW 2014: The ACM Cloud Computing Security Workshop
- The 35th IEEE Symposium on Security and Privacy (Oakland 2014)
- The 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2014)
- The 23rd USENIX Security Symposium (2014)
- 7th The ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2014)
- The 23rd International Conference on Parallel Architectures and Compilation Techniques (PACT 2014)
- The Eighteenth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2014)
- CCSW 2013: The ACM Cloud Computing Security Workshop
- The 8th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2013)
- The 22nd International World Wide Web Conference (WWW 2013)
- The 2012 Symposium on Cloud Computing (SOCC 2012)
- The 45th Annual IEEE/ACM International Symposium on Microarchitecture (Micro 2012) (External Review Committee)
- 21st USENIX Security Symposium (2012)
- 7th ACM Symposium on Information, Computer and Communications Security (ASIACCS 2012)
- 4th International Conference on Trust and Trustworthy Computing
- ACM SIGMETRICS 2011 International Conference on Measurement and Modeling of Computer Systems
- 16th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2011)
- 19th USENIX Security Symposium (2010)
- The International Conference on Virtual Execution Environments 2010 (VEE’10)
- 15th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2010)
- 4th USENIX Workshop on Hot Topics in Security (HotSec ’09)
- 18th USENIX Security Symposium (2009)
- IEEE Symposium on Security and Privacy (Oakland 2009)
- Symposium on Operating Systems Design and Implementation (OSDI 2008)
- 17th USENIX Security Symposium (2008)
- 1st Workshop on Architectural and System Support for Improving Software Dependability (ASID 2006)
- Workshop on Architectural Support for Security and Anti-Virus (WASSA 2004)
Finally, I’d like to acknowledge our wonderful sponsors, who support our research with financial and in-kind contributions. We work closely with our sponsors through collaborative projects, student internships, as well as hiring of students after graduation. I always welcome new sponsorship opportunities. Please do not hesitate to contact me if interested.