My research helps programmers write trustworthy programs. My primary area of interest is language-based information security: using programming language techniques to provide information security assurance. You can find out more about my research in this research statement (from August 2015).
Selected materials from my tenure packet can be found here.
- Automatic Enforcement of Expressive Security Policies using Enclaves, OOPSLA 2016 .
- Extensible Access Control with Authorization Contracts, OOPSLA 2016 .
- Report on the NSF Workshop on Formal Methods for Security .
- Precise, Dynamic Information Flow for Database-Backed Applications, PLDI 2016 .
- Correct Audit Logging: Theory and Practice, POST 2016 .
Information for prospective students, both undergraduate and graduate, can be found here. Please read this page before contacting me. General information for Harvard undergraduates interested in research in Computer Science is available here.
- CS 61: Systems Programming and Computer Organization Fall 2010, Fall 2011.
- CS 152: Programming Languages Spring 2010, Spring 2013, Spring 2014, Spring 2015, Spring 2016.
- CS 252r: Advanced Topics in Programming Languages Fall 2009, Spring 2011, Spring 2012, Fall 2013, Fall 2014, Fall 2015.
- Accrue: Providing language-based security guarantees proportional to programmer effort.
- Privacy Tools for Sharing Research Data: Enhance technologies and policies to protect personal data used in research studies.
- Shill: a secure shell scripting language.
- Previous projects
- CHILI: Enabling the execution of code of unknown origin while guaranteeing that the code is not vulnerable to various classes of security attacks.
- Owen Arden (post doc)
- Aaron Bembenek
- Pablo Buiras (post doc)
- Christos Dimoulas (post doc)
- Anitha Gollamudi
- Scott Moore (PhD 2016, now post doc)
- Lucas Waye
- Center for Research on Computation and Society
- Programming Languages at Harvard
- Systems Research at Harvard (SYRAH)
- CSF 2017 Co-chair (with Boris Köpf).
- PLMW @ PLDI 2017 Program Committee.
- POST 2017 Program Committee.
- ASPLOS 2017 ERC.
- Past activities:
- POPL 2017 Artifact Evaluation Committee co-chair (with Jean Yang).
- Co-chair of the NSF Workshop on Formal Methods for Security (with Joshua Guttman).
- POPL 2016 Artifact Evaluation Committee co-chair (with Arjun Guha).
- General chair CSF 2012 and CSF 2013.
- Co-chair of APLWACA 2010 (with Ben Livshits).
- Co-chair of PLAS 2009 (with David Naumann).
- Program committees: PLAS 2016, AAAI Fall Symposium on Privacy and Language Technologies, HILT 2016 Workshop on Model-Based Development and Contract-Based Programming, SecDev 2016, OOPSLA 2016, SPLASH 2016 Workshops, FCS 2016, ECOOP 2016, EuroS&P 2016, POPL 2016 (ERC), PLAS 2015, POST 2015, POPL 2015 (ERC), OOPSLA 2014, TGC 2014, HILT 2014, PSP 2014, CSF 2014, FMS 2014, PLDI 2014 (ERC), ASPLOS 2014 (ERC), SEC@SAC14, HILT 2013, FOOL 2013, CCS 2013, SEC@SAC13, PLAS 2012, PPCloud 2011, FAST 2011, CCS 2010, CSF 2010, FCS-PrivMod 2010, WebApps ’10, Bytecode 2010, ASIAN 2009, HotSec ’09, FCS09, CSF 2008, PLAS 2007.
My research is currently supported by the National Science Foundation (under Awards 1054172, 1237235, 1421770, 1524052, 1551249, 1565387), the AFOSR, DARPA (BRASS program), an Alfred P. Sloan Research Fellowship, and a Google Faculty Research Award. I have previously been supported by IARPA.
I completed a Ph.D. at Cornell University in August 2008, under the guidance of Andrew Myers. Prior to graduate school, I spent several years working as a consultant and contractor. I received a B.Sc.(Hons) and B.A. from Victoria University of Wellington, in Wellington, New Zealand. My wife, Kiran Gajwani, is a Lecturer/Advisor in the Economics Department at Harvard.