CAREER

In response to serious vulnerabilities that plague many of the Internet's core protocols, the last two decades have seen various security infrastructures layered on top of originally insecure protocols (DNSSEC on top of the domain name system, SSL and its public key infrastructure on top of TCP, the RPKI on top of interdomain routing). The security of each is derived from centralized authorities that are trusted to provide information about cryptographic keys or identities. When authorities behave correctly, each security infrastructure protects the underlying insecure system from attack.

In the last ten years virtual machines (VMs) have been extensively used for security-related applications, such as intrusion detection systems, malicious software (malware) analyzers and secure logging and replay of system execution. A VM is high-level software designed to emulate a computer's hardware. In the traditional usage model, security solutions are placed in a VM layer, which has complete control of the system resources. The guest operating system (OS) is considered to be easily compromised by malware and runs unaware of virtualization.

Residential computer networks are often insecure because they are unable to apply the best practices employed in corporate networks. The general public, who are often responsible for administering these networks, may lack the financial resources or computing expertise to deploy state-of-the-art network security systems. As a result, residential networks often offer little resistance to fraud and compromise. Further, these networks can enable infiltrations into corporate networks when users bring their mobile devices from the home to the corporate network.

Database-driven dynamic spectrum sharing (DSS) is a key enabling technical paradigm approved by FCC for increasing wireless spectrum access. In such a system, a geo-location database administrator (DBA) accepts registrations from primary users and determines spectrum availability, and secondary users are all required to inquire the DBA about the availability of any interested spectrum before using it.

One of the most significant challenges in cybersecurity is that humans are involved in software engineering and inevitably make security mistakes in their implementation of specifications, leading to software vulnerabilities. A challenge to eliminating these mistakes is the relative lack of empirical evidence regarding what secure coding practices (e.g., secure defaults, validating client data, etc.), threat modeling, and educational solutions are effective in reducing the number of application-level vulnerabilities that software engineers produce.