Virtual Ghost: Protecting Applications from Hostile Operating Systems:
  Developed the VirtualGhost x86-64 MMU page table implementation and ported
  FreeBSD PMAPS subsystem to utlize VirtualGhost MMU functionality. Additionally,
  implemented MMU update verification so that the operating system is denied access
  to maliciously modify the MMU, thereby, protecting application memory.

  QuickRec: Prototyping an Intel Architecture Extension for Record and
  Replay of Multithreaded Programs:
Designed and implemented a chunk and
  input deterministic based replay system in a Pin tool. Simulated and successfully
  replayed TSO relaxed memory model race conflicts. Additionally, participated in
  debugging the Quickrec RnR prototype hardware implementation and successfully
  found several bugs such as miscounting of instructions on floating point exceptions.

  Using Replicated Execution for a More Secure and Reliable Web Browser:
  Developed a browser extension for Firefox, Chrome, and Opera that provided core
  functionality of an opportunistic-n-version programming approach to detecting and
  masking browser-based exploits.

  Tor Fingerprinting Attack: Developed a passive fingerprinting attack against
  Tor network with the goal of identifying the webpage a given Tor client is viewing
  by eavesdropping on the connection between the Tor client and Tor entry router. I
  examined several mathematical approaches for classifying an unknown fingerprint
  (frequency distribution of the number of packets at given sizes) to a database of
  known websites; in the end I selected an entropy based metric – Kullback-Leibler
  divergence - which identifies how divergent a given probability distribution is from

  Automated Intrusion Detection Investigation and Response System
Examined the areas of intrusion detection systems, security ontologies,
  information fusion, and alert correlation and aggregation systems. The goal was to
  develop the necessary background to commence development of a prototype
  automated IDS with automated response capabilities. This project led to the
  development of a survey paper and a research proposal for an automated IDIRS.
  The key insight of this project is that disparate data, normally thought to have no
  relationship, can be mined for weak associations that, in the presence of other
  correlated data, can be used to determine whether or not an attack has occurred.