Emmett Witchel

Department of Computer Science 1 University Station C0500 Austin, TX 78712-0233 (512) 232-7889 [email protected] http://www.cs.utexas.edu/~witchel/ Academic Employment 2010–present Associate professor of computer science at the University of Texas at Austin. 2004–2010 Assistant professor of computer science at the University of Texas at Austin. My group and I are interested in operating systems and architecture, and more generally in low- level systems. Most of my current research is about concurrent systems and security.

Education Massachusetts Institute of Technology Cambridge, MA Ph.D. in Electrical Engineering and Computer Science ...... January, 2004 Thesis title: Mondriaan Memory Protection. Advisor: Prof. Krste Asanovic´ Committee: Prof. Krste Asanovic,´ Prof. Frans Kaashoek, Prof. Barbara Liskov

Stanford University Palo Alto, CA M.S. in Computer Science ...... June, 1994 B.S. in Computer Systems Engineering (CS and Electrical Engineering) ...... June, 1992 B.A. in Philosophy ...... June, 1992

Awards 2011 Donald E. Porter wins Bert Kay Outstanding Dissertation Award from the Computer Science Department at The University of Texas at Austin. 2007 IEEE Micro Top Pick award, one of the 10 best architecture papers of 2007 for “MetaTM/TxLinux: Transactional Memory For An Operating System.” 2007 NSF Career award CNS-0644205, “Operating System Support For Transactional Memory: Con- struction and Performance Scalability of Parallel Programs”. 2004 Honorable mention ACM dissertation award. 2004 Winner of the George M. Sprowls award for outstanding thesis from the M.I.T. Electrical Engi- neering and Computer Science department. Refereed Conference and Journal Publications Each entry has a page length (Xp), the Citeseer conference rank (Y) and Citeseer conference score (x.xx), which Citeseer computed on May 2003 (citeseer Y:x.xx), the acceptance rate of the conference (X%), and the number of citations on Google scholar as of May 2009 (gcite:X). [1] Sangman Kim, Michael Lee, Alan Dunn, Owen S. Hofmann, Xuan Wang, Emmett Witchel, and Donald E. Porter. Improving server applications with system transactions. In Proceedings of the

1 7th ACM European conference on Computer systems (EuroSys), Bern, Switzerland, April 2012. 14p 14%. [2] Chistopher J. Rossbach, Jon Currey, Mark Silberstein, Baishakhi Ray, and Emmett Witchel. PTask: Operating system abstractions to manage gpus as compute devices. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles (SOSP), Cascais, Portugal, October 2011. 16p (citeseer 11:2.41) 18%. [3] Alan Dunn, Owen S. Hofmann, Brent Waters, and Emmett Witchel. Cloaking malware with the trusted platform module. In Proceedings of the 20th USENIX Security Symposium (USENIX Security), 2011. 16p 17%. [4] Owen S. Hofmann, Alan Dunn, Sangman Kim, Indrajit Roy, and Emmett Witchel. Ensuring operating system kernel integrity with OSck. In Proceedings of the Sixteenth International Con- ference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), March 2011. 12p (citeseer 6:2.70) 21%. [5] Indrajit Roy, Srinath Setty, Ann Kilzer, Vitaly Shmatikov, and Emmett Witchel. Airavat: Security and privacy for MapReduce. In Proceedings of the 7th USENIX Symposium on Networked Systems Design and Implementation (NSDI), April 2010. 16p 17%. [6] Donald E. Porter and Emmett Witchel. Understanding transactional memory performance. In Proceedings of the 2010 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS), March 2010. 15p 34%. [7] Scott Wolchok, Owen S. Hofmann, Nadia Heninger, Edward W. Felten, J. Alex Halderman, Christopher J. Rossbach, Brent Waters, and Emmett Witchel. Defeating vanish with low-cost sybil attacks against large DHTs. In Proceedings of the Network and Distributed System Secu- rity Symposium (NDSS), February 2010. 15p 15%, Reported in the New York Times http:// www.nytimes.com/2009/09/22/science/22decode.html. [8] Christopher J. Rossbach, Owen S. Hofmann, and Emmett Witchel. Is transactional memory pro- gramming actually easier? In Proceedings of the 15th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPoPP), January 2010. 10p (citeseer 14:2.22) 17%. [9] Donald E. Porter, Owen S. Hofmann, Christopher J. Rossbach, Alex Benn, and Emmett Witchel. Operating system transactions. In Proceedings of the 22nd ACM Symposium on Operating Systems Principles (SOSP), Big Sky, MT, October 2009. 14p (citeseer 11:2.41) 16%. [10] Indrajit Roy, Donald E. Porter, Michael D. Bond, Kathryn S. McKinley, and Emmett Witchel. Laminar: Practical fine-grained decentralized information flow control. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), June 2009. 12p (citeseer 3:2.89) 21%. [11] Owen S. Hofmann, Christopher J. Rossbach, and Emmett Witchel. Maximum benefit from a minimal HTM. In Proceedings of the Fourteenth International Conference on Architectural Sup- port for Programming Languages and Operating Systems (ASPLOS), March 2009. 12p (citeseer 6:2.70) 26%. [12] Hany E. Ramadan, Indrajit Roy, Maurice Herlihy, and Emmett Witchel. Committing conflicting transactions in an STM. In Proceedings of the 14th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming (PPoPP), February 2009. 12p (citeseer 14:2.22) 24%. [13] Hany E. Ramadan, Christopher J. Rossbach, and Emmett Witchel. Dependence-aware transac- tions for increased concurrency. In Proceedings of the 41st Annual International Symposium on Microarchitecture (MICRO-41), November 2008. 12p (citeseer 12:2.31) 19% gcite:2.

2 [14] Christopher J. Rossbach, Hany E. Ramadan, Owen S. Hofmann, Donald E. Porter, Aditya Bhan- dari, and Emmett Witchel. TxLinux and MetaTM: Transactional memory and the operating system. In Communications of the ACM, September 2008. 8p. [15] Jonathan Wildstrom, Peter Stone, and Emmett Witchel. Carve: a cognitive agent for resource value estimation. In The Fifth International Conference on Autonomic Computing (ICAC), June 2008. 9p 38%. [16] Hany E. Ramadan, Christopher J. Rossbach, Donald E. Porter, Owen S. Hofmann, Aditya Bhan- dari, and Emmett Witchel. MetaTM/TxLinux: Transactional memory for an operating system. In IEEE Micro Top Picks in Computer Architecture 2007, January 2008. 6p. [17] Christopher J. Rossbach, Owen S. Hofmann, Donald E. Porter, Hany E. Ramadan, Aditya Bhan- dari, and Emmett Witchel. TxLinux: Using and managing transactional memory in an operating system. In Proceedings of the 21st ACM Symposium on Operating Systems Principles (SOSP), Stevenson, WA, October 2007. 14p (citeseer 11:2.41) 19% gcite:29 (used in Illinois CS 523 Spring 2008, 2009, Wisconsin CS 763 Fall 2008,2009, Northwestern EECS 443 Spring 2009). [18] Justin Brickell, Donald E. Porter, Vitaly Shmatikov, and Emmett Witchel. Privacy-preserving software diagnostics. In ACM Conference on Computer and Communications Security, Alexan- dria, VA, 2007. 10p (citeseer 49:1.82) 18% gcite:4. [19] Hany E. Ramadan, Christopher J. Rossbach, Donald E. Porter, Owen Hofmann, Aditdya Bhandari, and Emmett Witchel. MetaTM/TxLinux: Transactional memory for an operating system. In Proceedings of the 34th International Symposium on Computer Architecture (ISCA), San Diego, CA, June 2007. 12p (citeseer 97:1.56) 23% gcite:21. [20] Jungwoo Ha, Christopher J. Rossbach, Jason V. Davis, Indrajit Roy, Hany E. Ramadan, Donald E. Porder, David L. Chen, and Emmett Witchel. Improved error reporting for software that uses black-box components. In Proceedings of the ACM SIGPLAN 2007 Conference on Programming Language Design and Implementation (PLDI), San Diego, CA, 2007. 11p (citeseer 3:2.89) 25% gcite:11. [21] Jonathan Wildstrom, Peter Stone, Emmett Witchel, and Mike Dahlin. Machine learning for on-line hardware reconfiguration. In The Twentieth International Joint Conference on Artificial Intelligence (IJCAI), Hyderabad, India, January 2007. 8p (citeseer 50:1.82) 16% gcite:6. [22] Jason V. Davis, Jungwoo Ha, Christopher J. Rossbach, Hany E. Ramadan, and Emmett Witchel. Cost-sensitive decision tree learning for forensic classification. In Proceedings of the The 17th Eu- ropean Conference on Machine Learning (ECML), Berlin, Germany, September 2006. 8p (citeseer 374:0.83) 21% gcite:7. [23] Emmett Witchel, Jungwhan Rhee, and Krste Asanovic.´ Mondrix: Memory isolation for Linux using Mondriaan memory protection. In Proceedings of the 20th ACM Symposium on Operating Systems Principles, Brighton, UK, October 2005. ACM. 14p (citeseer 11:2.41) 13% gcite:21. [24] Andrew Ayers, Chris Metcalf, Junghwan Rhee, Richard Schooler, Anant Agarwal, and Emmett Witchel. TraceBack: First fault diagnosis by reconstruction of distributed control flow. In Pro- ceedings of the ACM SIGPLAN 2005 Conference on Programming Language Design and Imple- mentation (PLDI), Chicago, USA, June 2005. 12p (citeseer 3:2.89) 21% gcite:15. [25] Jonathan Wildstrom, Peter Stone, Emmett Witchel, Raymond J. Mooney, and Mike Dahlin. To- wards self-configuring hardware for distributed computer systems. In The Second International Conference on Autonomic Computing (ICAC), June 2005. 9p 21% gcite:23. [26] Emmett Witchel, Josh Cates, and Krste Asanovic.´ Mondrian memory protection. In Proceedings of the Tenth ACM International Conference on Architectural Support for Programming Lnaguages and Operating Systems (ASPLOS-X), October 2002. 13p (citeseer 6:2.70) 18% gcite:114.

3 [27] Samuel Larsen, Emmett Witchel, and Saman Amarasinghe. Increasing and detecting memory address congruence. In Proceedings of the 11th International Conference on Parallel Architectures and Compilation Techniques (PACT), September 2002. 12p (citeseer 279:1.02) 21% gcite:39. [28] Emmett Witchel, Sam Larsen, C. Scott Ananian, and Krste Asanovic.´ Direct addressed caches for reduced power consumption. In Proceedings of the 34th Annual International Symposium on Microarchitecture (MICRO-34), December 2001. 11p (citeseer 12:2.31) 20% gcite:62. [29] David Mazieres,` Michael Kaminsky, M. Frans Kaashoek, and Emmett Witchel. Separating key management from file system security. In Proceedings of the 17th ACM Symposium on Operating Systems Principles, pages 124–139, Kiawa Island, SC, 1999. ACM. 14p (citeseer 11:2.41) 21% gcite:274. [30] Emmett Witchel and Mendel Rosenblum. Embra: Fast and flexible machine simulation. In ACM Conference on Measurement and Modeling of Computer Systems (SIGMETRICS), pages 68–79, 1996. 12p (citeseer 98:1.56) 22% gcite:230 (used in Illinois CS 598 Spring 2007, CS 423 Fall 2008). [31] Mendel Rosenblum, Edouard Bugnion, Stephen A. Herrod, Emmett Witchel, and Anoop Gupta. The impact of architectural trends on operating system performance. In Proceedings of the 15th ACM Symposium on Operating Systems Principles, Copper Mountain, CO, December 1995. ACM. 14p (citeseer 11:2.41) 26% gcite:176. [32] Mendel Rosenblum, Stephen A. Herrod, Emmett Witchel, and Anoop Gupta. Complete computer simulation: The SimOS approach. In IEEE Parallel and Distributed Technology, 1995. 10p gcite:479. Workshop and Other Publications [33] Christopher J. Rossbach, Jon Currey, and Emmett Witchel. Operating systems must support gpu abstractions. In The 13th Workshop on Hot Topics in Operating Systems (HotOS), 2011. 5p (citeseer 33:1.99) 25%. [34] Christopher J. Rossbach, Owen S. Hofmann, and Emmett Witchel. Is transactional memory programming actually easier? In The 8th Annual Workshop on Duplicating, Deconstructing, and Debunking (WDDD), 2009. 9p. [35] Emmett Witchel. Considerations for mondriaan-like systems. In The 8th Annual Workshop on Duplicating, Deconstructing, and Debunking (WDDD), 2009. 7p. [36] Donald E. Porter and Emmett Witchel. Operating systems should provide transactions. In The 12th Workshop on Hot Topics in Operating Systems (HotOS), 2009. 6p (citeseer 33:1.99) 26%. [37] Hany E. Ramadan and Emmett Witchel. The xfork in the road to coordinated sibling transactions. In Proceedings of the 4th Workshop on Transactional Computing (TRANSACT), Raleigh, NC, February 2009. 11p 39%. [38] Owen S. Hofmann, Donald E. Porter, Christopher J. Rossbach, Hany E. Ramadan, and Emmett Witchel. Solving difficult HTM problems without difficult hardware. In Proceedings of the 2nd Workshop on Transactional Computing (TRANSACT), Portland, OR, August 2007. 11p 48% gcite:8. [39] Donald E. Porter, Owen S. Hofmann, and Emmett Witchel. Is the optimism in optimistic concur- rency warranted? In The 11th Workshop on Hot Topics in Operating Systems, 2007. 6p (citeseer 33:1.99) 22% gcite:5. [40] Hany E. Ramadan, Christopher J. Rossbach, and Emmett Witchel. The Linux kernel: A chal- lenging workload for transactional memory. In Proceedings of the Workshop on Transactional Memory Workloads (WTW), June 2006. 6p gcite:8.

4 [41] Emmett Witchel. Mondriaan Memory Protection. PhD thesis, Massachussetts Institute of Tech- nology, January 2004. 135p. [42] Emmett Witchel and Krste Asanovic.´ Hardware works, software doesn’t: Enforcing modularity with mondriaan memory protection. In The 9th Workshop on Hot Topics in Operating Systems (HotOS), 2003. 6p (citeseer 33:1.99) 22% gcite:4. [43] Krste Asanovic,´ Mark Hampton, Ronny Krashinsky, and Emmett Witchel. Energy-exposed in- struction sets. In R. Graybill and R. Melhem, editors, Power Aware Computing. Kluwer Aca- demic/Plenum Publishers, 2002. 21p gcite:8. [44] Emmett Witchel and Krste Asanovic.´ The span cache: Software controlled tag checks and cache line size. In Workshop on Complexity-Effective Design, held with ISCA-28, June 2001. 12p gcite:23. [45] Emmett Witchel and M. Frans Kaashoek. Using software-extended architectures for software simultaneous multithreading. Technical report MIT-LCS-TR-878, MIT, 1997/2003. gcite:1. Funding 01/12–12/15 NIH R01 LM011028-01 from the National Library of Medicine “Secure Sharing of Clinical His- tory & Genetic Data: Empowering Predictive Personalized Medicine,” Also with C. David Page (University of Wisconsin, PI), Somesh Jha (University of Wisconsin), Jeffery Naugton (Univer- sity of Wisconsin), Justin B Starren (Marshfield Clinic Research Foundation), Vitaly Shmatikov $2,741,987. 09/10–09/11 NVIDIA Research Award. $25,000. 09/10–09/13 NSF CNS-1017785, “CSR: Small: Operating System Abstractions for GPU-Accelerated Interac- tive Applications,” Also with Christopher J. Rossbach $500,000. 1/10–12/12 Google Research Award. New privacy and security mechanisms for the MapReduce framework. Also with Vitaly Shmatikov $50,000. 09/09–09/13 NSF CNS-0905602, “TC: Medium: Collaborative Research: Securing Concurrency in Mod- ern Systems,” Also with Vitaly Shmatikov and Jedidiah Crandall (University of New Mexico) $799,998. 03/08–03/09 DARPA Computer Science Study Group, RA07-43. Phase 1. “Programming Parallel Architec- tures,” Top Secret security clearance held by the Institute for Defense Analyses (IDA). $100,000. 1/08 Sun Microsystems OpenSPARC program, T2000 server, $21,495. 12/07 Multicore architecture support for operating systems and real-time 3D graphics. Also with William R. Mark. Intel Equipment Grant 48395. $40,000. 1/07–1/12 NSF Career award CNS-0644205, “Operating System Support For Transactional Memory: Con- struction and Performance Scalability of Parallel Programs,” $400,000. 8/06–8/09 CNS-0615104 “Autonomic Systems: Integrating Machine Learning with Computer Systems,” Also with P. Stone, R. Mooney, Y. Zhang, V. Shmatikov. $880,000. 4/05–4/06 Microsoft Corporation, “Navel: Automating software support using traces of software behavior,” $49,500. 9/04–6/06 DARPA, “Architectures for Cognitive Information Processing,” Co-PI with Prof. Peter Stone, also with S. Keckler, R. Mooney, R. Mikkulainen, and D. Burger. $450,000.

Patents Patent Pending (2011/61449037) Method and System for Ensuring Operating System Kernel In- tegrity

5 Emmett Witchel, Owen S. Hofmann, Alan M. Dunn, Indrajit Roy, Sangman Kim Provisional Patent Filed March 3, 2011. 7,287,140 System and Technique for Fine-Grained Computer Memory Protection Krste Asanovic´ and Emmett Witchel U.S. Patent, filed July 27, 2004, granted October 23, 2007. 6,748,584 Method for Determining the Degree to which Changed Code has been Exercised Emmett Witchel, Chris Metcalf, Andy Ayers U.S. Patent, filed December 29, 1999, granted June 8, 2004. Current Doctoral Students Owen Hofmann (expected graduation 2012) Sangman Kim (expected graduation 2014) Alan M. Dunn (expected graduation 2015) Michael Z. Lee (expected graduation 2016) Graduated Graduate Students Donald E. Porter. “Operating System Transactions” (Ph.D. 12/10), Assistant Professor at Stony Brook University. Bert Kay Outstanding Dissertation Award from the Computer Science Depart- ment at The University of Texas at Austin. Indrajit Roy. “Protecting Sensitive Information from Untrusted Code” (Ph.D. 08/10), Researcher at HP Labs, Palo Alto. Christopher J. Rossbach. “Hardware Transactional Memory: A Systems Perspective” (Ph.D. 08/09), post-doctoral researcher at UT Austin, Researcher at Microsoft Research, SVC. Hany E. Ramadan. “Transactional Memory Concurrency: New Models and Systems” (Ph.D. 08/09), now Assistant Professor at King Abdullah University of Science and Technology (KAUST). Jason V. Davis. “Mining Statistical Correlations with Applications to Software Analysis,” co- advised with Inderjit Dhillon. (Ph.D. 06/08) Junghwan Rhee (Masters, now doctoral student at Purdue 06/05) Doctoral Thesis Committees Allen Clement (advisor: Lorenzo Alvisi) “New Models for State Machine Replication” (12/10) Jennifer B. Sartor (advisor: Kathryn McKinely) “The Limits of Heap Data Compression” (08/10) Jungwoo Ha “Scaling Managed Runtime Systems for Future Multicore Hardware” (advisor: Kathryn McKinley) (12/09) Justin Lee Brickell (advisor: Vitaly Shmatikov) “Privacy-Preserving Computation for Data Min- ing” (05/09) Maria Jump (advisor: Kathryn McKinley) “Dynamic, Instance-Based Object Analysis for Opti- mization” (01/09) Michael Bond (advisor: Kathryn McKinley) “Detecting and Tolerating Software Bugs after De- ployment” (12/08) Zheng, Jiandan (advisor: Michael Dahlin) “Universal Data Replication Architecture” (08/08) Moinuddin Qureshi (advisor: Yale Patt) “Adaptive mechanisms to manage capacity caches in high performance systems” (12/07)

6 Jeffrey Napper (advisor: Lorenzo Alvisi) “Robust Multithreaded Applications” (05/08) Amol Nayate (advisor: Michael Dahlin) “Transparent Replication” (12/06) Professional Service 2012 Program committee member for USENIX 2012 (ATC), the Usenix Annual Technical Conference. 2011 Program committee member for SOSP 2011, Symposium on operating systems principles. 2010 Program committee member for OSDI 2010, Operating systems design and implemetnation. 2010 Program committee member for ASPLOS 2010, International Conference on Architectural Sup- port for Programming Languages and Operating Systems. 2009 Program committee member for MICRO 2009, the IEEE/ACM International Symposium on Mi- croarchitecture. 2009 Program committee member for ISCA 2009, the International Symposium on Computer Archi- tecture. 2008 Program committee member for USENIX 2008 (ATC), the Usenix Annual Technical Conference. 2008 Program committee member for PLDI 2008, Programming Langugages, Design and Implementa- tion. 2008 Program committee member for TRANSACT 2008, ACM SIGPLAN Workshop on Transactional Computing. 2007 Program committee member for ASPLOS 2008, International Conference on Architectural Sup- port for Programming Languages and Operating Systems. 2007 Program committee member for HotOS 2007, the Workshop on Hot topics in Operating Systems. 2007 Program committee member for the Workshop on the Interaction between Computer Architecture and Operating Systems (WIOSCA) at ISCA-34. Helped organize and moderated panel discus- sion with Konrad Lai (Intel) Beng-Hong Lim (VMware) Chuck Moore (AMD) Burton Smith (Microsoft) James Smith (Wisconsin) Michael Swift (Wisconsin) Yuanyuan Zhou (UIUC) 2006 Program committee member for the Workshop on Introspective Architectures, held with HPCA. 2006 Program committee member for the second International Conference on Autonomic Computing. 2006 Program committee member for SysML, the First Workshop on Tackling Computer Systems Prob- lems with Machine Learning Techniques, located with SIGMETRICS. Invited lectures 12/11 “Operating System Support For GPUs,” Presented at Columbia University, New York, NY. State University, San Marcos, TX. 04/11 “Operating system transactions,” Presented at Texas State University, San Marcos, TX. 11/10 “Operating system abstractions for GPU processors,” Presented at the Univerity of Wisconsin, Madison, Madison, WI. 04/09 “Making Transactions Work One Systems Problem at a Time,” Presented at the University of California at Berkeley, Berkeley, CA. 03/08 “Transactional Memory and the Operating System,” Presented at the University of Washington, Seattle, WA. 01/08 “Transactional Memory and the Operating System,” Presented at Stanford University, Stanford, CA.

7 01/08 “Transactional Memory and the Operating System,” Presented at MIT, Cambridge, MA. 12/07 “Transactional Memory and the Operating System,” Presented at Columbia University, New York, NY. 10/07 “Transactional Memory and the Operating System,” Presented at Microsoft research, Seattle, WA. 08/07 “Transactional Memory Research Directions,” Panelist at the ACM TRANSACT workshop, Port- land OR. 07/06 “Yay, Computer Science,” lead presentation to First Bytes computer camp for High School women seniors. 10/05 “Mondrix: Memory Isolation for Linux using Mondriaan Memory Protection.” Presented at the ACM Symposium on Operating Systems Principles, Brighton, UK. 06/05 “Navel: Automating software support using traces of software behavior.” Presented at the Mi- crosoft Phoenix compiler research workshop. 06/05 “Yay, Computer Science,” presentation to First Bytes computer camp for High School women seniors, and High School seniors admitted to UT-Austin’s computer science honors program—the Turing Scholars. 06/05 “Traceback: First fault Diagnosis by reconstruction of distributed control flow.” Presented at the ACM Conference on Programming Language Design and Implementation, Chicago. 08/04 “How to Get a Top-10 Job.” Presented to UT graduate students. 01/04 “Mondriaan Memory Protection.” Presented to Microsoft research, and University of Washington. 10/03 “Painting Kernel Permissions with Mondriaan Memory Protection.” Presented at IBM Research Austin. Spring 2003 “Mondriaan Memory Protection.” Presented at Harvard University, University of Pennsylvania, Brown University, University of Southern California, University of Texas at Austin, Rotchester University, University of California at Davis, University of California at Santa Barbara, and Uni- versity of Colorado. Research Projects 2008–present Securing concurrent systems. To secure concurrent systems we have applied decentralized infor- mation flow control (DIFC) to two important areas—multi-threaded programs and cloud comput- ing. DIFC associates tags with data and enforces flow rules (like “no read up, no write down” for secrecy) on the data associated with the tags. DIFC is a mandatory access model that allows users to specify strong end-to-end security policies, such as policies to prevent credit card information from being transmitted over an insecure network connection. Laminar is the first DIFC system to support natural multi-threaded applications, and it allows programmers to convert only security-sensitive portions of their programs to use DIFC. Language- level DIFC (like Jif) supports labels for user-defined data structures, but cannot support multi- threading because of their complex type system. OS-level DIFC systems (like Asbestos, HiStar and Flume) can support multi-threaded applications, but cannot support labels on user-defined data types because the OS’s control over the application’s address space is limited to page tables. Page-granularity control is insufficient for arbitrary user data structures. In Laminar, the JVM enforces DIFC rules within the application’s address space while the OS security module enforces them for system resources. By placing trust in both the JVM and the OS, Laminar provides a natural, multi-threaded, DIFC programming model. Airavat is a system that augments MapReduce with novel security mechanisms, which combine DIFC and differential privacy. DIFC secures storage and computation done in the MapReduce

8 framework, guaranteeing that no unauthorized data accesses or leakages occur during the process- ing. Differential privacy guarantees that the results of aggregate computations do not leak too much information about the individual inputs, at the cost of adding some random noise with a mi- nor impact on the accuracy of the protected computations. DIFC and differential privacy are useful in and of themselves, and when combined, differential privacy provides a precise, mathematical basis for DIFC declassification. 2006–present Transactional memory for operating systems. Hardware transactional memory (HTM) has re- cently gained attention as an architectural primitive that has the potential to make concurrent programs simpler while maintaining efficiency. Transactions will become a popular concurrent programming model only if the hardware primitives, operating system support and application interface all work together. The OS needs transactional memory because many applications (such as web servers) spend much of their execution time in the kernel. Scaling the performance of these important applications requires scaling the performance of the OS and transactions will allow the OS to take greater advantage of multicore architectures. 2004–2007 Clarify. Clarify is a system to improve the error reports generated by software. It is intended to improve the experience of end-users who take the cryptic error messages given to them by programs and struggle to fix their problems using search engines and support websites. It is also intended to help developers who receive ambiguous error responses from black-box code. Clarify monitors the program at runtime using minimally invasive techniques like reading the pro- gram’s memory or counting function calls to generate a behavior profile, which is a summary of the program’s execution history. Clarify’s technical users collect the behavior profiles gener- ated when the program experiences a particular error, and train a machine learning classifier to recognize the application’s error behaviors. The trained classifier can then be used by develop- ers or non-technical end-users to disambiguate error situations that share an error report. Clarify improves error reporting by classifying program behavior. 2002–2005 Mondriaan Memory Protection. Advisor: Prof. Krste Asanovic.´ Mondriaan Memory Protection (MMP) [23],[42],[26] addresses the continuing problem of system stability. Mondriaan Memory Protection is a hardware/software co-design for fine-grained memory protection that allows mul- tiple protection domains to flexibly share memory and export protected services. Mondrix is a version of Linux that uses Mondriaan Memory Protection, enabling hardware to enforce the nat- ural module boundaries provided by the Linux kernel developers. For less than a 15% CPU time penalty, Mondrix provides strong inter-module memory safety guarantees, with minimal kernel recoding and no change to the kernel programming model. 2000–2002 Compilation for low power architectures. Advisor: Prof. Krste Asanovic.´ To reduce the power consumed by CPUs, I designed and implemented a model for a direct addressed data cache [28] and compiler algorithms to use it. A direct addressed cache allows software to access the cache without doing a tag check, which is beneficial because skipping the tag check saves energy. The tag check can only be skipped when the compiler (or programmer) knows the data is cache resident because e.g., it was recently accessed via a tag-checked load or store. Our compiler analysis uncovered much opportunity for tag check elimination, achieving 16–76% reduction in tag checks for Mediabench C programs and 18-65% reduction for Java SPECjvm98 programs. 1997 SFS. Advisor: Prof. Frans Kaashoek. Implemented the first read-only version of the SFS [29] (“self-certifying file system”), allowing an untrusted host to serve content that is verifiable with cryptographic hashes. A re-written and expanded version of the system is described in OSDI ‘02 by Kevin Fu et. al. 1995–1997 Software Extended Architectures. Advisor: Prof. Frans Kaashoek. Designed and built a fast dynamic binary translation tool which would allow new capabilities to be added to older binaries, especially taking advantage of newer architectural features. I then used the tool to implement

9 simultaneous multithreading entirely in software [45]. 1994–1996 SimOS. Advisor: Prof. Mendel Rosenblum. I designed, wrote and maintained Embra [30], the default CPU model in the SimOS simulation suite. As part of the SimOS framework Embra is the fastest reported full machine simulator (with slowdowns of 3–9%). It was the first machine simulator to use dynamic binary translation, which has become a popular technique in research and commercial systems such as VMware, SimICS, and bochs. I also contributed to other parts of SimOS and supported the developers of the Hive operating system. Industry Experience Mazu Networks...... Cambridge, MA 12/01–08/03 Programmer. Helped rearchitect Mazu Network’s security product for implementation on Intel’s IXP1200. I primarily wrote microcode for packet handling and filtering that runs on the embedded IXP processors. Code development was in Intel’s simulation environment. I also assisted in bringing up the code on the hardware and assisted with hardware debugging.

Incert Software ...... Cambridge, MA 12/97–11/01 Co-founder and Staff Scientist. Co-founded Incert Software. Designed and implemented (with others) Incert’s static translation technology. A program binary is “lifted” into a high level repre- sentation so that additional code and data can be added. The result is then “lowered” into a new binary that has augmented features like the ability to track control flow or generate test coverage statistics. Very low latency (less than 5% performance penalty) control flow tracking allows in- strumented binaries to be run in production environments. When such a binary crashes, the record allows reverse execution of control flow to help discover the root cause of the bug. I contributed to the implementation for COBOL on IBM’s OS390 and C/C++ on Windows and Solaris. Incert merged with Geodesic in 2002, which in turn was acquired by VERITAS and then Symantec.

Teaching Experience University of Texas at Austin ...... Austin, TX Fall 2011, Spring 2010, Fall 2006, Fall 2005 Advanced Operating Systems (CS 380L) I was the primary instructor for the UT graduate operating systems class. The syllabus includes reading nearly 30 research papers, two midterms, and a programming project. Fall 2010 Computer Architecture, Honors (CS 352H) I was the primary instructor for the UT undergrad- uate course in the Turing Scholars honors version of computer architecture. The course had 35 students, three exams and a Verilog programming project. Fall 2009, Spring 2009, Fall 2007, Spring 2006, Spring 2005, Fall 2004 Introduction to Operating Systems (CS 372) I was the primary instructor for a section of the main UT undergraduate operating systems course with 50–58 students, and one teaching assistant. This includes the first semester that the course was taught using Java. I prepared original programming assignments, tests and homeworks. In 2007, I made two new labs to teach concurrent programming. In 2009, we added a MapReduce lab. Spring 2004 Operating system development on computer hardware simulators (CS 395T) I designed the reading list and curriculum from scratch for this graduate level course. The course tied together reading on fast simulation technology, binary translation, and architectural compatibility. Massachusetts Institute of Technology ...... Cambridge, MA Spring 2002 Computer Systems Engineering (6.033). Along with 8 MIT faculty members, I was a recitation instructor for the main MIT undergraduate systems course. I prepared and taught a 24 person

10 recitation section twice a week, graded two design projects, and managed a teaching assistant. I met weekly with a large teaching staff to discuss directions in the course.

Stanford University ...... Palo Alto, CA Spring 1992 Teaching Assistant. Teaching assistant for Software Engineering in C (CS193U) taught by James Finn. Graded programming assignments and exams, and helped design tests and programming assignments. Aut, Win 1991 Teaching Computer Science. For two quarters, I was an undergraduate teaching assistant for Stanford’s introductory programming course (CS106A) as part of the undergraduate teaching pro- gram (CS198). I prepared and taught sections of 20 students one day a week. I graded tests and programming assignments.

Austin, TX, August 31, 2012

11