Jun 2022 – Jan 2023 · 7 mos · San Francisco Bay Area · Hybrid

• Part of Twitter's Home Timeline product team.
• Designed a bloom filter based impression store to capture the seen tweets for a user by minimizing the storage.
• Lead a few projects to drive-up user engagement on Home Timeline by 10M UAM, and improved the documentation and automation of Tensorflow based Timeline Ranker ML Model training along the way. Also used Twitter’s in house A/B testing tool DDG for measuring the impact of each project.
• Introduced a new metric system, neighborhood adjusted metrics to evaluate the content ranking on home timeline by capturing the bias generated from adjacent tweets.
• Worked with cross functional partners like PM and client engineers to remove tweet’s context line for saving 5% of screen space on home timeline.

Jun 2021 – Jun 2022 · 1 yr · Palo Alto, California, United States

• Software Engineer, Runtime
• Developed the MSIX interrupt handling code to verify the interrupt generation capability of Sambanova’s upcoming chip design over emulator, found a bug in the chip design before tape-out.
• Developed the interrupt handler for Network Interface Card and, found several issues with the RTL. Thereafter, I regularly worked with a hardware engineer to verify and provide feedback.
• Reorganised the linux device driver codebase (C and CMake) to support the upcoming chip along with the previous chips in a single monolith codebase.
• Created a tool to run sanity tests on different hardware counters after program execution. Integrated this tool with Jenkins to fail the tests that left the chip in an inconsistent state.

Aug 2019 – May 2021 · 1 yr 9 mos · Ann Arbor

• As a browser security researcher, my job was to understand the academic as well as industry defenses for side-channel attacks in the modern browsers like Chrome and Safari.
• Spook.js
• Reverse-engineered Chrome’s memory, process, and just-in-time JavaScript optimization model to identify
• limitations in its Strict Site Isolation model, which was designed to protect against Spectre-like attacks.
• Developed an exploit that allowed an attacker to bypass the defense and access a user’s private
• information, such as credentials stored in LastPass or Chrome’s Password Manager.
• Collaborated with Google Chrome, LastPass, and Atlassian security teams to mitigate the issue, and the
• work was recognized and featured in Google’s Bug Bounty program. The findings were also published
• in SP Oakland 2022.
• Raised awareness about subdomain isolation differences between users and browser vendors, leading to a
• better adoption of Public Suffix List.
• ChromeZero
• Conducted research on academic defenses for browser-based side-channel attacks that can extract sensitive information such as cryptographic keys.
• Demonstrated the significant performance degradation of browsers resulting from such defenses and presented ways to bypass them.
• Developed and presented a novel website fingerprinting side-channel attack that can be executed on a victim’s browser without any JavaScript support. The findings were published in Usenix Security 2021.

Aug 2017 – Jul 2019 · 1 yr 11 mos · Bengaluru, Karnataka, India

• Part of a four member team that designed and implemented complete Data Centre Manager service in a Microservice environment.
• The workflows were designed with the state-machine model to ensure efficient failover and idempotency.
• Implemented schema upgrades for PostgresSQL along with High Availability(HA) cluster using Etcd and Patroni.

May 2017 – Aug 2017 · 3 mos · New York

• Discovered and implemented Side channel attack on hashing algorithm Scrypt by analyzing it's cache timings.
• The attack involves sniffing the cache timings of the victim in a HyperThreading environment and deriving a signature based on it to compromise the brute force complexity.

May 2016 – Jul 2016 · 2 mos

• ◦ Studied different forms of possible Cache Side Channel attacks.
• ◦ Implemented the side channel attack to exploit the AES key from OpenSSL implementation.
• ◦ Proposed and implemented a simple, lightweight and generalised defense mechanism to detect any known cache-side channel attacks.