May 2016 – Mar 2020 · 3 yrs 10 mos

• I worked in the Infrastructure Security / Bot Defense Platform team to secure our infrastructure against bot attacks.
• Founding engineer for Bot Defense Platform team
• Defined short term mitigation strategy and long term roadmap for bot defense
• Designed and implemented a scalable fast decisioning service to secure endpoints against bot attacks. The first version of this service reduce bot traffic by more than 80%
• Continuously explore and implement new rules and machine learning models for bot defense
• Presented this work at UberML conference
• Before this, I built access control framework to secure internal resources.
• Designed and implemented 2 systems (data layer enforcer and a scalable permission service) to secure internal resources
• Defined a generic policy definition language to support access control use-cases beyond just data layer access
• Onboarded data stores and internal customers to these systems
• Gathered requirements to add more features and provided customer support
• Other work
• Designed and presented security trainings for the team
• Taught oncall training course (company wide)
• Bar raiser interviewer

May 2014 – May 2016 · 2 yrs · San Francisco Bay Area

• I worked in data layer and In-Memory database technologies team at Oracle. My team was responsible for developing Oracle’s In-Memory option, which is an In-Memory column store on top of Oracle’s row-major database that optimizes both analytics and mixed workload OLTP providing extremely fast real-time analytics while delivering outstanding performance for transactions.

May 2012 – Aug 2012 · 3 mos · Greater Seattle Area

• I worked on developing automatic risk quantification for internal AWS accounts based on security policies and credential rotation.

Aug 2011 – Apr 2014 · 2 yrs 8 mos · West Lafayette

• My research involved researching return oriented programming (ROP) attacks and developing software diversification based defense techniques. ROP attacks are an advanced form of buffer overflow attacks that reuse existing application code for malicious logic. Our proposed technique, Marlin, uses a fine grained randomization technique that randomizes application binary with every run, rendering ROP attacks ineffective. Also developed stealth ROP attack on UAV systems that performs a buffer overflow and restores the smashed stack after that to make the attack undetectable. We also proposed a defense technique for such attacks.
• I also worked in contextual access control. I proposed a formal proximity model for RBAC systems that allows specifying access control policies based on who is in proximity. This proximity can be geographical, cyber, social, logical or attribute-based.

May 2011 – Aug 2011 · 3 mos · Helsinki, Finland

• I worked on developing “PeerSense”, a system that provides meaningful co-presence information which serves as an enabler for various applications that require user's current social proximity information, for example contextual photo-sharing.

Jun 2010 – Dec 2010 · 6 mos · Helsinki, Finland

• I worked on developing “Intuitive and Sensible Access Control” mechanism for mobile devices that uses contextual observations to infer safety of current surroundings and use that information to automatically configure access control policies on mobile device. This work was demoed in PerCom Conference and won the best Demo paper award.

Jun 2007 – Jul 2007 · 1 mo · Lausanne, Switzerland

• I developed a tool for trace monitoring based on regular expression matching. This involved implementing an efficient collection of run-time traces and triggering user specified action using run-time pattern matching. This is useful in detecting possible faults, threats, deadlocks and security violations in real time.

May 2006 – Jul 2006 · 2 mos · Nancy, France

• My project was “Model driven approach to Electronic voting system verification”. I worked on implementing a complex electronic voting system prototype and then used formal verification and automated testing techniques to ensure correctness.