Abhishek Rai
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
583
On Slideshare
583
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. SUSANTA K. NANDA Tel: (631)938-1227 Cell: (631)428-1167 Address: 1405 Stony Brook Rd, Stony Brook, NY 11790 Email: susanta@cs.sunysb.edu Web: http://www.cs.sunysb.edu/~susanta RESEARCH EXPERTISE Systems and applications security, virtualization technologies and their applications, binary analysis and instrumentation, disaster recovery, ubiquitous computing, and operating systems. EDUCATION Ph.D. (Computer Science) [GPA: 4.0/4.0] (Sept ‘02 - Present) Advisor: Prof. Tzi-cker Chiueh Computer Science Department, Stony Brook University M.S. (Computer Science)[GPA: 4.0/4.0] (Sept ‘02 – Dec’04) Advisor: Prof. Tzi-cker Chiueh Computer Science Department, Stony Brook University B.Tech. (Computer Science & Engineering) (July ’96 - May ’00) Indian Institute of Technology Kanpur, India WORK EXPERIENCE Experimental Computer Systems Lab, SUNY at Stony Brook (Sept ’02 - present)  Graduate Student Researcher Department of Computer Science, SUNY at Stony Brook (Sept ’05 – May’06)  Teaching Assistant (Courses: Network Security, Systems Security, Computer Security) IBM TJ Watson Research Centre, Hawthorne, NY (May ’05 - Aug ’05)  Summer Intern Network Data & Services Research, Bell Labs, Murray Hill, NJ (Oct ’00 - Aug ’02)  Member of Technical Staff - I Lucent Technologies Inc, Pune, India (July ‘00 - Sept ’00)  Consultant Novell Software, Bangalore, India (May ’99 - Jul ’99)  Summer Intern PUBLICATIONS  Srikant Sharma, Susanta Nanda, Kartik Gopalan, and Tzi-cker Chiueh, “Viking: A Multi-Spanning-Tree Ethernet Architecture for Metropolitan Area and Cluster Networks,” IEEE INFOCOMM 2004.  Susanta Nanda and Tzi-cker Chiueh, “A Survey of Virtualization Technologies,” Research Proficiency Report, Stony Brook, ECSL-TR-179, February 2005.
  • 2.  Susanta Nanda, Wei Li, Lap-Chung Lam, and Tzi-cker Chiueh, “BIRD: Binary Interpretation using Runtime Disassembly,” in Proceedings of the 4th Annual ACM/IEEE International Symposium on Code Generation and Optimization (CGO'06), Manhattan, New York, USA, March 2006.  Yang Yu, Fanglu Guo, Susanta Nanda, Lap-Chung Lam, and Tzi-cker Chiueh, “A Feather-weight Virtual Machine for Windows Applications,” in Proceedings of the 2nd ACM/USENIX Conference on Virtual Execution Environments (VEE'06), Ottawa, Canada, June 2006.  Susanta Nanda, Wei Li, Lap-Chung Lam, and Tzi-cker Chiueh, “Foreign Code Detection on the Windows/X86 Platform,” in Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC'06), Miami, Florida, USA, December 2006.  Susanta Nanda, Lap-Chung Lam, and Tzi-cker Chiueh, “Dynamic Multi-Process Information Flow Tracking for Web Applications Security,” 8th ACM/IFIP/USENIX International Middleware Conference (Middleware’07), Newport Beach, California, USA, November 2007.  Susanta Nanda, John Reumann, Anees Shaikh, and Debanjan Saha, “VDRS: An Inexpensive Approach to Server Disaster Recovery,” (Under Submission).  Susanta Nanda and Tzi-cker Chiueh, “Automatic Hardening of Web Service Security,” (Under Submission). TECHNICAL REPORTS  Susanta Nanda, Sumit Jain, K R Rajesh, and Tzi-cker Chiueh, “Linux Based Terminal Server,” Network Programming Course Project Report, Dec 2002.  Susanta Nanda and Nishit Verma, “Scanning and Processing of Forms,” B.Tech. Project Report, May 2000. RESEARCH EXPERIENCE Distributed Applications Security, Management, and Repair 1. GIFT: General dynamic Information Flow Tracking for Distributed Applications (June ’06 – April ‘07)  A general compiler framework to track information flow within and across processes and machines in a distributed environment  Supports information-flow tracking for direct memory updates, e.g. assignments, function parameters/return values, control transfers (implicit flows), IPC mechanisms (socket, shared memory, mmap, environment variables, message queues, pipes, FIFOs, etc), shared storage (files and databases)  Implemented as an extension to GCC through source transformation, hooking assignment statements, scope entries/exits, library and system routines, thus avoiding any program-specific changes  Support for arbitrary tags and initialization/propagation rules  Performance optimizations through code in-lining 2. Web Services Security (Dec ’06 – Oct’07)  Prevents attacks on web applications used in three-tier internet service architecture  Addresses most current attacks on web applications including SQL injection, Script injection (XSS), directory traversal, HTTP header injection, etc.  Uses GIFT infrastructure, full-blown SQL and HTML parsers, and adds relevant security checks to prevent attacks that are successful on most network and application level firewalls  Performance optimizations through parser avoidance algorithms 3. Attack Signature Generation for Vulnerable Web Services (Dec’06 – Present)  Given a server application and a network input that successfully launches an attack on the server, it generates a signature, a filter application, to capture the attack context and the attack payload  Uses GIFT to generate program trace and analyses the trace to generate a program slice to capture the attack to produce a filter program  Successfully generates signature programs for buffer overflow attacks and web application attacks such as SQL injection, Cross-site scripting, and CRLF injection 4. Repairable Three-Tier Internet Service (Mar’07 – Present)  Identifies the exact scope of damage when an attack is detected on a three-tier internet service and then repair the compromised service with minimal collateral damage
  • 3.  Exacts the damage scope by associating and propagating request-id tags starting from web requests, flowing through the three-tier web service architecture, up to disk/database writes  Leverages GIFT and the earlier work on repairable database systems (RDB) and repairable file systems (RFS) that support selective-undo for database transactions and file blocks Virtualization 1. Featherweight Virtual Machine (Jan ’04 – Dec’05)  A lightweight virtualization approach for Windows-based systems implemented at the system call interface, implemented using namespace virtualization  Each virtual machine sees its virtual OS along with its own file system, registry, IP address, and other resources  Virtualizes Processes, Files, Registry, Network, Objects, and Services through renaming at the system call interface  One virtual machine (VM) is isolated from rest of the VMs by carefully controlling communication schemes such as DDE messages, LPC/RPC, Sockets, Mail-slots, and so on.  Modifications to VMs through third-party and/or system services are also handled 2. Survey of Virtualization Technologies (Jan ’04 – Feb’04)  Studies virtualization approaches at multiple levels of abstraction: instruction-set architecture (Bochs, Transmeta Crusoe), hardware abstraction layer (QEMU, VMware, Virtual Server), operating system (Jail, Vserver), and applications (JVM, .NET)  Studies technologies like Paravirtualization (Xen, Denali), User-mode Linux, Cooperative Linux, and other details of various implementation techniques.  Draws a bigger picture, letting the reader put the individual technologies in context. 3. A Virtualization-based Disaster Recovery Solution (May ’05 – Feb’06)  A low-cost, end-to-end server disaster recovery solution using commodity hardware/software components targeted towards small- and medium-scale businesses  Implements using asynchronous WAN-mirroring approach combined with a regional backup for dirty block buffers  Proposes a virtualization-based solution for easy mobility, masking hardware differences, and quick-restart  Implements mechanisms to monitor, detect, and recover from disasters automatically  Guarantees: Data loss < 10MB, RTO < 30s, Throughput < 7% 4. Physical Presence Verification (Mar ’06 – Present)  Exploits x86 System Management Mode (SMM) to implement a micro-hypervisor that is hidden from the OS  Provides a reliable mechanism that enables applications to ask for physical presence proof by asking the user to type keystrokes or move the pointer  The mechanism is guaranteed to work even when sophisticated in-kernel root-kits are present on the system Binary Analysis and Instrumentation 1. BIRD: Binary Interpretation using Runtime Disassembly (Dec ’03 – Aug’05)  An interpretation engine for Windows PE binaries based on x86 instruction set  Provides a generic infrastructure for binary analysis and instrumentation  Interprets all the DLLs that the application binary uses during its execution  Combines static analysis and dynamic (runtime) monitoring for interpretation and instrumentation  Implements using a hybrid disassembly technique and x86/Win32 debugging Support  Overall overhead is less than 10% for most batch and server applications 2. FOOD: Foreign Code Detection (Sept ’04 – Dec’05)  A defense for unauthorized execution of binaries (EXE/DLL, ActiveX components, etc) and control-hijacking attacks on Windows/x86 platform  Prevents control-hijacking attacks such as return-to-libc, buffer overrun, and function pointer modification  Prevents execution of binaries that enter the system through back-doors (such as ActiveX) using load-time image verification techniques  Efficiently implements through runtime binary rewriting using the BIRD infrastructure  Overhead is within 35% and is much faster compared to implementation using encryption techniques Thin-client Computing 1. Multi-user Virtual Network Computing (May ’03 – Dec ’03)
  • 4.  A terminal service implementation using a frame-buffer virtualization approach  An extension to the Windows-based VNC implementation to support multiple users by sharing one frame-buffer where client windows can possibly overlap  Multiplexes user input (keyboard, mouse) as well as display in the server computer, supports multiple single- window clients from multiple client computers 2. Linux Based Terminal Server (Sept ’02 – Dec ’02)  Provides terminal services for Windows- and Linux-based applications hosted on a Linux server using VNC  Uses WINE to support Windows API on top of X11/UNIX and thereby enabling Win32 applications  Supports MS Office Application Suite, IE, etc and analyzes the scalability of the architecture used 3. OfficeTunnel (Oct ’00 - Aug ’02)  Secured, restricted access to office computing environment from anywhere in the internet  Support for variety of client devices that include PDAs, Pocket PCs, WAP phones, normal phones, and PCs  Supported applications/services: email, files/folders, corporate directories, calendar, intranet, voice mail  Keywords: Distributed system, Unified messaging, Firewall tunneling, Document translation Networking 1. Viking: A Multi-Spanning-Tree Ethernet Architecture for Metropolitan and Cluster Networks (Sep ’02 - June ’03)  A scalable, reliable Ethernet architecture for metropolitan area networks using commodity switches  Uses VLAN technology in a novel way to increase throughput by improving link utilization and reducing failovers on the same underlying network topology  Pre-computed multiple routes for each host pair and the failure period is around 600-800ms 2. Time-Based Fast URL Filter (Nov ’02 – Dec ‘02) 1. A web-proxy that filters using both string-based URLs as well as IP addresses 2. Supports dynamic filtering policies based on time Miscellaneous 1. Dialogic Card Support into a Telephony Platform (July ’00 – Sept ‘00) 2. Software replacement for Optical Mark Reader (Aug ’99 – Apr ’00) 3. GNU Compatible front-end for Ada Compiler (Jan ’99 – Apr ’99) 4. SRMNAK: Scalable Reliable Multicasting with Negative AcKnowledgement (May ’99 – July ’99) RELEVANT SKILLS System Internals: Operating Systems: Windows 2K/XP, Linux Binaries: Portable Executable (PE), ELF, DLLs Debuggers: kd, gdb, Win32 debug Kernel Extensions: DDK, LKM X86 ISA: Protected, Real, Virtual 8086, and SMM modes, VMX, Debugging support Subsystems: X11, WINE, Win32, VNC/RFB/Windows Terminal Server Virtualization Internals Paravirtualization: Xen, VMI, Denali Full Virtualization: VMware Workstation/ESX, Virtual PC/Server, QEMU, Bochs Hardware Virtualization: Intel Vanderpool (VT-x), AMD Pacifica (SVM) OS virtualization: Solaris zones/containers, Linux Vserver, Windows FVM, FreeBSD Jail Programming Languages: C, C++, Visual C++, x86 assembly, Java Tools: UNIX shell-scripts, SimScript, PERL/PHP/Python, Lex/Yacc/Bison, Expect, SQL, and Java technologies. Operating Environments: Linux, Solaris, Windows 2K/XP AWARDS AND DISTINCTIONS  Presidential Fellowship, 2002-03, SUNY at Stony Brook, New York  Excellent Performer Award, 2000, Lucent Technologies Inc, Pune, INDIA  Notional Award of Merit for excellent academic performance, 1997-98, IIT Kanpur, INDIA  Top 0.06% among 150,000 participants in I.I.T. Joint Entrance Exam 1996, INDIA
  • 5. PERSONAL INFORMATION Country of Citizenship: India Immigration Status: Student Visa (F1)