Tel: (631)938-1227 Cell: (631)428-1167                              Address: 1405 Stony Brook Rd, Stony ...
 Susanta Nanda, Wei Li, Lap-Chung Lam, and Tzi-cker Chiueh, “BIRD: Binary Interpretation using Runtime
 Exacts the damage scope by associating and propagating request-id tags starting from web requests, flowing through
 A terminal service implementation using a frame-buffer virtualization approach
          An extension to the Windows-ba...
Country of Citizenship: India
Immigration Status: Student Visa (F1)
Upcoming SlideShare
Loading in...5

Abhishek Rai


Published on

Published in: Technology, Education
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Abhishek Rai

  1. 1. SUSANTA K. NANDA Tel: (631)938-1227 Cell: (631)428-1167 Address: 1405 Stony Brook Rd, Stony Brook, NY 11790 Email: Web: RESEARCH EXPERTISE Systems and applications security, virtualization technologies and their applications, binary analysis and instrumentation, disaster recovery, ubiquitous computing, and operating systems. EDUCATION Ph.D. (Computer Science) [GPA: 4.0/4.0] (Sept ‘02 - Present) Advisor: Prof. Tzi-cker Chiueh Computer Science Department, Stony Brook University M.S. (Computer Science)[GPA: 4.0/4.0] (Sept ‘02 – Dec’04) Advisor: Prof. Tzi-cker Chiueh Computer Science Department, Stony Brook University B.Tech. (Computer Science & Engineering) (July ’96 - May ’00) Indian Institute of Technology Kanpur, India WORK EXPERIENCE Experimental Computer Systems Lab, SUNY at Stony Brook (Sept ’02 - present)  Graduate Student Researcher Department of Computer Science, SUNY at Stony Brook (Sept ’05 – May’06)  Teaching Assistant (Courses: Network Security, Systems Security, Computer Security) IBM TJ Watson Research Centre, Hawthorne, NY (May ’05 - Aug ’05)  Summer Intern Network Data & Services Research, Bell Labs, Murray Hill, NJ (Oct ’00 - Aug ’02)  Member of Technical Staff - I Lucent Technologies Inc, Pune, India (July ‘00 - Sept ’00)  Consultant Novell Software, Bangalore, India (May ’99 - Jul ’99)  Summer Intern PUBLICATIONS  Srikant Sharma, Susanta Nanda, Kartik Gopalan, and Tzi-cker Chiueh, “Viking: A Multi-Spanning-Tree Ethernet Architecture for Metropolitan Area and Cluster Networks,” IEEE INFOCOMM 2004.  Susanta Nanda and Tzi-cker Chiueh, “A Survey of Virtualization Technologies,” Research Proficiency Report, Stony Brook, ECSL-TR-179, February 2005.
  2. 2.  Susanta Nanda, Wei Li, Lap-Chung Lam, and Tzi-cker Chiueh, “BIRD: Binary Interpretation using Runtime Disassembly,” in Proceedings of the 4th Annual ACM/IEEE International Symposium on Code Generation and Optimization (CGO'06), Manhattan, New York, USA, March 2006.  Yang Yu, Fanglu Guo, Susanta Nanda, Lap-Chung Lam, and Tzi-cker Chiueh, “A Feather-weight Virtual Machine for Windows Applications,” in Proceedings of the 2nd ACM/USENIX Conference on Virtual Execution Environments (VEE'06), Ottawa, Canada, June 2006.  Susanta Nanda, Wei Li, Lap-Chung Lam, and Tzi-cker Chiueh, “Foreign Code Detection on the Windows/X86 Platform,” in Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC'06), Miami, Florida, USA, December 2006.  Susanta Nanda, Lap-Chung Lam, and Tzi-cker Chiueh, “Dynamic Multi-Process Information Flow Tracking for Web Applications Security,” 8th ACM/IFIP/USENIX International Middleware Conference (Middleware’07), Newport Beach, California, USA, November 2007.  Susanta Nanda, John Reumann, Anees Shaikh, and Debanjan Saha, “VDRS: An Inexpensive Approach to Server Disaster Recovery,” (Under Submission).  Susanta Nanda and Tzi-cker Chiueh, “Automatic Hardening of Web Service Security,” (Under Submission). TECHNICAL REPORTS  Susanta Nanda, Sumit Jain, K R Rajesh, and Tzi-cker Chiueh, “Linux Based Terminal Server,” Network Programming Course Project Report, Dec 2002.  Susanta Nanda and Nishit Verma, “Scanning and Processing of Forms,” B.Tech. Project Report, May 2000. RESEARCH EXPERIENCE Distributed Applications Security, Management, and Repair 1. GIFT: General dynamic Information Flow Tracking for Distributed Applications (June ’06 – April ‘07)  A general compiler framework to track information flow within and across processes and machines in a distributed environment  Supports information-flow tracking for direct memory updates, e.g. assignments, function parameters/return values, control transfers (implicit flows), IPC mechanisms (socket, shared memory, mmap, environment variables, message queues, pipes, FIFOs, etc), shared storage (files and databases)  Implemented as an extension to GCC through source transformation, hooking assignment statements, scope entries/exits, library and system routines, thus avoiding any program-specific changes  Support for arbitrary tags and initialization/propagation rules  Performance optimizations through code in-lining 2. Web Services Security (Dec ’06 – Oct’07)  Prevents attacks on web applications used in three-tier internet service architecture  Addresses most current attacks on web applications including SQL injection, Script injection (XSS), directory traversal, HTTP header injection, etc.  Uses GIFT infrastructure, full-blown SQL and HTML parsers, and adds relevant security checks to prevent attacks that are successful on most network and application level firewalls  Performance optimizations through parser avoidance algorithms 3. Attack Signature Generation for Vulnerable Web Services (Dec’06 – Present)  Given a server application and a network input that successfully launches an attack on the server, it generates a signature, a filter application, to capture the attack context and the attack payload  Uses GIFT to generate program trace and analyses the trace to generate a program slice to capture the attack to produce a filter program  Successfully generates signature programs for buffer overflow attacks and web application attacks such as SQL injection, Cross-site scripting, and CRLF injection 4. Repairable Three-Tier Internet Service (Mar’07 – Present)  Identifies the exact scope of damage when an attack is detected on a three-tier internet service and then repair the compromised service with minimal collateral damage
  3. 3.  Exacts the damage scope by associating and propagating request-id tags starting from web requests, flowing through the three-tier web service architecture, up to disk/database writes  Leverages GIFT and the earlier work on repairable database systems (RDB) and repairable file systems (RFS) that support selective-undo for database transactions and file blocks Virtualization 1. Featherweight Virtual Machine (Jan ’04 – Dec’05)  A lightweight virtualization approach for Windows-based systems implemented at the system call interface, implemented using namespace virtualization  Each virtual machine sees its virtual OS along with its own file system, registry, IP address, and other resources  Virtualizes Processes, Files, Registry, Network, Objects, and Services through renaming at the system call interface  One virtual machine (VM) is isolated from rest of the VMs by carefully controlling communication schemes such as DDE messages, LPC/RPC, Sockets, Mail-slots, and so on.  Modifications to VMs through third-party and/or system services are also handled 2. Survey of Virtualization Technologies (Jan ’04 – Feb’04)  Studies virtualization approaches at multiple levels of abstraction: instruction-set architecture (Bochs, Transmeta Crusoe), hardware abstraction layer (QEMU, VMware, Virtual Server), operating system (Jail, Vserver), and applications (JVM, .NET)  Studies technologies like Paravirtualization (Xen, Denali), User-mode Linux, Cooperative Linux, and other details of various implementation techniques.  Draws a bigger picture, letting the reader put the individual technologies in context. 3. A Virtualization-based Disaster Recovery Solution (May ’05 – Feb’06)  A low-cost, end-to-end server disaster recovery solution using commodity hardware/software components targeted towards small- and medium-scale businesses  Implements using asynchronous WAN-mirroring approach combined with a regional backup for dirty block buffers  Proposes a virtualization-based solution for easy mobility, masking hardware differences, and quick-restart  Implements mechanisms to monitor, detect, and recover from disasters automatically  Guarantees: Data loss < 10MB, RTO < 30s, Throughput < 7% 4. Physical Presence Verification (Mar ’06 – Present)  Exploits x86 System Management Mode (SMM) to implement a micro-hypervisor that is hidden from the OS  Provides a reliable mechanism that enables applications to ask for physical presence proof by asking the user to type keystrokes or move the pointer  The mechanism is guaranteed to work even when sophisticated in-kernel root-kits are present on the system Binary Analysis and Instrumentation 1. BIRD: Binary Interpretation using Runtime Disassembly (Dec ’03 – Aug’05)  An interpretation engine for Windows PE binaries based on x86 instruction set  Provides a generic infrastructure for binary analysis and instrumentation  Interprets all the DLLs that the application binary uses during its execution  Combines static analysis and dynamic (runtime) monitoring for interpretation and instrumentation  Implements using a hybrid disassembly technique and x86/Win32 debugging Support  Overall overhead is less than 10% for most batch and server applications 2. FOOD: Foreign Code Detection (Sept ’04 – Dec’05)  A defense for unauthorized execution of binaries (EXE/DLL, ActiveX components, etc) and control-hijacking attacks on Windows/x86 platform  Prevents control-hijacking attacks such as return-to-libc, buffer overrun, and function pointer modification  Prevents execution of binaries that enter the system through back-doors (such as ActiveX) using load-time image verification techniques  Efficiently implements through runtime binary rewriting using the BIRD infrastructure  Overhead is within 35% and is much faster compared to implementation using encryption techniques Thin-client Computing 1. Multi-user Virtual Network Computing (May ’03 – Dec ’03)
  4. 4.  A terminal service implementation using a frame-buffer virtualization approach  An extension to the Windows-based VNC implementation to support multiple users by sharing one frame-buffer where client windows can possibly overlap  Multiplexes user input (keyboard, mouse) as well as display in the server computer, supports multiple single- window clients from multiple client computers 2. Linux Based Terminal Server (Sept ’02 – Dec ’02)  Provides terminal services for Windows- and Linux-based applications hosted on a Linux server using VNC  Uses WINE to support Windows API on top of X11/UNIX and thereby enabling Win32 applications  Supports MS Office Application Suite, IE, etc and analyzes the scalability of the architecture used 3. OfficeTunnel (Oct ’00 - Aug ’02)  Secured, restricted access to office computing environment from anywhere in the internet  Support for variety of client devices that include PDAs, Pocket PCs, WAP phones, normal phones, and PCs  Supported applications/services: email, files/folders, corporate directories, calendar, intranet, voice mail  Keywords: Distributed system, Unified messaging, Firewall tunneling, Document translation Networking 1. Viking: A Multi-Spanning-Tree Ethernet Architecture for Metropolitan and Cluster Networks (Sep ’02 - June ’03)  A scalable, reliable Ethernet architecture for metropolitan area networks using commodity switches  Uses VLAN technology in a novel way to increase throughput by improving link utilization and reducing failovers on the same underlying network topology  Pre-computed multiple routes for each host pair and the failure period is around 600-800ms 2. Time-Based Fast URL Filter (Nov ’02 – Dec ‘02) 1. A web-proxy that filters using both string-based URLs as well as IP addresses 2. Supports dynamic filtering policies based on time Miscellaneous 1. Dialogic Card Support into a Telephony Platform (July ’00 – Sept ‘00) 2. Software replacement for Optical Mark Reader (Aug ’99 – Apr ’00) 3. GNU Compatible front-end for Ada Compiler (Jan ’99 – Apr ’99) 4. SRMNAK: Scalable Reliable Multicasting with Negative AcKnowledgement (May ’99 – July ’99) RELEVANT SKILLS System Internals: Operating Systems: Windows 2K/XP, Linux Binaries: Portable Executable (PE), ELF, DLLs Debuggers: kd, gdb, Win32 debug Kernel Extensions: DDK, LKM X86 ISA: Protected, Real, Virtual 8086, and SMM modes, VMX, Debugging support Subsystems: X11, WINE, Win32, VNC/RFB/Windows Terminal Server Virtualization Internals Paravirtualization: Xen, VMI, Denali Full Virtualization: VMware Workstation/ESX, Virtual PC/Server, QEMU, Bochs Hardware Virtualization: Intel Vanderpool (VT-x), AMD Pacifica (SVM) OS virtualization: Solaris zones/containers, Linux Vserver, Windows FVM, FreeBSD Jail Programming Languages: C, C++, Visual C++, x86 assembly, Java Tools: UNIX shell-scripts, SimScript, PERL/PHP/Python, Lex/Yacc/Bison, Expect, SQL, and Java technologies. Operating Environments: Linux, Solaris, Windows 2K/XP AWARDS AND DISTINCTIONS  Presidential Fellowship, 2002-03, SUNY at Stony Brook, New York  Excellent Performer Award, 2000, Lucent Technologies Inc, Pune, INDIA  Notional Award of Merit for excellent academic performance, 1997-98, IIT Kanpur, INDIA  Top 0.06% among 150,000 participants in I.I.T. Joint Entrance Exam 1996, INDIA
  5. 5. PERSONAL INFORMATION Country of Citizenship: India Immigration Status: Student Visa (F1)