|
 |
I am a senior researcher in the networking group at the International Computer Science Institute, Berkeley, CA. I am also a member of the Advanced Computing for Science Department at the Lawrence Berkeley National Laboratory, and I work with the Lab's cyber security team. Before coming out to Berkeley, I was a Ph.D. student in Anja Feldmann's group at TU München, Germany (now at Deutsche Telekom Laboratories). Before that, I got a diploma in Computer Science from University of Paderborn, Germany.
(Full CV on request.)
My primary research focus is the network security area, with a particular emphasis on high-performance network monitoring in operational settings. More generally, I'm interested in understanding the capabilities and limitations of network technology as well as the characteristics of real-world Internet traffic.
There is a list of my publications as well as a selection of slides I used for talks.
From time to time I also contribute to the blog of ICSI's networking group.
The Bro network intrusion detection system.
The Time Machine, a high-performance packet bulk recorder.
Understanding and Managing the Impact of Global Inference on Online Privacy (National Science Foundation, 2011-2014)
A Concurrency Model for Deep Stateful Network Security Monitoring (Cisco Research, 2011-2012)
Cybersecurity and Networking: NIDS Front-End for Load Balancing at 100 Gigabits (Department of Energy, 2011-2013, with cPacket Networks and NERSC)
Enhancing Bro for Operational Network Security Monitoring in Scientific Environments (National Science Foundation, 2010-2013)
A Mathematical and Data-Driven Approach to Intrusion Detection for High-Performance Computing (Department of Energy, 2010-2012, with LBNL and UC Davis.)
A High-Performance Abstract Machine for Network Intrusion Detection (National Science Foundation, 2009-2012)
Invigorating Empirical Network Research via Mediated Trace Analysis (National Science Foundation, 2009-2012)
Network Monitoring Infrastructure For Research in a Large-Scale Operational Environment (National Science Foundation, 2009-2011)
High Performance Networks - Compilation and Optimization of Protocol Analyzers (Department of Energy, 2009-2011, with Reservoir Labs)
Collaborative Research: Comprehensive Application Analysis and Control (National Science Foundation, 2008-2012)
Establishing a Cross-Institutional Platform for Cooperative Security Monitoring and Forensics (National Science Foundation, 2007-2011)
Exploiting Multi-Core CPUs for Parallelizing Network Intrusion Prevention (National Science Foundation, 2007-2010)
Approaches to Network Defense Proven in Open Scientific Environments (National Science Foundation, 2007-2009)
Vice Chair IEEE S&P 2012
Treasurer IEEE S&P 2011
Program Chair DIMVA 2007
Program Committee NDSS 2012.
Program Committee AISec 2011.
Program Committee EuroSec 2012 2011
Program Committee EC2ND 2011, 2010
Program Committee Networking 2010, 2009
Program Committee SAC 2010 - INFSEC Track
Program Committee CoNGN 2008
Program Committee ICISS 2008
Program Committee IEEE MCN 2008
Program Committee CRITIS 2007
My implementation of a hook script for git to send out notification emails, git-notifier.
A set of scripts, BTest, providing a simple framework for shell-based unit tests.
A Python module providing bindings for Broccoli, Bro's client communication library.
A Python script, trace-summary, which generates summaries of network traffic from either libpcap traces or Bro connection logs.
The Python module PySubnetTree provides an efficient data structure for doing longest-prefix CIDR lookups.
A small tool called capstats to collect real-time statistics from a network interface.
A little patch and some scripts for using abook with mutt.
Some add-ons for flow-tools.
A Linux kernel patch for capturing network packets by non-roots.
A patch which adds two-dimensional workspace selection to DesktopManager (for Mac OS X).
A dict.leo.org mode for the JED editor.