I've published and contributed to many research projects. All of them are open sourced and this page lists all the projects that I've either created or significantly contributed to.
CRIMES: Using Evidence to Secure the Cloud, is an evidence based, modular security framework for cloud platforms that uses speculative execution coupled with memory introspection tools such as Volatility to detect malicious behavior in real time. CRIMES incurs less overhead compared to memory protection tools such as AddressSanitizer, while offering valuable forensic analysis for buffer overflow attacks and malware detection across multiple applications and the OS.
MIMP: Deadline and Interference aware scheduling of Hadoop Virtual Machines is a framework designed to increase the overall utilization of the compute power in the data center.
Virtualization promised to dramatically increase server utilization levels, yet many data centers are still only lightly loaded. In some ways, big data applications are an ideal fit for using this residual capacity to perform meaningful work, but the high level of interference between interactive and batch processing workloads currently prevents this from being a practical solution in virtualized environments.
MIMP has two schedulers: one in the virtualization layer designed to minimize interference on high priority interactive services, and one in the Hadoop framework that helps batch processing jobs meet their own performance deadlines
Multi-Cache: Dynamic, Efficient Partitioning for Multi-Tier Caches in Consolidated VM Environments, is a multi-layer cache management system that uses a combination of cache devices of varied speed and cost such as solid state drives, non-volatile memories, etc to mitigate this problem. Multi-Cache partitions each device dynamically at runtime according to the workload of each VM and its priority.
In this project, we formulated and investigated the novel problem of finding the skyline k-tuple groups from an n-tuple data set—i.e., groups of k tuples which are not dominated by any other group of equal size, based on aggregate-based group dominance relationship. The major technical challenge was to identify effective anti-monotonic properties for pruning the search space of skyline groups.
Scalable Cloud Security via Asynchronous Virtual Machine Introspection: ScaaS, a security Scanning as a Service framework for cloud platforms that uses frequent virtual machine checkpointing coupled with memory introspection techniques to detect bugs and malicious behavior in real time.
Swiper is a framework that demonstrates a new type of security vulnerability caused by competition between virtual I/O workloads - i.e., by leveraging the competition for shared resources, an adversary could intentionally slow down the execution of a targeted application in a VM that shares the same hardware.
We conducted a comprehensive set of experiments in AWS to demonstrate that Swiper is capable of significantly slowing down various server applications while consuming only a small amount of resources.