Tell us a little about yourself.
I am an Associate professor in the department of Computer and Information Science and engineering at the University of Florida. I came to the University of Florida in the year of 2014, as a part of the rising to national preeminence initiative with the goal of developing a nationally recognized program in cybersecurity. I was the co-director of the SENSEI lab which developed into the FICS Research Institute.
My research focus is on the security of computer systems in particular I address the issues of how do we insure that devices we are interacting with are trustworthy? How do we insure the information that they are generating is trustworthy? How do we show the chain of trustworthiness from the time the data is created until the time it’s actually been used? I look at all aspects of systems from storage and embedded systems to networks in some cases looking at mobile security, privacy and policy as well.
Has the role of computer security changed over the years?
Security has become a very interesting place to be… the world has become a lot more computerized and a lot our critical systems are internet connected or done electronically…now a days cyber warfare is used as an instrument of foreign policy in many cases, it’s part of a national defense and national offense posture nations states are essentially conducting a cold war of cyber activity so the stakes are very different.
The role of computer security is very different as well over the last few years we’ve seen a number of instances here in the U.S. alone of how computer security and breaches of computer security have had wide range of implications politically, economically and diplomatically. The world is very different place then it used to be when it comes to computer security this area can have a real impact on how the country and or nation as a whole actually operates through what we find in computer science and computer security research.
What projects are you currently working?
We have a number of projects on the go. Some of the recent very interesting projects that we’ve been looking at include, looking at the security of USB devices your flash drives or even webcams etc. the thought is that these devices aren’t very secure there have been a number of high profile cases in where somebodies plugged in a USB drive into their work computer and end up putting malware throughout the system. USB is very important technology perhaps more important now then its every been …we have computers like my MAC book in which the only USB ports everything goes through USB… we’ve done a lot of work in trying to make sure that these devices are safer and we have some work recently that looks at trying to figure out if a device is trustworthy even before you plug it in. When it is examined we try to figure out what’s running on the device? If the device is acting the way that we expect it to or not? Whether it potentially got malicious code embedded inside or not? This is work that is going to be presented in a couple of months at some major security conferences. What is important for people to understand especially with the internet of things and all of these devices with computing being able to vet ahead of time that they are actually trustworthy and that there not containing malicious code…
Is Public Wi-Fi secure?
When you’re on public Wi-Fi you never really know what you’re getting, you have to be extra careful about the information that you’re sending and the way that you’re sending it. When you’re on the public Wi-Fi network anything that you type could be getting intercepted by someone who is listening in. Let’s say If you are employed by the UF then you should be using the UF VPN that will ensure that all of your communications are encrypted make sure any websites you are using are https enabled so that way there’s encryption on the connection if anything is being sent unencrypted then it’s just there for anybody to be able to listen in on pick up on.
What impact does developing technology have on society?
Were at a very interesting time in history, we as computer scientist and working in computer security in particular have an extraordinarily large amount of potential influence on how society is going to function over the next few years decades and generations. The things that we decide to do know that are adopted into law or policy are going to have far reaching implications. I’m not a professor of philosophy, I’m not a professional effuses but these questions of where is the line between the security of society and freedom of the individual are things that were grappling with and people who are very well educated in these areas have opinions on both sides.
How much privacy do you have on open networks eg. Work?
Companies already have the ability to arbitrarily read your email anytime you’re on their network, anything you do on their network is considered there’s because you’re an employee. I’ve never really fully understood that myself…of course as as UF employees everything we say is on the record.
Will your countermeasure be software or hardware?
Right now we have a software based solution that will tell you ahead of time if a device is untrustworthy. Eventually it would be great if you could plug something in and then basically asking it to do a couple of routines to figure out whether it’s acting the way it should be or not. One of our research questions is how do we ensure that once a device is out there for example in your home or in an environment that it is still as trustworthy as it was when it was put out there, that it hasn’t been changed or attacked by malware?
How safe are devices interactive devices like Alexa?
Alexa picks up everything that’s being said around it, there is a story a couple of months ago that brings up a lot of questions. A six year old said to Alexa “Alexa I want a dollhouse.” Alexa searched Amazon, found the most popular dollhouse, ordered it and it showed up at the house. This story made the local news and as its being reported the newscaster quotes the six year old and everybody who was tuned in who had an Alexa home device initiated hundreds if not thousands of dollhouses being delivered to the homes of the viewers. Now the question is how do we ensure that when we have these voice activated systems in our homes that only the authorized voice are activating them? How do we ensure they are only coming on when activated and are not being used to listen in on households and if they are listening how do you stop from doing so?
How far along in research and technological advances are we from the charismatic Sci-Fi or Mission impossible gadgets we grow to admire e.g. voice authentication?
Voice authentication is a hard problem because using voice as a biometric mechanism can be difficult because there are a lot of elements to be figured out for example when you have a cold you know your voice sounds different if you were out on town and you’re a little horse in the morning will the system recognize you as the same person? How close does something have to be to mimic you to sound just like you? There’s also the liveness problem, what happens if somebody is able to record your voice and just play it back they would have all access to pertinent information…
Do Smart TV’s have the ability to impose on your privacy?
A few years ago I wrote a short paper with some of my students on how the Microsoft connect could be used to read lips of people in the room. If you have camera on something even if there’s no sound. Our goal was to figure out if there are a number of people in the room could you just look at based on what being observed if the sound isn’t on… it isn’t quite there yet but we figured out if your within a couple of feet of a Microsoft connect then it has the capabilities to be able to look at the shape of your mouth based on doing some processing be able to figure out what syllables you are saying and put words together.
It is not inconceivable that these thing will be able to read your lips sometime in the not too distant future. A lot of folks I know for example have put a piece of duct tape on their laptops because you never know if anybody’s watching through it, if your computer or your Smart TV for that matter has malicious code on it and somebodies able to turn on the recording it could be happening. As the old saying goes you’re not paranoid if they are really out to get you.
Since receiving your CAREER award in 2013 what projects and or research has it helped you pursue?
The Career award was very helpful to me in helping define a long-term research agenda a lot of what I’ve talked about now its genesis was created in part by my career proposal. It’s helped us to be able to look at the issues of how is data is handled in a trustworthy fashion my career proposal was about looking at storage that is independently secure. How do we ensure that trustworthy data is being stored in a trustworthy fashion? Can those storage devices themselves be able to say something about the authenticity of the data that they are storing and ensure that it’s authentic all the way through?
So we’ve done a lot of work since then in the area trustworthy provenance. The idea behind data provenance as it says what is happened over to data over its lifetime? From the time it was created to its current state. The term itself provenance is a French term it comes from the art world. It’s the way by which you can look at an old Picasso or even older Da Vinci and know that it’s actually legitimate. Art collectors have books that are associated with any of those rare paintings that can be tens of pages long that details that say everywhere that the painting has ever been …
It is really important to know where data is coming from. Other important details are if somebody tampered with it along the way? What other processes have looked at the data? Who’s been reading or writing this data? How can you vouch for the integrity of your data? This really important. So we’ve created mechanisms to show how to generate very fine grained provenance data that is secure in terms of how it’s collected and can’t be tampered with.
Actually one of my now former students is a professor at the University of Illinois and did his dissertation work in this area so that is something that the career proposal helped to support as well as some of the work and secured embedded systems and there trustworthiness in storage…
What inspired you to pursue Computer and Information Science and Engineering?
…What really fascinated me about computers was when I first used the internet in 1993. The World Wide Web had just been created, … I found internet discussion boards and I thought it was the most fascinating thing ever … there was this ability to instantly communicate with just about anyone in the world. … I was taking a chemistry class and I asked question that my teacher encouraged me to figure out on my own. I went to this newfangled internet thing into one of these groups on chemistry and asked the same question, within a day somebody from Berkley and Oxford responded. I thought this was unimaginably great! It blew my mind, this ability to move through space and talk to anybody in the world instantly was amazing…
What is your vision for CS at FICS and what role do you play?
I came to the UF with the goal of creating a cybersecurity program with both national and international recognition. I believe that in the time that I’ve been here we’ve largely managed to do that. We’ve had tremendous support from the institution that were very grateful for and we’ve been able to hire, just excellent people and our students have been great. Our goal at this point I think is to keep expanding the role of what we do in security, maybe try grappling with some of those larger scaled questions that are fundamental to modern society. I think that that is an ambitious thing to say but given the bounty of talent that we have here were in a rare and unique position to make really lasting and sustained impact.
What advice would you give to students to help them move past obstacles in an important project?
The best thing I think you can do is take advantage of the resources around you. Your fellow students have a lot to offer, they are really smart people and if you can find anyone who is generous with their time who is willing to listen to you talk about what you’re doing and offer advice you may find that it’s a great way in moving forward. Take some time for yourself if you think that you’ve been beating your head against a wall … take a break go for a bike ride go for a run do some yoga the important thing is taking care of yourself and trying not to get overly stressed, this can help you come back and look at a problem in a different way…
What is your favorite hobby?
I enjoy hiking, biking… photography and cooking. I’ve been dabbling with BBQ recently it’s been exciting making slow cooked ribs and brisket. I bought a pizza stone a few days ago so I’ve been working on creating full Italian style pizzas… My very first job was as a dishwasher in a restaurant. A friend of the family was a very well regarded chef so I’ve learned a lot about cooking from him along the way. There’s something about cooking that is fun theirs some direction that should be followed but also allots some creativity…
What are your future career plans?
Well hopefully I stay employed as a professor if all goes well… my professional goal is to grow the profile of our research group here of FICS research and have some more students graduate and do great things … I enjoy being a researcher and working on these hard problems but it’s equally satisfying to watch students who learn from me and establish notable careers.
Who is or was your favorite comic book character and why?
I am from Canada originally, so I suppose I have a soft spot for Wolverine he’s from Alberta, there was also briefly Marvel comics had a cartoon group called Alpha Flight and they were all Canadians that was pretty cool they didn’t last long…I’ve always been partial to Spiderman I think he has that kind of unassuming nature plus I love the wise cracks.
What is the best way to counter security issues given the influx of new technology?
I think that while the technology has changed the fundamental concepts are often very similar. I teach a systems security class and one of the first papers we read was written in 1972 my students initial response is why are you giving us a paper that was written in 1972, how relevant can it possible be? But they come back a week later and say you if replace a couple of the terms like change mainframe to PC; network to cloud and this paper could have been written two weeks ago.
A lot of the fundamentally hard problems and securing systems have been fundamentally hard for a long time. While the technologies might change the fundamental are the same. It’s important to look back on history as a guide as to what potential things could go wrong with new technology and think about how they have been solved in the past. We don’t try to teach particular technologies because they come and go but the fundamentals will be there for the rest of your career…
What books, magazines websites etc. would you recommend to student’s interest in the subjects that you teach and or career path?
There’s a lot of technical stuff there’s websites like Slashdot, Reddit, Ars Technica and Wired but even keeping up with The NY Times, Washington Post or CNN again because cybersecurity has become so fundamental a lot of things are actually covered in mainstream media. Actually just being aware of what’s out there and being informed is something that goes along way…
What do you hate the most? (i.e. cheese, a musical genre etc.)
I’ve never been really fond of black eyed peas and really ripe cantaloupe and really ripe papaya is too sweet for me…
If you could only choose one song to play every time you walked into a room for the rest of your life, what would it be?
When I got married we walked into our reception to Kanya West’s “Power” it’s a pretty good way to be introducted.
Who is your biggest CS influence and why?
My biggest influence in terms of getting me where I am today is probably my graduate advisor Dr. Patrick McDaniel. Just seeing how the business of being in academia … building a lab… getting the support, pick me ups and the hard lessons when they were necessary, learning what it meant to do this as a career was I think creating a lasting impact…ones relationship with their advisor is a very important it’s helps to get you through… He’s been a huge influence in getting me to where I am now…
What did you want to be when you grew up?
I wanted to be diplomat, my dad was actually a diplomat, unfortunately he died when I was very young but I always thought that a diplomat was a really cool job they got to travel around world and they got to talk about world things and that seemed cool I also thought being a bus driver would be cool but not like a short distance bus driver I wanted to be like a greyhound bus driver, I really loved long bus trips we used to take them a lot my grandparents lived about 10hours away by bus so I would spend my time on the bus bothering the bus driver about what stop was coming up next, I was a weird kid I think that why I learned to love networks it came from hanging out at bus stations seeing where things were and were they were going.
What do you think cats dream about?
Probably some combination of catnip birds and how they’re going to ignore the next person they see.