Cambridge I am a Senior Research Associate in the Security Research Group at the University of Cambridge Computer Laboratory; from October 2012, I will also be a research fellow at St John's College Cambridge. Previously, I completed a PhD in computer security at the laboratory, and before that worked in a series of industry reseach labs investigating operating systems, networking, and security. I have strong interests in open source software, including being on the board of directors of the FreeBSD Foundation and have contributed extensively to the FreeBSD Project. Research interests I lead a number of research projects spanning the security, computer architecture, and network + operating system research groups at the Computer Laboratory. These include projects sponsored by DARPA and Google: CTSRD, a revisiting of the software-hardware interface in support of security, MRC2, an application of capability security ideas in cloud computing environments, and SOAAP, investigating automated software decomposition for security analysis. More generally, I am interested in ... Concurrency vulnerabilities -- security vulnerabilities rooted in increasingly available concurrency for operating systems, distributed systems, and applications. Operating system access control, especially as related to application containment, including software capability systems, and the impact of OS security primitives on the structure of security-aware applications. Highly-scalable network stacks running on multiprocessor systems. Extensions to commodity instruction set architectures (ISAs) to support scalable, fine-grained compartmentalisation -- a contemporary revisiting of capabilities and type-safe hardware ideas last proposed in the 1970s. Projects Past and recent projects include: Capsicum: practical capabilities for UNIX: In this work, we developed the notion of a hybrid capability model, blending ideas from research capability system security with commodity UNIX operating systems. Capsicum is intended to support application and library compartmentalisation through extensions to the POSIX API. A key concern in Capsicum is incremental adoption --- we have a long-term vision for capability-oriented security, but wanted to provide a short-term technology adoption path addressing immediate security problems without introducing fundamental incompatibilities (an assumption in prior OS capability systems). Capsicum will appear in FreeBSD 9.0; patches are available for OpenBSD, and there is a work-in-progress port of Capsicum to Linux by Google. Exploiting concurrency vulnerabilities in system call wrappers: historically, a number of operating system vendors, researchers, and third-party security vendors (such as anti-virus vendors) have relied on system call interposition to augment the OS security model. In this work, I explored inherent concurrency vulnerabilities that exist in the model. We now teach this as an exercise to our Part II security students, who must exploit vulnerabilities in Systrace to deface a web site. The TrustedBSD Project: brought features traditionally limited to "trusted" operating systems into open source, including mature security event auditing, extensible kernel access control in support of mandatory access control access control (MAC), and discretionary access control (DAC) extensions such as access control lists (ACLs). These features have been adopted by a number of vendors including the FreeBSD Project, in Apple's Mac OS X and iOS operating systems, Juniper's JunOS, McAfee's Sidewinder firewall, and others. Industry Prior to coming to Cambridge, I worked for a series of industrial research labs in the US, including Trusted Information Systems and McAfee Research. While there I lead a number of network and operating system security research projects for government and industrial sponsors, including DARPA, the US Navy, Apple Computer, and others. Past projects include the TrustedBSD MAC Framework, Mac OS X Audit Subsystem, adaptations of NSA's FLASK/TE security architecture to FreeBSD (SEBSD) and Mac OS X/Darwin (SEDarwin), as well as work on DNSSEC, distributed denial of service, and active networking. Prior to that, during my undergraduate degree at Carnegie Mellon University, I worked on model checking to verify operating system security properties, and the Coda distributed file system. I continue to offer consulting services to companies in the areas of open source integration for products, network stack performance, and operating system audit and access control. Please contact me directly with any queries. FreeBSD Project and Foundation In addition to my academic work, I'm on the board of directors of the FreeBSD Foundation, a US-based non-profit foundation supporting the open source FreeBSD Project. I'm an active contributor to the project, working in the areas of multiprocessor-centric network stacks, operating system security audit, and mandatory access control. I'm a member of the FreeBSD Project's elected project management team, the FreeBSD Core Team, as well as on the release engineerinand security officer teams. Papers, etc. You can find a list of citations, including specific information on recent projects, talks, and papers on my personal home page.