I'm currently working on a PhD with the Security Research Group at the University of Cambridge Computer Laboratory, having spent six years working in industry on a variety of security related research projects. My employers over that time included Trusted Information Systems, Network Associates Laboratories (TIS Labs, NAI Labs, ..), McAfee Research, and SPARTA ISSO. My experience includes leading the development of a number of network and operating system security research projects for sponsors such as DARPA, NSA, Apple Computer, the US Navy, and others. Past projects include the TrustedBSD MAC Framework, Mac OS X Audit Subsystem, adaptations of NSA's FLASK/TE security architecture to FreeBSD (SEBSD) and Mac OS X/Darwin (SEDarwin), as well as work on DNSSEC, distributed denial of service, and active networking. Prior to that, during my undergraduate degree at Carnegie Mellon University, I worked on model checking to verify operating system security properties, and the Coda distributed file system.
In my so-called free time, I'm an active participant in the open source FreeBSD operating project, founded the TrustedBSD Project, and have done a significant amount of work on both. Completed work includes the POSIX.1e ACL implementation found in FreeBSD, implementations of mandatory access control, flexible kernel access control frameworks, and the multi-processor capable network stack in FreeBSD 5.x and later. I'm member of the FreeBSD Core Team, Release Engineering Team, and Security Officer Team. I'm also president of the FreeBSD Foundation, a US-based non-profit supporting the development of the FreeBSD Project.
My current research interests include:
Some useful links: