My current research focuses on security and resiliency for large-scale distributed systems. My current projects are exploring issues specifically related to the global Internet BGP routing system, the DNS naming system, and the design of future Internet architectures. More generally, the results and ideas are applicable to any system whose characteristics include imperfect components, distributed control, and large scale.

Until recently, security has often been an after-thought to algorithm and protocol design. Critical basic protocols such as BGP and DNS contain virtually no security features and are vulnerable to a wide range of attacks. More recently, efforts have attempted to correct this. For example, I helped develop the DNS Security Extensions (DNSSEC) to improve the overall security of the DNS system. However, we quickly found the existing standard, though theoretically sound, was not feasible for a large-scale distributed system and our work helped lead to a revision of the standard. At the network infrastructure level, a critical challenge is how to add security to existing large-scale systems that were designed primarily to provide high availability despite fail-stop faults. Enabling basic authentication such as DNSSEC is only a first step toward building a truly resilient distributed system.

Almost any real system consists of imperfect components and any component (including the new authentication components) can fail or be compromised by an attacker. These faulty components may simple fail and stop (i.e. link fails or server crashes) and designs to date have largely focused on this fail-stop fault model. But often faulty (or compromised) components continue operating incorrectly (similar, but not equivalent to Byzantine faults). In a large-scale system with distributed control, such faults are the norm rather than exception. No central authority exists to detect or remove faulty components and instead we must rely on resilient algorithm design that operate despite the existence of faults. The design of resilient protocols for large-scale systems with distributed control presents a challenging and highly relevant research area.