I am a research scientist in the security group at IBM T. J. Watson Research Center, NY. I am interested in building systems and models that solve real world problems without compromising security and privacy of data. I recived my Ph.D. in Computer Science from Purdue University, IN. Projects I am most actively working on are summarized here.
Identifying threats to sensitive data
Most entities today deal with sensitive data in one form or another. Sensitive data could be personal (customers, employees etc), confidential (trade secrets, intellectual properties etc) or in other forms. Understanding how these data interact with rest of the software and hardware ecosystem is critical to understand the associated exposures and risks.
Techniques required to identify and score threats to data and the granularity of information needed for such techniques to be effective is not well understood currently. We are exploring practical approachs that look at how data elements move (or flow) within modern application deployments to identify privacy threats. We are working on a scoring mechanism based on data flows, how flows intersect, centrality, and influence of these flows on other assets.
Prior works and publications can be found here