Picture of Nickolai Zeldovich

Nickolai Zeldovich

Assistant Professor [ CV ]
PDOS and CSS research groups
Computer Science and Artificial Intelligence Laboratory (CSAIL)
Department of Electrical Engineering and Computer Science
MIT

Contact

Email: nickolai at csail mit edu

Room 32-G994
32 Vassar Street
Cambridge, MA  02139
(617) 253-6005

Administrative assistant: Neena Lyall

Projects

I'm interested in building secure systems, from programming languages, to operating systems, to hardware architecture. Some of my current projects involve re-designing the security model of web browsers to improve security and enable more flexible mash-up applications; providing tools to help programmers check application-level "semantic" security invariants; coming up with techniques to make web application databases scale; and improving application performance on multicore systems. If you are a student at MIT, and you're interested in working on similar problems, please get in touch with me.

At Stanford, my research focused on HiStar, an operating system designed to minimize the amount of trusted code. Here's a short article about HiStar from the School of Engineering at Stanford.

Previously, I worked on the Collective, a virtual machine-based computing infrastructure providing security, ease of management, and mobility. This project transformed into a startup company called Moka5.

As an undergraduate and Master's student at MIT's PDOS research group, I worked on the Click router, and on multi-processor execution of event-driven programs.

Teaching

Spring 2010: 6.857: Computer and Network Security
IAP 2010: Introduction to multicore research with BeeHive
Fall 2009: 6.893: Computer Systems Security
Spring 2009: 6.033: Computer Systems Engineering
Fall 2008: 6.828: Operating System Engineering

Students

I advise the following students: I am also closely working with a number of other students in the PDOS group.

Publications

  1. Aleksey Pesterev, Nickolai Zeldovich, and Robert T. Morris.
    Locating cache performance bottlenecks using data profiling.
    In Proceedings of the ACM EuroSys 2010 Conference, Paris, France, to appear, April 2010.

  2. Alexander Yip, Xi Wang, Nickolai Zeldovich, and Frans Kaashoek.
    Improving Application Security with Data Flow Assertions.
    In Proceedings of the 22nd ACM Symposium on Operating Systems Principles (SOSP 2009), Big Sky, MT, October 2009.

  3. Stephen M. Rumble, Ryan Stutsman, Philip Levis, David Mazières, and Nickolai Zeldovich.
    Apprehending Joule Thieves with Cinder.
    In Proceedings of the First ACM Workshop on Networking, Systems, Applications on Mobile Handhelds, Barcelona, Spain, August 2009.

  4. Jad Naous, Ryan Stutsman, David Mazières, Nick McKeown, and Nickolai Zeldovich.
    Delegating Network Security Through More Information.
    In Proceedings of the Workshop on Research on Enterprise Networking, Barcelona, Spain, August 2009.

  5. Michael Dalton, Nickolai Zeldovich, and Christos Kozyrakis.
    Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications.
    In Proceedings of the Eighteenth Usenix Security Symposium (Usenix Security 2009), Montreal, Canada, August 2009.

  6. Nickolai Zeldovich, Hari Kannan, Michael Dalton, and Christos Kozyrakis.
    Hardware Enforcement of Application Security Policies Using Tagged Memory.
    In Proceedings of the Eighth Symposium on Operating Systems Design and Implementation (OSDI 2008), San Diego, CA, pages 225-240, December 2008.

  7. Nickolai Zeldovich, Silas Boyd-Wickizer, and David Mazières.
    Securing Distributed Systems with Information Flow Control.
    In Proceedings of the Fifth Symposium Networked Systems Design and Implementation (NSDI 2008), San Francisco, CA, pages 293-308, April 2008.
    (Presentaton slides: PDF)

  8. Nickolai Zeldovich.
    Securing Untrustworthy Software Using Information Flow Control.
    Ph.D. Thesis, Department of Computer Science, Stanford University, October 2007.
    (Oral defense slides: OpenOffice, PDF)

  9. Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazières.
    Making information flow explicit in HiStar.
    In Proceedings of the Seventh Symposium on Operating Systems Design and Implementation (OSDI 2006), Seattle, WA, pages 263-278, November 2006.
    (Presentaton slides: OpenOffice, PDF)

  10. Ramesh Chandra, Nickolai Zeldovich, Constantine Sapuntzakis, and Monica S. Lam.
    The Collective: A Cache-Based System Management Architecture.
    In Proceedings of the Second USENIX Symposium on Networked Systems Design and Implementation (NSDI 2005), Boston, MA, pages 259-272, May 2005.

  11. Nickolai Zeldovich and Ramesh Chandra.
    Interactive Performance Measurement with VNCplay.
    In Proceedings of the FREENIX Track: 2005 USENIX Annual Technical Conference, Anaheim, CA, pages 189-198, April 2005.
    (HTML, Presentation slides)

  12. Constantine Sapuntzakis, David Brumley, Ramesh Chandra, Nickolai Zeldovich, Jim Chow, Monica S. Lam, and Mendel Rosenblum.
    Virtual Appliances for Deploying and Maintaining Software.
    In Proceedings of the Seventeenth Large Installation Systems Administration Conference (LISA 2003), San Diego, CA, pages 181-194, October 2003.

  13. Nickolai Zeldovich, Alexander Yip, Frank Dabek, Robert T. Morris, David Mazières, and Frans Kaashoek.
    Multiprocessor Support for Event-Driven Programs.
    In Proceedings of the 2003 USENIX Annual Technical Conference, San Antonio, TX, pages 239-252, June 2003.
    (Presentation slides)

  14. Frank Dabek, Nickolai Zeldovich, Frans Kaashoek, David Mazières, and Robert Morris.
    Event-driven Programming for Robust Software.
    In Proceedings of the 10th ACM SIGOPS European Workshop, Saint-Emilion, France, pages 186-189, September 2002.

  15. Nickolai Zeldovich.
    Concurrency Control for Multi-Processor Event-Driven Systems.
    M.Eng. Thesis, Department of Electrical Engineering and Computer Science, MIT, June 2002.