Email: nickolai at csail mit edu

32 Vassar Street, Room 32-G994
Cambridge, MA  02139
(617) 253-6005

Nickolai Zeldovich is an Associate Professor at MIT's department of Electrical Engineering and Computer Science, and a member of the Computer Science and Artificial Intelligence Laboratory. His research interests are in building practical secure systems, from operating systems and hardware to programming languages and security analysis tools. He received his PhD from Stanford University in 2008, where he developed HiStar, an operating system designed to minimize the amount of trusted code by controlling information flow. In 2005, he co-founded MokaFive, a company focused on improving desktop management and mobility using x86 virtualization. Prof. Zeldovich received a Sloan fellowship in 2010, an NSF CAREER award in 2011, and the MIT EECS Spira teaching award in 2013.

Fall 2013:	6.858: Computer Systems Security
Spring 2013:	Junior Faculty Research Leave
IAP 2013:	6.470: Web programming competition (faculty sponsor)
Fall 2012:	6.858: Computer Systems Security
Spring 2012:	6.033: Computer Systems Engineering
IAP 2012:	6.470: Web programming competition (faculty sponsor)
Fall 2011:	6.858: Computer Systems Security
Spring 2011:	6.033: Computer Systems Engineering
IAP 2011:	6.470: Web programming competition (faculty sponsor)
Fall 2010:	6.858: Computer Systems Security
Spring 2010:	6.857: Computer and Network Security
IAP 2010:	Introduction to multicore research with Beehive
Fall 2009:	6.893: Computer Systems Security
Spring 2009:	6.033: Computer Systems Engineering
Fall 2008:	6.828: Operating System Engineering

I advise a number of undergraduate, M.Eng., and Ph.D. students in the CSS and PDOS research groups.

• Processing Analytical Queries over Encrypted Data.
  Stephen Tu, M. Frans Kaashoek, Samuel Madden, and Nickolai Zeldovich.
  In Proceedings of the 39th International Conference on Very Large Data Bases (VLDB), Riva del Garda, Italy, August 2013.
  

• How to Run Turing Machines on Encrypted Data.
  Shafi Goldwasser, Yael Kalai, Raluca Ada Popa, Vinod Vaikuntanathan, and Nickolai Zeldovich.
  In Proceedings of the 33rd Annual International Cryptology Conference (CRYPTO), Santa Barbara, CA, August 2013.
  

• Optimizing unit test execution in large software programs using dependency analysis.
  Taesoo Kim, Ramesh Chandra, and Nickolai Zeldovich.
  In Proceedings of the 4th Asia-Pacific Workshop on Systems, Singapore, July 2013.
  

• Security bugs in embedded interpreters.
  Haogang Chen, Cody Cutler, Taesoo Kim, Yandong Mao, Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek.
  In Proceedings of the 4th Asia-Pacific Workshop on Systems, Singapore, July 2013.
  

• Practical and effective sandboxing for non-root users.
  Taesoo Kim and Nickolai Zeldovich.
  In Proceedings of the 2013 USENIX Annual Technical Conference, San Jose, CA, June 2013.
  

• Reusable Garbled Circuits and Succinct Functional Encryption.
  Shafi Goldwasser, Yael Kalai, Raluca Ada Popa, Vinod Vaikuntanathan, and Nickolai Zeldovich.
  In Proceedings of the 45th Annual ACM Symposium on Theory of Computing (STOC), Palo Alto, CA, June 2013.
  

• An Ideal-Security Protocol for Order-Preserving Encoding.
  Raluca Ada Popa, Frank H. Li, and Nickolai Zeldovich.
  In Proceedings of the 34th IEEE Symposium on Security and Privacy, San Francisco, CA, May 2013.
  

• How to Run Turing Machines on Encrypted Data.
  Shafi Goldwasser, Yael Kalai, Raluca Ada Popa, Vinod Vaikuntanathan, and Nickolai Zeldovich.
  Cryptology ePrint Archive, Report 2013/229, April 2013.
  

• RadixVM: Scalable address spaces for multithreaded applications.
  Austin T. Clements, M. Frans Kaashoek, and Nickolai Zeldovich.
  In Proceedings of the ACM EuroSys Conference, Prague, Czech Republic, April 2013.
  

• An Ideal-Security Protocol for Order-Preserving Encoding.
  Raluca Ada Popa, Frank H. Li, and Nickolai Zeldovich.
  Cryptology ePrint Archive, Report 2013/129, March 2013.
  

• Succinct Functional Encryption and Applications: Reusable Garbled Circuits and Beyond.
  Shafi Goldwasser, Yael Kalai, Raluca Ada Popa, Vinod Vaikuntanathan, and Nickolai Zeldovich.
  Cryptology ePrint Archive, Report 2012/733, December 2012.
  

• Improving Integer Security for Systems with Kint.
  Xi Wang, Haogang Chen, Zhihao Jia, Nickolai Zeldovich, and M. Frans Kaashoek.
  In Proceedings of the 10th Symposium on Operating Systems Design and Implementation (OSDI), Hollywood, CA, October 2012.
  

• Efficient patch-based auditing for web application vulnerabilities.
  Taesoo Kim, Ramesh Chandra, and Nickolai Zeldovich.
  In Proceedings of the 10th Symposium on Operating Systems Design and Implementation (OSDI), Hollywood, CA, October 2012.
  

• CryptDB: Processing Queries on an Encrypted Database.
  Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan.
  Communications of the ACM, 55(9):103–111, September 2012.
  

• Recovering from intrusions in distributed systems with Dare.
  Taesoo Kim, Ramesh Chandra, and Nickolai Zeldovich.
  In Proceedings of the 3rd Asia-Pacific Workshop on Systems, Seoul, South Korea, July 2012.
  

• Undefined Behavior: What Happened to My Code?
  Xi Wang, Haogang Chen, Alvin Cheung, Zhihao Jia, Nickolai Zeldovich, and M. Frans Kaashoek.
  In Proceedings of the 3rd Asia-Pacific Workshop on Systems, Seoul, South Korea, July 2012.
  

• Non-scalable locks are dangerous.
  Silas Boyd-Wickizer, M. Frans Kaashoek, Robert Morris, and Nickolai Zeldovich.
  In Proceedings of the Linux Symposium, Ottawa, Canada, July 2012.
  

• Improving network connection locality on multicore systems.
  Aleksey Pesterev, Jacob Strauss, Nickolai Zeldovich, and Robert T. Morris.
  In Proceedings of the ACM EuroSys Conference, Bern, Switzerland, April 2012.
  

• Cryptographic Treatment of CryptDB's Adjustable Join.
  Raluca Ada Popa and Nickolai Zeldovich.
  Technical Report MIT-CSAIL-TR-2012-006, MIT Computer Science and Artificial Intelligence Laboratory, Cambridge, MA, March 2012.
  

• Concurrent address spaces using RCU balanced trees.
  Austin T. Clements, M. Frans Kaashoek, and Nickolai Zeldovich.
  In Proceedings of the 17th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), London, UK, March 2012.
  

• CPHash: A Cache-Partitioned Hash Table.
  Zviad Metreveli, Nickolai Zeldovich, and M. Frans Kaashoek.
  In Proceedings of the 17th ACM Symposium on Principles and Practice of Parallel Programming, New Orleans, LA, February 2012.
  

• Language Support for Efficient Computation over Encrypted Data.
  Meelap Shah, Emily Stark, Raluca Ada Popa, and Nickolai Zeldovich.
  In Off the Beaten Track Workshop: Underrepresented Problems for Programming Language Researchers, Philadelphia, PA, January 2012.
  

• A Trigger-Based Middleware Cache for ORMs.
  Priya Gupta, Nickolai Zeldovich, and Samuel Madden.
  In Proceedings of the 12th International Middleware Conference, Lisbon, Portugal, December 2011.
  

• CPHash: A Cache-Partitioned Hash Table.
  Zviad Metreveli, Nickolai Zeldovich, and M. Frans Kaashoek.
  Technical Report MIT-CSAIL-TR-2011-051, MIT Computer Science and Artificial Intelligence Laboratory, Cambridge, MA, November 2011.
  

• Making Information Flow Explicit in HiStar.
  Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazières.
  Communications of the ACM, 54(11):93–101, November 2011.
  

• CryptDB: Protecting Confidentiality with Encrypted Query Processing.
  Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan.
  In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP), Cascais, Portugal, October 2011.
  

• Intrusion Recovery for Database-backed Web Applications.
  Ramesh Chandra, Taesoo Kim, Meelap Shah, Neha Narula, and Nickolai Zeldovich.
  In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP), Cascais, Portugal, October 2011.
  

• Software fault isolation with API integrity and multi-principal modules.
  Yandong Mao, Haogang Chen, Dong Zhou, Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek.
  In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP), Cascais, Portugal, October 2011.
  

• Secure In-Band Wireless Pairing.
  Shyamnath Gollakota, Nabeel Ahmed, Nickolai Zeldovich, and Dina Katabi.
  In Proceedings of the 20th Usenix Security Symposium, San Francisco, CA, August 2011.
  

• Experiences in Cyber Security Education: the MIT Lincoln Laboratory Capture-the-Flag Exercise.
  Joseph Werther, Michael Zhivich, Tim Leek, and Nickolai Zeldovich.
  In Proceedings of the 4th Workshop on Cyber Security Experimentation and Test, San Francisco, CA, August 2011.
  

• Linux kernel vulnerabilities: State-of-the-art defenses and open problems.
  Haogang Chen, Yandong Mao, Xi Wang, Dong Zhou, Nickolai Zeldovich, and M. Frans Kaashoek.
  In Proceedings of the 2nd Asia-Pacific Workshop on Systems, Shanghai, China, July 2011.
  

• Retroactive auditing.
  Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek.
  In Proceedings of the 2nd Asia-Pacific Workshop on Systems, Shanghai, China, July 2011.
  

• A Software Approach to Unifying Multicore Caches.
  Silas Boyd-Wickizer, M. Frans Kaashoek, Robert Morris, and Nickolai Zeldovich.
  Technical Report MIT-CSAIL-TR-2011-032, MIT Computer Science and Artificial Intelligence Laboratory, Cambridge, MA, June 2011.
  

• Energy Management in Mobile Devices with the Cinder Operating System.
  Arjun Roy, Stephen M. Rumble, Ryan Stutsman, Philip Levis, David Mazières, and Nickolai Zeldovich.
  In Proceedings of the ACM EuroSys Conference, Salzburg, Austria, April 2011.
  

• CryptDB: A Practical Encrypted Relational DBMS.
  Raluca Ada Popa, Nickolai Zeldovich, and Hari Balakrishnan.
  Technical Report MIT-CSAIL-TR-2011-005, MIT Computer Science and Artificial Intelligence Laboratory, Cambridge, MA, January 2011.
  

• Relational Cloud: A Database-as-a-Service for the Cloud.
  Carlo Curino, Evan P. C. Jones, Raluca Ada Popa, Nirmesh Malviya, Eugene Wu, Sam Madden, Hari Balakrishnan, and Nickolai Zeldovich.
  In Proceedings of the 5th Biennial Conference on Innovative Data Systems Research (CIDR), Pacific Grove, CA, January 2011.
  

• Intrusion Recovery Using Selective Re-execution.
  Taesoo Kim, Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek.
  In Proceedings of the 9th Symposium on Operating Systems Design and Implementation (OSDI), Vancouver, Canada, October 2010.
  

• An Analysis of Linux Scalability to Many Cores.
  Silas Boyd-Wickizer, Austin T. Clements, Yandong Mao, Aleksey Pesterev, M. Frans Kaashoek, Robert Morris, and Nickolai Zeldovich.
  In Proceedings of the 9th Symposium on Operating Systems Design and Implementation (OSDI), Vancouver, Canada, October 2010.
  

• Making Linux Protection Mechanisms Egalitarian with UserFS.
  Taesoo Kim and Nickolai Zeldovich.
  In Proceedings of the 19th Usenix Security Symposium, Washington, DC, August 2010.
  

• Tolerating Malicious Device Drivers in Linux.
  Silas Boyd-Wickizer and Nickolai Zeldovich.
  In Proceedings of the 2010 USENIX Annual Technical Conference, Boston, MA, June 2010.
  

• Separating Web Applications from User Data Storage with BStore. (Best paper award.)
  Ramesh Chandra, Priya Gupta, and Nickolai Zeldovich.
  In Proceedings of the USENIX Conference on Web Application Development, Boston, MA, June 2010.
  

• Energy Management in Mobile Devices with the Cinder Operating System.
  Arjun Roy, Stephen M. Rumble, Ryan Stutsman, Philip Levis, David Mazières, and Nickolai Zeldovich.
  Technical Report CSTR 2010-02, Department of Computer Science, Stanford University, Stanford, CA, June 2010.
  

• Locating cache performance bottlenecks using data profiling.
  Aleksey Pesterev, Nickolai Zeldovich, and Robert T. Morris.
  In Proceedings of the ACM EuroSys Conference, Paris, France, April 2010.
  

• Apprehending Joule Thieves with Cinder.
  Stephen M. Rumble, Ryan Stutsman, Philip Levis, David Mazières, and Nickolai Zeldovich.
  SIGCOMM Computer Communication Review, 40(1):106–111, January 2010.
  

• Improving Application Security with Data Flow Assertions.
  Alexander Yip, Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek.
  In Proceedings of the 22nd ACM Symposium on Operating Systems Principles (SOSP), Big Sky, MT, October 2009.
  

• Apprehending Joule Thieves with Cinder.
  Stephen M. Rumble, Ryan Stutsman, Philip Levis, David Mazières, and Nickolai Zeldovich.
  In Proceedings of the 1st ACM Workshop on Networking, Systems, and Applications on Mobile Handhelds, Barcelona, Spain, August 2009.
  

• Delegating Network Security Through More Information.
  Jad Naous, Ryan Stutsman, David Mazières, Nick McKeown, and Nickolai Zeldovich.
  In Proceedings of the Workshop on Research on Enterprise Networking, Barcelona, Spain, August 2009.
  

• Nemesis: Preventing Authentication and Access Control Vulnerabilities in Web Applications.
  Michael Dalton, Nickolai Zeldovich, and Christos Kozyrakis.
  In Proceedings of the 18th Usenix Security Symposium, Montreal, Canada, August 2009.
  

• Hardware Enforcement of Application Security Policies Using Tagged Memory.
  Nickolai Zeldovich, Hari Kannan, Michael Dalton, and Christos Kozyrakis.
  In Proceedings of the 8th Symposium on Operating Systems Design and Implementation (OSDI), San Diego, CA, December 2008.
  

• Securing Distributed Systems with Information Flow Control.
  Nickolai Zeldovich, Silas Boyd-Wickizer, and David Mazières.
  In Proceedings of the 5th Symposium on Networked Systems Design and Implementation (NSDI), San Francisco, CA, April 2008.
  

• Securing Untrustworthy Software Using Information Flow Control.
  Nickolai Zeldovich.
  Ph.D. Thesis, Stanford University, Department of Computer Science, October 2007.
  

• Making Information Flow Explicit in HiStar.
  Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazières.
  In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI), Seattle, WA, November 2006.
  

• The Collective: A Cache-Based System Management Architecture.
  Ramesh Chandra, Nickolai Zeldovich, Constantine Sapuntzakis, and Monica S. Lam.
  In Proceedings of the 2nd Symposium on Networked Systems Design and Implementation (NSDI), Boston, MA, May 2005.
  

• Interactive Performance Measurement with VNCplay.
  Nickolai Zeldovich and Ramesh Chandra.
  In Proceedings of the USENIX 2005 Annual Technical Conference, FREENIX track, Anaheim, CA, April 2005.
  

• Virtual Appliances for Deploying and Maintaining Software.
  Constantine Sapuntzakis, David Brumley, Ramesh Chandra, Nickolai Zeldovich, Jim Chow, Monica S. Lam, and Mendel Rosenblum.
  In Proceedings of the 17th USENIX Large Installation Systems Administration Conference (LISA), San Diego, CA, October 2003.
  

• Multiprocessor Support for Event-Driven Programs.
  Nickolai Zeldovich, Alexander Yip, Frank Dabek, Robert T. Morris, David Mazières, and M. Frans Kaashoek.
  In Proceedings of the USENIX 2003 Annual Technical Conference, San Antonio, TX, June 2003.
  

• Event-driven Programming for Robust Software.
  Frank Dabek, Nickolai Zeldovich, M. Frans Kaashoek, David Mazières, and Robert Morris.
  In Proceedings of the 10th ACM SIGOPS European Workshop, Saint-Emilion, France, September 2002.
  

• Concurrency Control for Multi-Processor Event-Driven Systems.
  Nickolai Zeldovich.
  M.Eng. Thesis, Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, June 2002.
  

• CryptDB: Forbes, Slashdot, GigaOm.
• Tamper-evident pairing (TEP): MIT news, Network world, Slashdot.
• Retro: Network world.
• Multi-core Linux scalability: Slashdot.
• Cinder: Network world, Slashdot.
• Resin: MIT news.
• HiStar: Stanford School of Engineering article.

My research is supported by Google, Quanta Computer, the Alfred P. Sloan Foundation, NSF, DARPA, and Northrop Grumman.