Picture of Nickolai Zeldovich

Nickolai Zeldovich

Douglas T. Ross Career Development Assistant Professor of Software Technology
PDOS and CSS research groups
Computer Science and Artificial Intelligence Laboratory (CSAIL)
Department of Electrical Engineering and Computer Science
MIT

Contact

Email: nickolai at csail mit edu

Room 32-G994
32 Vassar Street
Cambridge, MA  02139
(617) 253-6005

Administrative assistant: Neena Lyall

Bio

Nickolai Zeldovich is Douglas T. Ross Career Development Assistant Professor at MIT's EECS department and a member of the Computer Science and Artificial Intelligence Laboratory. His research interests are in building practical secure systems, from operating systems and hardware to programming languages and security analysis tools. He received his PhD from Stanford University in 2008, where he developed HiStar, an operating system designed to minimize the amount of trusted code by controlling information flow. In 2005, he co-founded MokaFive, a company focused on improving desktop management and mobility using x86 virtualization. Prof. Zeldovich received a Sloan fellowship in 2010.

Projects

I'm interested in building secure systems, from programming languages, to operating systems, to hardware architecture. Some of my current projects involve re-designing the security model of web browsers to improve security and enable more flexible mash-up applications; providing tools to help programmers check application-level "semantic" security invariants; coming up with techniques to make web application databases scale; and improving application performance on multicore systems. If you are a student at MIT, and you're interested in working on similar problems, please get in touch with me.

At Stanford, my research focused on HiStar, an operating system designed to minimize the amount of trusted code. Here's a short article about HiStar from the School of Engineering at Stanford.

Previously, I worked on the Collective, a virtual machine-based computing infrastructure providing security, ease of management, and mobility. This project transformed into a startup company called Moka5.

As an undergraduate and Master's student at MIT's PDOS research group, I worked on the Click router, and on multi-processor execution of event-driven programs.

Teaching

Fall 2010: 6.858: Computer Systems Security
Spring 2010: 6.857: Computer and Network Security
IAP 2010: Introduction to multicore research with Beehive
Fall 2009: 6.893: Computer Systems Security
Spring 2009: 6.033: Computer Systems Engineering
Fall 2008: 6.828: Operating System Engineering

Students

I advise a number of undergraduate, M.Eng., and Ph.D. students in the CSS and PDOS research groups.

Publications

  1. Taesoo Kim, Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek.
    System Recovery Using Selective Re-execution.
    In Proceedings of the 9th Symposium on Operating Systems Design and Implementation (OSDI 2010), Vancouver, Canada, October 2010.

  2. Silas Boyd-Wickizer, Austin Clements, Yandong Mao, Aleksey Pesterev, M. Frans Kaashoek, Robert Morris, and Nickolai Zeldovich.
    Scaling Applications to Many Cores on Linux.
    In Proceedings of the 9th Symposium on Operating Systems Design and Implementation (OSDI 2010), Vancouver, Canada, October 2010.

  3. Taesoo Kim and Nickolai Zeldovich.
    Making Linux Protection Mechanisms Egalitarian with UserFS.
    In Proceedings of the 19th Usenix Security Symposium, Washington, DC, August 2010.

  4. Silas Boyd-Wickizer and Nickolai Zeldovich.
    Tolerating Malicious Device Drivers in Linux.
    In Proceedings of the 2010 USENIX Annual Technical Conference, Boston, MA, June 2010.

  5. Ramesh Chandra, Priya Gupta, and Nickolai Zeldovich.
    Separating Web Applications from User Data Storage with BStore. (Best paper award.)
    In Proceedings of the USENIX Conference on Web Application Development, Boston, MA, June 2010.

  6. Arjun Roy, Stephen M. Rumble, Ryan Stutsman, Philip Levis, David Mazières, and Nickolai Zeldovich.
    Energy Management in Mobile Devices with the Cinder Operating System.
    Technical Report CSTR 2010-02, Department of Computer Science, Stanford University, Stanford, CA, June 2010.

  7. Aleksey Pesterev, Nickolai Zeldovich, and Robert T. Morris.
    Locating cache performance bottlenecks using data profiling.
    In Proceedings of the ACM EuroSys 2010 Conference, Paris, France, April 2010.

  8. Stephen M. Rumble, Ryan Stutsman, Philip Levis, David Mazières, and Nickolai Zeldovich.
    Apprehending Joule Thieves with Cinder.
    In SIGCOMM Computer Communication Review, 40(1):106--111, January 2010.

  9. Alexander Yip, Xi Wang, Nickolai Zeldovich, and Frans Kaashoek.
    Improving Application Security with Data Flow Assertions.
    In Proceedings of the 22nd ACM Symposium on Operating Systems Principles (SOSP 2009), Big Sky, MT, October 2009.

  10. Stephen M. Rumble, Ryan Stutsman, Philip Levis, David Mazières, and Nickolai Zeldovich.
    Apprehending Joule Thieves with Cinder.
    In Proceedings of the 1st ACM Workshop on Networking, Systems, Applications on Mobile Handhelds, Barcelona, Spain, August 2009.

  11. Jad Naous, Ryan Stutsman, David Mazières, Nick McKeown, and Nickolai Zeldovich.
    Delegating Network Security Through More Information.
    In Proceedings of the Workshop on Research on Enterprise Networking, Barcelona, Spain, August 2009.

  12. Michael Dalton, Nickolai Zeldovich, and Christos Kozyrakis.
    Nemesis: Preventing Authentication & Access Control Vulnerabilities in Web Applications.
    In Proceedings of the 18th Usenix Security Symposium (Usenix Security 2009), Montreal, Canada, August 2009.

  13. Nickolai Zeldovich, Hari Kannan, Michael Dalton, and Christos Kozyrakis.
    Hardware Enforcement of Application Security Policies Using Tagged Memory.
    In Proceedings of the 8th Symposium on Operating Systems Design and Implementation (OSDI 2008), San Diego, CA, pages 225-240, December 2008.

  14. Nickolai Zeldovich, Silas Boyd-Wickizer, and David Mazières.
    Securing Distributed Systems with Information Flow Control.
    In Proceedings of the 5th Symposium Networked Systems Design and Implementation (NSDI 2008), San Francisco, CA, pages 293-308, April 2008.
    (Presentaton slides: PDF)

  15. Nickolai Zeldovich.
    Securing Untrustworthy Software Using Information Flow Control.
    Ph.D. Thesis, Department of Computer Science, Stanford University, October 2007.
    (Oral defense slides: OpenOffice, PDF)

  16. Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazières.
    Making information flow explicit in HiStar.
    In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI 2006), Seattle, WA, pages 263-278, November 2006.
    (Presentaton slides: OpenOffice, PDF)

  17. Ramesh Chandra, Nickolai Zeldovich, Constantine Sapuntzakis, and Monica S. Lam.
    The Collective: A Cache-Based System Management Architecture.
    In Proceedings of the 2nd USENIX Symposium on Networked Systems Design and Implementation (NSDI 2005), Boston, MA, pages 259-272, May 2005.

  18. Nickolai Zeldovich and Ramesh Chandra.
    Interactive Performance Measurement with VNCplay.
    In Proceedings of the FREENIX Track: 2005 USENIX Annual Technical Conference, Anaheim, CA, pages 189-198, April 2005.
    (HTML, Presentation slides)

  19. Constantine Sapuntzakis, David Brumley, Ramesh Chandra, Nickolai Zeldovich, Jim Chow, Monica S. Lam, and Mendel Rosenblum.
    Virtual Appliances for Deploying and Maintaining Software.
    In Proceedings of the 17th Large Installation Systems Administration Conference (LISA 2003), San Diego, CA, pages 181-194, October 2003.

  20. Nickolai Zeldovich, Alexander Yip, Frank Dabek, Robert T. Morris, David Mazières, and Frans Kaashoek.
    Multiprocessor Support for Event-Driven Programs.
    In Proceedings of the 2003 USENIX Annual Technical Conference, San Antonio, TX, pages 239-252, June 2003.
    (Presentation slides)

  21. Frank Dabek, Nickolai Zeldovich, Frans Kaashoek, David Mazières, and Robert Morris.
    Event-driven Programming for Robust Software.
    In Proceedings of the 10th ACM SIGOPS European Workshop, Saint-Emilion, France, pages 186-189, September 2002.

  22. Nickolai Zeldovich.
    Concurrency Control for Multi-Processor Event-Driven Systems.
    M.Eng. Thesis, Department of Electrical Engineering and Computer Science, MIT, June 2002.

Support

My research is supported by Google, Quanta Computer, the Alfred P. Sloan Foundation, NSF, and DARPA.