Nickolai Zeldovich

Email: nickolai at csail mit edu

32 Vassar Street, Room 32-G994
Cambridge, MA 02139
(617) 253-6005

Bio

Nickolai Zeldovich is an Associate Professor at MIT's department of Electrical Engineering and Computer Science, and a member of the Computer Science and Artificial Intelligence Laboratory. His research interests are in building practical secure systems, from operating systems and hardware to programming languages and security analysis tools. He received his PhD from Stanford University in 2008, where he developed HiStar, an operating system designed to minimize the amount of trusted code by controlling information flow. In 2005, he co-founded MokaFive, a company focused on improving desktop management and mobility using x86 virtualization. Prof. Zeldovich received a Sloan fellowship in 2010, and an NSF CAREER award in 2011.

Projects

I'm interested in building secure systems, from programming languages, to operating systems, to hardware architecture. Some of my current projects involve re-designing the security model of web browsers to improve security and enable more flexible mash-up applications; providing tools to help programmers check application-level "semantic" security invariants; coming up with techniques to make web application databases scale; and improving application performance on multicore systems. If you are a student at MIT, and you're interested in working on similar problems, please get in touch with me.

At Stanford, my research focused on HiStar, an operating system designed to minimize the amount of trusted code. Here's a short article about HiStar from the School of Engineering at Stanford.

Previously, I worked on the Collective, a virtual machine-based computing infrastructure providing security, ease of management, and mobility. This project transformed into a startup company called Moka5.

As an undergraduate and Master's student at MIT's PDOS research group, I worked on the Click router, and on multi-processor execution of event-driven programs.

Teaching

Fall 2012: 6.858: Computer Systems Security

Spring 2012: 6.033: Computer Systems Engineering

IAP 2012: 6.470: Web programming competition (faculty sponsor)

Fall 2011: 6.858: Computer Systems Security

Spring 2011: 6.033: Computer Systems Engineering

IAP 2011: 6.470: Web programming competition (faculty sponsor)

Fall 2010: 6.858: Computer Systems Security

Spring 2010: 6.857: Computer and Network Security

IAP 2010: Introduction to multicore research with Beehive

Fall 2009: 6.893: Computer Systems Security

Spring 2009: 6.033: Computer Systems Engineering

Fall 2008: 6.828: Operating System Engineering

Students

I advise a number of undergraduate, M.Eng., and Ph.D. students in the CSS and PDOS research groups.

Publications

Aleksey Pesterev, Jacob Strauss, Nickolai Zeldovich, and Robert T. Morris.
Improving network connection locality on multicore systems.
In Proceedings of the ACM EuroSys Conference, Bern, Switzerland, April 2012.
Raluca Ada Popa and Nickolai Zeldovich.
Cryptographic Treatment of CryptDB's Adjustable Join.
Technical Report MIT-CSAIL-TR-2012-006, MIT Computer Science and Artificial Intelligence Laboratory, Cambridge, MA, March 2012.
Austin Clements, M. Frans Kaashoek, and Nickolai Zeldovich.
Concurrent address spaces using RCU balanced trees.
In Proceedings of the 17th International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), London, UK, March 2012.
Zviad Metreveli, Nickolai Zeldovich, and M. Frans Kaashoek.
CPHash: A Cache-Partitioned Hash Table.
In Proceedings of the 17th ACM Symposium on Principles and Practice of Parallel Programming (PPoPP), New Orleans, LA, February 2012.
Meelap Shah, Emily Stark, Raluca Ada Popa, and Nickolai Zeldovich.
Language Support for Efficient Computation over Encrypted Data.
In Off the Beaten Track Workshop: Underrepresented Problems for Programming Language Researchers, Philadelphia, PA, January 2012.
Priya Gupta, Nickolai Zeldovich, and Samuel Madden.
A Trigger-Based Middleware Cache for ORMs.
In Proceedings of the 12th International Middleware Conference, Lisbon, Portugal, December 2011.
Zviad Metreveli, Nickolai Zeldovich, and M. Frans Kaashoek.
CPHash: A Cache-Partitioned Hash Table.
Technical Report MIT-CSAIL-TR-2011-051, MIT Computer Science and Artificial Intelligence Laboratory, Cambridge, MA, November 2011.
Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazières.
Making Information Flow Explicit in HiStar.
Communications of the ACM, 54(11):93--101, November 2011.
Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan.
CryptDB: Protecting Confidentiality with Encrypted Query Processing.
In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP), Cascais, Portugal, October 2011.
Ramesh Chandra, Taesoo Kim, Meelap Shah, Neha Narula, and Nickolai Zeldovich.
Intrusion Recovery for Database-backed Web Applications.
In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP), Cascais, Portugal, October 2011.
Yandong Mao, Haogang Chen, Dong Zhou, Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek.
Software fault isolation with API integrity and multi-principal modules.
In Proceedings of the 23rd ACM Symposium on Operating Systems Principles (SOSP), Cascais, Portugal, October 2011.
Shyamnath Gollakota, Nabeel Ahmed, Nickolai Zeldovich, and Dina Katabi.
Secure In-Band Wireless Pairing.
In Proceedings of the 20th Usenix Security Symposium, San Francisco, CA, August 2011.
Joseph Werther, Michael Zhivich, Tim Leek, and Nickolai Zeldovich.
Experiences in Cyber Security Education: the MIT Lincoln Laboratory Capture-the-Flag Exercise.
In Proceedings of the 4th Workshop on Cyber Security Experimentation and Test, San Francisco, CA, August 2011.
Haogang Chen, Yandong Mao, Xi Wang, Dong Zhou, Nickolai Zeldovich, and M. Frans Kaashoek.
Linux kernel vulnerabilities: State-of-the-art defenses and open problems.
In Proceedings of the 2nd Asia-Pacific Workshop on Systems, Shanghai, China, July 2011.
Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek.
Retroactive auditing.
In Proceedings of the 2nd Asia-Pacific Workshop on Systems, Shanghai, China, July 2011.
Silas Boyd-Wickizer, M. Frans Kaashoek, Robert Morris, and Nickolai Zeldovich.
A Software Approach to Unifying Multicore Caches.
Technical Report MIT-CSAIL-TR-2011-032, MIT Computer Science and Artificial Intelligence Laboratory, Cambridge, MA, June 2011.
Arjun Roy, Stephen M. Rumble, Ryan Stutsman, Philip Levis, David Mazières, and Nickolai Zeldovich.
Energy Management in Mobile Devices with the Cinder Operating System.
In Proceedings of the ACM EuroSys Conference, Salzburg, Austria, April 2011.
Raluca Ada Popa, Nickolai Zeldovich, and Hari Balakrishnan.
CryptDB: A Practical Encrypted Relational DBMS.
Technical Report MIT-CSAIL-TR-2011-005, MIT Computer Science and Artificial Intelligence Laboratory, Cambridge, MA, January 2011.
Carlo Curino, Evan P. C. Jones, Raluca Ada Popa, Nirmesh Malviya, Eugene Wu, Sam Madden, Hari Balakrishnan, and Nickolai Zeldovich.
Relational Cloud: A Database-as-a-Service for the Cloud.
In Proceedings of the 5th Biennial Conference on Innovative Data Systems Research (CIDR), Pacific Grove, CA, January 2011.
Taesoo Kim, Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek.
Intrusion Recovery Using Selective Re-execution.
In Proceedings of the 9th Symposium on Operating Systems Design and Implementation (OSDI), Vancouver, Canada, October 2010.
Silas Boyd-Wickizer, Austin Clements, Yandong Mao, Aleksey Pesterev, M. Frans Kaashoek, Robert Morris, and Nickolai Zeldovich.
An Analysis of Linux Scalability to Many Cores.
In Proceedings of the 9th Symposium on Operating Systems Design and Implementation (OSDI), Vancouver, Canada, October 2010.
Taesoo Kim and Nickolai Zeldovich.
Making Linux Protection Mechanisms Egalitarian with UserFS.
In Proceedings of the 19th Usenix Security Symposium, Washington, DC, August 2010.
Silas Boyd-Wickizer and Nickolai Zeldovich.
Tolerating Malicious Device Drivers in Linux.
In Proceedings of the 2010 USENIX Annual Technical Conference, Boston, MA, June 2010.
Ramesh Chandra, Priya Gupta, and Nickolai Zeldovich.
Separating Web Applications from User Data Storage with BStore. (Best paper award.)
In Proceedings of the USENIX Conference on Web Application Development, Boston, MA, June 2010.
Arjun Roy, Stephen M. Rumble, Ryan Stutsman, Philip Levis, David Mazières, and Nickolai Zeldovich.
Energy Management in Mobile Devices with the Cinder Operating System.
Technical Report CSTR 2010-02, Department of Computer Science, Stanford University, Stanford, CA, June 2010.
Aleksey Pesterev, Nickolai Zeldovich, and Robert T. Morris.
Locating cache performance bottlenecks using data profiling.
In Proceedings of the ACM EuroSys Conference, Paris, France, April 2010.
Stephen M. Rumble, Ryan Stutsman, Philip Levis, David Mazières, and Nickolai Zeldovich.
Apprehending Joule Thieves with Cinder.
SIGCOMM Computer Communication Review, 40(1):106--111, January 2010.
Alexander Yip, Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek.
Improving Application Security with Data Flow Assertions.
In Proceedings of the 22nd ACM Symposium on Operating Systems Principles (SOSP), Big Sky, MT, October 2009.
Stephen M. Rumble, Ryan Stutsman, Philip Levis, David Mazières, and Nickolai Zeldovich.
Apprehending Joule Thieves with Cinder.
In Proceedings of the 1st ACM Workshop on Networking, Systems, and Applications on Mobile Handhelds, Barcelona, Spain, August 2009.
Jad Naous, Ryan Stutsman, David Mazières, Nick McKeown, and Nickolai Zeldovich.
Delegating Network Security Through More Information.
In Proceedings of the Workshop on Research on Enterprise Networking, Barcelona, Spain, August 2009.
Michael Dalton, Nickolai Zeldovich, and Christos Kozyrakis.
Nemesis: Preventing Authentication and Access Control Vulnerabilities in Web Applications.
In Proceedings of the 18th Usenix Security Symposium, Montreal, Canada, August 2009.
Nickolai Zeldovich, Hari Kannan, Michael Dalton, and Christos Kozyrakis.
Hardware Enforcement of Application Security Policies Using Tagged Memory.
In Proceedings of the 8th Symposium on Operating Systems Design and Implementation (OSDI), San Diego, CA, December 2008.
Nickolai Zeldovich, Silas Boyd-Wickizer, and David Mazières.
Securing Distributed Systems with Information Flow Control.
In Proceedings of the 5th Symposium on Networked Systems Design and Implementation (NSDI), San Francisco, CA, April 2008.
Nickolai Zeldovich.
Securing Untrustworthy Software Using Information Flow Control.
Ph.D. Thesis, Stanford University, Department of Computer Science, October 2007.
Nickolai Zeldovich, Silas Boyd-Wickizer, Eddie Kohler, and David Mazières.
Making Information Flow Explicit in HiStar.
In Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI), Seattle, WA, November 2006.
Ramesh Chandra, Nickolai Zeldovich, Constantine Sapuntzakis, and Monica S. Lam.
The Collective: A Cache-Based System Management Architecture.
In Proceedings of the 2nd Symposium on Networked Systems Design and Implementation (NSDI), Boston, MA, May 2005.
Nickolai Zeldovich and Ramesh Chandra.
Interactive Performance Measurement with VNCplay.
In Proceedings of the USENIX 2005 Annual Technical Conference, FREENIX track, Anaheim, CA, April 2005.
Constantine Sapuntzakis, David Brumley, Ramesh Chandra, Nickolai Zeldovich, Jim Chow, Monica S. Lam, and Mendel Rosenblum.
Virtual Appliances for Deploying and Maintaining Software.
In Proceedings of the 17th USENIX Large Installation Systems Administration Conference (LISA), San Diego, CA, October 2003.
Nickolai Zeldovich, Alexander Yip, Frank Dabek, Robert T. Morris, David Mazières, and M. Frans Kaashoek.
Multiprocessor Support for Event-Driven Programs.
In Proceedings of the USENIX 2003 Annual Technical Conference, San Antonio, TX, June 2003.
Frank Dabek, Nickolai Zeldovich, M. Frans Kaashoek, David Mazières, and Robert Morris.
Event-driven Programming for Robust Software.
In Proceedings of the 10th ACM SIGOPS European Workshop, Saint-Emilion, France, September 2002.
Nickolai Zeldovich.
Concurrency Control for Multi-Processor Event-Driven Systems.
M.Eng. Thesis, Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, June 2002.

Articles about research

CryptDB: Forbes, Slashdot.
Tamper-evident pairing (TEP): MIT news, Network world, Slashdot.
Retro: Network world.
Multi-core Linux scalability: Slashdot.
Cinder: Network world, Slashdot.
Resin: MIT news.
HiStar: Stanford School of Engineering article.

Support

My research is supported by Google, Quanta Computer, the Alfred P. Sloan Foundation, NSF, DARPA, and Northrop Grumman.

Calendar

Fall 2012:	6.858: Computer Systems Security
Spring 2012:	6.033: Computer Systems Engineering
IAP 2012:	6.470: Web programming competition (faculty sponsor)
Fall 2011:	6.858: Computer Systems Security
Spring 2011:	6.033: Computer Systems Engineering
IAP 2011:	6.470: Web programming competition (faculty sponsor)
Fall 2010:	6.858: Computer Systems Security
Spring 2010:	6.857: Computer and Network Security
IAP 2010:	Introduction to multicore research with Beehive
Fall 2009:	6.893: Computer Systems Security
Spring 2009:	6.033: Computer Systems Engineering
Fall 2008:	6.828: Operating System Engineering