My primary research interests are computer security and privacy, with a focus on browser design, web applications, and social networking sites. I am a graduate student at UC Berkeley, with David Wagner as my advisor. I can be contacted at afelt@eecs.berkeley.edu. I recently finished an internship at Google, working on Caja. My resume is posted here, although it is out of date by a few months.

I am a University of Virginia alumna, where I majored in computer science (B.S.). My advisor was David Evans. While there, I was a finalist in the national CRA Outstanding Undergraduate Awards; won the UVA SEAS Outstanding Undergraduate Award; and won the UVA CS Dept Community Service Award twice. I was also a NSF Graduate Research Fellowship finalist my senior year.

I like to travel, run, and read. I got a new camera six months ago and the excitement has not worn off yet. I'm originally from the Jersey shore. I'd write a terrible novel if I had the time. Cranberry juice and BLTs-on-everything-bagels make up 95% of my diet. Sadly, I don't like chocolate or avocados.

Mashup security issues: Web developers increasingly mix their own content with untrusted, third-party scripts. Popular examples of this are interactive maps and social networking site applications. This provides third parties with an avenue for script injection/cross-site scripting attacks. To illustrate the problem, I performed a security analysis on the Facebook Platform as a case study on mashups and their weaknesses. I am now working on the problem of securing mashups by altering browsers to provide client-side protection against script injection/cross-site scripting attacks.

• Facebook study: exploit website, white paper, featured on Digg
• A Felt, P Hooimeijer, D Evans, W Weimer, Talking to Strangers Without Taking Their Candy: Isolating Proxied Content, SocialNets '08. (pdf)

Privacy protection for social networking APIs: The Facebook Platform integrates third-party content into the site and gives third-party developers access to user data. This open interface enables popular site enhancements but also poses serious privacy risks by exposing user data to third party developers. I created a privacy-by-proxy design for a privacy-preserving API that is motivated by an analysis of the data needs and uses of Facebook applications. A limited interface that only provides access to an anonymized social graph and placeholder data is sufficient for nearly all applications. Since the platform host has control over the third party application's outpt, privacy-by-proxy can be accomplished without major changes to the platform architecture or applications by using new tags and data transformations.

• Project website with high-level results of the application surveys
• A Felt and D Evans, Privacy Protection for Social Networking APIs, to appear at W2SP '08. (pdf)
• Sample press coverage: CNET, Washington Chronicle, Associated Press

Disk-level malware detection uses the disk processor to watch I/O requests for patterns that match malicious behavior. I worked on this with Nathanael Paul, David Evans, and Sudhanva Gurumurthi. I ran polymorphic viruses and examined their file-system level actions with the goal of creating signatures that uniquely describe their behavior. I also worked on generalizing the behavior of a class of file-infecting viruses that perform similar actions. We have filed a patent application for this project.

• Project website with more information
• USENIX Security Symposium 2006: poster, abstract, WIP talk
• Undergraduate Research Symposium 2006 (describes my individual contributions): abstract, presentation

I like to travel, particularly within Latin America. In the last four years, I've been to Guatemala, the Dominican Republic, Puerto Rico, China, Bermuda, the U.K., and Costa Rica (my family is Costa Rican). Of particular interest: last spring, I traveled to a Mayan K'ich'e village outside of Quetzaltenango with a group of UVA students to help construct stoves. While we were there, we heard a speech about a current mining controversy; strict mining laws in the U.S. have pushed mining operations to other countries, and now they are facing the same conflicts previously faced by U.S. states. If you are interested, I wrote an article on the topic.

I also like to run. I ran the Wirefly National Half Marathon in D.C. last March and the VA Beach Rock 'n' Roll Half Marathon last September. I took the past few months off hard running to focus on research and visit grad schools, but now I'm trying to ease back into it. I'd like to run another half (or a full) marathon in September in San Francisco.

My political interests include feminism and environmentalism, both issues I feel very strongly about. My current life goals include learning how to grill delicious things and bettering my Spanish.