 Photo: Cole Geddy/UVa | More Pictures |
David Evans |
My research seeks to create systems that can be trusted even in the presence of malicious attackers and that empower individuals to control how their data is used. This involves many traditional research areas, including security, software engineering, programming languages, cryptography, and networking. I'm particularly interested in approaches that apply cryptography and diversity to provide security and privacy.
This semester I am teaching a course on Great Works in Computer Science. In Fall 2013, I am scheduled to teach Operating Systems (cs4414).
I developed two an open, on-line courses for Udacity: cs101: Building a Search Engine (which has enrolled over 200,000 students) [Prospect Magazine, Chronicle, more...] and cs387: Applied Cryptography. (These courses are both open enrollment, and anyone can join at any time for free.)
In Fall 2011, I taught cs1120: Introduction to Computing: Explorations in Language, Logic, and Machines. I am developing a new introductory computer science book for this course: http://www.computingbook.org. Other courses I have taught recently include a course on poker focusing on game theory and machine learning (Spring 2011), cs2220: Engineering Software (Fall 2010) and cs3102: Theory of Computation (Spring 2010).
I was the Founding Director of the Interdisciplinary Major in
Computer Science (BA) for students in the College of Arts and
Sciences that was approved in February 2006. I was Program Co-Chair for
the 2010 IEEE Symposium
on Security and Privacy ("Oakland"). 
I won
the Outstanding
Faculty Award (2009) from the State Council of Higher Education for
Virginia.
I joined UVA's Computer Science Department in November 1999 after completing my PhD, SM and SB degrees at MIT. I was on sabbatical for the 2008-2009 academic year. I visited UC Berkeley for the Fall semester, and Microsoft Research (Redmond) for the Spring.
My research group is funded primarily by grants from the National Science Foundation (TC: Large: Collaborative Research: Practical Secure Two-Party Computation: Techniques, Tools, and Applications), Air Force Office of Scientific Research (Defending Against Hostile Operating Systems, FA9550-09-1-0539), and a Google Research Award.
Research
|
Students
Q: How realistic is the depiction of SIS in the James Bond films?
James Bond, as Ian Fleming originally conceived him was based on
reality. But any author needs to inject a level of glamour and
excitement beyond reality in order to sell. By the time the filmmakers
focused on Bond the gap between truth and fiction had already
widened. Nevertheless, staff who join SIS can look forward to a career
that will have moments when the gap narrows just a little and the
certainty of a stimulating and rewarding career which, like Bond's, will
be in the service of their country.
Q: Why can't I download or write to you via this site?
SIS has kept this site browse only for security reasons.
From the FAQ of
the Secret Intelligence Service
All it took was for a University of Virginia student to finally outsmart
the popular SMART cards... Falling into the wrong hands, this security
loophole can be and will surely be used in high profile heists and
break-ins, seemingly straight from a James Bond movie.
Hacked
RFIDs Render Smart Cards Less Smarter, TrendLabs Malware Blog,
18 March 2008.
Except for the wire problem, the computer was a success. We could
solve this with larger wires and by growing hair to cover
our ears, a conspicuous style at the time, or persuade our
reluctant wives to "wire up". We adjourned to consider.
Edward
Thorp, on building computers with Claude Shannon
I am a little troubled about the tea service in the electronic computer
building. Apparently the members of your staff consume several times as
much supplies as the same number of people do in Fuld Hall and they have
been especially unfair in the matter of sugar.... I should like to raise
the question whether it would not be better for the computer people to
come up to Fuld Hall at the end of the day at 5 o'clock and have their
tea here under proper supervision.
Letter to John von Neumann (shown in George Dyson's talk on The birth of the computer)
|
I have the privilege of working with a team of extraordinary students, including both graduate
and undergraduate students. If you are a UVa undergraduate or graduate
student interested in joining my research group, please look over our
project pages (linked below), browse
our group blog, and send me email
to arrange a meeting or drop by my office
hours. If you are considering applying to our PhD program, please
read my advice for prospective
research students. If you think you are ready for graduate school,
you may also want to try our previous pre-qualification
exam [PDF]. Everyone is welcome at the
Security Research
Group meetings (subscribe to the mailing
list for notifications).
 UVa Students and Alumni at USENIX Security 2011 Active Projects
Secure Computation
with Yan Huang, Jonathan Katz, Michael Hicks,
Steven
Myers, and
abhi shelat (NSF Cybertrust)
We are developing tools and techniques for enabling efficient
multi-party computation while preserving data privacy using a pipelined garbled circuits framework.
GuardRails with
Jonathan Burket, Austin DeVinney, Casey Mihaloew (part of AFOSR MURI)
GuardRails is a
secure web application framework that provides rich data policies for Ruby on Rails.
Side-Channel
Analysis with Peter Chapman
We are developing a new method to find side-channel leaks in web
applications and quantify their risk using a dynamic, black-box approach.
Hardware, Languages, and
Architectures for Defense Against
Hostile Operating Systems with UC Berkeley, Harvard University,
University of Illinois, Urbana-Champaign, and Stony Brook (AFOSR MURI)
We are developing an integrated suite of techniques for protecting
applications from a hostile OS. Our work focuses on binding policies to
data that are enforced when a program executes.
Helix with
Jack Davidson, Yan
Huang, John Knight,
Anh Nguyen-Tuong, Jeff Shirley, Westley Weimer and
colleagues at UC Davis, UCSB, New
Mexico (AFOSR MURI)
Protect systems from sophisticated and motivated adversaries by
automatically and continuously changing the attack surface of a running
system.
Implementable
Privacy for RFID with Ben Calhoun, John Lach,
Karsten Nohl, and
abhi shelat
(NSF Cybertrust)
We are investigating new approaches to cryptography, protocol, and system
design to provide adequate security on low-power devices.
Recent Projects
Automatic
Identification and Protection of Security-Critical
Data with Westley Weimer (NSF CyberTrust)
Protects vulnerable programs by storing security-critical data in a
separate protected store.
Uses the disk processor to improve virus detection and response by
recognizing viruses by their disk-level activity.
Genesis
with Jack Davidson, John Knight, and Anh Nguyen-Tuong (DARPA)
Explores the potential for using automatically generated diversity at
various levels of abstraction to protect computer systems.
Inexpensive Program
Analysis (NASA, NSF CAREER)
Reducing the cost and improves the scalability of program analysis using
lightweight static analysis (Splint).
Explores a systems framework that uses structured artificial diversity
to provide high security assurances against large classes of attacks.
Perracotta with Jinlin Yang (NSF CPA)
Develops techniques for automatically inferring temporal properties of
real world software using dynamic analysis.
Physicrypt
(NSF ITR)
How computing in the physical world impacts security.
Social networking platforms integrate third-party content into the site
and give third-party developers access to user data, posing serious
privacy risks. We are developing a privacy-by-proxy
design for a privacy-preserving API.
Programming the
Swarm (NSF CAREER)
Getting sensible behavior from collections of unreliable, unorganized
components.
Recent and Upcoming ConferencesNote: I have signed the Research Without Walls pledge, and only provide volunteer reviewing and organizing efforts to open access publications (effective May 2012).
34th IEEE Symposium on Security and Privacy (Oakland 2013), Program Committee Member
21st USENIX Security Symposium (USENIX Sec 2012), Program Committee Member
33rd
IEEE Symposium on Security and Privacy (Oakland 2012), Program Committee Member
19th
Network and Distributed System Security Symposium (NDSS 2012),
Program Committee Member
20th USENIX Security Symposium (USENIX Sec 2011), Program Committee Member
32nd IEEE Symposium on Security and Privacy (Oakland 2011),
Program Committee Member
18th
Network and Distributed System Security Symposium (NDSS 2011),
Program Committee Member
31st IEEE Symposium on Security and Privacy (Oakland 2010),
Program Committee Co-Chair
17th
Network and Distributed System Security Symposium (NDSS 2010),
Program Committee Member
30th IEEE Symposium on Security and Privacy (Oakland 2009),
Program Committee Co-Chair
NSF/IARPA/NSA Workshop on the
Science of Security (Berkeley, Nov 2008), Lead Organizer
|
Death Valley
Teaching
My teaching has been supported by an NSF CCLI Award (PDF) and
University Teaching Fellowship (2001-2002, PDF).
I won the Harold Morton Jr. SEAS Award for Teaching (2003-4), an
All-University
Teaching Award (2008), and an Outstanding
Faculty Award (2009) from the State Council of Higher Education for Virginia. This essay explains my teaching
philosophy.
I am writing an introductory computing textbook based on the cs200/cs150/cs1120 course.
I am Founding Director of the Interdisciplinary Major in Computer Science.
|
Selected Courses (Full List)
cs1120: Introduction to Computing: Explorations in
Language, Logic, and Machines (Fall 2011, Fall 2009, and earlier)
Outreach Courses
Cryptography in World War II (4-class course
for Jefferson Institute for Life-Long Learning)
Dragon Crypto (2-day cryptography course for
middle school students)
|
More
My most visited page is my Advice for Prospective Research Students. I have also written some advice of giving talks, and collected my favorite advice from others.
My academic genealogy traces back to Gottfried Wilheim Leibniz.
I have taken some pictures including: Yellowstone, Glacier, Death Valley, Yosemite, Lawn Lighting, Nature near Charlottesville, China, and Bletchley Park. I also have pictures from my trips to World Cups: France 1998, Korea 2002, South Africa 2010.
Family
My wife is pursuing a PhD in Mathematics at UVa (currently on leave).
Our daughter, Dorina Michelle, was born 29 June 2012. She made her first original computer science contribution at only eight months old, discovering the non-equivalence of the Kleene-* and Kleene-X operators.
Family pages: NeuroKitchen Arts Collective (my sister's project), my brother's blog, Science Serving Society (my Dad's site, focusing on traffic safety), Art Talks (by my Mom).
