Viterbi School of Engineering
University of Southern California
Los Angeles, CA 90089, USA
Office: Henry Salvatori Computer Science Building (SAL) 200
Cyber-security, Economics of Information Security and Privacy, Risk Management in Cyber-Security, Mathematical Modelling in Computer/Network Security and Reliability
Network Economics, Game Theory applied to Network Security and Privacy, Network Algorithmics and Optimization
Applied Machine Learning, Smart Grid Analytics, Security Analytics and Applications of Machine Learning in Security
Statement of Contributions to Diversity
PhD Research Spotlight: USC Graduate School writes about my research, USC News reports my research, Recently contacted by MIT Technology Review
Publications prior to joining Ph.D (UG, MS)
I am currently a research scientist at USC's Viterbi School of Engineering. I am associated with the Electrical Engineering and Computer Science departments. I graduated with a Ph.D from the Department of Computer Science at USC in Fall 2014. My thesis advisors were Professors Leana Golubchik and Konstantinos Psounis. For my PhD, I also collaborated with Professor Pan Hui of the Hong Kong University of Science and Technology. My current major research interest lies in the area of cyber-security and privacy - especially the economics, performance modeling, strategy, and data analytics aspects of it, with the end goal of being able to make cyber-security as robust as possible. I also have research interests in network economics, network privacy and its economics, applied game theory and mechanism design, and smart grid analytics. During my PhD, I was a recipient of the prestigious Provost Fellowship at USC. As a PhD student at USC, I have held visiting research positions at Princeton University and Deutsch Telekom Research Laboratories, Germany. In the past, as an undergraduate and as a masters student, I have held research positions at Massachusetts Institute of Technology, National University of Singapore, University of California, Indian Institute of Technology, Kharagpur, India, Indian Institute of Management, Calcutta, India, and Center for TeleInfrastruktur, Aalborg University, Denmark. My Erdos number is 4. In my spare time I do international travel, listen to music, watch movies, swim, and play/watch cricket and soccer. I also have a deep interest in Indian philosophy.
The Flavor of My Research
I am an applied theory guy primarily interested in the mathematical modeling and analysis of several aspects in the security and privacy of networked and distributed systems. More specifically, I like to model practical problems by accounting for the economics and psychological aspects of the problem, in addition to the technical necessities. My main goal is to reveal fundamental insights into the efficient design of secure communication systems. I like to solve problems that are challenging, interesting, and have good practical value and social impact. My Ph.D research was on investigating the important role of cyber-insurance markets in achieving a robust level of cyber-security, which is currently not present in the Internet due to several techno-social-economic constraints. Cyber-security is one of the most important and pressing issues in the current Internet age and doing research on improving cyber-security has been a great challenge for me, but at the same time gave me lot of fun. In general, my research is inter-disciplinary in nature and lies at the boundary of information security, micro-economics, game theory, algorithms, stochastic processes, social graph theory, systems optimization, and applied machine learning. As secondary Ph.D research, I also worked on practical problems related to network economics, applied game theory and mechanism design, smart grid analytics, and applications of secure multi-party computation in networking. In the near future, I plan to adopt the "theory-to-practice" approach in designing, analyzing, and building robust and efficient communication systems.
Ph.D Thesis Statement
Most defense, corporate, and civilian systems today are Internet-based. The trustworthiness of Internet-based systems heavily depends on their security characteristics. It has been forecasted by national defense experts that the next big terrorist threat is a cyber-war. Thus, strong data protection and efficient cyber risk management is the need of the hour. Despite the increasing amount of research in strengthening security solutions, and large body of products being designed to increase security, e.g.,anti-virus software, anti-spam software, and firewalls, such self-protection tools can at best reduce the risk of end-users but cannot eliminate it. One of my main reasons for this is the effect of misaligned incentives between security product vendors, network users, and regulatory agencies. To this end, in this thesis I propose to address residual risk elimination through cyber-insurance - simply put, I consider solutions where risk is transferred to another entity (i.e., insurance company) in return for a fee (i.e.,the insurance premium). Cyber-insurance is a promising, potentially multi-billion dollar industry that can help secure the cyber-space, with profound benefits to individuals, corporations, security product vendors, and the government. I am not the first to argue in favor of cyber-insurance. Economists have attempted to extend conventional insurance models into the cyber-insurance context, and, quite recently, a few researchers from the broader networking and performance analysis communities have attempted to shed some light on the issues associated with cyber-insurance. However, despite this body of work, cyber-insurance has not yet become a reality due to a number of unresolved research challenges as well as practical considerations. A number of these challenges are rooted in some fundamental differences between cyber-insurance and other forms of insurance. Most notably, the networked environment over which cyber-insurance operates implies that the usual assumptions of independent security and non-correlated risk among end-users cannot be made. Moreover, information asymmetries between insured and insurers are particularly pronounced, making the modelling of such entities quite complex. My goal in this thesis has been to focus on those aspects of the problem that are particular to cyber-insurance (in contrast to other forms of insurance), with the end goal of moving towards the realization of efficient cyber-insurance markets that benefit cyber-users, security product vendors, cyber-insurers, regulatory agencies, and the network as a whole.
Tools used in my thesis: Microeconomics, Algorithms, Game Theory, Probability Theory and Stochastic Processes, Mathematical Optimization, Social Graph Theory
My PhD Thesis
My PhD Defense Talk
Publications in Ph.D (On Main Thesis)
My publications here cover "cyber-insurance" and its impact on improving cyber-security. In my thesis, I have solved a hard and challenging problem by first splitting it up into fundamental sub-problems, and in the end combined the solutions and insights gained from those subproblems to weave a complete story. My publication list reflects the solutions to the sub-problems as well as the combined story. I have been the first author in all of the papers.
Publications in Ph.D (Other Topics)
My publications here cover topics that I got associated with during course projects at USC, and my summer visits at Princeton University, Aalborg University, and Deutsch Telekom Research Laboratories. I have been the first author in all of the papers, except two.
Selected Graduate Coursework
Design and Analysis of Algorithms
Probability Theory and Stochastic Processes
Mathematical Optimization (primarily convex optimization, slight emphasis on vector space optimization)
Network Economics and Network Game Theory
Performance Analysis of Systems
Computer Networks (The Internet, wireless networks, and distributed systems)
Statistical Machine Learning and Graphical Models
1. (Graduate) Analysis of Algorithms: Teaching Assistant, (Fa '13, 'Sp'13, Fa'12, Sp'12, Fa'11, Fa'10), USC Exceptional TA citation from the USC Computer Science Department, 2012-2013
2. Unix and C Programming (Undergraduate Level): Teaching Assistant, Sp'06, UC Davis
3. Research Seminar: Teaching Assistant, Sp'14, USC
4. Fundamentals of Database Systems (Undergraduate Level): Teaching Assistant, Sp'14, USC
1. Improving Network Security Through Insurance: A Tale of Insurance markets - A Tale of Insurance Markets: IBM Research Labs, India and USA, March 2014.
2. On Security Monitoring in Software-Defined Networks - A Game-Theoretic Perspective : T-Labs, USA, March 2013.
3. On Improving Cyber-Security Through Insurance - A Tale of Insurance Markets: Symantec Research Labs, USA, December 2012.
4. Real-Time Pricing in Power Grids: Ecole Polytechnique Federal De Lausanne (EPFL), June 2011
5. An Insurance Approach to Internet Risk Management , Technical University of Lisbon, December 2009.
6. An Insurance Approach to Internet Risk Management , Nokia-Siemens Networks, Portugal, December 2009
I love to travel. Life is boring without it!!!. I consider myself immensely lucky to have travelled to various parts of the world for both, academic as well as for holidaying purposes, at a young age. I generally make short yearly trips with friends, and really enjoy and relish the culture, food, nature, and monumental architecture in all the countries I visit. Listed below are the countries I have visited (airports not included :) ).
Asia: Singapore, Japan, Hong Kong, Thailand, Malaysia
North America: USA, Canada
Europe: Germany, Austria, Czech Republic, France, Russia, Switzerland, Italy, Vatican City, Holland, Belgium, Denmark, England, Sweden, Finland, Norway, Spain, and Portugal