Secure Systems, Applied Cryptography and Software Supply Chain security
My current research focuses on securing the software development life-cycle. Before that, my research focused on secure password storage mechanisms and update systems. Because of this, I’m the team lead of in-toto, a framework to secure the software development life-cycle, as well as PolyPasswordHasher, a password storage mechanism that’s incredibly resilient to offline password cracking. Also, I’m a contributor for The Update Framework (TUF), which is the software update system being integrated on a variety of projects like Docker, CPAN, and others.