Anasthasia Shilov, Illustrations Editor

Anurag Khandelwal, assistant professor of computer science, won a Distinguished Paper Award at the 29th USENIX Security Symposium for his paper on a new cybersecurity system this fall.

The annual USENIX Security Symposium, which Computer Science Department Chair Zhong Shao called “one of the most prestigious computer science conferences,” brings together researchers and practitioners from within the security field. Each year, hundreds of researchers submit their papers to USENIX in hopes of winning an award and sharing their work with a large audience. Khandelwal’s paper — which he worked on with associates from Cornell University, Cornell Tech and University of California, Berkeley — reported on the security system they developed called Pancake.

“The department is really thrilled that Anurag has won this distinguished paper award during his first year at Yale,” Shao wrote in an email to the News. “There are many faculty members and students at Yale who are really interested in the data security and privacy problem. Anurag is a top researcher and a real system builder in this field. We all look forward to seeing many more exciting results from him in the coming years.”

Khandelwal’s paper was one of 11 papers to earn a Distinguished Paper Award at the 2020 conference. In total, there were 977 submissions, and 157 were accepted.

Pancake prevents “malicious” cloud administrators from accessing potentially sensitive information from certain server records. Although data being stored in the cloud may be encrypted, sensitive information can still be discovered by simply analyzing the data’s access patterns. To explain this concept, Khandelwal used the example of medical diagnoses. Even if hospital records are encrypted, he says one can deduce their contents if one knows the commonality of different diseases.

“The tricky bit is just by looking at how frequently a particular record is being accessed and having some prior knowledge … for instance if I knew the fact that diabetes is three times as common as cancer … I can actually perform a pretty good guess of what the data item actually contains and what disease the patient might have,” Khandelwal said.

This security problem was previously solved by oblivious random access memory, which  generates false data, or accesses, whenever an adversary tries to access the actual records in an attempt to confuse them. However, these extra data lead to greater bandwidth overhead, which adds unnecessary computing time.

Khandelwal took a different, high-level approach to the problem: a technique called frequency smoothing. When the extra accesses are added, it is done in a way that the distribution of data appears flat and uniform across all records — hence the name Pancake.

“When [the adversary] was observing the accesses, it would have thought that … this record is receiving three times as many accesses as the other one, so this record probably corresponds to diabetes,” Khandelwal explained. “But now, if the distribution is flat, then every item receives the same number of accesses, so it can’t tell which one is which anymore.”

Computer science professor Lin Zhong said that Khandelwal, who joined the department just last January, has already brought to the department expertise regarding the cloud — a term for data centers available to users on the Internet. Zhong specifically mentioned Khandelwal’s knowledge of data servers, cloud computing and serverless functions.

“Anurag has been a pioneer in looking to do some of these functions,” Zhong said.

Khandelwal will continue to work on Pancake to make the system even more secure. More specifically, he said that while Pancake is able to hide individual items from being accessed, correlations between multiple accesses — like whether one item is consistently being used after another — are still visible to attackers, so Khandelwal is exploring how to hide that information. He is also looking at how to make the system scalable, so that it will still function properly when more servers are added.

Currently, Khandelwal is teaching a graduate computer science course on trends in cloud-based systems, advising students and working on research projects with collaborators like Shao, Zhong and associate professor of computer science Abhishek Bhattacharjee. One current project involves resource disaggregation, which separates resources across a network in order to increase resource efficiency.

The 2020 USENIX Security Symposium was held virtually from Aug. 12 to 14.

Adam Levine | a.levine@yale.edu