Education |
| Doctor of Philosophy, Computer Science |
2018 – 2023 |
| The Johns Hopkins University, Baltimore, MD |
| » Dissertation: "Security and Privacy for the Modern World" |
|
| » Advised by Prof. Avi Rubin |
|
| » Lab Manager for Prof. Rubin's IoT Security Lab |
|
| » Member of the SPAR and ARC research groups |
|
| |
|
| Master of Science in Engineering, Computer Science |
2018 – 2020 |
| The Johns Hopkins University, Baltimore, MD |
| |
|
| Bachelor of Science |
2015 – 2018 |
| The Johns Hopkins University, Baltimore, MD |
| » 3.84 GPA; Dean's List (all semesters); graduated with general honors |
|
| » Double major in computer science (with honors) and applied mathematics & statistics |
|
| » Minor in entrepreneurship and management |
|
Academic Appointments |
|
| Assistant Professor |
Fall 2023 – Present |
| The City College of the City University of New York, New York, NY |
|
| » Affiliated with the Department of Electrical Engineering at the Grove School of Engineering. |
|
| |
|
| Visiting Scholar |
Summer 2022 |
| HealthX Lab, Dartmouth College, Hanover, NH |
|
| » Performed software security research under Profs. David Kotz and Timothy Pierson. |
|
| » Investigated program analysis techniques suitable for detecting implicit leaks of information through audit logs. |
|
| » Connected research to ongoing projects in SPLICE, an NSF Frontiers cross-institutional center studying IoT security and privacy. |
|
| |
|
| Visiting Researcher |
Summer 2019 |
| Illinois Security Lab, University of Illinois at Urbana-Champaign, Urbana, IL |
|
| » Performed systems security research under Profs. Carl Gunter and Christopher Fletcher. |
|
| » Completed DOVE, a work on data oblivious computation for scientific programs using Intel SGX. |
|
| » Presented preliminary results to side channel experts in both industry and academia. |
|
| » Distilled findings into a full-length manuscript, published at NDSS '21. |
|
| |
|
| Undergraduate Research Assistant |
2016 – 2018 |
| Johns Hopkins Health & Medical Security Lab, Baltimore, MD |
|
| » Investigated possible security and privacy vulnerabilities and defenses in embedded devices. |
|
| » Explored feasibility of tracking individuals using easily-obtainable smartphone sensor data. |
|
| » Created an Android application to collect data from sensors for analysis of privacy violations. |
|
| » Adapted distributed computing infrastructure to Internet-of-Things devices to find potential targets. |
|
| |
|
| Undergraduate Research Assistant |
2017 – 2018 |
| Johns Hopkins Information Security Institute, Baltimore, MD |
|
| » Generated conformance test sequences for the Signal secure messaging service. |
|
| » Examined the cryptographic protocol underlying Signal to generate a finite state machine model of its states. |
|
| » Engineered software to act as a test harness for these implementations and run the tests generated by the model. |
|
Industry Experience |
|
| Research Scientist |
2017 – 2023 |
| Harbor Labs, Pikesville, MD |
|
| » Led teams in the threat modeling, risk assessment, and penetration testing of medical devices in line with FDA regulatory guidance. |
|
| » Designed aspects of the security architecture for a major financial institution as a part of a company contract. |
|
| » Conducted site visits for security audits and prepared documentation outlining recommendations. |
|
| » Implemented an OpenSSL-based C API for end-to-end encryption between home dialysis machines and providers. |
|
| |
|
| Development Team Member |
2016 – 2017 |
| Intelehealth, Baltimore, MD |
|
| » Constructed a full telemedicine platform with a team of graduate students for rural health clinics. |
|
| » Delivered an Android application to help health assistants take patient symptom information and send it to physicians. |
|
| » Optimized code to fit the low-bandwidth environment found in rural clinics. |
|
| » Modified API functionality in the OpenMRS database system. |
|
| |
|
| Mobile Development Summer Intern |
Summer 2016 |
| GreenWave Health Technologies, Glendale, CA |
|
| » Developed Android and iOS applications to allow for electronic medical record access on mobile devices. |
|
| » Linked the mobile applications with a NextGen SQL database via a Flask Python API. |
|
| » Ensured delivery of the products on time by collaborating with teams in both the United States and India. |
|
Publications |
|
| Tushar Jois, Gabrielle Beck, Sofia Belikovetsky, Joseph Carrigan, Alishah Chator, Logan Kostick, Max Zinkus, Gabriel Kaptchuk, Avi Rubin. SocIoTy: Practical Cryptography in Smart Home Contexts. Appears in the proceedings of the Privacy Enhancing Technologies Symposium 2024 (PETS '24), issue 1, pages 447–464. |
|
| |
|
| Tushar Jois, Tina Pavlovich, Brigid McCarron, David Kotz, Tim Pierson. Smart Use of Smart Devices in Your Home: A Smart-Home Security and Privacy Workshop for the General Public. To appear in the proceedings of the 55th ACM Technical Symposium on Computer Science Education (SIGCSE '24). |
|
| |
|
| Jonathan Prokos, Neil Fendley, Matthew Green, Roei Schuster, Eran Tromer, Tushar Jois, Yinzhi Cao. Squint Hard Enough: Evaluating Perceptual Hashing with Machine Learning. Appears in the proceedings of the USENIX Security Symposium 2023 (USENIX '23). |
|
| |
|
| Mounib Khanafer, Tushar Jois. Towards Application-Driven IoT Education. Appear in the proceedings of the 2023 IEEE Global Engineering Education Conference (EDUCON '23). |
|
| |
|
| Max Zinkus, Tushar Jois, Matthew Green. SoK: Cryptographic Confidentiality of Data on Mobile Devices. Appears in the proceedings of the Privacy Enhancing Technologies Symposium 2022 (PETS '22), issue 1, pages 586–607. |
|
| |
|
| Gabriel Kaptchuk, Tushar Jois, Matthew Green, Avi Rubin. Meteor: Cryptographically Secure Steganography for Realistic Distributions. Appears in the proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS '21), pages 1529–1548. Also presented at the Real World Cryptography Symposium 2022 (RWC '22) as "Commit Acts of Steganography — Before It's Too Late". |
|
| |
|
| Tushar Jois, Hyun Bin Lee, Christopher Fletcher, Carl Gunter. On Building the Data-Oblivious Virtual Environment. Appears in the proceedings of the Learning from Authoritative Security Experiment Results Workshop 2021 (LASER '21), 15 pages. Co-located with NDSS '21. |
|
| |
|
| Hyun Bin Lee, Tushar Jois, Christopher Fletcher, Carl Gunter. DOVE: A Data-Oblivious Virtual Environment. Appears in the proceedings of the Network and Distributed System Security Symposium 2021 (NDSS '21), 17 pages. |
|
Manuscripts |
|
| Hyun Bin Lee, Tushar Jois, Christopher Fletcher, Carl Gunter. Termite Attacks: Gnawing on Logs to Extract Secret Information. Currently in submission. |
|
| |
|
| Tushar Jois, Claudia Moncaliano, Avi Rubin. WiP: WDPKR: Wireless Data Profiling Kit and Reconnaissance. Appears in a special works-in-progress session of the Symposium on the Science of Security 2021 (HoTSoS '21), 7 pages. |
|
| |
|
| Max Zinkus, Tushar Jois, Matthew Green. Data Security on Mobile Devices. Available on arXiv, 118 pages. |
|
Presentations |
|
| David Inyangson, Sarah Radway, Tushar Jois, Nelly Fazio. Amigo: Anonymous Mesh Messaging in Groups. Poster presented at the 2023 AFRL-CUNY Technology and Workforce Development Forum, New York, NY: November 9, 2023. |
|
| |
|
| Tushar Jois. CUNY Research in Cybersecurity. Talk at the 2023 AFRL-CUNY Technology and Workforce Development Forum, New York, NY: November 9, 2023. |
|
| |
|
| Tushar Jois. Adding Security & Privacy Guarantees to Everyday Systems. Invited talk at the Tufts University Department of Computer Science, Medford, MA: October 17, 2023. |
|
| |
|
| Tushar Jois. WDPKR: Wireless Data Profiling Kit and Reconnaissance. Talk at a special works-in-progress session of the Symposium on the Science of Security 2021 (HoTSoS '21), Virtual: April 14, 2021. |
|
| |
|
| Tushar Jois. On Building the Data-Oblivious Virtual Environment. Talk at the Learning from Authoritative Security Experiment Results Workshop 2021 (LASER '21), Virtual: February 25, 2021. Co-located with NDSS '21. |
|
| |
|
| Tushar Jois. Strength in Numbers: Leveraging IoT devices in groups. Talk in the Security and Privacy in the Lifecycle of IoT for Consumer Environments (SPLICE) student webinar series, Virtual: February 16, 2021. |
|
| |
|
| Tushar Jois. WDPKR: A Wireless Data Processing Kit for Reconnaissance. Talk in the Trustworthy Health and Wellness (THaW) webinar series, Virtual: May 31, 2019. |
|
| |
|
| Tushar Jois, Claudia Moncaliano, Avi Rubin. WDPKR: A Wireless Data Processing Kit for Reconnaissance. Poster presented at 2019 Workshop on Assured Autonomy (WAA '19). Johns Hopkins Institute for Assured Autonomy, Laurel, MD: April 29, 2019. |
|
Teaching |
|
| Secure Systems Engineering |
Spring 2024 |
| » Teaching a graduate-level course on security and privacy for 21 students. |
|
| » Developed a new course to meet the needs of the growing Cybersecurity Master's Program at City College. |
|
| » Applied hands-on learning to create activities that connect lecture content to real-world security engineering problems. |
|
| |
|
| Probability and Statistics for Electrical Engineers |
Fall 2023 |
| » Taught an undergraduate-level course on probability and statistics for 25 students. |
|
| » Augmented existing curriculum by including lectures on the R programming language, an important tool for statistical computing. |
|
| |
|
| Security & Privacy in Computing |
Fall 2022 |
| » Taught a graduate-level course on security and privacy for 40 students. |
|
| » Developed updated curriculum that connects lecture material with interactive sessions built around the SEED Security Labs. |
|
| » Ran a capture-the-flag group project that has students create intentionally vulnerable code, and other students attempt to exploit and defend against it. |
|
| » Received an average Course Quality rating of 4.8/5 and average Instructor Effectiveness rating of 4.8/5 from students. |
|
| |
|
| Computer Networks (Co-Instructor) |
Spring 2022 |
| » Co-taught an upper undergraduate/early graduate-level computer networking course, alongside Prof. Avi Rubin, for 113 students. |
|
| » Lectured on routing protocols, wired and wireless link layers, and assorted special topics in computer networking. |
|
| » Adopted equitable grading practices, separating formative assignments from summative assessments. |
|
| » Received an average Course Quality rating of 4.2/5 and average Instructor Effectiveness rating of 4.3/5 from students. |
|
| |
|
| HEART: Computer Security and Privacy for the Modern World |
Fall 2021 |
| » Designed and taught a seminar class on selected topics in security and privacy for 22 first-year undergraduate students. |
|
| » Supplemented lectures with interactive experiences to excite students about research in the field. |
|
| » Explored novel attacks and defenses from the literature, guided students through tools such as Tor and Signal, and facilitated discussions on the social implications of technology and privacy. |
|
| » Received an average Course Quality rating of 4.5/5 from students (school average: 4.2, department average: 4.2). |
|
| » Received an average Instructor Effectiveness rating of 4.6/5 from students (school average: 4.2, department average: 4.3). |
|
| |
|
| Security and Privacy in Computing (Head Teaching Assistant) |
Fall 2020 |
| » Conducted a weekly discussion section for 18 undergraduate students; other section (of graduate students) conducted by Max Zinkus. |
|
| » Developed hands-on learning activities to engage students during distance learning due to COVID-19. |
|
| » Created tutorials on key security tools, facilitated debates on hot topics in security and privacy, and taught guest lectures to supplement course material. |
|
| » Received a 4.8/5 Teaching Assistant Effectiveness rating from section students (school average: 4.3, department average: 4.2). |
|
| |
|
| Bootcamp: Java |
Spring 2020 |
| » Taught one section (4 students) of a 1 credit, online course designed to introduce students of other programming languages to Java. |
|
| |
|
| Security and Privacy in Computing (Head Teaching Assistant) |
Fall 2019 |
| » Co-head TA with Max Zinkus. |
|
| |
|
| Security and Privacy in Computing (Head Teaching Assistant) |
Fall 2018 |
| » Designed course materials and assignments around the SEED Labs for a graduate-level security course. |
|
| » Taught two guest lectures, one on race conditions and the Dirty CoW vulnerability, and one on TLS. |
|
| |
|
| Cryptography and Coding (Head Course Assistant) |
Spring 2018 |
| » Conducted discussion sections once a week to review homework, lecture material, and the exams. |
|
| » Graded homework, which consisted of written proofs and MATLAB coding assignments. |
|
| |
|
| Data Structures (Course Assistant) |
Fall 2017, Spring 2017 |
| » Graded homework, which consisted of Java coding assignments, and held office hours to assist students on the material. |
|
Academic Service |
|
| Program Committee Member |
|
| » IEEE Symposium on Security and Privacy 2024 (Oakland '24), committee chairs Patrick Traynor and William Enck. |
|
| » IEEE Symposium on Security and Privacy 2023 (Oakland '23), committee chairs Thomas Ristenpart and Patrick Traynor. |
|
| |
|
| Artifact Committee Member |
|
| » Privacy Enhancing Technologies Symposium 2023 (PETS '23), committee chairs Bailey Kacsmar and Pasin Manurangsi. |
|
| |
|
| Special Session Organizer |
|
| » Internet of Things Education for Engineering Practitioners (IoTEd '23) at the IEEE Global Engineering Education Conference 2023 (EDUCON '23). |
|
| |
|
| External Reviewer |
|
| USENIX Security 2022, USENIX Security 2021, ACM CCS 2019, USENIX Security 2019 |
|
| |
|
| Panel Organizer & Moderator |
|
| » "How Scientists Broaden Impact". Panel sponsored by the Security and Privacy in the Lifecycle of IoT for Consumer Environments (SPLICE) research group, Virtual: April 14, 2023. |
|
| |
|
| Curriculum Committee Member |
2020 – 2023 |
| Department of Computer Science, Johns Hopkins University, Baltimore, MD |
|
| » Only student representative on the department curriculum committee. |
|
| |
|
| Upsilon Pi Epsilon Chapter President |
2018 – 2022 |
| Department of Computer Science, Johns Hopkins University, Baltimore, MD |
|
| » Led the local chapter of UPE, the computer science honor society. |
|
| » Engaged with new members and held events to promote the computer science community on campus. |
|
Personal Development |
|
| Johns Hopkins University SafeZone Member |
March 2020 |
| » Participated in training to become a better ally to the LGBTQ community. |
|
Recognition |
|
| 2021 Professor Joel Dean Excellence in Teaching Award |
May 2021 |
| » Recognized for "an intense devotion to teaching and a talent for making computer science more understandable". |
|
| |
|
| 2018 Upsilon Pi Epsilon Academic Achievement Award |
September 2018 |
| » Awarded scholarship from UPE Executive Council based on academic and extracurricular record. |
|
| |
|
| 2016 Johns Hopkins Undergraduate Case Competition Runner-Up |
March 2016 |
| » Drafted a business plan for "AJE," a fictitious website devoted to finding government employment. |
|
| » Applied graphic design and speaking skills to create an effective business presentation. |
|
| |
|
| HopHacks Spring 2016 Finalist |
February 2016 |
| » Built 2am, an Android application that uses coordination testing to combat drunk driving. |
|
| » Utilized gyroscopic data and calculation to test how impaired or intoxicated a user is. |
|