This page serves as my blog. I typically write my blog posts on Medium and keep track of them here. I blog about topics related to my research, mainly security, privacy and machine learning.

I also co-author a blog on the security and privacy of machine learning with Ian Goodfellow at


[] The challenge of verification and testing of machine learning

In this post, we explore the types of guarantees one can expect a machine learning model to possess. We argue that the limitations of existing defenses point to the lack of verification of machine learning models.


[] Is attacking machine learning easier than defending it?

In this post, we’ll take adversarial examples as an illustration of why attacking machine learning seems easier than defending it. In other words, we cover in detail some of the reasons why we do not yet have completely effective defenses against adversarial examples, and we speculate about whether we can ever expect such a defense.


[] Breaking things is easy

This blog post, jointly written with Ian Goodfellow, serves to introduce our new Clever Hans blog, in which we will discuss all of the many ways an attacker can break a machine learning algorithm.


A review of “Return-Oriented Programming: Systems, Languages, and Applications.”

This post is a short review of the paper by Roemer et al. published in ACM Transactions on Information and System Security in March 2012.


Detecting phishing websites using a decision tree

In this post, I describe a simple tutorial that allows you to train a simple decision tree classifier to detect websites used for phishing.


Kerberos: An Authentication Service for Computer Networks.

This post is a short review of the Kerberos article published in IEEE Communications in 1994 by B. Clifford Neuman and Theodore Ts’o.


About Usable Security

Here are a few notes I jotted down during talks by Adrienne Porter Felt, Jon Oberheide, and Matthew Smith on the topic of usable security. These talks were part of Enigma, a conference launched this year by USENIX.


Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications

At Enigma 2016, Ron Rivest presented one of his papers that discusses the idea of providing “exceptional access” in encrypted systems to law enforcement. Rivest explained why he and his coauthors think exceptional access by law enforcement would cause great damage for society.


Internet of Things Security at Enigma 2016

Enigma is a security conference launched this year by the USENIX association. Here are a few notes I jotted down during talks by Tadayoshi Kohno and Stefan Savage covering the security of Internet of Things (IoT).


Healthcare Security at Enigma 2016

Enigma is a security conference launched this year by the USENIX association. Here are a few notes I jotted down during talks by Avi Rubin and Kevin Fu covering the question of healthcare security.


Natural Language Processing

This post provides a brief overview of Natural Language Processing. Its intent is not to exhaustively cover the field but rather to offer a collection of leads for additional reading. A key research area for human-computer interaction, Natural Language Processing is focused on the interaction between computers and natural languages spoken by humans to allow for computers to both understand and generate natural language. Natural Language Processing is increasingly related to Machine Learning as techniques are shifting from manually designing large sets of rules to inferring these rules from a large corpus of text.