BABAK SALAMAT

Summary

• Over 15 years of experience with in-depth knowledge of system software, software security, and compilers.

Work and Research Experience

• Google, Staff Software Engineer and Manager, November 2014 - Present
• Works in Google Andvanced Technologies and Projects (ATAP).
• Before ATAP, led development of Kubernetes Scheduler and Borg.
• Cisco, Technical Lead, July 2012 - October 2014
• Worked on security and infrastructure of Cisco InterCloud Fabric. Cisco InterCloud Fabric is a hybrid cloud solution that enables enterprise customers to move their workloads seamlessly to public clouds.
• Virtuata (Acquired by Cisco), Research Lead and JIT Security Architect, September 2011 - July 2012
  • Invented and implemented a hypervisor-level mechanism to mitigate JIT spraying attacks. The mechanism rewrites JITed code pages without any modifications to the JIT compiler and has been successfully tested with Firefox JavaScript, Adobe Flash, and Oracle Java Hotspot JIT compilers. (Patent Pending)
• Qualcomm (Bay Area R&D), Staff System Software Engineer, March 2010 - September 2011
  • Built a JavaScript compiler and DOM binding layer of a web browser prototype for smart phones with the aim of improving power consumption and performance.
  • Led a security project to detect malware on smart phones using behavioral analysis. The prototype detected malware with +95% accuracy.
  (Two pending patents)
• Yahoo! Search, Senior System Software Engineer, August 2009 - February 2010
  • Improved performance of the searcher nodes' start-up by more than a factor of two using caching and parallelization techniques.
  • Developed an adaptive optimization technique to significantly reduce network bandwidth usage of the search engine back-end.
  • Profiled and analyzed the real-time search engine for performance improvement purposes.
  • Managed release and deployment of a new version of the search engine.
• UC Irvine, PhD Student Researcher, September 2005 - July 2009
  • Developed a Multi-Variant Execution Environment that runs multiple variants of a single application, synchronizes and monitors them at the granularity of system-calls to prevent exploitation of vulnerabilities. (Patent issued)
  • Modified GCC and also LLVM-GCC to generate executables which write stack in the reverse direction. These executables are used as variants in the multi-variant execution environment to prevent exploitation of buffer overflow vulnerabilities.
  • Introduced fast address generation and way caching to reduce dynamic and static energy consumption of L1 data cache.
  • Developed a simulator and evaluated fast address generation and L0 data cache to reduce memory access latency.
  • Developed the middle- and back-end for an optimizing compiler prototype.
• Fara Rayaneh, Director of the Software Department and Lead Programmer, February 2001 - August 2004
  • Developed a very successful user management and accounting software package with unique features for ISPs and VoIP service providers. More information can be found at: www.easyisp.info/english
• Fara Rayaneh, Director of the Network Department, May 1999 - February 2001
  • Expanded the internet service capacity of the company to 20 times of its starting point.
• Co-founded Fara Rayaneh, which later acquired Morva Net, and became one of the largest Iranian Internet Service Providers, Tehran/Iran, May 1999

Education

• PhD in Computer Science, System Software
  
  University of California, Irvine, CA

  Sep. 2005 - Jul. 2009
  
  Dissertation: "Multi-Variant Execution: Run-Time Defense against Malicious Code Injection Attacks"
• MSc in Computer Architecture
  
  Sharif University of Technology, Tehran, Iran

  Sep. 1998 - Jan. 2001
  
  Dissertation: "Data Consistency Controller for Distributed Shared Memory"
• BSc in Computer Engineering
  
  Sharif University of Technology, Tehran, Iran

  Sep. 1994 - Sep. 1998
  
  Final project: "Design and implementation of an ALU for a Digital Signal Processor (DSP) on FPGA"

Patents

• Multi-variant parallel program execution to detect malicious code injection, US Patent 8239836, 2012
• Mitigating just-in-time spraying attacks in a network environment, US Patent 9015834, 2015
• Computing device to detect malware, US Patent 9832211, 2017
• Method and apparatus for optimized execution using resource utilization maps, US Patent 9804893, 2017

Publications

• Book Chapter: "Compiler-Generated Software Diversity,"
  T. Jackson, B. Salamat, A. Homescu, K. Manivannan, G. Wagner, A. Gal, S. Brunthaler, Ch. Wimmer, and M. Franz; In
  "Moving Target Defense: Creating Asymmetric Uncertainty for Cyber Threats,"
  S. Jajodia, A.K. Ghosh, V. Swarup, C. Wang, and X.S. Wang (Editors), Springer, ISBN-10: 1461409764 | ISBN-13: 978-1461409762, August 2011
• "Run-Time Defense against Code Injection Attacks using Replicated Execution,"
  Babak Salamat, Todd Jackson, Gregor Wagner, Christian Wimmer, Michael Franz.
  IEEE Transactions on Dependable and Secure Computing, Volume 8, No. 4, IEEE Computer Society, July 2011.
• "On the Effectiveness of Multi-Variant Program Execution for Vulnerability Detection and Prevention,"
  Todd Jackson, Babak Salamat, Gregor Wagner, Christian Wimmer, and Michael Franz. International Workshop on Security Measurements and Metrics (MetriSec 2010), September 2010
• "Power-Aware Scoreboard Alternatives for Multimedia Processors,"
  Amirali Baniasadi, Babak Salamat, and Kaveh Jokar Deris. Elsevier Journal of Microprocessors and Microsystems (MICPRO), Volume 33, June 2009
• "Orchestra: Intrusion Detection Using Parallel Execution and Monitoring of Program Variants in User-Space,"
  Babak Salamat, Todd Jackson, Andreas Gal, and Michael Franz. Proceedings of the European Conference in Computer Systems (EuroSys'09), March 2009
• "Reverse Stack Execution in a Multi-Variant Execution Environment,"
  Babak Salamat, Andreas Gal, and Michael Franz. The 2008 Workshop on Compiler and Architectural Techniques for Application Reliability and Security (CATARS'08) in conjunction with DSN 2008, June 2008
• "Multi-Variant Program Execution: Using Multi-Core Systems to Defuse Buffer-Overflow Vulnerabilities,"
  Babak Salamat, Andreas Gal, Todd Jackson, Karthikeyan Manivannan, Gregor Wagner, and Michael Franz. Proceedings of the International Conference on Complex, Intelligent and Software Intensive Systems (CISIS'08), March 2008
• "Stopping Buffer Overflow Attacks at Run-Time: Simultaneous Multi- Variant Program Execution on a Multicore Processor,"
  Babak Salamat, Andreas Gal, Todd Jackson, Karthik Manivannan, Gregor Wagner, Michael Franz. Technical Report No. 07-13, School of Information and Computer Sciences, University of California, Irvine, December 2007
• "Reverse Stack Execution,"
  Babak Salamat, Andreas Gal, Alexander Yermolovich, Karthik Manivannan and Michael Franz. Technical Report No. 07-07, School of Information and Computer Sciences, University of California, Irvine, August 2007
• "Fast Speculative Address Generation and Way Caching for Reducing L1 Data Cache Energy,"
  Dan Nicolaescu, Babak Salamat, Alexander Veidenbaum and Mateo Valero. Proceedings of 24th IEEE International Conference on Computer Design (ICCD'06), October 2006
• "Area-Aware Optimizations for Resource Constrained Branch Predictors Exploited in Embedded Processors,"
  Babak Salamat, Amirali Baniasadi and Kaveh Jokar Deris. Proceedings of the International Conference on Embedded Computer Systems: Architectures, MOdeling, and Simulation (IC-SAMOS), July 2006
• "Power-Aware Scoreboard for Multimedia Processors,"
  Amirali Baniasadi and Babak Salamat. 7th workshop on Media and Streaming Processors (MSP-7) held in conjunction with MICRO-38, November 2005
• "Area-Aware Pipeline Gating for Embedded Processors,"
  Babak Salamat and Amirali Baniasadi. International Workshop on Power and Timing Modeling, Optimization and Simulation (PATMOS'05), SEP 2005
• "Design and implementation of a system for microprocessor laboratory,"
  Ghassem Miremadi, Babak Salamat and Amin Firoozshahian. Proc. of Sharif Univ. of Tech., 1998-1999