Adam
Hastings

I am a recently-defended Ph.D. graduate from the Department of Computer Science at Columbia University, where I had the incredible fortune of being advised by Prof. Simha Sethumadhavan. My research is focused on taking a technology-first approach towards identifying, measuring, and distributing the costs of computer security. I use a big-picture definition of "costs" but am particularly interested in the systems-level tradeoffs between security and performance.

Some of the work I've done towards this end:

Can we utilize computer architecture and systems design to lower the performance costs of security operations? I designed novel L1/L2 cache protocols to leverage in-line cache compression for reducing program checkpoint + recovery times. I also leveraged system checkpointing for crafting dynamic runtime security seccomp filters on Linux systems.

Why are the same few vulnerabilities (like buffer overflows) exploited year-after-year when we have the technical means to solve them? I have been advocating for viewing security as sociotechnical problem to illustrate why technical security failures persist, and developed a framework for identifying where and how to distribute the "shared burden" of security.

What is the opportunity cost of exchanging performance for security? I built software to experimentally quantify the dollar value of device performance.

How can we make security cheap and available for everyone? I researched auth protocols (FIDO2/U2F) to determine the feasibility of building open source hardware authenticator devices.

Can we leverage computer architecture and systems design to avoid "security theater" regulations? I demonstrated the feasibility of using neural networks to estimate the in situ performance overhead of security. Using this primitive, I designed a regulatory system that provisions a system-level security "budget" and incentivizes the efficient use of security resources (like CPU cycles or power).

How do we know which cybersecurity policies are worth pursuing? My most recent work uses a large-scale economic model of cybersecurity using game theory and multi-agent simulation to allow for a quantitative experiment-based approach towards crafting cyber policy. You can try out a demo of this work here. This work will appear at Usenix Security Symposium '25.

I am currently on the job market! Please see my CV and reach out if you'd like to chat.

Email: [email protected]