Earlence Fernandes joins the UW-Madison Department of Computer Sciences from his position as a Research Associate at the University of Washington. Fernandes works on computer security for emerging technologies such as smartphones, smart homes, and cyber-physical systems. He strives to address security issues before systems are “designed and deployed widely.” According to Fernandes, “Everyone deserves to be secure when interacting with an increasingly computerized world.”
PhD from University of Michigan in Computer Science; Research Associate at University of Washington for 2 years before coming to UW Madison.
How did you get into your field of research?
After my undergrad degree, I spent a year as a software engineer in a big company. During that time, I had a motorbike accident, and was sitting at home recuperating. Somehow, I got interested in software engineering opportunities outside India, and I randomly found this ad for a “scientific programmer” position at the Vrije Universiteit in Amsterdam, The Netherlands. This position was a bit different from the regular software engineering role because it had a sizable research component: the job was to support the coding efforts of a research group doing smartphone systems security. At the time I applied, I had zero experience in research. I thought to myself, “What could go wrong? Let’s apply, and see what happens.” So I applied, interviewed, got the job, and some months later found myself in a new country (I had never traveled outside India before), with a completely new type of job. I spent two years there doing coding, learning to write papers, and eventually heading up some of my own research projects. (I owe a debt of gratitude to Bruno Crispo and Mauro Conti who were my mentors during my time there). At some point, I came to a realization that one could have a very satisfying career in research and teaching at the university level. After that, I applied for a PhD in the US, and eventually graduated from the University of Michigan with a PhD in computer security.
Could you please describe your area of focus?
I broadly focus on computer security issues for emerging technologies, often from a systems perspective. I’ve worked on smartphones, smart homes, and more generally, cyber-physical systems. These are combinations of sensors, actuators, and digital computation that automate various physical tasks.
What main issue do you address or problem do you seek to solve in your work?
My goal is to anticipate the security issues of emerging technologies, and address them in principled ways, before these technologies become entrenched with poor security properties. If we do not address security issues at the design level before a technology becomes widespread, it becomes very hard to achieve meaningful security properties after these systems are designed and deployed widely.
What attracted you to UW-Madison?
Great faculty, students, and livability. During my interviews, UW Madison struck me as a very friendly place that genuinely cares about people. After joining, I’ve realized this is not only an impression, but it is a fact.
What was your first visit to campus like?
It was the first time I have seen a huge frozen lake. That was quite amazing. I think there were some people wind skating on the ice. It was also quite sunny in general. I came to interview, but I came a few days early because a friend of mine from Seattle was giving a talk at the Wisconsin Institute for Discovery (that is an amazing building). That gave me a little more time to see the sights.
What’s one thing you hope students who take a class with you will come away with?
Security is a systems property: One can accurately reason about security only when thinking about a system as a whole. E.g., Say I spend a lot of effort on building a super secure database system, but then a user does not configure HTTPS correctly. By failing to consider what a user does (in this case, the user is part of the system), the entire security of the system can be much weaker than the designers originally thought.
Do you feel your work relates in any way to the Wisconsin Idea?
If so, please describe how. Computer security is a fundamental requirement for all users as our world becomes more computerized. Everyone deserves to be secure online, ranging from people in Wisconsin, to the country, and to the world. My goal is to enable this.
What’s something interesting about your area of expertise you can share that will make us sound smarter at parties?
It is possible to convert a physical Stop sign into a Speed Limit sign (for computers) by throwing a bunch of stickers on the Stop sign. (This is because of a fundamental vulnerability of machine learning models called adversarial examples.)
What are you looking forward to doing or experiencing in Madison?
Various seasons. Biking the many trails. I recently experienced the Oshkosh air show; that was pretty amazing. Looking forward to it next year. I also want to explore the Door county area.
Mostly outdoor activities: hiking, biking, skiing, kayaking, canoeing, tennis.
What course(s) are you teaching this year? Anything in particular you’re looking forward to regarding teaching?
CS 839: Topics in Computer and Network Security: This is a graduate course designed to bring participants to the forefront of modern computer security research. As such, it covers a broad set of topics, ranging from classic systems, network, and usable security, to cutting edge topics such as cyber-physical systems, side channel attacks, etc. I look forward to teaching the “security mindset” to participants. This mindset is fundamental to all security research, and is very different from the “scientist/engineer” mindset that is common to other fields.
What first interested you about CS and your specific field?
I like the synergy between attacks and defenses in computer security. They feed off each other but require very different skill sets/mindsets.
Where do you see your area of CS in the future – in 5, 10, or 25 years?
Computer security is fundamental to all areas of CS. Whenever a computer system is used to impact humans, there will be security issues. My vision of security is twofold. From a teaching perspective, it will become as fundamental as things like performance and correctness. For example, we teach students today about efficient algorithms. My hope is that in 5 years (or sooner!), we will be teaching about the security properties of those algorithms at the same time. From a research perspective, I see computer security becoming an even broader field, touching every type of new computerized system we build.