Vasudevan Nagendra

PhD Candidate
Department of Computer Science,
Stony Brook University, NY - 11790
E-Mail: vnagendra (at) cs (dot) stonybrook (dot) edu

I am on job market actively exploring opportunities with early stage starups and research labs.

About Me

I am broadly interested in solving complex networking, security and verification problems, with key focus on building next generation high performance security systems. Recently, I am building security systems that uses ML and signature-based techniques for detecting the bugs to proactively protect the networks from vulnerabilities. I have around 10 years of industry experience in design, development and delivery of network security & virtualization products.

I am advised by Prof. Samir Das, co-advised by Prof. Anshul Gandhi. Along my PhD journey, I am very fortunate and thankful to work with excellent researchers, who created lasting impression on me.

Ongoing Projects

CIVR: Causal Inference and ML to bridge the security gap in the IoT network Infrastructures
CIVR, causal inference, counter-factuals and verification engine for automatically build causal graphs by verifying the security, safety and sanity of IoT ecosystem answering the What-If, Why and How queries about the IoT infrastructure, which are rather difficult to be answered only with the traffic traces and data available from the IoT ecosystem.
Collaborators: Dr. Gabriela Ciocarlie (SRI International), Samir R. Das (Stony Brook University)

Maverick: Structural Deviations to detect Control and Data plane bugs (Network Verification using Statistical and ML-based techniques)
Maverick, automatically detects bugs in the network configurations and infers the signatures or from the network configurations i.e., without much human intervention. Maverick achieves this by effectively leveraging the structural deviation (i.e., outliers) in the network configurations (e.g., ACLs, route-maps, route-policies and so on) for automatically building signatures to detect the network configuration bugs. The bugs that are calculated using signature-based outlier detection are further characterized for its severity and ranked for re-prioritizing them according to their criticality. Maverick allows such signatures to be generalized for proposing it to the other organization or network community.
Collaborators: Ratul Mahajan (Intentionet, UW) , Samir R. Das (Stony Brook University)

Research Projects

VISCR: Securing Dynamic consumer IoT infrastructures through Vendor-Independent, Intuitive and Conflict-free Automation Specification.
VISCR, converts the topology of the IoT infrastructure into a tree-based abstraction and translates existing policies from heterogeneous vendor-specific programming languages such as Groovy-based SmartThings, OpenHAB, IFTTT-based templates, and MUD-based profiles into a vendor-independent graph-based specification. Using the two, VISCR can automatically detect rouge policies, conflicts, and bugs for coherent automation. Upon detection, VISCR infers new policies and proposes them to users as alternatives to existing policies for fine-tuning and conflict-free enforcement.

[1] Vasudevan Nagendra, Arani Bhattacharya, Vinod Yegneswaran, Amir Rahmati, Moo-Ryong Ra, Samir R Das, "VISCR: Intuitive & Conflict-free Automation for Securing the Dynamic Consumer IoT Infrastructures ArXiv:1907.13288, Jul 2019 [paper]

[2] Vasudevan Nagendra, "[Talk] Trio: Vendor-Independency, Situational Awareness and Behavioral Analysis for Conflict-free Policy enforcement in Consumer IoT infrastructures, USENIX Summit on Hot Topics in Security USENIX (HotSec), Aug 2019 [HotSec'19 Talk Slides]

CoordiNetZ: Coordinated Dataflow Protection for Ultra-High Bandwidth Science Networks (Science DMZ)
CoordiNetZ (CNZ), provides coordinated situational awareness, i.e., the use ofcontext-aware tagging for policy enforcement using the dynamic contextual information derived from hosts and network elements. We also developed tag and IP-based security microservices that incur minimal overheads in enforcing security to data flows exchanged across geographically-distributed SDMZ sites. We evaluate our prototype implementation across two geographically distributed SDMZ sites with SDN-based case studies, and present performance measurements.

[1] Vasudevan Nagendra, Vinod Yegneswaran, Phillip Porras, Samir R Das, "Coordinated Dataflow Protection for Ultra-High Bandwidth Science Networks (Science DMZ), (To Appear) Proceedings of the 35th Annual Computer Security Applications Conference (ACSAC), Dec 2019 (acceptance rate: 22%) [pre-print]

[2] Vasudevan Nagendra, Vinod Yegneswaran, Phillip Porras, "Securing Ultra-High-Bandwidth Science DMZ Networks with Coordinated Situational Awareness, Proceedings of ACM Hot Topics in Networking (HotNets), Nov 2017 (acceptance rate: 23%) [paper]

5GCoreLite: Scalable and Resource Efficient Next Generation Cellular Packet Core for Cellular-enabled M2M/IoT devices
5GCoreLite, a stateless and functionally decomposed NFV design in which the cellular packet core network fucntions implemented as microservices and states are decoupled from their processing, thus enabling elasticity and fault tolerance. For SLO compliance, we develop a multi-level load balancing approach based on skewed consistent hashing to efficiently distribute incoming connections. This stateless design enables dynamic provisioning of EPC nodes responsive to traffic changes, without incurring the overhead of state migration.

[1] Vasudevan Nagendra, Arani Bhattacharya, Anshul Gandhi, Samir R Das, "MMLite: Scalable & Resource Efficient Control Plane for next Generation Cellular Packet Core, Proceedings of ACM Symposium on SDN Research (SOSR), Apr 2019. [paper] [LTE UE] [MME Code] [SOSR Talk Slides]

[2] Vasudevan Nagendra, Arani Bhattacharya, Anshul Gandhi, Samir R Das, "5GCoreLite: Scalable and Resource Efficient Next Generation Cellular Packet Core, 16th USENIX Symposium on Networked Systems Design and Implementation (NSDI '19 Posters), Feb 2019. [Extended Abstract]

[3] Vasudevan Nagendra, Himanshu Sharma, Samir R. Das, "LTE-Xtend: Scalable Support of M2M Devices in Cellular Packet Core, ACM MOBICOM Workshop, AllThingsCellular (ATC), Oct 2016. [paper]

LMS: Intent-based Policy Frameworks for Cloud Infrastructure Policy Management
LMS, provides meaningful infrastructure abstractions and their relationships by analyzing target cloud infrastructure. It helps the cloud administrators to model their policy requirements efficiently by decoupling the intents from underlying specifics. LMS scales to large dynamic cloud environments and manages the life cycle of label-based intent and enforcement.

[1] Joon-Myung Kang, Jeongkeun Lee, Vasudevan Nagendra, Sujata Banerjee, "LMS: Label Management Service for Intent-driven Cloud Policy Management, 15th IFIP/IEEE International Symposium on Integrated Network Management (IFIP/IEEE IM), May 2017. [paper]

Other Publications & Posters

  • TopoMan: Global Network Visibility in the Presence of Middleboxes (A Graybox Approach)
    Vasudevan Nagendra, Shubhada Patil, Michalis Polychronakis, Samir R. Das.
  • A Graybox Approach for Topology Abstraction, Dynamic Rule placement and Verification
    Vasudevan Nagendra, Samir R. Das.
    AT & T Academic research summit, Mar 2016.
  • Design & Feasibility of Controller based Security Manager for Hybrid SDNs (Poster & 2 Min Fast Forward Talk)
    Vasudevan Nagendra, Long Lu.
    Computer Science Technology Day (CSTD), Sep 2014, Stony Brook, New York, USA.
  • Retrofitting Security to SDN-based Network Virtualization (Poster & 2 Min Fast Forward Talk)
    Vasudevan Nagendra, Long Lu.
    Computer Science Technology Day (CSTD), Sep 2014, Stony Brook, New York, USA.
  • Plodded client attacks on Webservers and mitigation techniques (Poster & 2 Min Fast Forward Talk)
    Saraswathi Devi Mandyam, Vasudevan Nagendra.
    Computer Science Technology Day (CSTD), Sep 2014, Stony Brook, New York, USA.
  • Intelligent, Elastic and Adaptive Network Security for Virtual Cloud Datacenter.
    Vasudevan Nagendra, Sukumar Reddy Puli.
    VMware vRadio, May 2013.
  • Technologies & Tools Worked on