July 31, 2014: People of ACM: Raluca Ada Popa
Thursday, July 31, 2014
Raluca Ada Popa, a student member of ACM, is interested in security, systems, and applied cryptography. She is a Ph.D. candidate in Computer Science at Massachusetts Institute of Technology. She earned an M.E. degree in Computer Science and two B.E. degrees in Computer Science and Mathematics from MIT. A recipient of a Google Ph.D. Fellowship for secure cloud computing, she also received the Charles & Jennifer Johnson Award for outstanding Master of Engineering thesis in Computer Science from MIT, and the Computing Research Association Outstanding Undergraduate Research Award. As a graduate student, she was advised by Nickolai Zeldovich and worked with ACM Turing Award recipient Shafi Goldwasser.
During the course of her Ph.D. study, she built systems that protect data confidentiality against powerful server-side adversaries, such as cloud insiders or attackers gaining access to the data stored on servers. She has built a database system (CryptDB), a web application platform (Mylar), mobile systems, and a cloud storage system. CryptDB is a database that protects data confidentiality by processing SQL queries over the encrypted database, which Google is using for its Encrypted BigQuery service. Mylar, a web application platform that protects data confidentiality against attacks to the server, works by having the server process encrypted data efficiently. Her paper on computer security and encryption, CryptDB: Processing Queries on an Encrypted Database, was named a Research Highlight in Communications of the ACM in 2012.
What applications to solve confidentiality problems do you foresee for your CryptDB database system beyond the Google Encrypted BigQuery service?
There already are a number of companies other than Google that started to use CryptDB: the software giant SAP implemented CryptDB on top of their HANA database system; Lincoln Labs added CryptDB on top of their D4M Accumulo engine; two startups are currently pursuing this technology; and an MIT SQL service enabled running applications of volunteer users on top of CryptDB. More broadly, I believe that such a technology will impact many cloud computing services because of its demonstrated modest costs and the increased awareness of privacy issues.
How likely is it that Mylar, your system for building secure web services, will be widely deployed beyond the application at Newton-Wellesley Hospital that collects medical history information?
Mylar provides even stronger security guarantees than CryptDB, so I expect that Mylar will have at least as much impact as CryptDB. Moreover, many web applications are hosted on the cloud, so there is a clear need for Mylar. We are currently working on figuring out the best way to package Mylar to require little effort from developers to move their application to the Mylar platform.
What role have mentors played in determining your research focus and directing your career path?
I have been fortunate to have wonderful mentors. They supported my independence: they let me choose my own path and helped me do my best on that path. In particular, I chose research project ideas, came up with solution designs, and produced implementations, but throughout this process they gave me crucial advice, which sped up my progress and helped me avoid mistakes or bad decisions.
As an innovator in computer security in the age of cloud computing, what advice would you give to young people considering careers in computing?
My main advice is to choose important and real problems to work on. When working on a project, always ask yourself the questions "What real problem is this project solving?" and "Is this problem important?"
Another strong piece of advice is not to fear working in a new and not-well-studied area of computing. Since little may be known about such an area, there is a tendency to prefer to work in more conservative areas. However, in many cases, such new areas are the places where a lot of innovation can happen. And they are a lot of fun, too!