Brown CS Student Artem Agvanian And Alum Hannah Gross Earn First And Second Place SOSP Student Research Honors

Click the links that follow for more news about other recent accomplishments by our students and alums.

The Association for Computing Machinery (ACM) Symposium on Operating Systems Principles (SOSP) is the organization’s flagship conference in computer systems and widely considered one of the world’s two top venues in systems research. Every year, their Student Research Competition allows undergraduate and graduate students to showcase their work to the community, and this year, Brown CS student Artem Agvanian and alum Hannah Gross (now a doctoral student at Massachusetts Institute of Technology) won prizes for their work.

After advancing through three rounds (writing an 800-word abstract, presenting a poster, and giving a 10-minute oral presentation), Artem was awarded first place in the undergraduate category, and Hannah earned second place in the graduate student category. Both received monetary awards, and Artem will now advance to the ACM-wide final competition.

Artem works in Brown CS faculty member Malte Schwarzkopf’s ETOS research group, the same group that Hannah was part of prior to her graduation in May 2023.

Artem presented the group’s new system, Alohomora, which helps prevent privacy bugs. Its key insight is that developers need small, clear regions of privacy-critical code to focus their attention on, and automatic guarantees for the rest of their codebase. More specifically, Alohomora leverages the Rust programming language's type system to confine access to sensitive data to privacy-critical regions of code. These regions need either to pass an automated analysis by Alohomora to determine that they cannot leak data, or run in a protected “sandbox” environment that temporarily restricts a program’s communication with the outside world, or, as a last resort, need explicit review and approval from another human developer. In his work, Artem applied Alohomora to a homework submission system used at Brown and showed that privacy-critical regions are small (<10% of the code base) and that of 17 such regions, only three need human review.

Hannah situates her work – which also seeks to better protect user data privacy, and was the subject of her undergraduate honors thesis – by explaining that many organizations keep sensitive user data, and that the services they offer require their employees to have access to some of that data. 

“However,” she says, “if employees are given broad access to data, organizations run the risk of enabling curious insiders, or of data leaks. For example, a compromised employee account was able to leak 500 million guests’ data at the Starwood Hotel chain in 2018. Funhouse is a new kind of database that by construction redacts data, and is designed around flexible, context-dependent, and temporary upgrades to an employee’s access level.”

Funhouse fundamentally shows different users different versions of the information it contains: when a user queries Funhouse, they are actually accessing a mirror of the database, an anonymized version of the database tailored to what they are allowed to see. In order to provide flexibility, Funhouse supports upgrades, where an individual employee can call on Funhouse to temporarily grant them elevated access in a controlled and audit-logged manner.  This allows for far more restrictive baseline permissions, better protecting user data, without giving up the flexibility that employees need to do their jobs.

“These impressive pieces of work demonstrate Brown’s continued and growing strength in computer systems research,” says Malte, “and show that our students’ work is recognized and appreciated by the research community. It also illustrates that Brown undergraduates have amazing ideas that address timely problems, such as providing much better technical solutions for the critical challenge of data privacy in today’s online services.”

For more information, click the link that follows to contact Brown CS Communications Manager Jesse C. Polhemus.