• Part of Twitter's Home Timeline product team.

• Designed a bloom filter based impression store to capture the seen tweets for a user by minimizing the storage.

– Lead a few projects to drive-up user engagement on Home Timeline by 10M UAM, and improved the documentation and automation of Tensorflow based Timeline Ranker ML Model training along the way. Also used Twitter’s in house A/B testing tool DDG for measuring the impact of each project.

– Introduced a new metric system, neighborhood adjusted metrics to evaluate the content ranking on home timeline by capturing the bias generated from adjacent tweets.

– Worked with cross functional partners like PM and client engineers to remove tweet’s context line for saving 5% of screen space on home timeline.

Software Engineer, Runtime

– Developed the MSIX interrupt handling code to verify the interrupt generation capability of Sambanova’s upcoming chip design over emulator, found a bug in the chip design before tape-out.

– Developed the interrupt handler for Network Interface Card and, found several issues with the RTL. Thereafter, I regularly worked with a hardware engineer to verify and provide feedback.

– Reorganised the linux device driver codebase (C and CMake) to support the upcoming chip along with the previous chips in a single monolith codebase.

– Created a tool to run sanity tests on different hardware counters after program execution. Integrated this tool with Jenkins to fail the tests that left the chip in an inconsistent state.

As a browser security researcher, my job was to understand the academic as well as industry defenses for side-channel attacks in the modern browsers like Chrome and Safari.

Spook.js

• Reverse-engineered Chrome’s memory, process, and just-in-time JavaScript optimization model to identify

limitations in its Strict Site Isolation model, which was designed to protect against Spectre-like attacks.

• Developed an exploit that allowed an attacker to bypass the defense and access a user’s private

information, such as credentials stored in LastPass or Chrome’s Password Manager.

• Collaborated with Google Chrome, LastPass, and Atlassian security teams to mitigate the issue, and the

work was recognized and featured in Google’s Bug Bounty program. The findings were also published

in SP Oakland 2022.

• Raised awareness about subdomain isolation differences between users and browser vendors, leading to a

better adoption of Public Suffix List.

ChromeZero

• Conducted research on academic defenses for browser-based side-channel attacks that can extract sensitive information such as cryptographic keys.

• Demonstrated the significant performance degradation of browsers resulting from such defenses and presented ways to bypass them.

• Developed and presented a novel website fingerprinting side-channel attack that can be executed on a victim’s browser without any JavaScript support. The findings were published in Usenix Security 2021.