Raluca Ada Popa's Homepage

I am an assistant professor at UC Berkeley. I am interested in security, systems, and applied cryptography.
I co-founded and co-direct the RISELab, a lab aiming to build systems that are secure and intelligent.

I am also a co-founder and the CTO of PreVeil, a security startup based on my research.

Before joining UC Berkeley, I did a one-year postdoc at ETH Zürich in the System Security group led by Srdjan Capkun. Before that, in 2014, I completed my Ph.D. in computer science at MIT, my thesis being about building practical systems that compute on encrypted data. My advisor was Nickolai Zeldovich, and I was also fortunate to work closely with Hari Balakrishnan in systems, and with Shafi Goldwasser, Yael Kalai, and Vinod Vaikuntanathan in cryptography. I earned my Masters of Engineering in Computer Science in 2010 and my two Bachelors in Computer Science and Mathematics in 2009 also from MIT.

News

My PhD student Wenting Zheng accepts an assistant professor offer at CMU.
I am grateful to UC Berkeley and the Brooks family for the Brooks endowed chair.
We are open-sourcing many of our projects on secure collaborative computation in our MC² project.
I am honored to be selected for the Sloan, NSF CAREER, and Technology Review 35 under 35 awards.
I taught a new graduate class on Decentralized Security: Theory and Systems, which includes hands-on tutorials on MPC, ZK proofs, and cryptocurrency wallets.
Thanks to the NSF for the NSF Expedition award for RISELab, $10 million.

PhD advisees:

Wenting Zheng, graduating (→ assistant professor at Carnegie Mellon University), co-advised with Prof. Ion Stoica
Ankur Dave, graduating (→ software engineer at Databricks), co-advised with Prof. Ion Stoica
Rishabh Poddar
Pratyush Mishra, co-advised with Prof. Alessandro Chiesa
Weikeng Chen
Yuncong Hu, co-advised with Prof. Alessandro Chiesa
Sam Kumar, co-advised with Prof. Dave Culler
Jean-Luc Watson, co-advised with Prof. Prabal Dutta
Emma Dauterman, co-advised with Prof. Ion Stoica
Vivian Fang

I also work closely with Sukrit Kalra and Dayeol Lee.

Alumni:

PhD mentee: I have worked closely with Justine Sherry (→ assistant professor at CMU) for the last 2.5 years of her PhD

PhD advisee: Michael Andersen (→ Ping Things, Inc.), co-advised with Prof. Dave Culler

Masters including 5th year MS: Ashwinee Panda (→ PhD student at Princeton), Jianan Lu (→ PhD student at Princeton), Tobias Boelter, Chester Leung, Jeongseok Son

Postdocs: Chia-Che Tsai

My students and I focus on building secure systems with the help of modern cryptography. Instead of relying on a server that becomes a central point of attack, our research provides cryptographic guarantees of privacy or integrity even if the server is compromised. We have built a spectrum of systems within this paradigm, as follows.

Securing communication systems: Our work on WAVE and JEDI aims to bring the benefits of end-to-end encryption to challenging setups, such as publish-subscribe or access delegation systems as well as to resource constrained devices.

Securing storage systems: Popular systems for end-to-end encrypted file sharing reduce the amount of data an attacker can steal from a server. Nevertheless, the attacker can still learn significant metadata, or cause the server to misbehave (e.g., equivocate), problems that our systems Ghostor, Metal, WAVE, MiniCrypt, or Verena aim to prevent.

Securing computation systems: A large part of our work is dedicated to enabling untrusted servers to compute on sensitive data. For this, we have developed systems that can compute on encrypted data for: collaborative computation (machine learning: Helen, Delphi, Visor, Bost et al.; analytics: OCQ, Opaque), databases (Oblix, Opaque, Arx), network processing (SafeBricks, Embark, BlindBox), and general purpose programs (DIZK, Civet). Our works explore two separate approaches, secure multi-party computation and hardware enclaves (combined with cryptography), because of their tradeoffs. For our systems using hardware enclaves, we develop oblivious algorithms, which eliminate a large class of side-channel attacks (e.g., our Membuster attack).

Papers

Rishabh Poddar, Ganesh Ananthanarayanan, Srinath Setty, Stavros Volos, and Raluca Ada Popa.
Visor: Privacy-Preserving Video Analytics as a Cloud Service.
USENIX Security 2020 (USENIX Security Symposium).

Pratyush Mishra, Ryan Lehmkuhl, Akshayaram Srinivasan, Wenting Zheng, and Raluca Ada Popa.
Delphi: A Cryptographic Inference Service for Neural Networks.
USENIX Security 2020 (USENIX Security Symposium).

Chia-Che Tsai, Jeongseok Son, Bhushan Jain, John McAvey, Raluca Ada Popa, and Donald E. Porter.
Civet: An Efficient Java Partitioning Framework for Hardware Enclaves.
USENIX Security 2020 (USENIX Security Symposium).

Dayeol Lee, Donha Jung, Chia-che Tsai, Ian Fang, and Raluca Ada Popa.
An Off-Chip Attack on Hardware Enclaves via the Memory Bus.
USENIX Security 2020 (USENIX Security Symposium).

Yuncong Hu, Sam Kumar, and Raluca Ada Popa.
Ghostor: Toward a Secure Data-Sharing System from Decentralized Trust.
NSDI 2020 (USENIX Symposium of Networked Systems Design and Implementation).

Ankur Dave, Chester Leung, Raluca Ada Popa, Joseph E. Gonzalez, and Ion Stoica.
Oblivious Coopetitive Analytics Using Hardware Enclaves.
EuroSys 2020 (European Conference on Computer Systems).

Rishabh Poddar, Stephanie Wang, Jianan Lu, and Raluca Ada Popa.
Practical Volume-Based Attacks on Encrypted Databases.
EuroSP 2020 (IEEE European Symposium on Security and Privacy).

Weikeng Chen and Raluca Ada Popa.
Metal: A Metadata-Hiding File Sharing System.
NDSS 2020 (Network and Distributed System Security Symposium).

Michael P Andersen, Sam Kumar, Moustafa AbdelBaky, Gabe Fierro, John Kolb, Hyung-Sin Kim, David E. Culler, and Raluca Ada Popa.
WAVE: A Decentralized Authorization Framework with Transitive Delegation.
USENIX Security 2019 (USENIX Security Symposium).

Sam Kumar, Yuncong Hu, Michael P Andersen, Raluca Ada Popa, and David E. Culler.
JEDI: Many-to-Many End-to-End Encryption and Key Delegation for IoT.
USENIX Security 2019 (USENIX Security Symposium).

Rishabh Poddar, Tobias Boelter, and Raluca Ada Popa.
Arx: An Encrypted Database using Semantically Secure Encryption.
VLDB 2019 (International Conference on Very Large Data Bases).

Wenting Zheng, Raluca Ada Popa, Joseph Gonzalez, and Ion Stoica.
Helen: Maliciously Secure Coopetitive Learning for Linear Models.
IEEE S&P (Oakland) 2019 (IEEE Symposium of Security and Privacy).
Extended paper, arXiv:1907.07212.

Eric Jonas, Johann Schleier-Smith, Vikram Sreekanti, Chia-Che Tsai, Anurag Khandelwal, Qifan Pu, Vaishaal Shankar, Joao Menezes Carreira, Karl Krauth, Neeraja Yadwadkar, Joseph Gonzalez, Raluca Ada Popa, Ion Stoica and David A. Patterson.
Cloud Programming Simplified: A Berkeley View on Serverless Computing.
Technical Report 2019, UCB/EECS-2019-3, UC Berkeley.

Howard Wu, Wenting Zheng, Alessandro Chiesa, Raluca Ada Popa, and Ion Stoica.
DIZK: Distributing Zero Knowledge Proof Systems.
Extended paper: Crypto ePrint Archive, 2018/691.
USENIX Security 2018 (USENIX Security Symposium).

Pratyush Mishra, Rishabh Poddar, Jerry Chen, Alessandro Chiesa, and Raluca Ada Popa.
Oblix: An Efficient Oblivious Search Index.
IEEE S&P (Oakland) 2018 (IEEE Symposium of Security and Privacy).

Rishabh Poddar, Chang Lan, Raluca Ada Popa, and Sylvia Ratnasamy.
SafeBricks: Securing Network Functions in the Cloud.
NSDI 2018 (USENIX Symposium of Networked Systems Design and Implementation).

Daniel Ho, Xin Wang, Wenting Zheng, Joseph Gonzalez, Raluca Ada Popa, and Ion Stoica.
High Accuracy Approximation of Secure Multiparty Neural Network Training.
AISys 2018.

Wenting Zheng, Frank Li, Raluca Ada Popa, Ion Stoica, and Rachit Agarwal.
MiniCrypt: Reconciling Encryption and Compression for Big Data Stores.
EuroSys 2017.

Michael P Andersen, John Kolb, Kaifei Chen, Gabriel Fierro, David E. Culler and Raluca Ada Popa.
WAVE: A Decentralized Authorization System for IoT via Blockchain Smart Contracts.
Technical Report 2017, UCB/EEECS-2017-234, UC Berkeley.

Ion Stoica, Dawn Song, Raluca Ada Popa, David A. Patterson, Michael W. Mahoney, Randy H. Katz, Anthony D. Joseph, Michael Jordan, Joseph M. Hellerstein, Joseph Gonzalez, Ken Goldberg, Ali Ghodsi, David E. Culler and Pieter Abbeel.
A Berkeley View of Systems Challenges for AI.
Technical Report 2017, UCB/EECS-2017-159, UC Berkeley.

Wenting Zheng, Ankur Dave, Jethro Beekman, Raluca Ada Popa, Joseph Gonzalez, and Ion Stoica.
Opaque: An Oblivious and Encrypted Distributed Analytics Platform.
NSDI 2017 (USENIX Symposium of Networked Systems Design and Implementation).

Nikolaos Karapanos, Alexandros Filios, Raluca Ada Popa, and Srdjan Capkun.
Verena: End-to-End Integrity Protection for Web Applications.
IEEE S&P 2016 (Oakland) (IEEE Symposium of Security and Privacy).

Chang Lan, Justine Sherry, Raluca Ada Popa, and Sylvia Ratnasamy.
Embark: Securely Outsourcing Middleboxes to the Cloud.
NSDI 2016 (USENIX Symposium on Networked Design and Implementation).

Rishabh Poddar, Tobias Boelter, and Raluca Ada Popa.
Arx: A Strongly Encrypted Database System.
Cryptology ePrint Archive, Report 2016/591.

Tobias Boelter, Rishabh Poddar, and Raluca Ada Popa.
A Secure One-Roundtrip Index for Range Queries.
Cryptology ePrint Archive, Report 2016/568.

Justine Sherry, Chang Lan, Raluca Ada Popa, and Sylvia Ratnasamy.
BlindBox: Deep Packet Inspection for Encrypted Traffic.
SIGCOMM 2015 (ACM Special Interest Group on Data Communication).

Raphael Bost, Raluca Ada Popa, Stephen Tu, and Shafi Goldwasser.
Machine Learning Classification Over Encrypted Data.
NDSS 2015 (Network and Distributed System Security Symposium).

Raluca Ada Popa and Nickolai Zeldovich.
How to Compute With Data You Can't See.
IEEE Spectrum 2015, 52(8):42-47.

Raluca Ada Popa, Nickolai Zeldovich and Hari Balakrishnan.
Guidelines for Using the CryptDB System Securely.
Cryptology ePrint Archive, Report 2015/979.

Raluca Ada Popa, Emily Stark, Jonas Helfer, Steven Valdez, Nickolai Zeldovich, M. Frans Kaashoek, and Hari Balakrishnan.
Building Web Applications on Top of Encrypted Data Using Mylar.
USENIX ;login:, 29(4):22-27, August 2014.

Raluca Ada Popa, Emily Stark, Jonas Helfer, Steven Valdez, Nickolai Zeldovich, M. Frans Kaashoek, and Hari Balakrishnan.
Building Web Applications on Top of Encrypted Data Using Mylar.
NSDI 2014 (USENIX Symposium of Networked Systems Design and Implementation).

Raluca Ada Popa, Frank H. Li, and Nickolai Zeldovich.
An Ideal-Security Protocol for Order-Preserving Encoding. [BibTeX] [extended paper]
IEEE S&P (Oakland) 2013 (IEEE Symposium on Security and Privacy).

(Alphabetical order:) Shafi Goldwasser, Yael Kalai, Raluca Ada Popa, Vinod Vaikuntanathan, and Nickolai Zeldovich.
How to Run Turing Machines on Encrypted Data. [BibTeX]
CRYPTO 2013 (International Cryptology Conference).

(Alphabetical order:) Shafi Goldwasser, Yael Kalai, Raluca Ada Popa, Vinod Vaikuntanathan, and Nickolai Zeldovich.
Reusable Garbled Circuits and Succinct Functional Encryption. [BibTeX]
Extended paper: Crypto ePrint Archive, 2012/733.
STOC 2013 (ACM Symposium on Theory of Computing).
Selected for SIAM Journal of Computing Special Issue.

Raluca Ada Popa and Nickolai Zeldovich.
Multi-Key Searchable Encryption. (This is the searchable encryption scheme used in Mylar.)
Cryptology ePrint Archive, 2013/508.

Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan.
CryptDB: Processing Queries on an Encrypted Database.
CACM 2012 (Communications of the ACM), 55(9):103-111, with accompanying technical perspective.

Meelap Shah, Emily Stark, Raluca Ada Popa, and Nickolai Zeldovich.
Language Support for Efficient Computation over Encrypted Data.
Off the Beaten Track Workshop: Underrepresented Problems for Programming Language Researchers, 2012.

Raluca Ada Popa and Nickolai Zeldovich.
Cryptographic Treatment of CryptDB's Adjustable Join.
MIT-CSAIL-TR-2012-006, 2012.

Raluca Ada Popa, Catherine M. S. Redfield, Nickolai Zeldovich, and Hari Balakrishnan.
CryptDB: Protecting Confidentiality with Encrypted Query Processing. [BibTeX]
SOSP 2011 (ACM Symposium on Operating Systems Principles).
Selected as a CACM Research Highlight of 2011.

Raluca Ada Popa, Andrew J. Blumberg, Hari Balakrishnan, and Frank H. Li.
Privacy and Accountability for Location-Based Aggregate Statistics. [BibTeX]
CCS 2011 (ACM Conference on Computer and Communications Security).

Raluca Ada Popa, Jay Lorch, David Molnar, Helen J. Wang, and Li Zhuang.
Enabling Security in Cloud Storage SLAs with CloudProof. [BibTeX]
USENIX 2011 (USENIX Annual Technical Conference).

Carlo Curino, Evan P. C. Jones, Raluca Ada Popa, Nirmesh Malviya, Eugene Wu, Sam Madden, Hari Balakrishnan, and Nickolai Zeldovich.
Relational Cloud: A Database-as-a-Service for the Cloud. [BibTeX]
CIDR 2011 (Biennial Conference on Innovative Data Systems Research).

Raluca Ada Popa, Alessandro Chiesa, Tural Badirkhanli, and Muriel Médard.
Going Beyond Pollution Attacks: Forcing Byzantine Clients to Code Correctly.
(Work resulting from class project.) CoRR abs/1108.2080: 2011.

Raluca Ada Popa, Hari Balakrishnan, and Andrew J. Blumberg.
Protecting Privacy in Location-Based Vehicular Services. [BibTeX]
USENIX Security 2009 (USENIX Security Symposium).

James Cowling, Dan Ports, Barbara Liskov, Raluca Ada Popa, and Abhijeet Gaikwad.
Census: Location-Aware Membership Management for Large-Scale Distributed Systems. [BibTeX]
USENIX 2009 (USENIX Annual Technical Conference).

(Alphabetical order:) Javed A. Aslam, Raluca Ada Popa, and Ronald L. Rivest.
On Auditing Elections When Precincts Have Different Sizes. [BibTeX]
EVT 2008 (USENIX/ACCURATE Electronic Voting Technology Workshop).

(Alphabetical order:) Javed A. Aslam, Raluca Ada Popa, and Ronald L. Rivest.
On Estimating the Size and Confidence of a Statistical Audit. [BibTeX]
EVT 2007 (USENIX/ACCURATE Electronic Voting Technology Workshop).

Shan Lu, Soyeon Park, Chongfeng Hu, Xiao Ma, Weihang Jiang, Zhenmin Li, Raluca Ada Popa, and Yuanyuan Zhou.
MUVI: Automatically Inferring Multi-Variable Access Correlations and Detecting Related Semantic and Concurrency Bugs. [BibTeX]
SOSP 2007 (ACM Symposium on Operating Systems Principles).

Theses

Raluca Ada Popa.
Building Practical Systems That Compute on Encrypted Data.
Ph.D. thesis, 2014.
Awarded the 2014 George Sprowls Ph.D. Thesis Award, MIT EECS.
Raluca Ada Popa.
Provable and Practical Location Privacy for Vehicular and Mobile Systems.
Masters thesis, 2010.
Awarded the 2010 Johnson award for best MIT CS Masters of Engineering thesis.
Raluca Ada Popa.
VPriv: Protecting Privacy in Location-Based Vehicular Services.
Bachelors thesis, 2009.
CRA Outstanding Undergraduate Award, Winner, nationwide.

CS 161: Computer Security, Spring 2020, undergraduate, ≈620 students

CS 294: Decentralized Security: Theory and Systems, Fall 2019, graduate, NEW COURSE

CS 161: Computer Security, Spring 2019, undergraduate, ≈600 students

CS 261: Security in Computer Systems, Fall 2018, graduate

CS 161: Computer Security, Spring 2018, undergraduate, ≈625 students

CS 261: Security in Computer Systems, Fall 2017, graduate

CS 161: Computer Security, Fall 2016, undergraduate, ≈380 students

CS 294: RISE Lab: Real-time, Intelligent, and Secure Systems, Fall 2016, graduate, NEW COURSE

CS 161: Computer Security, Spring 2016, undergraduate, ≈500 students

CS 261: Security in Computer Systems, Fall 2015, graduate

DARE

In early 2019, I started

, a diversity program aiming to match strong undergraduates, many from underrepresented backgrounds, with EECS professors for research. With help from EECS, we developed a web application system for DARE. As of June 2020, 30 professors are part of DARE, and a total of about 40 undergraduate students, many from diverse backgrounds, have engaged in research with EECS faculty.

PC committees

IEEE S&P (Oakland) 2020
SOSP 2019
NSDI 2019
OSDI 2018
NSDI 2018
NDSS 2017
Eurosys 2017
VLDB 2017
CCS 2016
Usenix Security 2016 (also served as the poster chair)
Eurosys 2016
IEEE S&P (Oakland) 2015

Raluca Ada Popa