Papers

IaC-Eval: A code generation benchmark for Infrastructure-as-Code programs. In NeurIPS 2024

While LLMs show potential in general code generation, their efficacy in IaC development remains unknown. To address this, we developed the first dataset and benchmark capable of evaluating IaC code generation. Our dataset comprises 458 human-curated scenarios spanning various AWS services, involving over 1,720 hours of human effort. Our results reveal significant performance gaps.

Unearthing Semantic Checks for Cloud Infrastructure-as-Code Programs. In SOSP 2024

Zodiac automatically unearths complex cloud IaC semantic checks/rules that state-of-the-art IaC tools cannot easily capture, allowing us to reduce runtime error violations that can take very long to debug, into simple compile time checks.

SpotProxy: Rediscovering the Cloud for Censorship Circumvention. In USENIX Security 2024

SpotProxy is a censorship resistance system that uses cost-effective and high-churn cloud instances to maximize the circumvention utility of cloud-hosted proxies.

NetShuffle: Circumventing Censorship with Shuffle Proxies at the Edge. In IEEE Symposium on Security and Privacy (S&P), 2024

NetShuffle is a censorship resistance system that offers shuffle proxies, designed to engage a new class of support base–edge networks–which have received scant attention from existing work.

Simplifying Cloud Management with Cloudless Computing. HotNets '23

Cloudless Computing makes a case for simplifying cloud infrastructure management, by sinking these cloudy infrastructure management tasks down from the user’s perception and providing them as-a-service, analogous to serverless computing that relieves users of the burden of managing server instances.

Stargaze: A LEO Constellation Emulator for Security Experimentation. In CPSIoTSec '22 (Colocated with ACM CCS)

Stargaze is a security-centric experimentation platform for Low-earth orbit (LEO) satellite constellations.