Jeongseok Son | Software Engineer at Google (original) (raw)

Jeongseok Son

Software Engineer @ Google

About

I'm a software engineer at Google. I build networked and distributed systems for privacy-preserving technologies and machine learning in the Technical Infrastructure group. Before Google, I was a research assistant pursuing a Ph.D. in Computer Science at University of California, Berkeley. I worked at RISELab, the successor of AMPLab where Apache Spark, Mesos, and Ray were born. At RISELab, I researched computer systems and programming language techniques for secure data processing and reinforcement learning. Previously, I worked as a software engineer and researcher for several years developing data infrastructure using Apache Hadoop, and improving the efficiency and reliability of cloud networking at Microsoft.

I received my M.S. and B.S. in Computer Science from UC Berkeley and KAIST respectively. During my undergraduate years, I was involved in virtualization platform research and learned about the core technology of cloud computing hacking the Xen Hypervisor kernel.

Publications and Talks

Proxying HTTP/3 (QUIC) Using CONNECT-UDP with Envoy

EnvoyCon (KubeCon + CloudNativeCon North America), Chicago, IL, November 2023

ObliCheck: Efficient Verification of Oblivious Algorithms with Unobservable State

Jeongseok Son

, Griffin Prechter, Rishabh Poddar, Raluca Ada Popa, and Koushik Sen

USENIX Security Symposium (Security), Virtual, August 2021

Civet: An Efficient Java Partitioning Framework for Hardware Enclaves

Chia-Che Tsai,

Jeongseok Son

, Bhushan Jain, John McAvey, Raluca Ada Popa, and Donald E. Porter

USENIX Security Symposium (Security), Boston, MA, USA, August 2020

Protego: Cloud-Scale Multitenant IPsec Gateway

Jeongseok Son

, Yongqiang Xiong, Kun Tan, Paul Wang, Ze Gan, and Sue Moon

USENIX Annual Technical Conference (ATC), Santa Clara, CA, USA, July 2017

Efficiently Restoring Virtual Machines

Bernhard Egger, Erik Gustafsson, Changyeon Jo, and

Jeongseok Son

IFIP International Conference on Network and Parallel Computing (NPC), Guiyang, China, September 2013, and Springer International Journal of Parallel Programming (IJPP), Volume 43, Issue 3, June 2015

Efficient Live Migration of Virtual Machines Using Shared Storage

Changyeon Jo, Erik Gustafsson,

Jeongseok Son

, and Bernhard Egger

ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE), Houston, TX, USA, March 2013

Projects

Privacy Proxy for IP Protection

IP Protection is a proposal to hide users’ IP addresses to prevent cross-site tracking by two-hop proxying users’ traffic. We work on the Privacy Proxy, which serves billions of Chrome users’ traffic to protect their privacy with high reliability and performance.

Automatic Verification of Oblivious Algorithms

Even when the data content is encrypted, an attacker can watch the memory, disk, and network access patterns of a program and infer a significant amount of secret information. Oblivious algorithms prevent this type of information leakage by making the access pattern independent of the secret input data. In this project, we developed a program checker for automatically verifying that a given algorithm is oblivious using symbolic execution.

Program Partitioning Framework for Hardware Enclaves

Hardware enclaves like Intel SGX protect sensitive data of an application even when an OS is malicious. However, simply putting a legacy application into an enclave can be insecure and degrade the performance significantly. We devised a framework that automatically partitions an application into trusted and untrusted parts with program analysis techniques and an optimized language runtime implementation for hardware enclaves.

Cloud-Scale Multitenant IPsec Gateway

Cloud service providers dedicate an IPsec gateway VM to each tenant to offer VPN connections to the virtual networks. We found that this approach wastes a significant amount of resources due to over-provisioning and passive redundancy for high availability. We designed a new distributed IPsec gateway service which can serve multiple tenants using shared resources.

Data Plane Verification of Networks Containing Middleboxes

VeriFlow was designed to verify the correctness of Software Defined Network (SDN) in real-time. To check traditional networks, we modeled various network devices from different vendors to construct the vendor-agnostic abstraction of networks for verification. I survyed and studied various types of network devices and modeled one of them from scratch.

Efficient Virtual Machine Live Migration and Checkpoint

The high network bandwidth consumption and long migration time hinder the wide deployment of virtual machine (VM) live migration in data centers. We improved the performance of VM live migration and checkpoint by deduplicating data overlap between memory and disk.

Miscellaneous