Dan's research strives to help developers build secure software and systems. Since joining the research group in 2011, he has worked in a variety of areas including secure cloud computing, analysis of software vulnerabilities, mobile device security, privacy and identity. Prior to the Symantec divestiture, Dan collaborated closely with the product teams, including most recently with the Advance Threat Protection team to design novel technology that efficiently processes rich endpoint behavioral data to uncover security incidents. Dr. Marino completed his graduate work at UCLA in the area of Programming Languages & Systems, which was recognized with the ACM SIGPLAN Outstanding Doctoral Dissertation Award.
Selected Academic Papers
ACM Transactions on Programming Languages (TOPLAS), Volume 34, Issue 1, April 2012
Concurrency-related errors, such as data races, are frustratingly difficult to track down and eliminate in large, object-oriented programs. We describe AJ, and extension to Java, which uses a declarative, data-centric synchronization paradigm that eliminates a large class of concurrency bugs with low programmer effort.
In Proceedings of the 39th Annual International Symposium on Computer Architecture (ISCA ’12)
By allowing compiler and hardware to cooperate, we show how strong, safe memory models for concurrent programs can be provided with minimal impact on performance.
In Proceedings of the 35th International Conference on Software Engineering (ICSE ’13)
We present an analysis for establishing deadlock-freedom for programs written in AJ, a Java extension in which programmers declaratively specify synchronization constraints on data members, relieving them from writing error-prone synchronization code.
In Proceedings of the 7th IEEE International Conference on Cloud Computing Technology and Science (CloudCom'15) We present Harbormaster, a system that improves the security of running Docker containers on shared infrastructure. Harbormaster enforces policies on container management operations, allowing administrators to implement the principle of least privilege.
IEEE Micro Top Picks, Volume 33, Number 3, May/June 2013
The concurrency semantics of mainstream programming languages provide "safety" only under the assumption that programmers have implemented proper synchronization to prevent data races. But since simple programming mistakes can break this assumption and result in unreliable program behavior, we argue instead for providing a safety-first model that assumes an access may participate in a data race unless proven otherwise.
In Proceedings of the 2020 CHI Workshop on Designing Interactions for the Ageing Populations - Addressing Global Challenges
Older adults are disproportionately affected by scams, many of which target them specifically. We present Fraud Bingo, an intervention designed by WISE \& Healthy Aging Center in Southern California prior to 2012, that has been played by older adults throughout the United States. We also present the Scam Defender Obstacle Course (SDOC), an interactive web application that tests a user's ability to identify scams, and subsequently teaches them how to recognize the scams. SDOC is patterned after existing phishing-recognition training tools for working professionals. We present the results of running a workshop with 17 senior citizens, where we performed a controlled study that and used SDOC to measure the effectiveness of Fraud Bingo. We outline the difficulties several participants had with completing SDOC, which indicate that tools like SDOC should be tailored to the needs of older adults.