Getting to know a Ph.D
September 3rd, 2014 | Published in Google Student Blog
Google offers a variety of opportunities for PhD students who wish to gain industry experience. Through our Getting to Know a PhD series, we’ll provide a glimpse into some of these opportunities as well as the impactful projects PhD students at Google work on.
Today we’re featuring Arnar Birgisson, a former Google European Doctoral Fellowship Recipient who interned on the Security research team.
So Arnar, tell us about yourself and your PhD topic ...
I originally come from Iceland, where I received my BSc in Mathematics with a lot of CS on the side. During that time I became very interested in the formal study of programming languages. I worked as a programmer for a couple of years and then went back to school to do a Masters in CS with a strong research focus on programming languages. During that time, I got introduced to security by Úlfar Erlingsson (at that time an Associate Professor at Reykjavík University). Security is a great area since it is so driven by reality and at the same time can benefit from formal approaches.
For my PhD, I moved to Chalmers University of Technology, Gothenburg, Sweden. My advisor, Andrei Sabelfeld, runs a group there that had the perfect mix for me: applying programming language theory, such as language design, static analysis, type systems, and dynamic execution monitoring to enforce security policies. In particular we work with information-flow control policies and enforcement. Such policies assert that programs do not leak sensitive information to public outputs. One of the things we did was to apply this to dynamic languages, JavaScript in particular. Such languages are very flexible, so analyzing them precisely can get tricky, especially when the rich semantics of the browser environment are included in the mix. Enforcement of such policies allows one to write programs that safely mix code and data from several sources, e.g. ensuring privacy-sensitive information from one source doesn’t leak to another.
Why did you apply for an internship at Google?
It was a good choice for many different reasons. Being an intern gives you the opportunity to combine research and engineering in a very useful way. An internship is also great because you work with more people and broaden your horizon, which is something I think is tremendously valuable for a PhD student. It helps relieve the huge uncertainty of “What now?” when you finish, but also opens up a lot of opportunities.
What was your internship focused on?
My internship with Úlfar’s group was focused on research. Together with my mentor Mark Lentczner and other members of the group, we developed a framework for flexible authorization tokens, a sort of better cookies, hence their name: Macaroons. These tokens fit well to the common operation of sharing things online. On the web, you rarely share data - you share the authorization to view it. Our tokens allow exactly this, in a manner that requires less pre-existing relationships between the services involved than current frameworks do.
Did you publish at Google/during your internship?
Yes, my internship work resulted in a publication in the 2014 Network and Distributed System Security (NDSS) Symposium. This work was a collaboration of many people, but I have high hopes that it will be one of the more impactful publications from my time as a PhD student. It’s exciting that we start hearing from people who see its potential. Google and my supervisors are very supportive of letting me publish when opportunities arise. A difference to academia is that at Google publications happen after the systems are built and deployed. That alone provides significantly stronger evidence than prototypes.
How closely connected was the work you did during your internship to your PhD topic?
My internship project was somewhat of a diversion from my main topic, but I still included it as a chapter in my thesis. It doesn’t deal with information flow, and is more about protocol design than programming language analysis. This was fine since the PhD program at Chalmers covers five years (after the MSc) and thus leaves enough leeway to explore related topics. This was one of the reasons I chose to go to Chalmers in the first place: I wanted to have time for internships.
What is working on the Google Infrastructure Security team like?
That’s a very open question. In short: it’s great! The team is a perfect mix of people with different backgrounds, whether they are academics, software engineering rockstars or senior people that know the ins and outs of everything at Google. It takes some time to learn what the expertise of everyone is, but once you know, there is always someone to ask or bounce ideas off, no matter what the challenge is.
Did you enjoy coding during your internship?
Yes, I did. Real coding was one of the things I missed when working in academia. We prove concepts and prototype, but building or integrating with a proper system involves much more engineering. The internship was a great way of seeing a bit more of this. I also learned from the way things are done in a big company which is all about software engineering.
Tell us a little bit more about being a Google Doctoral Fellowship recipient in Computer Security.
Besides the funding, the fellowship is a valuable vehicle to collaborate with Google. During the fellowship you are assigned a Google mentor who is close to your field of research, understands it and gives you feedback. You also get support from the University Relations team which helps you to find the right internship if you qualify.
What key skills have you gained during your internship?
I think self-management, how to set goals and working out how to deliver them. At Google, you need to set your own goals, in particular for the engineering parts of your project. I did not fully realize this when I started my internship. That ended up costing some time, but it was a valuable lesson.
What impact has this internship experience had on your PhD?
My internship with Google was my second internship during my PhD. Both of them provided me with an opportunity to change gears and the environment I worked in. I think the experience was good because working on a PhD can be daunting, in particular when you need to come up with new ideas. Seeing and participating in a wider range of research is a great way to boost your productivity.
Has this internship experience impacted the way you think about your future career?
Definitely. After my PhD I had to answer the same question everyone has to: What do I want to do now? The internship provided a huge insight into how someone trained as a researcher works in a company. Without that experience my view would have been very different. As a PhD student you ask dozens of people about their experiences as post graduates and everyone will have a different perspective. At the same time, most people you interact with are in academia - whether they are other PhD students, postdocs or faculty - and it is hard to gauge just how different (or similar) the “other side” is. An internship is the perfect way to find out.
You just recently started your job as a Software Engineer New Grad on the Infrastructure Security team - What are you working on now?
My current job is more on the engineering side and I’m very happy that it’s still fairly “researchy”. My team develops technical solutions for anything that has to do with how we authenticate both Googlers and our users. Some of this work is very forward-thinking, so it’s exciting to be a part of it. Now I’m part of an effort to bring support for Universal 2nd Factor (U2F) to our products. U2F is a new (in-progress) open standard (see fidoalliance.org) for devices that provide a cryptographic signature, used in addition to a password to identify a user. Technically, it’s similar to a chip-and-pin system, which web-pages can interact with directly without the need for custom drivers or card-readers. It provides strong authentication that is resistant against many classes of attacks, while the core design is also focused on user privacy.
Looking back on your experiences now: Why should a PhD student apply for an internship at Google? Any advice to offer?
To broaden your horizons. Even if you have the best advisor in the world or if you are working with the leading research group in your field, there is so much to gain from trying different environments. An internship costs you very little compared to what you have to gain from it. Applying costs even less (you can always say no if you don’t find the right project).
As for advice: Just do it! And when you do get there, set yourself clear goals and take the initiative to reach them.
For more information on our research areas, award programs, people and publications, please visit Research at Google. To learn more about other internships, outreach programs and scholarships, check out our Student Careers Site. In addition, we invite you to follow Google Students on Google+ to keep up with our 'Getting to Know a PhD' and 'Intern Insights' series.
Posted by Beate List, Research Programs, EMEA
Today we’re featuring Arnar Birgisson, a former Google European Doctoral Fellowship Recipient who interned on the Security research team.
So Arnar, tell us about yourself and your PhD topic ...
I originally come from Iceland, where I received my BSc in Mathematics with a lot of CS on the side. During that time I became very interested in the formal study of programming languages. I worked as a programmer for a couple of years and then went back to school to do a Masters in CS with a strong research focus on programming languages. During that time, I got introduced to security by Úlfar Erlingsson (at that time an Associate Professor at Reykjavík University). Security is a great area since it is so driven by reality and at the same time can benefit from formal approaches.
For my PhD, I moved to Chalmers University of Technology, Gothenburg, Sweden. My advisor, Andrei Sabelfeld, runs a group there that had the perfect mix for me: applying programming language theory, such as language design, static analysis, type systems, and dynamic execution monitoring to enforce security policies. In particular we work with information-flow control policies and enforcement. Such policies assert that programs do not leak sensitive information to public outputs. One of the things we did was to apply this to dynamic languages, JavaScript in particular. Such languages are very flexible, so analyzing them precisely can get tricky, especially when the rich semantics of the browser environment are included in the mix. Enforcement of such policies allows one to write programs that safely mix code and data from several sources, e.g. ensuring privacy-sensitive information from one source doesn’t leak to another.
Why did you apply for an internship at Google?
It was a good choice for many different reasons. Being an intern gives you the opportunity to combine research and engineering in a very useful way. An internship is also great because you work with more people and broaden your horizon, which is something I think is tremendously valuable for a PhD student. It helps relieve the huge uncertainty of “What now?” when you finish, but also opens up a lot of opportunities.
What was your internship focused on?
My internship with Úlfar’s group was focused on research. Together with my mentor Mark Lentczner and other members of the group, we developed a framework for flexible authorization tokens, a sort of better cookies, hence their name: Macaroons. These tokens fit well to the common operation of sharing things online. On the web, you rarely share data - you share the authorization to view it. Our tokens allow exactly this, in a manner that requires less pre-existing relationships between the services involved than current frameworks do.
Did you publish at Google/during your internship?
Yes, my internship work resulted in a publication in the 2014 Network and Distributed System Security (NDSS) Symposium. This work was a collaboration of many people, but I have high hopes that it will be one of the more impactful publications from my time as a PhD student. It’s exciting that we start hearing from people who see its potential. Google and my supervisors are very supportive of letting me publish when opportunities arise. A difference to academia is that at Google publications happen after the systems are built and deployed. That alone provides significantly stronger evidence than prototypes.
How closely connected was the work you did during your internship to your PhD topic?
My internship project was somewhat of a diversion from my main topic, but I still included it as a chapter in my thesis. It doesn’t deal with information flow, and is more about protocol design than programming language analysis. This was fine since the PhD program at Chalmers covers five years (after the MSc) and thus leaves enough leeway to explore related topics. This was one of the reasons I chose to go to Chalmers in the first place: I wanted to have time for internships.
What is working on the Google Infrastructure Security team like?
That’s a very open question. In short: it’s great! The team is a perfect mix of people with different backgrounds, whether they are academics, software engineering rockstars or senior people that know the ins and outs of everything at Google. It takes some time to learn what the expertise of everyone is, but once you know, there is always someone to ask or bounce ideas off, no matter what the challenge is.
Did you enjoy coding during your internship?
Yes, I did. Real coding was one of the things I missed when working in academia. We prove concepts and prototype, but building or integrating with a proper system involves much more engineering. The internship was a great way of seeing a bit more of this. I also learned from the way things are done in a big company which is all about software engineering.
Tell us a little bit more about being a Google Doctoral Fellowship recipient in Computer Security.
Besides the funding, the fellowship is a valuable vehicle to collaborate with Google. During the fellowship you are assigned a Google mentor who is close to your field of research, understands it and gives you feedback. You also get support from the University Relations team which helps you to find the right internship if you qualify.
What key skills have you gained during your internship?
I think self-management, how to set goals and working out how to deliver them. At Google, you need to set your own goals, in particular for the engineering parts of your project. I did not fully realize this when I started my internship. That ended up costing some time, but it was a valuable lesson.
What impact has this internship experience had on your PhD?
My internship with Google was my second internship during my PhD. Both of them provided me with an opportunity to change gears and the environment I worked in. I think the experience was good because working on a PhD can be daunting, in particular when you need to come up with new ideas. Seeing and participating in a wider range of research is a great way to boost your productivity.
Has this internship experience impacted the way you think about your future career?
Definitely. After my PhD I had to answer the same question everyone has to: What do I want to do now? The internship provided a huge insight into how someone trained as a researcher works in a company. Without that experience my view would have been very different. As a PhD student you ask dozens of people about their experiences as post graduates and everyone will have a different perspective. At the same time, most people you interact with are in academia - whether they are other PhD students, postdocs or faculty - and it is hard to gauge just how different (or similar) the “other side” is. An internship is the perfect way to find out.
You just recently started your job as a Software Engineer New Grad on the Infrastructure Security team - What are you working on now?
My current job is more on the engineering side and I’m very happy that it’s still fairly “researchy”. My team develops technical solutions for anything that has to do with how we authenticate both Googlers and our users. Some of this work is very forward-thinking, so it’s exciting to be a part of it. Now I’m part of an effort to bring support for Universal 2nd Factor (U2F) to our products. U2F is a new (in-progress) open standard (see fidoalliance.org) for devices that provide a cryptographic signature, used in addition to a password to identify a user. Technically, it’s similar to a chip-and-pin system, which web-pages can interact with directly without the need for custom drivers or card-readers. It provides strong authentication that is resistant against many classes of attacks, while the core design is also focused on user privacy.
Looking back on your experiences now: Why should a PhD student apply for an internship at Google? Any advice to offer?
To broaden your horizons. Even if you have the best advisor in the world or if you are working with the leading research group in your field, there is so much to gain from trying different environments. An internship costs you very little compared to what you have to gain from it. Applying costs even less (you can always say no if you don’t find the right project).
As for advice: Just do it! And when you do get there, set yourself clear goals and take the initiative to reach them.
For more information on our research areas, award programs, people and publications, please visit Research at Google. To learn more about other internships, outreach programs and scholarships, check out our Student Careers Site. In addition, we invite you to follow Google Students on Google+ to keep up with our 'Getting to Know a PhD' and 'Intern Insights' series.
Posted by Beate List, Research Programs, EMEA