I am a Ph.D. candidate and NSF Graduate Research Fellow at the University of Wisconsin–Madison, advised by Professor Patrick McDaniel.
My research focuses on measuring and securing modern Internet service deployments, particularly in the context of cloud computing. Public clouds upend service deployment assumptions, leading to new risks. At the same time, attackers have adapted to this new reality by targeting cloud systems. However, through rigorous empirical study of these deployment models we can not only improve their security, but also provide practical insights towards securing the software supply chain. I have applied this same security measurement approach to other domains, such as software security (e.g., fuzzing), machine learning security, and Internet of Things.
Outside of academia, I enjoy finding new ways to challenge myself. I co-founded and sold an email marketing technology startup, Sendtric, and recently co-founded DScope Security. I am an instrument-rated private pilot and spend much of my free time flying/maintaining my aircraft, a Piper Arrow.
I also enjoy ☕️ coffee, 🥾 backpacking, 🧗 rock climbing, 🦆 bird watching, 📷 photography, and combinations thereof.
Email: epauley@cs.wisc.edu
It’s no secret that leaving credentials in source code is risky, especially when tools like GitHub make it easy to share code publicly with a single command. The major players have long had tooling to help prevent this like GitHub Secret Scanning, and GitHub also makes it possible (at least in theory) for third-party providers to join the program. Unfortunately, out of the countless platforms that use secrets for authentication, only 100 or so have partnered with GitHub’s program.