About Me

Email: grier@imchris.org

https://www.linkedin.com/in/chris-grier

Current: Software Engineer at Google, working on GCP security and threat detection.

Previous: Engineer and manager at Databricks.

I received my PhD in 2009 and have worked in academia and industry. In academia, I worked at ICSI and EECS @ UC Berkeley as a research scientist. My research was part of the project CESR: Center for Evidence-based Security Research, funded by the NSF.

My specialties include: security, malware analysis, general abuse issues, account compromise, spam, web security, networking, and operating systems.


Security At Google

In February 2017, I joined a team that works on detection and response infrastructure at Google. Currently, I am the tech lead for Event Threat Detection and I help build build features in Security Command Center. I have also worked on several internal security projects.

My primary projects have an emphasis on threat detection, leveraging large-scale distributed systems and event processing.


Engineering at Databricks

In 2014 I joined Databricks. There, I had a few different roles and filled in on a variety of cloud, networking, and security projects.

One of my teams at Databricks did full stack web development. I managed the team and contributed directly to engineering projects. I led projects that included planning and executing a nearly complete rewrite of the Databricks frontend in React, as well as significant work on the serving platform. The focus for the team was building user facing features that make up Databricks Notebooks. Eventually the team grew too large and I divided the team into two and continued to manage the frontend focused half.

In March 2016, I changed roles and became the team lead and manager for the internal tools and infrastructure engineering team.


Research

I have a Ph.D. in Electrical and Computer Engineering from the University of Illinois at Urbana-Champaign. After graduation, I joined Professor Vern Paxson’s research group at UC Berkeley as research scientist. My research worked to establish a better understanding of how ecrime organizations and other large scale Internet security issues work. There I wrote papers, contributed to grants, and worked with graduate students.

My dissertation included research published in “Secure web browsing with the OP web browser”, “The Multi-principal OS Construction of the Gazelle Web Browser”, as well as “Alhambra: A system for creating, enforcing, and testing browser security policies”.

A few co-authors in no particular order: Vern Paxson (ICSI/UCB), Kurt Thomas (Google), Juan Caballero (IMDEA Software), Chia Yuan Cho (UCB->DSO National Laboratories), Dawn Song (UCB), Christian Kreibich (ICSI, Corelight), Stefan Savage (UCSD), Geoff Voelker (UCSD), Sam King (UC Davis), David Nicol (UIUC).

My Google Scholar page: http://scholar.google.com/citations?user=BCX31BMAAAAJ

Publications

Conference and workshop publications

“Ad Injection at Scale: Assessing Deceptive Advertisement Modifications.” Kurt Thomas, Elie Bursztein, Chris Grier, Grant Ho, Nav Jagpal, Alexandros Kapravelos, Damon McCoy, Antonio Nappa, Vern Paxson, Paul Pearce, Niels Provos, Moheeb Abu Rajab. In IEEE Symposium on Security and Privacy, May 2015. PDF

“Framing Dependencies Introduced by Underground Commoditization.” Kurt Thomas, Danny Huang, David Wang, Elie Bursztein, Chris Grier, Thomas J Holt, Christopher Kruegel, Damon McCoy, Stefan Savage, Giovanni Vigna. In Workshop on the Economics of Information Security (WEIS), 2015. PDF

“Characterizing Large-Scale Click Fraud in ZeroAccess.” Paul Pearce, Vacha Dave, Chris Grier, Kirill Levchenko, Saikat Guha, Damon McCoy, Vern Paxson, Stefan Savage, Geoffrey M Voelker. In Proceedings of the ACM SIGSAC Conference on Computer and Communications Security. November 2014. PDF

“Dialing Back Abuse on Phone Verified Accounts.” Kurt Thomas, Dmytro Iatskiv, Elie Bursztein, Tadek Pietraszek, Chris Grier, Damon McCoy. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, November 2014. PDF

“Consequences of Connectivity: Characterizing Account Hijacking on Twitter.” Kurt Thomas, Frank Li, Chris Grier, Vern Paxson. In the Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, March 2013. PDF

“Hulk: Eliciting Malicious Behavior in Browser Extensions.” Alexandros Kapravelos, Chris Grier, Neha Chachra, Chris Kruegel, Giovanni Vigna, and Vern Paxson. In the Proceedings of the USENIX Security Symposium, August 2013. PDF (19% accepted, 67/350)

“The ZeroAccess Auto-Clicking and Search-Hijacking Click Fraud Modules.” Paul Pearce, Chris Grier, Vern Paxson, Vacha Dave, Damon McCoy, Geoffrey M. Voelker, and Stefan Savage. EECS Department, University of California, Berkeley, Tech. Rep. UCB/EECS-2013-211, Dec. 2013. PDF

“Botcoin: Monetizing Stolen Cycles.” Danny Y. Huang, Hitesh Dharmdasani, Sarah Meiklejohn, Vacha Dave, Chris Grier, Kirill Levchenko, Damon McCoy, Stefan Savage, Nicholas Weaver, and Alex C. Snoeren. In the Proceedings of the Network and Distributed System Security Symposium (NDSS), February, 2014. PDF (?% accepted)

“Understanding the Domain Registration Behavior of Spammers.” Shuang Hao, Matthew Thomas, Vern Paxson, Nick Feamster, Christian Kreibich, Chris Grier, and Scott Hollenbeck, Proceedings of the ACM Internet Measurement Conference, October 2013. PDF

“Trafficking Fraudulent Accounts: The Role of the Underground Market in Twitter Spam and Abuse.” Kurt Thomas, Damon McCoy, Chris Grier, Alek Kolcz, and Vern Paxson. In the Proceedings of the USENIX Security Symposium, August 2013. PDF (16% accepted, 45/277)

“Manufacturing Compromise: The Emergence of Exploit-as-a-Service.” Chris Grier, Lucas Ballard, Juan Caballero, Neha Chachra, Christian J. Dietrich, Kirill Levchenko, Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Andreas Pitsillidis, Niels Provos, M. Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson, Stefan Savage, Geoffrey M. Voelker. In the Proceedings of the ACM Conference on Computer and Communications Security (CCS), October 2012. PDF (19% accepted, 80/423)

“Adapting Social Spam Infrastructure for Political Censorship.” Kurt Thomas, Chris Grier, and Vern Paxson. In the Proceedings of the USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET). April 2012. PDF

“Prudent Practices for Designing Malware Experiments: Status Quo and Outlook.” Christian Rossow, Christian J. Dietrich, Christian Kreibich, Chris Grier, Vern Paxson, Norbert Pohlmann, Herbert Bos, and Maarten van Steen. In the Proceedings of the IEEE Symposium on Security and Privacy, May 2012. PDF

“Suspended Accounts in Retrospect: An Analysis of Twitter Spam.” Kurt Thomas, Chris Grier, Vern Paxson, Dawn Song. In Proceedings of the Internet Measurement Conference (IMC). November 2011. PDF (19% accepted, 42/220)

“No Plan Survives Contact: Experience with Cybercrime Measurement.” Chris Kanich, Neha Chachra, and Damon McCoy, Chris Grier, David Wang, Marti Motoyama, Kirill Levchenko, Stefan Savage, and Geoff Voelker. Workshop on Cyber Security Experimentation and Test (CSET). August 2011. PDF

“Measuring Pay-per-Install: The Commoditization of Malware Distribution.” Juan Caballero, Chris Grier, Christian Kreibich, and Vern Paxson. In Proceedings of the USENIX Security Symposium. August 2011. PDF (17% accepted, 35/204). Outstanding Paper Award.

“What’s Clicking What? Techniques and Innovations of Today’s Clickbots.” Brad Miller, Paul Pearce, Chris Grier, Christian Kreibich, and Vern Paxson. In Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment.July 2011. PDF

“Design and Evaluation of a Real-Time URL Spam Filtering Service.” Kurt Thomas, Chris Grier, Justin Ma, Vern Paxson, and Dawn Song. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2011. PDF (11% accepted, 34/306)

“Click Trajectories: End-to-End Analysis of the Spam Value Chain.” Kirill Levchenko, Andreas Pitsillidis, Neha Chachra, Brandon Enright, Mark Felegyhazi, Chris Grier, Tristan Halvorson, Chris Kanich, Christian Kreibich, He Liu, Damon McCoy, Nicholas Weaver, Vern Paxson, Geoffrey M. Voelker, and Stefan Savage. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2011. PDF (11% accepted, 34/306)

“@spam: The Underground on 140 Characters or Less.” Chris Grier, Kurt Thomas, Vern Paxson and Michael Zhang, Proceedings of the ACM Conference on Computer and Communications Security (CCS 2010), October 2010. PDF (17% accepted, 55/320)

“unFriendly: Multi-Party Privacy Risks in Social Networks.” Kurt Thomas, Chris Grier, David Nicol, Proceedings of Privacy Enhancing Technologies Symposium (PETS 2010), July 2010. PDF (28% accepted, 16/57)

“Insights from the Inside: A View of Botnet Management from Infiltration.” Chia Yuan Cho, Juan Caballero, Chris Grier, Vern Paxson, Dawn Song, Proceedings of Large-Scale Exploits and Emergent Threats (LEET 2010), April 27th, 2010. PDF

“Alhambra: A system for creating, enforcing and testing browser security policies.” Shuo Tang, Chris Grier, Onur Aciicmez, Samuel T. King, In Proceedings of the International World Wide Web Conference (WWW 2010), April 2010. PDF (14% accepted, 104/743)

“Barriers to Security and Privacy Research in the Web Era.” Chris Grier, Kurt A. Thomas, David M. Nicol, Proceedings of the Workshop on Ethics in Computer Security Research (WECSR 2010), January 2010. PDF.

“The Multi-principal OS Construction of the Gazelle Web Browser,” Helen J. Wang, Chris Grier, Alexander Moshchuk, Samuel T. King, Piali Choudhury, and Herman Venter, Proceedings of the 18th USENIX Security Symposium, August 2009. PDF (15% accepted, 26/176)

“How I Learned to Stop Worrying and Love Plugins.” Chris Grier, Samuel T. King, Dan S. Wallach, Web 2.0 Security and Privacy (W2SP 2009), May 2009. PDF

“The Multi-Principal OS Construction of the Gazelle Web Browser,” Helen J. Wang, Chris Grier, Alexander Moshchuk, Samuel T. King, Piali Choudhury, and Herman Venter, MSR technical report MSR-TR-2009-16, Redmond, WA, Feb 19, 2009. PDF

“Secure web browsing with the OP web browser,” Chris Grier, Shuo Tang, and Samuel T. King, In Proceedings of the 2008 IEEE Symposium on Security and Privacy, May 2008. PDF

“Designing and implementing malicious hardware,” Samuel T. King, Joseph Tucek, Anthony Cozzie, Chris Grier, Weihang Jiang, and Yuanyuan Zhou, Proceedings of the First USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET ’08), April 2008. PDF. Best Paper Award.

“SCADA Cyber Security Testbed Development,” C. M. Davis, J. E. Tate, H. Okhravi, C. Grier, T. J. Overbye, and D. Nicol, Proceedings of North American Power Symposium (NAPS), September 2006. PDF

“RINSE: The Real- Time Immersive Network Simulation Environment for Network Security Exercises,” Michael Liljenstam, Jason Liu, David Nicol, Yougu Yuan, Guanhua Yan, Chris Grier, Proceedings of the 19th Workshop on Principles of Advanced and Distributed Simulation (PADS), June 2005. PDF

Journal papers

“Designing and implementing the OP and OP2 web browsers.” Chris Grier, Shuo Tang, and Samuel T. King. ACM Transactions on the Web (TWEB). Vol. 5(2), pp. 11, May 2011.

“RINSE: The Real-Time Immersive Network Simulation Environment for Network Security Exercises (Extended Version).” Michael Liljenstam, Jason Liu, David Nicol, Yougu Yuan, Guanhua Yan, and Chris Grier. Simulation Vol. 82(1), pp. 43-59, Jan. 2006. (PADS conference PDF)

Other publications

Kurt Thomas and Chris Grier, “Fake Users Reap Real Gains,” RCMP Gazette, Vol. 76 Number 1, http://www.rcmp-grc.gc.ca/en/gazette/fake-users-reap-real-gains. April 2014.

Chris Grier, Shuo Tang, and Samuel T. King. “Building a More Secure Web Browser,” ;login: The USENIX Magazine, Vol. 33 Number 4, August 2008. PDF

Other things