Sujaya Maiyya joined the Cheriton School of Computer Science as a tenure-track Assistant Professor in fall 2022. Her research is in the design of secure, high-performance data systems. She has a PhD from the University of California, Santa Barbara, where she developed a series of protocols that enable secure, fault-tolerant data management on both trusted and untrusted computing infrastructure. Her publications have appeared in top-tier venues, including the Proceedings of the VLDB Endowment, IEEE ICDE, and the ACM SIGMOD conference.
As a doctoral student at UCSB, Sujaya was awarded prestigious and competitive PhD fellowships from both IBM and Google, and she was a recipient of the CS department’s annual outstanding graduate student award. She was invited to participate in the 2021 MIT EECS Rising Stars Workshop, an event that identifies and mentors outstanding computer scientists interested in academic careers.
The following is a lightly edited transcript of a Q and A interview.
Tell us a bit about yourself.
I did my PhD in the United States at the University of California, Santa Barbara. Before my doctorate, I lived in India. I’m from Bangalore, a city in the southern part of India. That’s where I got my undergrad degree.
A fun fact — the language I speak is called Kannada, a language spoken mainly in southwestern India. When I tell people I speak Kannada they think I mean Canada. And moving to Canada has made it all the more confusing!
When did you become interested in computer science generally and data systems specifically?
My career path has been somewhat organic — events and encouragement that led to studying computer science, then data systems — a journey that happened because of the exceptional teachers and professors in my life.
It was teachers who nudged my interest in one direction versus another. I had a great math teacher in high school, and it was a joy to work on the math problems he gave us. That nudged me towards engineering rather than medicine, the two main areas students in India are encouraged to pursue. I went along the engineering path with lots of math as a foundation, which led to computer science.
During my undergraduate degree, I had an amazing professor who taught a course on computer networking. He introduced me to systems programming — getting two machines to communicate with each other — which I found fascinating.
When I moved to the United States for grad studies, I was at first a master’s student and I wasn’t certain at the time that I wanted to pursue a PhD, but I ended up taking a distributed systems course taught by the professor who became my PhD co-advisor. That course was love at first sight. It was a fascinating topic and the professor taught it exceptionally well. I looked forward to the lectures and programming assignments, so I decided to do a master’s project with him. Jump ahead five years and I’ve completed a PhD under his co-direction.
What attracted you to the Cheriton School of Computer Science?
When I began my job search, I was looking at schools and departments of computer science with a collaborative environment and strong, established research groups. My research spans data privacy and database systems, so working with excellent Waterloo researchers in data systems and in cryptography, security, and privacy was a huge attraction. For a young professor it’s great to be able to look to these research groups for guidance and expertise. For example, on the NSERC Discovery Grant I’m preparing I got feedback from both data systems researchers and from cryptography, security, and privacy researchers. This kind of support is essential for new faculty members to succeed.
The School of Computer Science is also a helpful, supportive environment outside of research. Even before I had accepted the offer, Semih Salihoğlu sent me detailed information about cities in the region where my partner and I could live, given that if I accepted I’d be at Waterloo and my partner would be doing consulting work in Toronto.
Women are still a minority in computer science, so another big attraction for me are the equity, diversity and inclusion initiatives at Waterloo and at the School of Computer Science. During my interview I met the School’s EDI chairs and I was impressed that equity, diversity and inclusion are core values, an impression that has only strengthened since I joined.
Tell us a bit about your research.
My research focuses on designing secure, high-performance data systems. The underlying question I ask is do we trust the hardware or the infrastructure that stores our data? The answer is usually yes for companies that own and manage their own fleet of computers, which implies they have complete control over and can trust the servers storing an application’s data. In that case, the systems and protocols in use can focus on performance such as reducing latency and solving various niche problems; I have developed such performance-focused data systems and protocols.
But this is not true for all data systems. If you host your data on third-party cloud providers, which is becoming increasingly common, the answer to that question is no. I do not know if and how the provider is looking at my data and what they learn from it. There are many subtle attacks that even encrypting data cannot mitigate and this untrusted cloud can learn complete information about the kind of data I’m storing and the kind of queries I’m performing. So, I’ve developed systems that hide these kinds of access-based attacks where even encrypting the data is insufficient to provide privacy guarantees.
Oftentimes, people or companies build a database system then add privacy or security features afterward, as an afterthought. It leads to weaker security and privacy guarantees or lower performance because they’ve designed a system that has an add-on on top. Or they have a system that has now lost some features. We should design database systems from the bottom up, with privacy and security integrated throughout.
One of the works I’ve done recently is data replication, where one server crashes and there’s another that stores my data. When we talk about privacy, data replication becomes much more challenging and the way I replicate data can leak a lot of information. These are fundamental protocols, but they become much more non-trivial when I introduce even the most basic form of privacy.
Do you see opportunities for collaborative research with colleagues at the School of Computer Science?
Definitely. I obviously can collaborate with members of the Data Systems Group. I’m thinking of doing some graph database research, both privacy and non-privacy-related work. Semih is an obvious researcher to collaborate with here. Xi He does differential privacy work, which is different from the kind of research I do, but it would be interesting to merge the two kinds of privacy research we conduct.
My non-privacy related work aligns most closely with the research that Khuzaima Daudjee and Ken Salem conduct. Their research has a bit more of a distributed systems flavour than data systems, but there’s some overlap. In fact. I’m working on a CFI grant with Khuzaima.
I’m fundamentally a database person so collaborating with the cryptography, security, and privacy researchers to develop proofs is critically important if privacy guarantees are needed. Florian Kerschbaum and Ian Goldberg, for example, have been working on obliviousness, which complements my research.
What do you see as your most important or most significant contribution?
I’d say my most significant contributions are building secure database systems and protocols to execute transactions. If I transfer money to you electronically, how can we be sure that both the credit and debit happen even when servers fail or messages fail? The protocols that ensure this are fundamental and any product today uses these protocols. But people have not always looked at privacy- or data-integrity guarantees in these protocols.
I developed secure versions of some of these fundamental protocols, and I consider them to be the most novel things I have developed. It can open new research directions by adding fundamental features to database systems with privacy and security as integral features. I’ve done some research in this area and I’m interested in exploring more in that direction.
If we’re talking about specific publications, among the most significant is “QuORAM: A Quorum-Replicated Fault Tolerant ORAM Datastore,” which I presented at the 31st USENIX Security Symposium. This research developed the first oblivious RAM datastore to replicate data with a quorum-based replication protocol. Another significant paper is “Fides: Managing Data on Untrusted Infrastructure,” a geo-distributed system that consists of data stored across non-trusting servers and proposes the first transaction commitment protocol to tolerate Byzantine servers.
Who has inspired you most?
Most inspirational? That would be my PhD co-advisors, Divyakant Agrawal and Amr El Abbadi, at UCSB. Thinking back, I realize how important a role mentorship and guidance plays in a student’s life. I’m hoping that now that I’m a professor I can excite and motivate students to pursue studying data systems as a career as my co-advisors excited and motivated me.
People who have a good time doing their PhD tend to want to become academics themselves, and I think they also become kinder, better professors, the ones who motivate students to learn and engage them to think about problems creatively. And it’s not just about academics. They are the kind of professors who guide students and make sure they have fun along the way, showing students how to have a healthy work-life balance through example. In fact, three days before my PhD defence one of my PhD co-advisors and I — along with a few other members — went on a 50-mile bike ride.
What do you do in your spare time?
When I was a PhD student I used to tutor in a homeless shelter. I met virtually with a six-year-old who has ADHD, so motivating the student was a challenge. But it was also very rewarding to see progress, even small steps. I’d like to continue tutoring locally in Waterloo.
I also love to paint and hike. When I lived in India, I hiked the Himalayan peaks four times. These were six- to eight-day backpacking hikes. Unfortunately, the Waterloo region is not mountainous, but I have started indoor rock climbing, a great activity that can be done year round.