Jeongseok Son
Software Engineer @ Google

About

I'm a software engineer at Google. I build networked and distributed systems for privacy-preserving technologies and machine learning in the Technical Infrastructure group. Before Google, I was a research assistant pursuing a Ph.D. in Computer Science at University of California, Berkeley. I worked at RISELab, the successor of AMPLab where Apache Spark, Mesos, and Ray were born. At RISELab, I researched computer systems and programming language techniques for secure data processing and reinforcement learning. Previously, I worked as a software engineer and researcher for several years developing data infrastructure using Apache Hadoop, and improving the efficiency and reliability of cloud networking at Microsoft.

I received my M.S. and B.S. in Computer Science from UC Berkeley and KAIST respectively. During my undergraduate years, I was involved in virtualization platform research and learned about the core technology of cloud computing hacking the Xen Hypervisor kernel.

Publications and Talks

Proxying HTTP/3 (QUIC) Using CONNECT-UDP with Envoy
Jeongseok Son
EnvoyCon (KubeCon + CloudNativeCon North America), Chicago, IL, November 2023
ObliCheck: Efficient Verification of Oblivious Algorithms with Unobservable State
Jeongseok Son, Griffin Prechter, Rishabh Poddar, Raluca Ada Popa, and Koushik Sen
USENIX Security Symposium (Security), Virtual, August 2021
Civet: An Efficient Java Partitioning Framework for Hardware Enclaves
Chia-Che Tsai, Jeongseok Son, Bhushan Jain, John McAvey, Raluca Ada Popa, and Donald E. Porter
USENIX Security Symposium (Security), Boston, MA, USA, August 2020
Protego: Cloud-Scale Multitenant IPsec Gateway
Jeongseok Son, Yongqiang Xiong, Kun Tan, Paul Wang, Ze Gan, and Sue Moon
USENIX Annual Technical Conference (ATC), Santa Clara, CA, USA, July 2017
Efficiently Restoring Virtual Machines
Bernhard Egger, Erik Gustafsson, Changyeon Jo, and Jeongseok Son
IFIP International Conference on Network and Parallel Computing (NPC), Guiyang, China, September 2013, and Springer International Journal of Parallel Programming (IJPP), Volume 43, Issue 3, June 2015
Efficient Live Migration of Virtual Machines Using Shared Storage
Changyeon Jo, Erik Gustafsson, Jeongseok Son, and Bernhard Egger
ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments (VEE), Houston, TX, USA, March 2013

Projects

Privacy Proxy for IP Protection
IP Protection is a proposal to hide users’ IP addresses to prevent cross-site tracking by two-hop proxying users’ traffic. We work on the Privacy Proxy, which serves billions of Chrome users’ traffic to protect their privacy with high reliability and performance.
Automatic Verification of Oblivious Algorithms
Even when the data content is encrypted, an attacker can watch the memory, disk, and network access patterns of a program and infer a significant amount of secret information. Oblivious algorithms prevent this type of information leakage by making the access pattern independent of the secret input data. In this project, we developed a program checker for automatically verifying that a given algorithm is oblivious using symbolic execution.
Program Partitioning Framework for Hardware Enclaves
Hardware enclaves like Intel SGX protect sensitive data of an application even when an OS is malicious. However, simply putting a legacy application into an enclave can be insecure and degrade the performance significantly. We devised a framework that automatically partitions an application into trusted and untrusted parts with program analysis techniques and an optimized language runtime implementation for hardware enclaves.
Cloud-Scale Multitenant IPsec Gateway
Cloud service providers dedicate an IPsec gateway VM to each tenant to offer VPN connections to the virtual networks. We found that this approach wastes a significant amount of resources due to over-provisioning and passive redundancy for high availability. We designed a new distributed IPsec gateway service which can serve multiple tenants using shared resources.
Data Plane Verification of Networks Containing Middleboxes
VeriFlow was designed to verify the correctness of Software Defined Network (SDN) in real-time. To check traditional networks, we modeled various network devices from different vendors to construct the vendor-agnostic abstraction of networks for verification. I survyed and studied various types of network devices and modeled one of them from scratch.
Efficient Virtual Machine Live Migration and Checkpoint
The high network bandwidth consumption and long migration time hinder the wide deployment of virtual machine (VM) live migration in data centers. We improved the performance of VM live migration and checkpoint by deduplicating data overlap between memory and disk.

Miscellaneous

  • 손정석 is my name in Hangul. Son Jeongseok is the romanization of it.
    How to pronounce?: My given name has two syllables: 정-석 (Jeong-Seok). 정 (Jeong) is pronounced as the "jung" in "jungle", and 석 (Seok) sounds like "suck" but with a softer S sound, like "s-huck". Here is the .
    I also go by the name of Jason, which sounds similiar to my initials "J. Son".
  • I grew up in Jeju, a beautiful island and popular tourist attraction in South Korea. I lived in Daejeon, where the largest research cluster in the nation is located, for college and then lived in Seoul for work. I also stayed in Champaign-Urbana, Illinois in the USA for a year and Beijing in PRC for 8 months. Now I live in the San Francisco Bay Area, California in the USA.