About

Bruce MacDowell Maggs is the Pelham Wilder Professor of Computer Science at Duke University and serves as the Chief Scientific Officer at Emerald Innovations. His research primarily focuses on distributed systems, encompassing areas such as content delivery networks, computer networks, and computer and network security. Professor Maggs has a significant academic presence at Duke University, where he teaches courses including Distributed Systems and Computer Network Architecture. His work contributes to advancing the understanding and development of networked systems and security protocols.

Research topics

• Computer Science
• Computer Security
• World Wide Web
• Information Retrieval
• Artificial Intelligence
• Theoretical computer science
• Discrete mathematics
• Computer network
• Mathematics
• Business
• Algorithm
• Internet privacy

Selected publications

• Curator: Efficient Vector Search with Low-Selectivity Filters

  ArXiv.org · 2026-01-03

  articleOpen access

  Embedding-based dense retrieval has become the cornerstone of many critical applications, where approximate nearest neighbor search (ANNS) queries are often combined with filters on labels such as dates and price ranges. Graph-based indexes achieve state-of-the-art performance on unfiltered ANNS but encounter connectivity breakdown on low-selectivity filtered queries, where qualifying vectors become sparse and the graph structure among them fragments. Recent research proposes specialized graph indexes that address this issue by expanding graph degree, which incurs prohibitively high construction costs. Given these inherent limitations of graph-based methods, we argue for a dual-index architecture and present Curator, a partition-based index that complements existing graph-based approaches for low-selectivity filtered ANNS. Curator builds specialized indexes for different labels within a shared clustering tree, where each index adapts to the distribution of its qualifying vectors to ensure efficient search while sharing structure to minimize memory overhead. The system also supports incremental updates and handles arbitrary complex predicates beyond single-label filters by efficiently constructing temporary indexes on the fly. Our evaluation demonstrates that integrating Curator with state-of-the-art graph indexes reduces low-selectivity query latency by up to 20.9x compared to pre-filtering fallback, while increasing construction time and memory footprint by only 5.5% and 4.3%, respectively.

  PublisherOA PDF

• Curator: Efficient Vector Search with Low-Selectivity Filters

  arXiv (Cornell University) · 2026-01-03

  preprintOpen access

  Embedding-based dense retrieval has become the cornerstone of many critical applications, where approximate nearest neighbor search (ANNS) queries are often combined with filters on labels such as dates and price ranges. Graph-based indexes achieve state-of-the-art performance on unfiltered ANNS but encounter connectivity breakdown on low-selectivity filtered queries, where qualifying vectors become sparse and the graph structure among them fragments. Recent research proposes specialized graph indexes that address this issue by expanding graph degree, which incurs prohibitively high construction costs. Given these inherent limitations of graph-based methods, we argue for a dual-index architecture and present Curator, a partition-based index that complements existing graph-based approaches for low-selectivity filtered ANNS. Curator builds specialized indexes for different labels within a shared clustering tree, where each index adapts to the distribution of its qualifying vectors to ensure efficient search while sharing structure to minimize memory overhead. The system also supports incremental updates and handles arbitrary complex predicates beyond single-label filters by efficiently constructing temporary indexes on the fly. Our evaluation demonstrates that integrating Curator with state-of-the-art graph indexes reduces low-selectivity query latency by up to 20.9x compared to pre-filtering fallback, while increasing construction time and memory footprint by only 5.5% and 4.3%, respectively.

  PublisherDOI

• Curator: Efficient Vector Search with Low-Selectivity Filters

  Proceedings of the ACM on Management of Data · 2026-04-02

  articleOpen access

  Embedding-based dense retrieval has become the cornerstone of many critical applications, where approximate nearest neighbor search (ANNS) queries are often combined with filters on labels such as dates and price ranges. Graph-based indexes achieve state-of-the-art performance on unfiltered ANNS but encounter connectivity breakdown on low-selectivity filtered queries, where qualifying vectors become sparse and the graph structure among them fragments. Recent research proposes specialized graph indexes that address this issue by expanding graph degree, which incurs prohibitively high construction costs. Given these inherent limitations of graph-based methods, we argue for a dual-index architecture and present Curator, a partition-based index that complements existing graph-based approaches for low-selectivity filtered ANNS. Curator builds specialized indexes for different labels within a shared clustering tree, where each index adapts to the distribution of its qualifying vectors to ensure efficient search while sharing structure to minimize memory overhead. The system also supports incremental updates and handles arbitrary complex predicates beyond single-label filters by efficiently constructing temporary indexes on the fly. Our evaluation demonstrates that integrating Curator with state-of-the-art graph indexes reduces low-selectivity query latency by up to 20.9x compared to pre-filtering fallback, while increasing construction time and memory footprint by only 5.5% and 4.3%, respectively.

  PublisherDOI

• Characterizing Anycast Flipping: Prevalence and Impact

  Lecture notes in computer science · 2025-01-01

  book-chapter
  PublisherDOI

• Curator: Efficient Indexing for Multi-Tenant Vector Databases

  arXiv (Cornell University) · 2024-01-13

  preprintOpen access

  Vector databases have emerged as key enablers for bridging intelligent applications with unstructured data, providing generic search and management support for embedding vectors extracted from the raw unstructured data. As multiple data users can share the same database infrastructure, multi-tenancy support for vector databases is increasingly desirable. This hinges on an efficient filtered search operation, i.e., only querying the vectors accessible to a particular tenant. Multi-tenancy in vector databases is currently achieved by building either a single, shared index among all tenants, or a per-tenant index. The former optimizes for memory efficiency at the expense of search performance, while the latter does the opposite. Instead, this paper presents Curator, an in-memory vector index design tailored for multi-tenant queries that simultaneously achieves the two conflicting goals, low memory overhead and high performance for queries, vector insertion, and deletion. Curator indexes each tenant's vectors with a tenant-specific clustering tree and encodes these trees compactly as sub-trees of a shared clustering tree. Each tenant's clustering tree adapts dynamically to its unique vector distribution, while maintaining a low per-tenant memory footprint. Our evaluation, based on two widely used data sets, confirms that Curator delivers search performance on par with per-tenant indexing, while maintaining memory consumption at the same level as metadata filtering on a single, shared index.

  PublisherOA PDFDOI

• No Root Store Left Behind

  2023-11-13 · 3 citations

  articleOpen access

  When a root certificate authority (CA) in the Web PKI misbehaves, primary root-store operators such as Mozilla and Google respond by distrusting that CA. However, full distrust is often too broad, so root stores often implement partial distrust of roots, such as only accepting a root for a subset of domains. Unfortunately, derivative root stores (e.g., Debian and Android) that mirror decisions made by primary root stores are often out-of-date and cannot implement partial distrust, leaving TLS applications vulnerable.

  PublisherOA PDFDOI

• Foundations of Differentially Oblivious Algorithms

  Journal of the ACM · 2022-08-10 · 8 citations

  article

  It is well-known that a program’s memory access pattern can leak information about its input. To thwart such leakage, most existing works adopt the technique of oblivious RAM (ORAM) simulation. Such an obliviousness notion has stimulated much debate. Although ORAM techniques have significantly improved over the past few years, the concrete overheads are arguably still undesirable for real-world systems — part of this overhead is in fact inherent due to a well-known logarithmic ORAM lower bound by Goldreich and Ostrovsky. To make matters worse, when the program’s runtime or output length depend on secret inputs, it may be necessary to perform worst-case padding to achieve full obliviousness and thus incur possibly super-linear overheads. Inspired by the elegant notion of differential privacy, we initiate the study of a new notion of access pattern privacy, which we call “ (ϵ , δ) -differential obliviousness”. We separate the notion of (ϵ , δ) -differential obliviousness from classical obliviousness by considering several fundamental algorithmic abstractions including sorting small-length keys, merging two sorted lists, and range query data structures (akin to binary search trees). We show that by adopting differential obliviousness with reasonable choices of ϵ and δ , not only can one circumvent several impossibilities pertaining to full obliviousness, one can also, in several cases, obtain meaningful privacy with little overhead relative to the non-private baselines (i.e., having privacy “with little extra overhead”). On the other hand, we show that for very demanding choices of ϵ and δ , the same lower bounds for oblivious algorithms would be preserved for (ϵ, δ) -differential obliviousness.

  PublisherDOI

• Hammurabi

  Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security · 2022-11-07 · 8 citations

  articleOpen access

  This paper proposes using a logic programming language to disentangle X.509 certificate validation policy from mechanism. Expressing validation policies in a logic programming language provides multiple benefits. First, policy and mechanism can be more independently written, augmented, and analyzed compared to the current practice of interweaving them within a C or C++ implementation. Once written, these policies can be easily shared and modified for use in different TLS clients. Further, logic programming allows us to determine when clients differ in their policies and use the power of imputation to automatically generate interesting certificates, e.g., a certificate that will be accepted by one browser but not by another.

  PublisherOA PDFDOI

• Robust Algorithms for TSP and Steiner Tree

  ACM Transactions on Algorithms · 2022-12-14 · 2 citations

  articleOpen access

  Robust optimization is a widely studied area in operations research, where the algorithm takes as input a range of values and outputs a single solution that performs well for the entire range. Specifically, a robust algorithm aims to minimize regret , defined as the maximum difference between the solution’s cost and that of an optimal solution in hindsight once the input has been realized. For graph problems in P , such as shortest path and minimum spanning tree, robust polynomial-time algorithms that obtain a constant approximation on regret are known. In this paper, we study robust algorithms for minimizing regret in NP -hard graph optimization problems, and give constant approximations on regret for the classical traveling salesman and Steiner tree problems.

  PublisherOA PDFDOI

• Zero Botnets: An Observe-Pursue-Counter Approach

  arXiv (Cornell University) · 2022 · 10 citations

  • Computer Security
  • Computer Science
  • Computer Security

  Adversarial Internet robots (botnets) represent a growing threat to the safe use and stability of the Internet. Botnets can play a role in launching adversary reconnaissance (scanning and phishing), influence operations (upvoting), and financing operations (ransomware, market manipulation, denial of service, spamming, and ad click fraud) while obfuscating tailored tactical operations. Reducing the presence of botnets on the Internet, with the aspirational target of zero, is a powerful vision for galvanizing policy action. Setting a global goal, encouraging international cooperation, creating incentives for improving networks, and supporting entities for botnet takedowns are among several policies that could advance this goal. These policies raise significant questions regarding proper authorities/access that cannot be answered in the abstract. Systems analysis has been widely used in other domains to achieve sufficient detail to enable these questions to be dealt with in concrete terms. Defeating botnets using an observe-pursue-counter architecture is analyzed, the technical feasibility is affirmed, and the authorities/access questions are significantly narrowed. Recommended next steps include: supporting the international botnet takedown community, expanding network observatories, enhancing the underlying network science at scale, conducting detailed systems analysis, and developing appropriate policy frameworks.

  PublisherOA PDFDOI

Recent grants

• FIA-NP: Collaborative Research: Deployment-Driven Evaluation and Evolution of the eXpressive Internet Architecture

  NSF · $384k · 2014–2018

• NeTS: Medium: Collaborative Research: The Internet at the Speed of Light

  NSF · $375k · 2018–2023

• AitF: FULL: Collaborative Research: Optimizing Networked Systems with Limited Information

  NSF · $368k · 2015–2020

• NeTS: Small: Collaborative Research: Studying Internet Interconnections in the Era of Cloud Computing

  NSF · $116k · 2017–2020

• CNS Core: Large: Collaborative Research: Towards an Evolvable Public Key Infrastructure

  NSF · $300k · 2019–2023

Frequent coauthors

• Ramesh K. Sitaraman

  University of Massachusetts Amherst

  32 shared

• B. Chandrasekaran

  Vrije Universiteit Amsterdam

  27 shared

• Srinivasan Seshan

  Universidad del Noreste

  19 shared

• Dave Levin

  18 shared

• Satish Rao

  Manipal Academy of Higher Education

  17 shared

• Frank Thomson Leighton

  Massachusetts Institute of Technology

  17 shared

• Alan Mislove

  Northeastern University

  17 shared

• David Choffnes

  16 shared

Labs

• Bruce Maggs's LabPI

  Research focuses on distributed systems, including content delivery networks, computer networks, and computer and network security.

Awards & honors

• Fellow of the Association for Computing Machinery (2022)