Curriculum vitae
Ramón Cáceres
Summary Education Experience Awards Activities Mentoring Patents Publications


More than 30 years of experience in technology research and development. Areas of focus include computer systems and networks, mobile computing, human mobility, security, and privacy. Initiated and led research projects. Developed software products. Formed and managed a software engineering group. Ph.D. in Computer Science. IEEE Fellow and ACM Distinguished Scientist. Board member of CRA Committee on Widening Participation in Computing Research.


Ph.D. in Computer Science
1987 - 1992
University of California at Berkeley
Berkeley, CA
    Ph.D. Dissertation: Multiplexing Traffic at the Entrance to Wide-Area Networks. Advisor: D. Ferrari.
    Committee: A.G. Fraser, J. Ousterhout, and T. Speed. Minor in History of Science and Technology.
M.S. in Computer Science
1983 - 1984
University of California at Berkeley
Berkeley, CA
    M.S. Project: Process Control in a Distributed Berkeley Unix Environment. Advisor: D. Ferrari.
B. Eng. in Electrical Engineering
1979 - 1983
McGill University
Montréal, QC
    Computer Engineering Option. Minor in Management. Faculty Scholar.

Professional experience

Software Engineer
2014 - present
New York, NY
    Building privacy infrastructure used by Google products serving billions of people. Improved the scalability, reliability, and security of Zanzibar, a global authorization system that respects causal ordering of user actions.

    Zanzibar stores and evaluates permissions to access digital objects managed by hundreds of client services at Google, including Calendar, Drive, Maps, Photos, and YouTube. It stores trillions of permissions and serves millions of authorization requests per second. It has maintained 95th-percentile latency of less than 10 milliseconds and availability of greater than 99.999% over years of production use. Outside Google, Zanzibar has inspired multiple independent implementations, including the Ory Keto open-source project and the Authzed system as a service.

Lead Member of Technical Staff
2008 - 2014
AT&T Labs
New York, NY, and Florham Park, NJ
    2010 - 2014: Research in human mobility with an emphasis on privacy. • Characterized mobility patterns using billions of location samples for hundreds of thousands of anonymous cellphones in the New York, Los Angeles, and San Francisco metropolitan areas. Results included range of travel, important places, commuting carbon footprints, commuting routes, and catchment areas. • Developed differentially private modeling techniques that generate realistic sequences of locations and times for arbitrary numbers of synthetic people moving across metropolitan-scale regions.

    2008-2010: Research in mobile, edge, and cloud computing with an emphasis on privacy. • Introduced Cloudlets, computing infrastructure near the edge of the network that hosts virtual machines to support latency-sensitive and resource-intensive mobile applications. Considered seminal to what became known as edge computing. • Prototyped Virtual Individual Servers, personal virtual machines running in a paid cloud computing utility. VIS owners retain rights and control over the data in their VISs. Ran a VIS user trial. • Developed Vis-à-Vis, an online social networking framework that is based on federations of VISs and leverages their privacy-preserving properties.

Research Staff Member
2003 - 2008
IBM Research
Hawthorne, NY
    2005 - 2008: Research in secure systems and mobile computing. • Combined virtual machines, mandatory access controls, and hardware roots of trust to enable Trusted Virtual Data Centers with strong isolation and integrity guarantees. • Virtualized the Trusted Platform Module to enable trusted computing for an arbitrary number of virtual machines on a single hardware platform. • Designed and built a Trustworthy Kiosk system, in which a user leverages his mobile phone to verify the integrity of software loaded on a public computing device, prior to revealing personal information to that device.

    2003-2005: Research in mobile computing and software development tools. • Prototyped and evaluated SoulPad, a new mobility approach based on carrying an auto-configuring operating system and a suspended virtual machine on a pocket-sized device. SoulPad enabled rapid personalization of PCs without preinstalled software or network connectivity. • Created Composite Projects, a facility for grouping and nesting programming projects in Eclipse.

Chief Technology Officer
2001 - 2003
ShieldIP, Inc.
New York, NY
    Formed and managed the company's research and development group. Technical liaison to partners and customers. Led software design, coding, and testing. Wrote content protection software for thumb-sized mobile device. Built regression testing framework. Overall emphasis on security engineering.

    ShieldIP developed a novel technology for identifying and protecting digital content while preserving privacy.

Chief Scientist
2000 - 2001
Vindigo, Inc.
New York, NY
    Provided technical direction and prototyped technology. Devised and implemented efficient algorithms for computing driving directions on disconnected mobile devices. Developed walking directions software for mobile phones. Evaluated geographic information systems and map data providers. Experimented with early wireless data services.

    Vindigo won numerous awards as a pioneering provider of mobile applications. Its city guides for PalmOS and PocketPC provided location-based search of dining, shopping, and entertainment choices, including maps and directions, on resource-constrained handheld devices. They gained more than a million users before the advent of smartphones or app stores. Vindigo was acquired in 2004.

Principal Member of Technical Staff
1994 - 2000
AT&T Labs and AT&T Bell Labs
Florham Park, Murray Hill, and Holmdel, NJ
    1998 - 2000: Research in network measurement. • Introduced MINC, a set of techniques for inferring the internal behavior of networks based on end-to-end multicast measurements. Validated MINC through MBone experiments. Enabled impromptu measurement infrastructures by standardizing MINC data collection as extensions to the Real Time Protocol. • Developed a tool for monitoring Internet multimedia traffic that parses signaling protocols at packet capture time to track dynamically assigned port numbers.

    1996 - 1998: Research in wide-area networking and wireless networking. • Built and deployed PacketScope, a system for capturing IP packets on high-speed links for unlimited periods. Used the system to gather extensive traces of public Internet traffic. Used the traces to evaluate policies for multiplexing Web traffic over flow-switched networks, and to investigate performance issues in Web proxy caching. • Led the deployment of an early wireless LAN with more than 25 access points.

    1994 - 1996: Research in mobile computing and wireless networking. Designed and prototyped a hierarchical handoff scheme for Mobile IP. Demonstrated its performance benefits via experiments on a wireless network. Showed that handoffs were fast and reliable enough to support interactive audio applications such as Voice over IP.

1992 - 1994
Matsushita Information Technology Lab
Princeton, NJ
    Research in mobile computing and wireless networking. • Quantified the impact of cellular handoffs on the performance of TCP via experiments on a wireless network. Devised a fast retransmission strategy for alleviating the problem and demonstrated its effectiveness. • Evaluated storage alternatives for mobile devices. Quantified the pros and cons of using flash memory vs. hard disks, and proposed integrating flash memory with DRAM.

Post-Graduate Researcher
1987 - 1992
University of California at Berkeley and
International Computer Science Institute
Berkeley, CA
    Research in wide-area networking. Built and deployed systems for capturing IP packets. Gathered traces of wide-area Internet traffic and used them to empirically characterize dominant TCP/IP applications. Findings contradicted widely held beliefs regarding data traffic, e.g., showed that most bulk transfers were small and that interactive sessions were asymmetric. Used resulting models to evaluate policies and mechanisms for transporting IP traffic over ATM networks. Showed that ATM cell sizes and adaptation layers led to gross bandwidth inefficiencies for Internet traffic. This overhead later became known as the cell tax.

Software Development Engineer
1984 - 1987
Pyramid Technology Corp.
Mountain View, CA
    Unix multiprocessor kernel development. Designed, implemented, and released networking products, including IP over X.25, IP over HDLC, and raw X.25/X.28/X.29. Ported Streams I/O from AT&T to Berkeley Unix. Improved the multiprocessor performance of the Fast File System.

    Pyramid created a line of shared-memory multiprocessor systems based on a proprietary RISC architecture and the Unix operating system. Pyramid went public in 1985 and was acquired in 1995.

Awards and honors

Professional activities


Selected other activities

Mentoring and teaching


  • "System and Method for Controlling the Disposition of Computer-Based Objects", D. F. Bantz, R. Cáceres, T. E. Chefalas, S. Jalan, S. Matrianni, and C.A. Pickover, U.S. Patent No. 9,928,349, March 27, 2018.
  • "Distributed Computing Task Costing with a Mobile Device", E. Miluzzo, Y.-F. Chen, and R. Cáceres, U.S. Patent No. 9,031,531, May 12, 2015.
  • "Method and Device to Provide Trusted Recommendations of Websites", B. Krishnamurthy and R. Cáceres, U.S. Patent No. 8,949,327, February 3, 2015.
  • "Apparatus for Tracking the Distribution of Media Content", K. H. Purdy, B. Amento, L. Stead, A. Abella, E. Cheung, M. Nathan, L. Zaman, and R. Cáceres, U.S. Patent No. 8,621,066, December 31, 2013.
  • "Method and Apparatus for Scalable Integrity Attestation in Virtualization Environments", S. Berger, R. Cáceres, K. A. Goldman, R. Perez, R. Sailer, and D. Srinivasan, U.S. Patent No. 8,615,788, December 24, 2013.
  • "Method and Apparatus for Providing Mobile and Social Services via Virtual Individual Servers", R. Cáceres, A. Varshavsky, L. Cox, H. Lim, and A. Shakimov, U.S. Patent No. 8,437,365, May 7, 2013.
  • "Method for Moving and Copying Dependencies along with Source Code", R. Cáceres and S. Demathieu, U.S. Patent No. 8,302,073, October 30, 2012.
  • "Consolidated Launching of Multiple Tasks", D. Soroker, D. I. Dig, R. Cáceres, S. Demathieu and A. Purakayastha, U.S. Patent No. 8,219,991, July 10, 2012.
  • "Computer Implemented Method and System for Sharing Resources among Hierarchical Containers of Resources", G. S. Banavar, R. Cáceres, S. Demathieu and D. B. Lection, U.S. Patent No. 7,870,536, January 11, 2011.
  • "Sensor for Imaging Inside Equipment", C. Narayanaswami, M. T. Raghunath, R. Cáceres and S. Berger, U.S. Patent No. 7,502,068, March 10, 2009.
  • "Method and Apparatus for Protecting Information and Privacy", M. O. Rabin, D. Shasha, Y. Beinart, R. Cáceres, T. Karia, D. Molnar and S. Rolinson, U.S. Patent No. 7,406,593, July 29, 2008.
  • "Detection and Identification Methods for Software", M. O. Rabin, D. Shasha, C. Bosley, R. Cáceres, A. Ingram, T. Karia, D. Molnar and Y. Beinart, U.S. Patent No. 7,287,159, October 23, 2007.
  • "Method for Reducing Congestion in Packet-Switched Networks", D. G. Belanger, S. M. Bellovin, R. Cáceres and D. C. Nagel, U.S. Patent No. 7,227,843, June 5, 2007.
  • "System And Method For Providing Wireless Services within a Wireless Local Area Network", C. Blewett, R. Cáceres and J.C. Ramming, U.S. Patent No. 7,130,612, October 31, 2006.
  • "Method and System for Reducing Memory Access Latency by Providing Fine-Grained Direct Access to Flash Memory Concurrent with a Block Transfer Therefrom", R. Cáceres, B. Bershad, B. Marsh and F. Douglis, U.S. Patent No. 5,802,554, September 1, 1998.


There are more than 14,000 citations to this body of work and my h-index is 47 (according to Google Scholar).

Journal articles

Conference papers

Workshop papers

Book chapters

Technical reports (otherwise unpublished)

Other publications

Last updated 28 June 2022 by Ramón Cáceres