Research

My research focuses on building systems we can trust. Today’s computers are complex beasts, composed of dozens or hundreds of hardware and software components stitched together. Their composite nature makes it hard, if not sometimes impossible, to reason about end-to-end system security. My aim is to restore some order to this chaos and build systems we can trust, by providing strong and auditable security guarantees by design.

My work spans the whole software stack: from user-space applications, to kernels, hypervisors, and firmware. I enjoy revisiting existing abstractions and redesigning them from ground-up with a security first mindset. Here are some of the main projects I have been working on:

Tyche: Building Systems for Trust 2022-ongoing

The notion of trust has always been the cornerstone of the design of computer systems. Today’s computers have long departed from the original time sharing machine, and yet the trust model barely evolved. From multi-tenant clouds to applications pulling in thousands of dependencies, the world of computing is facing a trust crisis. We are building Tyche, a new kind of security monitor that makes it possible to enforce and reason about trust relationships.

Fold: Redesigning the Narrow Waist 2023

Dynamic linkers are the narrow waist of operating systems. The dynamic linker runs before virtually any program on the system to serve as a glue between the kernel and user space. Despite their central role on the system, dynamic linkers have barely evolved since their inception in early Unix systems. The Fold project aims to explore how to build and use dynamic linkers to improve system security and robustness.

Core-Gapping: Closing transient-execution attacks on Confidential VMs 2023-2024

Confidential VMs promise strong isolation and confidentiality guarantees, and yet the reality is that confidential VMs are especially vulnerable to transient execution attacks and CPU bugs. Such attacks rely on shared resources across security contexts. We note that most of the resources sharing happens at the core granularity, and propose a simple solution: to run different security contexts on different cores.

Mirage: Next Generation Firmware 2024-ongoing

Firmware is creeping in all systems’ root of trust. Modern firmware is both opaque an all powerful, yet all of our systems security depends on it being correct and trusted. The Mirage project explores the theoretical boundaries of firmware reach, while building the foundations of next generation untrusted yet secure firmware.