Research
My research focuses on building systems we can trust. Today’s computers are complex beasts, composed of dozens or hundreds of hardware and software components stitched together. Their composite nature makes it hard, if not sometimes impossible, to reason about end-to-end system security. My aim is to restore some order to this chaos and build systems we can trust, by providing strong and auditable security guarantees by design.
My work spans the whole software stack: from user-space applications, to kernels, hypervisors, and firmware. I enjoy revisiting existing abstractions and redesigning them from ground-up with a security first mindset. Here are some of the main projects I have been working on:
The notion of trust has always been the cornerstone of the design of computer systems. Today’s computers have long departed from the original time sharing machine, and yet the trust model barely evolved. From multi-tenant clouds to applications pulling in thousands of dependencies, the world of computing is facing a trust crisis. We are building Tyche, a new kind of security monitor that makes it possible to enforce and reason about trust relationships.
Dynamic linkers are the narrow waist of operating systems. The dynamic linker runs before virtually any program on the system to serve as a glue between the kernel and user space. Despite their central role on the system, dynamic linkers have barely evolved since their inception in early Unix systems. The Fold project aims to explore how to build and use dynamic linkers to improve system security and robustness.
Confidential VMs promise strong isolation and confidentiality guarantees, and yet the reality is that confidential VMs are especially vulnerable to transient execution attacks and CPU bugs. Such attacks rely on shared resources across security contexts. We note that most of the resources sharing happens at the core granularity, and propose a simple solution: to run different security contexts on different cores.
Firmware is creeping in all systems’ root of trust. Modern firmware is both opaque an all powerful, yet all of our systems security depends on it being correct and trusted. The Mirage project explores the theoretical boundaries of firmware reach, while building the foundations of next generation untrusted yet secure firmware.
Last edited on 2024-06-23