News

[Sep 24] Pegasus was accepted at EuroSys’25
[Aug 24] HFI is selected into IEEE Micro Top Picks 2023
[Aug 24] HFI is awarded honorable mention of the Intel Hardware Security Academic Award (IHSAA)
[Aug 24] Endokernel published at USENIX Security’24
[May 24] Accepted to serve as associate editor of ACM TOPS
[Dec 23] Endoprocess published at NSPW’23
[Nov 23] Accepted to serve on EuroSys’25 PC

Projects

Memory-Safe Hardware and Software Architecture

Optimize local microservice executions using memory-safe languages and hardware optimizations

Research Artifacts and Evaluation

Building and evaluating reproducible and reusable research artifacts.

Protecting Persistent Data

Enforcing security policies at the storage layer to reduce attack surface of existing solutions.

Secure In-Process Memory Isolation and Efficient Cloud Deployments

Providing in-process isolation for sensitive data and state to increase the security and robustness of applications and its use to provide efficient cloud deployments

Shielding Applications in an untrusted Cloud

Lift and shift unmodified applications into Intel SGX enclaves to shield them in an untrusted cloud.

Selected Publications

More Publications

Pegasus: Transparent and Unified Kernel-Bypass Networking for Fast Local and Remote Communication ACM EuroSys, 2025.

Fortify Your Foundations: Practical Privacy and Security for Foundation Model Deployments In The Cloud arXiv, 2024.

PDF

Endokernel: A Thread Safe Monitor for Lightweight Subprocess Isolation USENIX Security, 2024.

Hardware-Assisted Fault Isolation: Going Beyond the Limits of Software-Based Sandboxing IEEE Micro Top Picks, 2024.

PDF

Trusted Heterogeneous Disaggregated Architectures ACM SIGOPS Asia-Pacific Workshop on Systems (APSys), 2023.

PDF

Going beyond the Limits of SFI: Flexible and Secure Hardware-Assisted In-Process Isolation with HFI ASPLOS, Distinguished Paper Award, 2023.

PDF

uSwitch: Fast Kernel Context Isolation with Implicit Context Switches IEEE S&P, 2023.

PDF

ERIM: Secure, Efficient In-Process Isolation with Memory Protection Keys USENIX Security, Distinguished Paper Award and Internet Defense Prize, 2019.

PDF Code Slides Video

Thoth : Comprehensive Policy Compliance in Data Retrieval Systems Usenix Security, 2016.

PDF

Guardat: Enforcing data policies at the storage layer ACM EuroSys, 2015.

PDF Poster Slides Video

Service

Program Committee

  • Usenix Security: 2021, 2022, 2023, 2024 & Research Ethics Committee Member, 2025
  • EuroSys: 2025
  • ACM Conference on Reproducibility and Replicability: 2023 2024
  • Middleware Doctoral Workshop: 2020
  • Intel Software Professionals Conference - Security Track: 2020
  • EuroSys ShadowPC: 2020
  • SOCC Posters: 2020

Artifact Evaluation

Steering Committee

Journal

  • ACM TOPS Associate Editor [2024 - ]
  • DTRAP External Reviewer: 2021

Organization

Awards

  • HFI selected into IEEE Micro Top Picks 2024
  • HFI wins honorable mention at Intel Hardware Security Academic Award (IHSAA)
  • Distinguished Paper Award at ASPLOS 2023 for HFI
  • Selected as DARPA Riser 2022, Topic: “The Rise of Memory-Safe Languages: Building a Fast, Elastic, Secure Software & Hardware Architecture”
  • Intel High-5 Patent Award 2021
  • Intel Labs 2021 Gordy Award Honorable Mention in “Excelence in Risk Taking” for our continued work on the Graphene Library OS (in collaboration with Dmitrii Kuvaiskii, Mona Vij, Sudha Krishnakumar, Isaku Yamahata)
  • Facebook and USENIX Internet Defense Prize 2019 for ERIM
  • Distinguished Paper Award at USENIX Security 2019 for ERIM