[Dec 23] Endoprocess published at NSPW’23
[Nov 23] Accepted to serve on EuroSys’25 PC
[Aug 23] THDA published at APSys’23
[May 24] Serve as USENIX Security’24 Artifact Evaluation co-chair
[May 24] Serve on USENIX Security’24 PC and Research Ethics Committee
[Mar 23] HFI published at ASPLOS’23 & wins Distinguished Paper Award
[Jan 23] Guide NSF Repeto & ACM REP Conference as steering committee member
[Dec 22] uSwitch published at IEEE S&P
[Dec 22] Presented MeSHwA at DARPA Forward
[Dec 22] Segue & ColorGuard published at PLAS’22


Memory-Safe Hardware and Software Architecture

Optimize local microservice executions using memory-safe languages and hardware optimizations

Research Artifacts and Evaluation

Building and evaluating reproducible and reusable research artifacts.

Protecting Persistent Data

Enforcing security policies at the storage layer to reduce attack surface of existing solutions.

Secure, Efficient In-Process Memory Isolation

Providing isolation for sensitive data and state to increase the security and robustness of applications.

Shielding Applications in an untrusted Cloud

Lift and shift unmodified applications into Intel SGX enclaves to shield them in an untrusted cloud.

Selected Publications

More Publications

Endoprocess: Programmable and Extensible Subprocess Isolation New Security Paradigms Workshop (NSPW), 2023.

Trusted Heterogeneous Disaggregated Architectures ACM SIGOPS Asia-Pacific Workshop on Systems (APSys), 2023.


Going beyond the Limits of SFI: Flexible and Secure Hardware-Assisted In-Process Isolation with HFI ASPLOS, Distinguished Paper Award, 2023.


uSwitch: Fast Kernel Context Isolation with Implicit Context Switches IEEE S&P, 2023.


Segue & ColorGuard: Optimizing SFI Performance and Scalability on Modern x86 PLAS, 2022.


MeSHwA: The case for a Memory-Safe Software and Hardware Architecture for Serverless Computing Workshop On Resource Disaggregation and Serverless Computing (WORDS), 2022.

PDF Slides Video

Cerberus: A Formal Approach to Secure and Efficient Enclave Memory Sharing ACM CCS, 2022.


Swivel: Hardening WebAssembly against Spectre USENIX Security, 2021.


ERIM: Secure, Efficient In-Process Isolation with Memory Protection Keys USENIX Security, Distinguished Paper Award and Internet Defense Prize, 2019.

PDF Code Slides Video

Pesos: Policy Enhanced Secure Object store ACM EuroSys, 2018.



Program Committee

  • Usenix Security: 2021, 2022, 2023, 2024 & Research Ethics Committee Member
  • EuroSys: 2025
  • ACM Conference on Reproducibility and Replicability: 2023
  • Middleware Doctoral Workshop: 2020
  • Intel Software Professionals Conference - Security Track: 2020
  • EuroSys ShadowPC: 2020
  • SOCC Posters: 2020

Artifact Evaluation

Steering Committee

External Reviewer

  • EuroSys: 2018
  • HotOS: 2017
  • OSDI: 2016


  • DTRAP External Reviewer: 2021



  • Distinguished Paper Award at ASPLOS 2023 for HFI
  • Selected as DARPA Riser 2022, Topic: “The Rise of Memory-Safe Languages: Building a Fast, Elastic, Secure Software & Hardware Architecture”
  • Intel High-5 Patent Award 2021
  • Intel Labs 2021 Gordy Award Honorable Mention in “Excelence in Risk Taking” for our continued work on the Graphene Library OS (in collaboration with Dmitrii Kuvaiskii, Mona Vij, Sudha Krishnakumar, Isaku Yamahata)
  • Facebook and USENIX Internet Defense Prize 2019 for ERIM
  • Distinguished Paper Award at USENIX Security 2019 for ERIM