Projects

Protecting Persistent Data

Enforcing security policies at the storage layer to reduce attack surface of existing solutions.

Secure, Efficient In-Process Memory Isolation

Providing isolation for sensitive data and state to increase the security and robustness of applications.

Shielding Applications in an untrusted Cloud

Lift and shift unmodified applications into Intel SGX enclaves to shield them in an untrusted cloud.

Selected Publications

More Publications

Swivel: Hardening WebAssembly against Spectre USENIX Security, 2021.

PDF

Privacy-Preserving Machine Learning in Untrusted Clouds Made Simple arXiv, 2020.

PDF

Automatically Securing Linux Application Containers in Untrusted Clouds Linux Security Summit, 2020.

Slides Video

ERIM: Secure, Efficient In-Process Isolation with Memory Protection Keys USENIX Security,
Distinguished Paper Award and Internet Defense Prize, 2019.

PDF Code Slides Video

Pesos: Policy Enhanced Secure Object store ACM EuroSys, 2018.

PDF

Light-Weight Contexts: An OS Abstraction for Safety and Performance USENIX OSDI, 2016.

PDF Code

Thoth : Comprehensive Policy Compliance in Data Retrieval Systems Usenix Security, 2016.

PDF

Guardat: Enforcing data policies at the storage layer ACM EuroSys, 2015.

PDF Poster Slides Video Extended technical report

Service

Program Committee

  • Usenix Security: 2021, 2022
  • Middleware Doctoral Workshop: 2020
  • Intel Software Professionals Conference - Security Track: 2020
  • EuroSys ShadowPC: 2020
  • SOCC Posters: 2020

Artifact Evaluation

External Reviewer

  • EuroSys: 2018
  • HotOS: 2017
  • OSDI: 2016

Organization

Awards

  • Intel Labs Gordy Award Honorable Mention in “Excelence in Risk Taking” for our continued work on the Graphene Library OS (in collaboration with Dmitrii Kuvaiskii, Mona Vij, Sudha Krishnakumar, Isaku Yamahata)
  • Facebook and USENIX Internet Defense Prize 2019
  • Distinguished Paper Award at USENIX Security 2019