Protecting Persistent Data

Enforcing security policies at the storage layer to reduce attack surface of existing solutions.

Secure, Efficient In-Process Memory Isolation

Providing isolation for sensitive data and state to increase the security and robustness of applications.


ERIM: Secure, Efficient In-Process Isolation with Memory Protection Keys USENIX Security, 2019.
Distinguished Paper Award and Internet Defense Prize

PDF Code Slides Video

Pesos: Policy Enhanced Secure Object store ACM EuroSys, 2018.


Light-Weight Contexts: An OS Abstraction for Safety and Performance USENIX OSDI, 2016.

PDF Code

Thoth : Comprehensive Policy Compliance in Data Retrieval Systems Usenix Security, 2016.


Guardat: Enforcing data policies at the storage layer ACM EuroSys, 2015.

PDF Poster Slides Video Extended technical report

Protecting Data Integrity with Storage Leases MPI-SWS Technical Report & Patent, 2011.

PDF Patent

A verifiedwireless safety critical hard real-time design IEEE WoWMoM, 2011.



Program Committee

  • Middleware'20 Doctoral Workshop
  • EuroSys'20 ShadowPC
  • SOCC'19 Posters

Artifact Evaluation

  • OSDI'20 Artifact Evaluation Co-Chair
  • USENIX Security'20
  • SOSP'19

External Reviewer

  • EuroSys'18
  • HotOS'17
  • OSDI'16


  • Registration for EuroSys'21