Protecting Persistent Data

Enforcing security policies at the storage layer to reduce attack surface of existing solutions.

Secure, Efficient In-Process Memory Isolation

Providing isolation for sensitive data and state to increase the security and robustness of applications.


Pesos: Policy Enhanced Secure Object store ACM EuroSys, 2018.


ERIM: Secure, Efficient In-Process Isolation with Memory Protection Keys arXiv preprint, 2018.


Light-Weight Contexts: An OS Abstraction for Safety and Performance USENIX OSDI, 2016.

PDF Code

Thoth : Comprehensive Policy Compliance in Data Retrieval Systems Usenix Security, 2016.


Guardat: Enforcing data policies at the storage layer ACM EuroSys, 2015.

PDF Poster Slides Video Extended technical report

Protecting Data Integrity with Storage Leases MPI-SWS Technical Report & Patent, 2011.

PDF Patent

A verifiedwireless safety critical hard real-time design IEEE WoWMoM, 2011.