Projects

Protecting Persistent Data

Enforcing security policies at the storage layer to reduce attack surface of existing solutions.

Secure, Efficient In-Process Memory Isolation

Providing isolation for sensitive data and state to increase the security and robustness of applications.

Shielding Applications in an untrusted Cloud

Lift and shift unmodified applications into Intel SGX enclaves to shield them in an untrusted cloud.

Selected Publications

More Publications

Privacy-Preserving Machine Learning in Untrusted Clouds Made Simple arXiv, 2020.

PDF

Automatically Securing Linux Application Containers in Untrusted Clouds Linux Security Summit, 2020.

Slides Video

ERIM: Secure, Efficient In-Process Isolation with Memory Protection Keys USENIX Security,
Distinguished Paper Award and Internet Defense Prize, 2019.

PDF Code Slides Video

Pesos: Policy Enhanced Secure Object store ACM EuroSys, 2018.

PDF

Light-Weight Contexts: An OS Abstraction for Safety and Performance USENIX OSDI, 2016.

PDF Code

Thoth : Comprehensive Policy Compliance in Data Retrieval Systems Usenix Security, 2016.

PDF

Guardat: Enforcing data policies at the storage layer ACM EuroSys, 2015.

PDF Poster Slides Video Extended technical report

Service

Program Committee

  • Usenix Security’21 Programm Committee
  • Middleware’20 Doctoral Workshop
  • Intel Software Professionals Conference (SWPC) - Security Track PC
  • EuroSys’20 ShadowPC
  • SOCC’19 Posters

Artifact Evaluation

  • SC’21 Artifact Evaluation Co-Chair
  • OSDI’20 Artifact Evaluation Co-Chair
  • USENIX Security’20
  • SOSP’19

External Reviewer

  • EuroSys’18
  • HotOS’17
  • OSDI’16

Organization

  • Registration for EuroSys’21

Awards