Here's a summary of my ongoing and recent research projects. You can also visit my Github page to see what OSS projects I contribute to.

Code Deployment Integrity

CDI is a framework for capturing and verifying high-integrity provenance metadata about software artifacts. By collecting evidence about the integrity of the operators in a software supply chain (i.e., the compiler, CI/CD pipeline etc), CDI enables verifiers to reduce trust in the operators themselves, and provides stronger assurances about the integrity of the provenance metadata they produce.

For more details, I encourage you to look at my publications on this project.

Hardware-Enforced Integrity and Provenance for Distributed Code Deployments

Enabling Security-Oriented Orchestration of Microservices


EnclaveDom is a compartmentalization system for large-TCB TEE applications that partitions an enclave into tagged memory regions, and enforces per-region access rules at the granularity of individual in-enclave functions. EnclaveDom is implemented on Intel SGX using Memory Protection Keys (MPK) for memory tagging, and we demonstrate a proof-of-concept of our compartmentalization mechanism in the Graphene-SGX libOS.

You can find all the details in our paper:

EnclaveDom: Privilege Separation for Large-TCB Applications in Trusted Execution Environments

To see what else I worked on as a graduate student and undergraduate, see my prior projects.