Here's a summary of my ongoing and recent research projects. You can also visit my Github page to see what OSS projects I currently contribute to.
Code Deployment Integrity
CDI is a framework for capturing and verifying high-integrity provenance metadata about software artifacts. By collecting evidence about the integrity of the operators in a software supply chain (i.e., the compiler, CI/CD pipeline etc), CDI enables verifiers to reduce trust in the operators themselves, and provides stronger assurances about the integrity of the provenance metadata they produce.
For more details, I encourage you to look at my publications on this project.
Hardware-Enforced Integrity and Provenance for Distributed Code Deployments
EnclaveDom
EnclaveDom is a compartmentalization system for large-TCB TEE applications that partitions an enclave into tagged memory regions, and enforces per-region access rules at the granularity of individual in-enclave functions. EnclaveDom is implemented on Intel SGX using Memory Protection Keys (MPK) for memory tagging, and we demonstrate a proof-of-concept of our compartmentalization mechanism in the Graphene-SGX libOS.
You can find all the details in our paper:
EnclaveDom: Privilege Separation for Large-TCB Applications in Trusted Execution Environments
To see what else I worked on as a graduate student and undergraduate, see my prior projects.