Associate Professor
Shanghai Jiao Tong University
800 Dongchuan Road, Minhang District, Shanghai, P.R.China
Zip/Postal Code: 200240
Email: zchua at sjtu dot edu dot cn
I am an associate professor at Shanghai Jiao Tong University. I received my Ph.D. degree in computer science from Shanghai Jiao Tong University in 2020. My research area includes the agent OS, system for LLM and heterogeneous systems.
HW/SW Co-Design for System Isolation
I use hardware-software co-design to build a more efficient isolation framework for the operating system. For kernel-level isolation, I propose ISA-Grid[ISCA'23] to construct bit-level isolation domains for instructions and registers, which isolate different kernel components and kernel modules. I also propose EPTI[ATC'18] to isolate the kernel of unpatched VMs from user-level Meltdown attacks using the Intel VMFUNC instruction. For user-level isolation, I propose TZ-Container[SCIS'21] to isolate containers from untrusted OS with ARM TrustZone. I introduce CPS[ASPLOS'23] to make VM isolation more efficient in many core systems. I also propose XPC[ISCA'19] and its follow-up work [TOCS'22] to provide fast cross-domain call extensions and to speed up the IPC (Inter-Procedure Call) for existing OSes.
Trusted Execution Environment (TEE)
I focus on building practical TEE systems and their applications. I first try to enable high-performance TEEs in more scenarios using legacy hardware. For the virtualization environment, I propose vTZ[Security'2017], which is the first secure virtualization system for ARM TrustZone, to enable TrustZone for each VM. The SGXMigration[DSN'2017] is proposed to securely migrate a VM, together with its TEEs. For the OS kernel, I propose COLONY[TC'22] to construct TEE instances at the kernel level to protect OS services. For the heterogeneous environment, I propose XpuTEE(TOCS'25) to build TEEs across CPU and GPU. Based on these TEEs, I have built various high-performance secure systems, such as decentralized file systems, data sharing systems, and LLM inference systems.