User Tools

Site Tools


pub:projects

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
pub:projects [2018/11/28 20:45]
root
pub:projects [2019/03/26 16:40] (current)
root
Line 3: Line 3:
   * **Untrusted Hypervisor**:​ Hypervisor, as the critical single point of failure, has bugs. We try to minimize the TCB of hypervisor and tolerant non-critical failures.   * **Untrusted Hypervisor**:​ Hypervisor, as the critical single point of failure, has bugs. We try to minimize the TCB of hypervisor and tolerant non-critical failures.
      * In __HyperCoffer__ [HPCA'​13][{{:​publications:​hypercoffer-hpca2013.pdf|pdf}}],​ we develop a secure processor that supports unmodified VM running in hardware enclave, without trusting hypervisor.      * In __HyperCoffer__ [HPCA'​13][{{:​publications:​hypercoffer-hpca2013.pdf|pdf}}],​ we develop a secure processor that supports unmodified VM running in hardware enclave, without trusting hypervisor.
-     * In __Nexen__ [NDSS'​17][{{:​publications:​nexen_ndss17.pdf|pdf}}],​ we analyze 191 Xen's CVE and redesign Xen by partitioning it to multiple slices. Each slice only serves one VM. The system can defend against 75% vulnerability without knowing details.+     * In __Nexen__ [NDSS'​17][{{:​publications:​nexen-ndss17.pdf|pdf}}],​ we analyze 191 Xen's CVE and redesign Xen by partitioning it to multiple slices. Each slice only serves one VM. The system can defend against 75% vulnerability without knowing details.
  
   * **System and Application on ARM TrustZone**:​ We aim to leverage TrustZone to improve the security and performance of different scenarios, on both mobile and server platforms.   * **System and Application on ARM TrustZone**:​ We aim to leverage TrustZone to improve the security and performance of different scenarios, on both mobile and server platforms.
-     * In __vTZ__ [USENIX Security'​17][{{publications:​vTZ_security17.pdf|pdf}}],​ we build a system that enables system virtualization for ARM server that supports different TrustZone for each VM.+     * In __vTZ__ [USENIX Security'​17][{{publications:​vtz-security17.pdf|pdf}}],​ we build a system that enables system virtualization for ARM server that supports different TrustZone for each VM.
      * In __AdAttester__ [MobiSys'​15][{{publications:​adattester-mobisys15.pdf|pdf}}],​ we leverage TrustZone to prevent Ad fraud by generating attestation of user's behavior in the secure world.      * In __AdAttester__ [MobiSys'​15][{{publications:​adattester-mobisys15.pdf|pdf}}],​ we leverage TrustZone to prevent Ad fraud by generating attestation of user's behavior in the secure world.
      * The above projects are based on T6, our full-fledged TEE operating system that has been deployed in tens of millions of mobile phones. More information about T6 can be found here: [[http://​trustkernel.com]]      * The above projects are based on T6, our full-fledged TEE operating system that has been deployed in tens of millions of mobile phones. More information about T6 can be found here: [[http://​trustkernel.com]]
  
   * **System and Application on ARM TrustZone**:​ We try to integrate SGX with system software to achieve better performance,​ compatibility,​ more functionalities and be more developer-friendly.   * **System and Application on ARM TrustZone**:​ We try to integrate SGX with system software to achieve better performance,​ compatibility,​ more functionalities and be more developer-friendly.
-     * In __SGX-Migration__ [DSN'​17][{{:​publications:​sgxmigration_dsn17.pdf|pdf}}],​ we build virtualization support for SGX enclave which supports live migration without trusting hypervisor or guest operating system.+     * In __SGX-Migration__ [DSN'​17][{{:​publications:​sgxmigration-dsn17.pdf|pdf}}],​ we build virtualization support for SGX enclave which supports live migration without trusting hypervisor or guest operating system.
      * In __SGX-chain__,​ we use SGX to protect the smart contract execution in Ethereum to offer confidentiality for blockchain.      * In __SGX-chain__,​ we use SGX to protect the smart contract execution in Ethereum to offer confidentiality for blockchain.
  
   * **New Hardware Features for System Software**: We are good at leveraging new hardware features and build systems faster and more secure. We believe small hardware change can benefit big system security improvement. We go deep into hardware design and the interaction between hardware and system software.   * **New Hardware Features for System Software**: We are good at leveraging new hardware features and build systems faster and more secure. We believe small hardware change can benefit big system security improvement. We go deep into hardware design and the interaction between hardware and system software.
-     * In __CFIMon__ [DSN'​12][{{:​publications:​cfimon-dsn2012.pdf|pdf}}],​ we are the first to use hardware performance counter (BTS) to enforce CFI at runtime with acceptable performance overhead. +     * In __CFIMon__ [DSN'​12][{{:​publications:​cfimon-dsn12.pdf|pdf}}],​ we are the first to use hardware performance counter (BTS) to enforce CFI at runtime with acceptable performance overhead. 
-     * In __TxIntro__ [HPCA'​14][{{:​publications:​tx-intro.pdf|pdf}}],​ we leverage hardware transaction memory to (HTM) enhance VM introspection,​ which won the “Best Paper Nominee” award of HPCA'​14. +     * In __TxIntro__ [HPCA'​14][{{:​publications:​txintro-hpca14.pdf|pdf}}],​ we leverage hardware transaction memory to (HTM) enhance VM introspection,​ which won the “Best Paper Nominee” award of HPCA'​14. 
-     * In __VPM__ [SoCC'​16][{{:​publications:​vpmsocc16.pdf|pdf}}],​ we build a system that hybrids DRAM & PM to achieve close performance as full-PM system which keeping the whole system crash consistency.+     * In __VPM__ [SoCC'​16][{{:​publications:​vpm-socc16.pdf|pdf}}],​ we build a system that hybrids DRAM & PM to achieve close performance as full-PM system which keeping the whole system crash consistency.
      * In __CrossOver__ [ISCA'​15][{{:​publications:​crossover-isca15.pdf|pdf}}],​ we improve the performance of cross-domain invocation by introducing new hardware instructions.      * In __CrossOver__ [ISCA'​15][{{:​publications:​crossover-isca15.pdf|pdf}}],​ we improve the performance of cross-domain invocation by introducing new hardware instructions.
  
pub/projects.txt · Last modified: 2019/03/26 16:40 by root