李明煜 (Maxul Lee)

PhD

lmy2010lmy@gmail.com

Biography

  • https://maxul.github.io

Education

  • 2019 Summer - 2024 Spring, Shanghai Jiao Tong University, Electronic and Information Engineering
  • 2015 Fall - 2018 Summer, Beijing University of Posts and Telecommunications, Computer Science
  • 2011 Fall - 2015 Summer, Beijing University of Posts and Telecommunications, Applied Physics

Research Interest

My interest focuses on making systems (especially operating systems) fit in new scenarios. A majority of my efforts are to pioneer smart security and practical privacy solutions for emerging scenarios, including cloud serverless, blockchain apps, autonomous vehicles, virtual reality, and large models.

Services

  • 2023: AEC of SOSP, OSDI, ATC; Open-Source Index ChinaSys
  • 2022: AEC of OSDI, ATC; Open-Source Index ChinaSys
  • 2021: AEC of SOSP

Projects

  • TEE Open-Source: repo
    • Question: Who uses trusted hardware and how?
    • A collection of TEE open-source projects and papers: SGX, TDX, SEV, CCA, RISC-V, etc.
  • Research Systems Open-Source (in Chinese): repo
    • A collection of system prototypes from Systems (SOSP, OSDI, ATC, EuroSys, FAST, NSDI), Arch (ASPLOS, ISCA, MICRO, HPCA), DB (SIGMOD, VLDB), Security (S&P, CCS, SEC, NDSS), etc.
    • Organized by ACM SIGOPS ChinaSys.
  • [USENIX OSDI 2023] HEDB: Maintainable Encrypted Databases: paper, code
    • Research Problem: Can databases be fully isolated yet maintainable?
    • Tradeoff: Privacy vs. Maintainability
    • 1: A survey of SOTA encrypted databases (EDB).
    • 2: An effective attack to industrial EDB systems.
      • Root cause: mathematical + comparison operators are the nemesis of ciphertexts.
    • 3: A study of typical DB issues and modern DBA operations.
    • 4: A system, HEDB, enabling common DBA tasks without compromising user privacy.
    • Open Problem: How to support query rewriting and overcome concurrency non-determinism (e.g., TPC-C)?
    • Credits: DBA experience was from Alibaba DAMO Academy. Thanks for kind help from Sheng Wang and Huorong Li!
  • [USENIX Security 2022] LightEnclave: Efficient Intra-Enclave Isolation: paper
    • Research Problem: Can untrusted code be confined within enclaves effectively and efficiently?
    • Tradeoff: Untrusted OS configuration vs. Secure Enclave enforcement
    • 1: A review on the enclave’s monolithic model which identifies its TCB bloating issue.
    • 2: An improvement to MPK for intra-enclave isolation with minimal overhead.
    • Open Problem: How to generate MPK-based lightweight domains automatically?
    • Credits: The idea came from Jinyu Gu and the experiments were done by Bojun Zhu.
  • [USENIX OSDI 2021] DeSearch: Decentralized Search Services: paper, code
    • Research Problem: Can search engines for decentralized apps (dApps) be decentralized?
    • Tradeoff: Decentralization vs. Scalability
    • 1: A survey of the modern dApps landscape.
    • 2: An insight of the key missing piece: a decentralized, verifiable, and private search.
    • 3: A decentralized search system, DeSearch, which harvests TEE resources in the wild.
    • 4: A cost-effective, verifiable storage called Kanban and an efficient, verifiable proof known as Witness.
    • Open Problem: How to tolerate failure when a certain role of workers have drastically declined?
    • Credits: Thank you to Cheng Tan for his great guidance!
  • [ACM ISCA 2021] Plugin Enclave: Efficient Confidential Serverless: paper, benchmark
    • Research Problem: How to attest an enclave blazingly fast for interactive FaaS apps?
    • Tradeoff: Attestation Measurement vs. Low Latency
    • 1: Revisited SGX1/2 hardware design: how they measure enclave FaaS functions.
    • 1: Pinpointed the root cause of inefficiency: page-wise measurement essential to remote attestation.
    • 2: Extended SGX with a new abstraction, Plug-In Enclaves (PIE), to boost function startup and autoscaling.
    • 3: Proposed in-situ processing to eliminate copying, en/decryption, and (un)marshalling in function chaining.
    • Open Problem: How to accelerate confidential VMs such as SEV/TDX/CCA Realm, and CC containers like Kata?
    • Credits: The awesome notion of “Plug-In” is proposed by Yubin Xia (my cool co-advisor).
  • [ACM EuroSec 2018] Aurora: Edge Trusted I/O: paper, code
    • Research Problem: Can trusted I/O be established for userspace enclaves?
    • Tradeoff: Untrusted OS vs. Trusted I/O
    • 1: An SMM-mode microkernel offering secure I/O services for SGX apps.
    • 2: A rollback-aware timer, and a secure keyboard for passwords.
    • Credits: The idea is inspired by Scotch@RAID’17, thanks to Fengwei Zhang.
  • VM-based Secure Desktop: code
    • Problem: Isolate desktop apps using virtualization?
    • 1: Sandboxed untrusted apps within VMs with one unified GUI desktop.
    • 2: Enforced data copy-paste and file sharing with DIFC between apps.
    • Credits: The code for Linux part is from Jian Xu (a senior colleague).
  • Real-time OS atop DSP: code
    • Problem: Run a RTOS on a general-purpose DSP?
    • 1: Ported RTEMS to an 8-core DSP—TI TMS320C6678.
    • 2: Implemented BSPs: (1) FTL for NOR/NAND, (2) FreeBSD stack for 1000Gb NIC, etc.
    • Acknowledgement: Thanks to Gedare Bloom who invited me to serve as a GSoC’19 mentor.