Hardware architectures and operating systems, especially their security, privacy and dependability.
Awesome SGX Open Source Projects: Awesome-SGX
A collection of SGX-based open-source projects that helps exploit Intel SGX technology.
Bringing Decentralized Search to Decentralized Services (OSDI 2021): DeSearch
Attempted to address a key missing piece in the current ecosystem of decentralized services and blockchain apps: the lack of decentralized, verifiable, and private search. Existing decentralized systems rely on centralized search engines and indexers, subject to censorship and privacy violation. The proposed system named DeSearch is the first decentralized search engine, using trusted hardware to build a network of workers that execute a pipeline of small search engine tasks (crawl, index, aggregate, rank, query). The witness mechanism ensures the completed tasks can be reused across different pipelines, and makes the final search results verifiable by end users.
Confidential Serverless Made Efficient with Plug-In Enclaves (ISCA 2021): PIE Benchmarks
Measured existing serverless functions within SGX enclaves, and identified the function slowdown is mainly related to the page-wise enclave initialization. This work revisits SGX hardware design, and extends SGX with a new abstraction—Plug-In Enclaves (PIE). PIE can be map plugins into host enclaves to reuse attested states amongst functions. PIE further allows in-situ processing to avoid expensive data movement in a function chain. PIE can reduce the enclave function latency by 94.74-99.57%, and boosts the autoscaling throughput by 19-179x.
SMM-based Microkernel: Aurora
Proposed a new architecture called SMK to bridge hardware resources and SGX enclaves in future cloud centers. The basic idea of SMK is to reuse existing SMM mode on the x86 platform and retrofit UEFI/BIOS in order to provide architectural support of framework that offers trusted system-level services. It provides absolute, high-precision and attack-aware time resource and device-end to enclave-end stealthy network channels (enclave-level lwip network stack).
RTEMS RTOS / C6678 DSP: ArchMinix
Ported RTEMS (Real-Time Executive for Multiprocessor Systems) on TI TMS320C6678 8-core high-performance DSP. Designed and implemented necessary board support packages including 1) filesystem and flash translation layer for NOR, 2) FreeBSD network protocol stack for 1000 Gigabit NIC card and 3) multi-core communication protocol (MPCI interface) on physical shared memory.
vmOS (KVM-based) Desktop System: neo
Designed and implemented an integrated GUI for end-users that leverages existing Intel VT-x to isolate untrusted apps in different VM-based sandboxes. Used a label-based MAC mechanism to enforce secure copying when providing file sharing between different levels, in addition to exploiting VT-d to accelerate I/O performance.