Research
CHERI
Study analyzing 440 Linux and FreeBSD kernel vulnerabilities, showing that
capability-based memory protection (CHERI)
can prevent approximately 60% of identified vulnerabilities, including most critical
privilege escalations.
This work demonstrates how CHERI’s fine-grained spatial and referential memory safety
mitigates common kernel exploitation
patterns such as use-after-free, buffer overflow, and privilege escalation attacks,
while requiring only a modest engineering
effort to adopt. The CHERI team reports that enabling pure-capability execution in the
FreeBSD kernel required just
seven months of engineering work. Compared to prior studies evaluating the effectiveness
of Rust’s safety guarantees,
CHERI achieves similar protection (blocking roughly 69% of vulnerabilities versus 85%
for Rust) but with significantly lower
effort than a Rust port would be, highlighting its potential practicality for porting
existing kernels.
Research conducted in collaboration with the
MARS Research Group.
Results of this work were published at the Annual Computer Security Applications
Conference (ACSAC) 2025.
DRAMHiTv2
DRAMHiTv2: Designed DRAMHiTv2, a next-generation in-memory hash
table that reaches hardware bandwidth limits
and maximizes operational throughput through a multi-level prefetching scheme, a
compute–memory–aware table layout,
and a conflict-resolution strategy optimized for memory bandwidth utilization.
This work explores how CPU execution resources, memory bandwidth, and prefetch behavior
interact to define the upper bounds of hash table performance.
We achieve 3,200–5,000 million operations per second (Mops) for lookups and 2,150–2,800
Mops for insertions depending on fill factor,
matching the maximum DRAM random read throughput reported by Intel MLC.
This upper memory subsystem limit was also independently verified,
making DRAMHiTv2 the fastest hash table to date and outperforming
DRAMHiT.
Research conducted in collaboration with the MARS Research Group.
Paper submitted and under review for the European Conference on Computer Systems
(EuroSys) 2026. (Title modified for anonymity.)
IPC
This project explores hardware–software co-design principles for practical fine-grained
inter-process isolation.
It proposes a set of design principles and a gem5 based prototype of a hardware
isolation scheme that achieves
strong isolation with minimal hardware extensions and performance overhead.
The goal is to enable efficient, low-cost isolation within complex operating system
kernels by leveraging
lightweight architectural support.
Research being conducted with
MARS Research Group.
Ongoing work