• Publications
  • Influence
A Predictable Execution Model for COTS-Based Embedded Systems
This work argues that real-time embedded applications should be compiled according to a new set of rules dictated by PREM, which, in contrast to the standard COTS execution model, coschedules at a high level all active components in the system, such as CPU cores and I/O peripherals. Expand
KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels
A subset of KCoFI's design is formally verified by modeling several features in small-step semantics and providing a partial proof that the semantics maintain control-flow integrity, and the overheads are far lower than heavyweight memory-safety techniques. Expand
Nested Kernel: An Operating System Architecture for Intra-Kernel Privilege Separation
This work incorporated the nested kernel architecture into FreeBSD on x86-64 hardware while allowing the entire operating system to operate at the highest hardware privilege level by write-protecting MMU translations and de-privileging the untrusted part of the kernel. Expand
Secure virtual architecture: a safe execution environment for commodity operating systems
An efficient and robust approach to provide a safe execution environment for an entire operating system, such as Linux, and all its applications, by using a novel approach that exploits properties of existing memory pools in the kernel and by preserving the kernel's explicit control over memory. Expand
Virtual ghost: protecting applications from hostile operating systems
Virtual Ghost interposes a thin hardware abstraction layer between the kernel and the hardware that provides a set of operations that the kernel must use to manipulate hardware, and provides a few trusted services for secure applications such as ghost memory management, encryption and signing services, and key management. Expand
Hodor: Intra-Process Isolation for High-Throughput Data Plane Libraries
This paper proposes protected libraries as a new OS abstraction which provides separate user-level protection domains for different services, with performance approaching that of unprotected kernel bypass, and shows that this approach can efficiently protect highthroughput in-memory databases and user-space network stacks. Expand
Using likely invariants for automated software fault localization
We propose an automatic diagnosis technique for isolating the root cause(s) of software failures. We use likely program invariants, automatically generated using correct inputs that are close to theExpand
An empirical study of reported bugs in server software with implications for automated bug diagnosis
It is found that nearly 82% of bug symptoms can be reproduced deterministically by re-running with the same set of inputs at the production site, and very few input requests are needed to reproduce most failures. Expand
Ab-initio calculation of elastic constants of crystalline systems with the CRYSTAL code
An automated procedure for calculating second-order elastic constants for crystalline systems of any symmetry using the CRYSTAL program is described and a set of test cases covering many of the crystal classes is used to document the numerical accuracy of the scheme. Expand
Memory Safety for Low-Level Software/Hardware Interactions
This work presents a set of program analysis and run-time instrumentation techniques that ensure that errors in these low-level operations do not violate the assumptions made by a safety checking system, and adds these techniques to a compiler-based virtual machine called Secure Virtual Architecture. Expand