I am interested in a broad range of topics in systems security. One of the topics that I currently focus on is to make existing software systems more secure and reliable while retaining their performance, functionality, and portability. My Ph.D. thesis introduced microverification, a new approach that enables formally verifying the security properties of commodity systems. Using microverification, we have verified for the first time a commodity Linux/KVM hypervisor protects VM confidentiality and integrity. You can find more about SeKVM from my recent publications.

In the past, I used to work closely with the open source community for KVM/Arm. The benchmarks that I built for measuring KVM performance have been merged to the mainline kvm-unit-test benchmark suite. I also contributed to the development of nested virtualization support for Arm and the optimization of KVM’s performance for Arm hardware with VHE.

My research group at NTU is looking for highly motivated students who are interested in hacking, designing, and building real core systems software, from operating systems, hypervisors, to language runtime. Feel free to send me an email if you want to know more.