Secure Systems Lab (SSLab) stands as Taiwan’s sole laboratory connected to both the global operating systems and computer security research communities, concentrating its efforts on research within these domains. We conduct cutting-edge research to enhance the security, reliability, and performance across next-generation computing environments. We aim to translate our academic breakthroughs into real-world deployments, sometimes through our close collaboration with industry partners, to seamlessly integrating our solutions into mainstream OS platforms like Linux to tackle today’s evolving digital challenges.
Are you passionate about hacking and building computer systems, working on challenging projects, or contributing to the open-source community? Do you bring strong programming skills, independent critical thinking, and the ambition to publish innovative research at top international venues? If so, SSLab welcomes you to join our team!
Check out the recent publications to get a snapshot of our work. We sometimes open-source the systems that we built.
SSLab is located in R404 at the CS Building at NTU. Feel free to stop by and have a chat with our lab members.
Selected Research Projects:
Current Projects
Operating Systems: Rust-for-systems, unikernels, and performance optimizations.
Confidential Computing: Arm CCA, Android pKVM, and confidential ML systems.
Software Security: memory safety, systems reliability, and kernel fuzzing.
Hardware Security: side-channels.
Formal Verification: scalable verification of core systems software.
Past Projects
SeKVM: The world’s first formally verified KVM hypervisor that hosts confidential VMs for multiprocessor hardware.
Secvma: An extended SeKVM with kernel integrity protection.
KrustVM: A Rust-based secure KVM hypervisor for hosting confidential VMs.
Reload+Reload: Cache flush and memory contention side-channels on AMD SEV.
TrustZone for KVM: KVM extensions to support virtualized TrustZone.
KVM-unit-tests: Micro-benchmarks for measuring the cost of micro level operations.
Detailed Research Statement
Confidential Computing
Modern computer systems rely on large, monolithic, and privileged systems software such as the OS kernel or hypervisor to manage hardware resources for applications and virtual machines (VMs). These systems software has become increasingly complex to satisfy the growing demand for functionality and performance. The safety of the user’s computation and data depends on the trustworthiness of the potentially buggy OS kernel and hypervisor codebase. Attackers who successfully exploit these software vulnerabilities can gain unfettered access to user data.
Recently, various software and hardware approaches have been proposed to protect user data. The approaches enable a trusted execution environment (TEE) isolated from privileged attackers. We are interested in (but not limited to) (1) extending the existing confidential computing platforms to address new security and functionality demands, or enhancing their performance, and (2) detecting software/hardware bugs in confidential computing platforms.
Enhancing Software Safety
We are particularly interested in exploring the use of formal verification techniques to eliminate buggy code and ensure the correctness of software programs, especially critical systems software such as operating systems and hypervisors. In addition, we are investigating hardware/software-based approaches, including secure hardware extensions and programming languages, to reinforce software execution and mitigate security risks. Our research also extends to securing applications deployed in diverse environments, such as cloud and mobile systems, against privacy violations and permission misuse.
If you are newly admitted graduate students, please read the following.
Commonly Asked Questions
Q: Fitness with SSLab?
A: I look for students who are proactive, curious, and driven to learn. Systems research can be extremely challenging. You should dive in with intellectual independence and curiosity, embrace difficult problems, continually push yourself to acquire new skills, and be willing to confront (respectfully tho) in debates. At the same time, I value close collaboration and transparent communications.
Q: More reasons to join?
A: At SSLab, you’ll gain hands-on experience with open-source technologies supported by industry leaders, giving you a unique opportunity to make a tangible impact. You’ll deepen your technical expertise and build a track record that boosts your visibility on the international stage.
Q: Does SSLab offer stipend to graduate students?
A: Yes. We offer monthly stipend to students who work as full-time graduate research assistant in our lab.
Q: What to expect in your thesis?
A: For MS thesis, I evaluate whether your thesis presents good technical depths in addressing unresolved research questions. For Ph.D. thesis, your thesis is expected to consist of materials from your research work published in distinguished peer-reviewed venues. In both cases, I will also judge whether you are well equipped with capabilities to succeed in thesis defense.
Q: What is working in SSLab like?
A: You will be assigned with a capable PC box and seat in the lab. You might be asked to TA for my class, in which extra stipend will be offered.
Q: How long does it take to finish your thesis?
A: It depends. However, you should expect to spend at least a full-year of work (excluding classes or internship) on thesis research.
Q: What is the first job placement for SSLab alumi?
A: Google, Nvidia, Canonical, MediaTek, etc.
Q: Are you allowed to intern or work remotely?
A: Yes.
Q: How often do we meet?
A: We usually hold a weekly project meeting (one-one or group-based) and a lab’s seminar. Both are usually conducted online.