Secure Systems Lab (SSLab) focuses on a broad range of topics intersecting security and operating systems. SSLab aims to conduct cutting-edge research in systems software. Our goal is to enhance the safety, reliability, and performance efficiency of future computer systems. We are committed to bridging the gap between academic research and real-world deployments, striving to develop technical innovations that can be seamlessly integrated into everyday operating system platforms, such as Linux, to address the challenges posed by an increasingly complex digital landscape.
Check out the recent publications to get a snapshot of our work. We sometimes open-source the systems that we built.
Our lab is located in R404 at the CS Building at NTU. Feel free to stop by and have a chat with our lab members.
Highlights of Research Interests
Confidential Computing
Modern computer systems rely on large, monolithic, and privileged systems software such as the OS kernel or hypervisor to manage hardware resources for applications and virtual machines (VMs). These systems software has become increasingly complex to satisfy the growing demand for functionality and performance. The safety of the user’s computation and data depends on the trustworthiness of the potentially buggy OS kernel and hypervisor codebase. Attackers who successfully exploit these software vulnerabilities can gain unfettered access to user data.
Recently, various software and hardware approaches have been proposed to protect user data. The approaches enable a trusted execution environment (TEE) isolated from privileged attackers. We are interested in: (1) extending the existing confidential computing platforms to address new security and functionality demands, or enhancing their performance, and (2) detecting software/hardware bugs in confidential computing platforms.
Enhancing Software Safety
At SSLab, our primary goal is to develop cutting-edge technology to enhance software safety. We are particularly interested in exploring the use of formal verification techniques to eliminate buggy code and ensure the correctness of software programs, especially critical systems software such as operating systems and hypervisors. In addition, we are investigating hardware/software-based approaches, including secure hardware extensions and programming languages, to reinforce software execution and mitigate security risks. Our research also extends to securing applications deployed in diverse environments, such as cloud and mobile systems, against privacy violations and permission misuse.