I’m a researcher in the Systems Group at Microsoft Research Redmond. My research interests include operating systems, systems security, and distributed systems. I’m particularly interested in problems driven by hardware evolution, or close to the hardware/software boundary.
I completed my BE (2002) and PhD (2007) in the School of Computer Science and Engineering, University of New South Wales, in the research group that evolved into Trustworthy Systems @ Data61. I then spent three years as a postdoctoral researcher in the Systems Group at ETH Zurich, before moving to "sunny" Redmond at the end of 2010.
In Komodo, we showed how to achieve SGX-like security for isolating secure enclaves from an untrusted OS without baking the entire isolation mechanism into the instruction set. Komodo decouples the core hardware mechanisms such as memory encryption, address-space isolation and attestation from the management thereof, which is delegated to a privileged software monitor that in turn implements enclaves. We formally-verified the implementation of a prototype monitor for ARM TrustZone.
Much of my work at MSR has been connected to Drawbridge, a new form of virtualization for application sandboxing based on a library OS version of Windows. As reported in the Bascule paper, we generalised the architecture to permit other guest and host operating systems (including Barrelfish), and to support lightweight interposition of extensions that are independent of both host and guest. Haven exploits this ability, along with new hardware extensions (Intel SGX), to shield unmodified applications from an untrusted cloud host.
I was a founding member of the Barrelfish project, which is exploring how to structure an OS for future multi- and many-core systems. I led this project for its first three years as a postdoc at ETH Zurich, working with Timothy Roscoe and some talented students. Together with collaborators at MSR, we built an OS from scratch to exploit our observation that modern computers are increasingly structured as distributed systems, by mirroring that structure in the OS. For example, we used an asynchronous message-passing abstraction for all inter-core communication, rather than assuming shared memory. Today Barrelfish is a substantial prototype OS, and is still under active research and development.
In the distant past, I also worked on microkernels, single-address-space operating systems, and dynamic updates (kernel patches) to a running OS.