Research overview and publications


Goal and approaches

My research goal is to design systems that enable secure computation in a diverse range of important scenarios, including outsourced cloud computations and enterprise machines. In general, my research achieves its goal through two complementary (and sometimes overlapping) approaches:

  • Leverage Hardware-Assisted Trusted Execution Environments. In modern machines, the security of all computations depend on the correctness of privileged system software (e.g., operating systems and hypervisors). In many important scenarios like cloud computations, the system software's correctness cannot be implicitly assumed since this software is configured by untrusted parties (e.g., cloud administrators). Hardware-assisted trusted execution environments (TEEs) offer us a promising solution to this problem. TEEs create protected execution contexts, called enclaves, which cannot be directly accessed by untrusted software (including the system software).

    I am interested in all aspects of TEEs, including finding limitations (e.g., side-channels) in TEE designs that leak sensitive information, leveraging software and hardware mechanisms to overcome these limitations, and improving the usability of TEEs. If you are interested in learning more about this direction, please refer to Chancel [NDSS 2021], BlackMirror [CCS 2020], Trustore [CCS 2020], T3 [PETS 2020], Obfuscuro [NDSS 2019], and Obliviate [NDSS 2018]. I am also teaching a course (CSE 598) in Fall 2022 related to this research area.

  • Strengthen Critical Machine Software. Even correctly configured software can have design flaws or vulnerabilities that attackers can leverage to compromise the security and reliability of computations. In my research, I am interested in strengthening critical software at all levels of the system stack, including network-facing programs and privileged operating systems. In particular, I am interested in designing systems that find critical software bugs (e.g., data races) and vulnerabilities, minimize software codebase exposed to attackers, and aid in robust forensic analysis after a machine is compromised. If you are interested in learning more about this direction, please refer to HardLog [SP 2022], Kard [ASPLOS 2021], and Shard [Security 2021].

Publications


   Defeating Critical Threats to Cloud User Data in Trusted Execution Environments (coming soon)

     Adil Ahmad
     PhD Thesis

   HardLog: Practical Tamper-Proof System Auditing Using a Novel Audit Device [paper | slides | code]

     Adil Ahmad, Sangho Lee, and Marcus Peinado
     IEEE Symposium on Security and Privacy (Oakland 2022), San Francisco, California, USA, May 22-26, 2022

   Chancel: Efficient Multi-client Isolation Under Adversarial Programs [paper | slides]

     Adil Ahmad, Juhee Kim, Jaebaek Seo, Insik Shin, Pedro Fonseca, and Byoungyoung Lee
     ISOC Network and Distributed System Security Symposium (NDSS), 2021

   Kard: Lightweight Data Race Detection with Per-thread Memory Protection [paper | slides | abstract]

     Adil Ahmad, Sangho Lee, Pedro Fonseca, and Byoungyoung Lee
     ACM International Conference on Architectural Support for Programming Languages (ASPLOS), 2021

   Shard: Fine-grained Kernel Specialization with Context-aware Hardening [paper | code]

     Muhammad Abubakar, Adil Ahmad, Pedro Fonseca, and Dongyan Xu
     Usenix Security Symposium (Security), 2021

   BlackMirror: Preventing Wallhacks in 3D Online FPS Games [paper | slides]

     Seounghyun Park, Adil Ahmad, and Byoungyoung Lee
     ACM Conference on Computer and Communications Security (CCS), 2020

   Trustore: Side-Channel Resistant Storage for SGX using Intel Hybrid CPU-FPGA [paper | slides]

     Hyunyoung Oh, Adil Ahmad, Seounghyun Park, Byoungyoung Lee, and Yunheung Park
     ACM Conference on Computer and Communications Security (CCS), 2020

   A Tale of Two Trees: One Writes, and Other Reads. Optimized Oblivious Accesses to Large-Scale Blockchains [paper | code]

     Duc V. Le, Lizzy Tengana Hurtado, Adil Ahmad, Mohsen Minaei, Byoungyoung Lee, and Aniket Kate
     Privacy Enhancing Technologies Symposium (PETS), 2020

   Obfuscuro: A Commodity Obfuscation Engine on Intel SGX [paper | slides | code]

     Adil Ahmad*, Byunggill Joe*, Yuan Xiao, Yinqian Zhang, Insik Shin and Byoungyoung Lee
     ISOC Network and Distributed System Security Symposium (NDSS), 2019

       [* co-first authors]

   Obliviate: A Data Oblivious File System for Intel SGX [paper | slides]

     Adil Ahmad, Kyungtae Kim, Muhammad Ihsanulhaq Sarfaraz and Byoungyoung Lee
     ISOC Network and Distributed System Security Symposium (NDSS), 2018

   Detecting and Defending against Compelled Certificate Attacks using Origin-Bound CAPTCHAs [paper]

     Adil Ahmad, Faizan Ahmad, Lei Wei, Vinod Yegneswaran and Fareed Zaffar
     International Conference on Security and Privacy in Communication Networks (SecureComm) 2018