duykha (dot) dinh (at) ubc.ca

Department of Computer Science, UBC Office X469 (4th Floor), 2366 Main Mall Vancouver, BC Canada V6T 1Z4

CV Scholar GitHub LinkedIn

Kha Dinh Duy

Đinh Duy Kha

Postdoctoral Researcher, Systopia Lab, University of British Columbia, Vancouver, Canada

I am a Postdoctoral Researcher at Systopia Lab, University of British Columbia, working with Aastha Mehta. I received my Ph.D. at Sungkyunkwan University, South Korea, where I worked with Hojoon Lee at the System Security Lab.

My research focuses on principled yet practical approaches to systems security. This entails designing systems that provide formal security properties, while providing practical methods for developers to integrate these guarantees into real-world applications. My current research vision is driven by three main pillars:

Improving the resilience of confidential computing. Confidential computing promises to protect sensitive computation, yet its security continues to be compromised by advanced threats such as side-channel attacks and interface vulnerabilities. My research explores practical mechanisms for improving the robustness of confidential computing, including efficient side-channel mitigation techniques (Oakland ‘25, ACSAC ‘25), software testing to detect vulnerabilities (Sec ‘24), and secure interface designs.

Developer-centric approaches for integrating security. The difficulty of integrating security mechanisms into existing systems remains a significant barrier to adoption. I explore automated approaches for policy specification and enforcement to aid developers in applying security mechanisms including compartmentalization (CCS ‘23), policy compliance, and side-channel mitigation (Oakland ‘25).

Secure AI agent execution by construction. As AI agents become increasingly integrated into complex systems, their security is a critical challenge. My research explores interface designs for agentic execution that are both flexible enough to support a diverse range of tasks, and are safe by design.

news

• Apr 2026 I begin my postdoctoral research at Systopia Lab, UBC, Canada.
• Dec 2025 PIM-ORAM is accepted for publication at ACSAC 2025.
• Apr 2025 “IncognitOS: A Practical Unikernel Design for Full-System Obfuscation in Confidential Virtual Machines” is accepted to IEEE S&P 2025!

selected publications

1. IncognitOS: A Practical Unikernel Design for Full-System Obfuscation in Confidential Virtual Machines

   Kha Dinh Duy, Jaeyoon Kim, Hajeong Lim, and Hojoon Lee

   IEEE S&P 2025

   abstract bib pdf slides

   obfuscationoramside channelsconfidential computing

   Recent works have repeatedly proven the practicality of side-channel attacks in undermining the confidentiality guarantees of Trusted Execution Environments such as Intel SGX. Meanwhile, the trusted execution in the cloud is witnessing a trend shift towards confidential virtual machines (CVMs). Unfortunately, several side-channel attacks have survived the shift and are feasible even for CVMs, along with the new attacks discovered on the CVM architectures. Previous works have explored defensive measures for securing userspace enclaves (i.e., Intel SGX) against side-channel attacks. However, the design space for a CVM-based obfuscation execution engine is largely unexplored. This paper proposes a unikernel design named NCOGNITOS provide full-system obfuscation for CVM-based cloud workloads. INCOGNITOS fully embraces unikernel principles such as minimized TCB and direct hardware access to render full-system obfuscation feasible. INCOGNITOS retrofits two key OS components, the scheduler and memory management, to implement a novel adaptive obfuscation scheme. INCOGNITOS’s scheduling is designed to be self-sovereign from the timer interrupts from the untrusted hypervisor with its synchronous tick delivery. This allows INCOGNITOS to reliably monitor the frequency of the hypervisor’s possession of execution control (i.e., VMExits) and adjust the frequency of memory rerandomization performed by the paging subsystem, which transparently performs memory rerandomization through direct MMU access. The resulting INCOGNITOS design makes a case for a self-obfuscating unikernel as a secure CVM deployment strategy while further advancing the obfuscation technique compared to previous works. Evaluation results demonstrate INCOGNITOS’S resilience against CVM attacks and show that its adaptive obfuscation scheme enables practical performance for real-world programs.

   @inproceedings{incognitos,
     author = {Duy, Kha Dinh and Kim, Jaeyoon and Lim, Hajeong and Lee, Hojoon},
     booktitle = { 2025 IEEE Symposium on Security and Privacy (SP) },
     title = {{ IncognitOS: A Practical Unikernel Design for Full-System
                Obfuscation in Confidential Virtual Machines }},
     year = {2025},
     volume = {},
     issn = {},
     pages = {4192-4209},
     keywords = {Cloud computing;Privacy;Virtual machine monitors;Side-channel
                   attacks;Virtual machines;Hardware;Robustness;Security;Frequency
                   control;Resilience},
     doi = {10.1109/SP61157.2025.00222},
     url = {https://doi.ieeecomputersociety.org/10.1109/SP61157.2025.00222},
     publisher = {IEEE Computer Society},
     address = {Los Alamitos, CA, USA},
     month = may
   }

2. RustSan: Retrofitting AddressSanitizer for Efficient Sanitization of Rust

   Kyuwon Cho, Jongyoon Kim, Kha Dinh Duy, Hajeong Lim, and Hojoon Lee

   Usenix Security 2024

   abstract bib pdf

   memory safetyfuzzing

   Rust is gaining traction as a safe systems programming language with its strong type and memory safety guarantees. However, Rust’s guarantees are not infallible. The use of unsafe Rust, a subvariant of Rust, allows the programmer to temporarily escape the strict Rust language semantics to trade security for flexibility. Memory errors within unsafe blocks in Rust have far-reaching ramifications for the program’s safety. As a result, the conventional dynamic memory error detection (e.g., fuzzing) has been adapted as a common practice for Rust and proved its effectiveness through a trophy case of discovered CVEs.
   RUSTSAN is a retrofitted design of AddressSanitizer (ASan) for efficient dynamic memory error detection of Rust programs. Our observation is that a significant portion of instrumented memory access sites in a Rust program compiled with ASan is redundant, as the Rust security guarantees can still be valid at the site. RUSTSAN identifies and instruments the sites that definitely or may undermine Rust security guarantees while lifting instrumentation on safe sites. To this end, RUSTSAN employs a cross-IR program analysis for accurate tracking of unsafe sites and also extends ASan’s shadow memory scheme for checking non-uniform memory access validation necessary for Rust. We conduct a comprehensive evaluation of RUSTSAN in terms of detection capability and performance using 57 Rust crates. RUSTSAN successfully detected all 31 tested cases of CVE-issued memory errors. Also, RUSTSAN shows an average of 62.3% performance increase against ASan in general benchmarks that involved 20 Rust crates. In the fuzzing experiment with 6 crates, RUSTSAN marked an average of 23.52%, and up to 57.08% of performance improvement.

   @inproceedings{rustsan,
     author = {Cho, Kyuwon and Kim, Jongyoon and Duy, Kha Dinh and Lim, Hajeong and Lee, Hojoon},
     title = {{RustSan}: Retrofitting {AddressSanitizer} for Efficient Sanitization
                of Rust},
     booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
     year = {2024},
     isbn = {978-1-939133-44-1},
     address = {Philadelphia, PA},
     pages = {3729--3746},
     url = {
              https://www.usenix.org/conference/usenixsecurity24/presentation/cho-kyuwon
              },
     publisher = {USENIX Association},
     month = aug,
   }

3. Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures

   Kha Dinh Duy, Kyuwon Cho, Taehyun Noh, and Hojoon Lee

   ACM CCS 2023Distinguished Paper Award

   abstract bib pdf slides

   compartmentalization

   In-process compartmentalization and access control have been actively explored to provide in-place and efficient isolation of in-process security domains. Many works have proposed compartmentalization schemes that leverage hardware features, most notably using the new page-based memory isolation feature called Protection Keys for Userspace (PKU) on x86. Unfortunately, the modern ARM architecture does not have an equivalent feature. Instead, newer ARM architectures introduced Pointer Authentication (PA) and Memory Tagging Extension (MTE), adapting the reference validation model for memory safety and runtime exploit mitigation. We argue that those features have been underexplored in the context of compartmentalization and that they can be retrofitted to implement a capability-based in-process access control scheme.
   This paper presents Capacity, a novel hardware-assisted intra-process access control design that embraces capability-based security principles. Capacity coherently incorporates the new hardware security features on ARM that already exhibit inherent characteristics of capability. It supports the life-cycle protection of the domain’s sensitive objects - starting from their import from the file system to their place in memory. With intra-process domains authenticated with unique PA keys, Capacity transforms file descriptors and memory pointers into cryptographically-authenticated references and completely mediates reference usage with its program instrumentation framework and an efficient system call monitor. We evaluate our Capacity-enabled NGINX web server prototype and other common applications in which sensitive resources are isolated into different domains. Our evaluation shows that Capacity incurs a low-performance overhead of approximately 17% for the single-threaded and 13.54% for the multi-threaded webserver.

   @inproceedings{capacity,
     author = {Duy, Kha Dinh and Cho, Kyuwon and Noh, Taehyun and Lee, Hojoon},
     title = {{Capacity: Cryptographically-Enforced In-Process Capabilities for
                Modern ARM Architectures}},
     year = {2023},
     isbn = {9798400700507},
     publisher = {Association for Computing Machinery},
     address = {New York, NY, USA},
     url = {https://doi.org/10.1145/3576915.3623079},
     doi = {10.1145/3576915.3623079},
     booktitle = {Proceedings of the 2023 ACM SIGSAC Conference on Computer and
                    Communications Security},
     pages = {874–888},
     numpages = {15},
     keywords = {compartmentalization, pointer authentication, capabilities},
     location = {Copenhagen, Denmark},
     series = {CCS '23},
   }

awards

• 2025 Noteworthy Reviewer Recognition, Usenix Security 2025 Artifact Evaluation
• 2024 Korean Government BK21 Research Scholarship
• 2023 Distinguished Paper Award, ACM CCS

community service

• 2025 Artifact Evaluation Committee: Usenix Security '25, ACM CCS '25
• 2025 Poster Program Committee: ACM CCS '25