1. SP 25

   IncognitOS: A Practical Unikernel Design for Full-System Obfuscation in Confidential Virtual Machines

   Kha Dinh Duy, Jaeyoon Kim, Hajeong Lim, and Hojoon Lee

   In 2025 IEEE Symposium on Security and Privacy (SP) , May 2025

   Abs Bib PDF Slides

   Recent works have repeatedly proven the practicality of side-channel attacks in undermining the confidentiality guarantees of Trusted Execution Environments such as Intel SGX. Meanwhile, the trusted execution in the cloud is witnessing a trend shift towards confidential virtual machines (CVMs). Unfortunately, several side-channel attacks have survived the shift and are feasible even for CVMs, along with the new attacks discovered on the CVM architectures. Previous works have explored defensive measures for securing userspace enclaves (i.e., Intel SGX) against side-channel attacks. However, the design space for a CVM-based obfuscation execution engine is largely unexplored. This paper proposes a unikernel design named NCOGNITOS provide full-system obfuscation for CVM-based cloud workloads. INCOGNITOS fully embraces unikernel principles such as minimized TCB and direct hardware access to render full-system obfuscation feasible. INCOGNITOS retrofits two key OS components, the scheduler and memory management, to implement a novel adaptive obfuscation scheme. INCOGNITOS’s scheduling is designed to be self-sovereign from the timer interrupts from the untrusted hypervisor with its synchronous tick delivery. This allows INCOGNITOS to reliably monitor the frequency of the hypervisor’s possession of execution control (i.e., VMExits) and adjust the frequency of memory rerandomization performed by the paging subsystem, which transparently performs memory rerandomization through direct MMU access. The resulting INCOGNITOS design makes a case for a self-obfuscating unikernel as a secure CVM deployment strategy while further advancing the obfuscation technique compared to previous works. Evaluation results demonstrate INCOGNITOS’S resilience against CVM attacks and show that its adaptive obfuscation scheme enables practical performance for real-world programs.

   @inproceedings{incognitos,
     author = {Dinh Duy, Kha and Kim, Jaeyoon and Lim, Hajeong and Lee, Hojoon},
     booktitle = { 2025 IEEE Symposium on Security and Privacy (SP) },
     title = {{ <span class="small-caps">IncognitOS</span>: A Practical Unikernel
                Design for Full-System Obfuscation in Confidential Virtual Machines }},
     year = {2025},
     volume = {},
     issn = {},
     pages = {4192-4209},
     keywords = {Cloud computing;Privacy;Virtual machine monitors;Side-channel
                   attacks;Virtual machines;Hardware;Robustness;Security;Frequency
                   control;Resilience},
     doi = {10.1109/SP61157.2025.00222},
     url = {https://doi.ieeecomputersociety.org/10.1109/SP61157.2025.00222},
     publisher = {IEEE Computer Society},
     address = {Los Alamitos, CA, USA},
     month = may
   }

2. SEC 24

   RustSan: Retrofitting AddressSanitizer for Efficient Sanitization of Rust

   Kyuwon Cho, Jongyoon Kim, Kha Dinh Duy, Hajeong Lim, and Hojoon Lee

   In 33rd USENIX Security Symposium (USENIX Security 24), Aug 2024

   Abs Bib PDF

   Rust is gaining traction as a safe systems programming language with its strong type and memory safety guarantees. However, Rust’s guarantees are not infallible. The use of unsafe Rust, a subvariant of Rust, allows the programmer to temporarily escape the strict Rust language semantics to trade security for flexibility. Memory errors within unsafe blocks in Rust have far-reaching ramifications for the program’s safety. As a result, the conventional dynamic memory error detection (e.g., fuzzing) has been adapted as a common practice for Rust and proved its effectiveness through a trophy case of discovered CVEs.
   RUSTSAN is a retrofitted design of AddressSanitizer (ASan) for efficient dynamic memory error detection of Rust programs. Our observation is that a significant portion of instrumented memory access sites in a Rust program compiled with ASan is redundant, as the Rust security guarantees can still be valid at the site. RUSTSAN identifies and instruments the sites that definitely or may undermine Rust security guarantees while lifting instrumentation on safe sites. To this end, RUSTSAN employs a cross-IR program analysis for accurate tracking of unsafe sites and also extends ASan’s shadow memory scheme for checking non-uniform memory access validation necessary for Rust. We conduct a comprehensive evaluation of RUSTSAN in terms of detection capability and performance using 57 Rust crates. RUSTSAN successfully detected all 31 tested cases of CVE-issued memory errors. Also, RUSTSAN shows an average of 62.3% performance increase against ASan in general benchmarks that involved 20 Rust crates. In the fuzzing experiment with 6 crates, RUSTSAN marked an average of 23.52%, and up to 57.08% of performance improvement.

   @inproceedings{rustsan,
     author = {Cho, Kyuwon and Kim, Jongyoon and Duy, Kha Dinh and Lim, Hajeong and Lee, Hojoon},
     title = {{RustSan}: Retrofitting {AddressSanitizer} for Efficient Sanitization
                of Rust},
     booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
     year = {2024},
     isbn = {978-1-939133-44-1},
     address = {Philadelphia, PA},
     pages = {3729--3746},
     url = {
              https://www.usenix.org/conference/usenixsecurity24/presentation/cho-kyuwon
              },
     publisher = {USENIX Association},
     month = aug,
   }

3. CCS 23

   Capacity: Cryptographically-Enforced In-Process Capabilities for Modern ARM Architectures

   Kha Dinh Duy, Kyuwon Cho, Taehyun Noh, and Hojoon Lee

   In Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, Aug 2023

   Distinguished Paper Award

   Abs Bib PDF Slides

   In-process compartmentalization and access control have been actively explored to provide in-place and efficient isolation of in-process security domains. Many works have proposed compartmentalization schemes that leverage hardware features, most notably using the new page-based memory isolation feature called Protection Keys for Userspace (PKU) on x86. Unfortunately, the modern ARM architecture does not have an equivalent feature. Instead, newer ARM architectures introduced Pointer Authentication (PA) and Memory Tagging Extension (MTE), adapting the reference validation model for memory safety and runtime exploit mitigation. We argue that those features have been underexplored in the context of compartmentalization and that they can be retrofitted to implement a capability-based in-process access control scheme.
   This paper presents Capacity, a novel hardware-assisted intra-process access control design that embraces capability-based security principles. Capacity coherently incorporates the new hardware security features on ARM that already exhibit inherent characteristics of capability. It supports the life-cycle protection of the domain’s sensitive objects - starting from their import from the file system to their place in memory. With intra-process domains authenticated with unique PA keys, Capacity transforms file descriptors and memory pointers into cryptographically-authenticated references and completely mediates reference usage with its program instrumentation framework and an efficient system call monitor. We evaluate our Capacity-enabled NGINX web server prototype and other common applications in which sensitive resources are isolated into different domains. Our evaluation shows that Capacity incurs a low-performance overhead of approximately 17% for the single-threaded and 13.54% for the multi-threaded webserver.

   @inproceedings{capacity,
     author = {Dinh Duy, Kha and Cho, Kyuwon and Noh, Taehyun and Lee, Hojoon},
     title = {<span class="small-caps">Capacity</span>: Cryptographically-Enforced
                In-Process Capabilities for Modern ARM Architectures},
     year = {2023},
     isbn = {9798400700507},
     publisher = {Association for Computing Machinery},
     address = {New York, NY, USA},
     url = {https://doi.org/10.1145/3576915.3623079},
     doi = {10.1145/3576915.3623079},
     booktitle = {Proceedings of the 2023 ACM SIGSAC Conference on Computer and
                    Communications Security},
     pages = {874–888},
     numpages = {15},
     keywords = {compartmentalization, pointer authentication, capabilities},
     location = {<conf-loc>, <city>Copenhagen</city>, <country>Denmark</country>,
                   </conf-loc>},
     series = {CCS '23},
   }

4. TCC

   SE-PIM: In-Memory Acceleration of Data-Intensive Confidential Computing

   Kha Dinh Duy, and Hojoon Lee

   IEEE Transactions on Cloud Computing, Aug 2023

   PDF
5. Access

   Confidential Machine Learning Computation in Untrusted Environments: A Systems Security Perspective

   Kha Dinh Duy, Taehyun Noh, Siwon Huh, and Hojoon Lee

   IEEE Access, Aug 2021