Towards a Formally Verified Security Monitor for VM-based Confidential Computing
- Wojciech Ozga
- Guerney Hunt
- et al.
- 2023
- MICRO 2023
My current focus is on secure systems, particularly on how to boot them securely, and how to assure that the correct software stack is running.
My current research centers on extending principles of Secure (Verified) Boot, Trusted (Measured) Boot, and physical and virtual Trusted Platform Modules to high availability cloud and enterprise servers whose power down cycles may span multiple years before they are rebooted! Here are some avenues of research I am currently exploring:
In past projects, I led the research and development of the firmware and operating system inside the IBM 4758. The 4758 was a tamper-responding secure coprocessor that earned the world's first FIPS 140-1 overall level 4 certificate (certificate #35). It is in its fourth generation, now known as the IBM PCIe Crypto Card V4. I also led the research and development of a high assurance smart card operating system.
Two other fun (past) projects:
You can read more about my career path here.