Towards a Formally Verified Security Monitor for VM-based Confidential Computing
- Wojciech Ozga
- Guerney Hunt
- et al.
- 2023
- MICRO 2023
Bio
Security systems architect (Dr.-Ing.) with system engineering skills.
I design and develop technologies in the area of confidential computing, attestation, secure/trusted boot, and hardware security modules. I believe RISC-V and Rust will become the mainstream technologies for assembling high-assurance security systems.
I am an architect of several security-oriented system designs, a member of the RISC-V community, and an author of multiple scientific publications. I possess a wide range of technical skills; for example, I designed and built an extension of the RISC-V processor that intrinsically enforces the computer's secure boot process, implemented the early version of the ACE's security monitor for RISC-V, implemented Linux kernel drivers transparently exposing network-attached TPMs, virtualized secure elements using trusted execution environments, and developed micro-services and database-backed enterprise systems.
In my career, I worked on a wide range of projects, executing multiple research projects in the domain of confidential computing, converting CERN's computing farm into the cloud, coordinating the tourism-oriented e-commerce development, and leading the development of Volkswagen's ConectedVan fleet monitoring system.
Publications
WAWEL: Architecture for Scalable Attestation of Heterogeneous Virtual Execution Environments
- 2023
- CLOUD 2023
CHORS: Hardening High-Assurance Security Systems with Trusted Computing
- Wojciech Ozga
- Rasha Faqeh
- et al.
- 2022
- SAC 2022
TRIGLAV: Remote Attestation of the Virtual Machine's Runtime Integrity in Public Clouds
- Wojciech Ozga
- Do Le Quoc
- et al.
- 2021
- CLOUD 2021
Perun: Confidential Multi-Stakeholder Machine Learning Framework with Hardware Acceleration Support
- Wojciech Ozga
- Do Le Quoc
- et al.
- 2021
- IFIP DBSec 2021
Top collaborators
PS
Patricia Sagmeister
Research Staff Member