Research Areas
We are deeply invested in LLM and agentic systems at the moment: both securing these emerging systems against new classes of threats and leveraging them to automate challenging security tasks. While our past research predates this shift, it is closely related and lays the foundation for this agenda. We are pursuing this vision on three fronts:
Securing LLM & Agentic Systems
As LLM and agentic systems are entrusted with sensitive data and consequential actions, they expose new attack surfaces. Drawing on our experience protecting computation within trusted execution environments, using hardware security features such as ARM TrustZone alongside micro-hypervisor and compiler-based techniques, we design defenses that secure these systems, safeguarding their data, models, and decision-making against emerging threats.
Agentic Systems for Vulnerability Discovery
Our prior work developed system-level techniques that automatically discover latent vulnerabilities in low-level software, including OS kernels, device drivers, and the hardware/OS boundary. Building on this foundation, we are now designing agentic systems that autonomously reason about and discover vulnerabilities, pushing automated vulnerability discovery beyond the reach of fixed heuristics.
- Moneta: Ex-Vivo GPU Driver Fuzzing by Recalling In-Vivo Execution States NDSS ’25
- ReUSB: Replay-Guided USB Driver Fuzzing USENIX Sec ’23
- Agamotto: Accelerating Kernel Driver Fuzzing with Lightweight Virtual Machine Checkpoints USENIX Sec ’20
- SoK: Sanitizing for Security S&P ’19
- PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary NDSS ’19
Agentic Systems for Binary Reverse Engineering
Reverse engineering is labor-intensive, and existing automation often relies on brittle heuristics. Building on our work applying machine learning to binary analysis, we are developing agentic systems that emulate the iterative reasoning of skilled reverse engineers to tackle core reverse-engineering challenges.