Research

Research on observability, performance, and system security.

My research focuses on kernel-level observability, system performance, and platform security. I am interested in methods and tools that remain useful under real workloads, not only in controlled experiments.

Themes

Core problem areas

Each area is tied to practical questions: measurement overhead, data quality, deployment constraints, and whether the tooling remains usable after the paper is written.

Kernel observability with eBPF

Designing and evaluating tracing approaches that preserve insight while reducing cost on untraced or lightly traced processes.

Performance analysis and tuning

Studying system bottlenecks, runtime behavior, and instrumentation tradeoffs so performance work is guided by evidence rather than intuition.

Platform and device security

Applying systems techniques to Android, Bluetooth, networking, and IoT environments where visibility and protection often compete with resource limits.

Research-to-tool translation

Turning promising ideas into software artifacts, reference implementations, and workflows that can be used beyond a prototype.

Active projects

Work in progress

ZeroDown

A zero-downtime IoT policy enforcement framework for MCU-class devices with OTA policy updates, runtime toggling, and embedded uBPF execution.

Active

BlueSentry

An application-layer BLE security framework combining FSM enforcement and runtime eBPF policies for embedded-device threat detection.

Active

eBPF tracing overhead analysis

Kernel observability work on reducing tracing overhead and improving measurement quality under real workloads.

Published and ongoing

Kernel protobuf firewall prototypes

Application-layer firewall and protobuf parsing work in the Linux kernel using custom kfunc support and TC-based enforcement.

Prototype

Recent outcomes

Publication and milestone highlights

10 February, 2026
Submitted manuscript: ZeroDown, a zero-downtime IoT policy enforcement framework for MCU-class devices
18 October, 2025
Manuscript update: BlueSentry, a runtime eBPF policy framework for BLE security on embedded devices
04 August, 2024
Paper published: Eliminating eBPF Tracing Overhead on Untraced Processes
15 November, 2022
Paper published: HELOT: Hunting Evil Life in Operational Technology

Method

How I approach the work

  • Measure first, optimize second.
  • Prefer instrumentation that adds as little overhead as possible.
  • Pair low-level implementation with clear documentation and reproducible workflows.
  • Keep research artifacts readable and maintainable.

Related pages

Related work

Publications Software Technical writing Discuss collaboration