Research

Observability, performance, and system security

Research at the intersection of Linux observability, system performance, and platform security, with methods designed for real-world workloads.

Core areas

Kernel observability with eBPF

Tracing methods that preserve insight while minimizing overhead on untraced or lightly traced processes.

Performance analysis and tuning

Evidence-driven analysis of bottlenecks, runtime behavior, and instrumentation tradeoffs.

Platform and device security

Security techniques for Android, Bluetooth, networking, and IoT, with visibility and protection under resource constraints.

Research software

Implementations, tools, and workflows that accompany published research.

Current projects

eBPF tracing overhead analysis

Kernel observability work on reducing tracing overhead and improving measurement quality under real workloads.

Published and ongoing

Kernel protobuf firewall prototypes

Application-layer firewall and protobuf parsing work in the Linux kernel using custom kfunc support and TC-based enforcement.

Prototype