Marno van der Maas

Creating a future of secure and private computing.

Since 2022, I have been working with lowRISC. We are working towards making open source silicon a reality, for example we are creating the first silicon root-of-trust that is open source. Most of my work is open source and you can have a look on my GitHub profile to see what I work on. Here's a list of talks that I have given:

• Sonata: low-cost CHERI hardware for embedded systems @ State of Open Con 2024: slides and notes, conference page, video recording
• Fully verified open silicon @ Open Source Summit Europe 2023: slides and notes, conference page, video recording
• CHERIoT enablement @ TASER/CHES 2023: slides and notes, conference page
• Protecting enclaves from intra-core side-channel attacks through physical isolation @ CYSARM 2020: paper, video recording

From 2017 to 2022, I attained my PhD in Computer Science at the University of Cambridge. My PhD is on making it possible for applications to keep data private from the rest of the system, even the operating system they run on top of. Enclave systems provide such protection from operating systems or other privileged code. However, previous work has done little to protect enclaves against side-channel attacks. Side-channel attacks are attacks that infer information about applications based on side effects like timing. To protect against such side-channel attacks, I explored physically isolating enclaves onto separate cores and have successfully published a paper on this topic, which is titled Protecting Enclaves from Intra-Core Side-Channel Attacks through Physical Isolation. We published this paper at CYSARM 2020, which is colocated with ACM CCS 2020. My PhD thesis is available on Apollo or as a technical report.

At the University of Cambridge, I worked in the Computer Architecture Group and became a research assistant for half a year to improve the continuous integration. I contributed to the Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture (Version 7) and (Version 8); you can also find a press release here. I also worked extensively with TestRIG a random instruction generator that uses direct instruction injection for design verification, see the paper I co-authored for details.

Between 2014 and 2017, I worked for NXP semiconductors in the area of automotive security. I worked on improving the security of in-vehicle networks and car-to-car communication. Public information on what I worked on can be found by looking at these three patents that I filed:

• US 2019-0081791 A1: a patent that relates to generating public private key pairs that are unique per device, but still reproducible on a server side.
• US 2019-0026103 A1: a patent that relates to CAN transceivers that have security features. This patent allows any security rules that are included in the CAN transceiver to be updated.
• US 2017-0235698 A1: a patent that also relates to CAN transceivers that have security features. In this case it protects against a rogue node eavesdropping on the CAN bus by filtering out any messages that are not meant for this node.