Marno van der Maas
Creating a future of secure and private computing.
Since 2017, I am doing a PhD in Computer Science at the University of Cambridge. My PhD is focused on making it possible for applications to keep data private from the rest of the system (even the operating system they run on top of). This is important since modern operating systems have increasingly more features and larger code bases. Thus, they are more likely to contain vulnerabilities.
Enclave systems provide such protection from operating systems or other privileged code. However, previous work has done little to protect enclaves against side-channel attacks. Side-channel attacks are attacks that infer information about applications based on side effects like timing. To protect against such side-channel attacks, I explored physically isolating enclaves onto separate cores and have successfully published a paper on this topic, which is titled Protecting Enclaves from Intra-Core Side-Channel Attacks through Physical Isolation. We published this paper at CYSARM 2020, which is colocated with ACM CCS 2020, and there is also a video available of the presentation I did there.
At the University of Cambridge, I work in the Computer Architecture Group. I contributed to the Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture (Version 7) and (Version 8); you can also find a press release here.
Between 2014 and 2017, I worked for NXP semiconductors in the area of automotive security. I worked on improving the security of in-vehicle networks and car-to-car communication. Public information on what I worked on can be found by looking at these three patents that I filed:
- US20190081791A1: a patent that relates to generating public private key pairs that are unique per device, but still reproducible on a server side.
- US20190026103A1: a patent that relates to CAN transceivers that have security features. This patent allows any security rules that are included in the CAN transceiver to be updated.
- US20170235698A1: a patent that also relates to CAN transceivers that have security features. In this case it protects against a rogue node eavesdropping on the CAN bus by filtering out any messages that are not meant for this node.
For general inquiries:
w e b (at the domain) t e c h r o o s e . c o m
For Cambridge-related inquiries:
M a r n o . v a n - d e r - M a a s (at the domain) c l . c a m . a c . u k