Research

Observability, performance, and system security

Research at the intersection of Linux observability, system performance, and platform security, with methods designed for real-world workloads.

Core areas

Kernel observability with eBPF

Tracing methods that preserve insight while minimizing overhead on untraced or lightly traced processes.

Performance analysis and tuning

Evidence-driven analysis of bottlenecks, runtime behavior, and instrumentation tradeoffs.

Platform and device security

Security techniques for Android, Bluetooth, networking, and IoT, with visibility and protection under resource constraints.

Research to tooling

Research ideas translated into software artifacts, reference implementations, and workflows usable beyond prototypes.

Projects

In progress

ZeroDown

A zero-downtime IoT policy enforcement framework for MCU-class devices with OTA policy updates, runtime toggling, and embedded uBPF execution.

Active

BlueSentry

An application-layer BLE security framework combining FSM enforcement and runtime eBPF policies for embedded-device threat detection.

Active

eBPF tracing overhead analysis

Kernel observability work on reducing tracing overhead and improving measurement quality under real workloads.

Published and ongoing

Kernel protobuf firewall prototypes

Application-layer firewall and protobuf parsing work in the Linux kernel using custom kfunc support and TC-based enforcement.

Prototype

Outcomes

Publications and milestones

10 February, 2026
Submitted manuscript: ZeroDown, a zero-downtime IoT policy enforcement framework for MCU-class devices
18 October, 2025
Manuscript update: BlueSentry, a runtime eBPF policy framework for BLE security on embedded devices
04 August, 2024
Paper published: Eliminating eBPF Tracing Overhead on Untraced Processes
15 November, 2022
Paper published: HELOT: Hunting Evil Life in Operational Technology

Method

Approach

  • Measure first, optimize second.
  • Prefer instrumentation that adds as little overhead as possible.
  • Pair low-level implementation with clear documentation and reproducible workflows.
  • Keep research artifacts readable and maintainable.

Related

Links

Publications Software Technical writing Contact