đź“ž +1 (480)-639-9641
đź“© zhangchuqi1999 AT gmail DOT com
🗺️ Singapore / Tempe, Arizona, USA
<aside> <img src="https://prod-files-secure.s3.us-west-2.amazonaws.com/93c3be3b-0845-402a-851e-2c59447f333f/f30304aa-3449-4968-94ed-4711f30b0b92/icons8-twitter-48.png" alt="https://prod-files-secure.s3.us-west-2.amazonaws.com/93c3be3b-0845-402a-851e-2c59447f333f/f30304aa-3449-4968-94ed-4711f30b0b92/icons8-twitter-48.png" width="40px" /> @ChuqiZhang99
</aside>
<aside> <img src="https://prod-files-secure.s3.us-west-2.amazonaws.com/93c3be3b-0845-402a-851e-2c59447f333f/46a01e87-8cf8-4ca8-98b3-f6bc18fbef39/linkedin_480px.png" alt="https://prod-files-secure.s3.us-west-2.amazonaws.com/93c3be3b-0845-402a-851e-2c59447f333f/46a01e87-8cf8-4ca8-98b3-f6bc18fbef39/linkedin_480px.png" width="40px" /> @ChuqiZhang
</aside>
<aside> <img src="https://prod-files-secure.s3.us-west-2.amazonaws.com/93c3be3b-0845-402a-851e-2c59447f333f/2fa74db2-238f-4c09-9885-67ffd6699abb/icons8-instagram-48.png" alt="https://prod-files-secure.s3.us-west-2.amazonaws.com/93c3be3b-0845-402a-851e-2c59447f333f/2fa74db2-238f-4c09-9885-67ffd6699abb/icons8-instagram-48.png" width="40px" /> @cookiecan999
</aside>
$$ \Huge \textbf {Chuqi ZHANG} \\ \small \textnormal {Ph.D. student in computer science} $$
Hello there! I'm a 4th-year Ph.D. student at the National University of Singapore (NUS), where I am working with Dr. Zhenkai Liang as my advisor. Meanwhile, I'm advised by Dr. Adil Ahmad at Arizona State University (ASU) as part of the ASTeRiSC Lab since November 2022.
My research interests mainly lie in low-level system software design, such as operating systems and hypervisors, as well as confidential computing and trusted execution environment (TEE) design. Currently, I work on enhancing sandboxes, enclaves, and reliable isolated environments within confidential virtual machines (CVMs). I aim to improve the reliability, security, and efficiency of cloud infrastructures like SaaS or FaaS platforms. Previously, I also worked on eBPF, auditing system architecture design, forensics/provenance analysis, and program (binary) analysis.
Before pursuing my Ph.D. degree, I received my B.E. degree in Computer Science at the Huazhong University of Science and Technology in June, 2021.
Sandboxing Secret Client Data within Confidential VMs
European chapter of ACM SIGOPS (EuroSys 2025)
Keywords: TEE/sandbox container, Confidential VM, Intel Trust Domain eXtensions (Intel TDX)
<aside> đź’ˇ To be released.
</aside>
The HitchHiker's Guide to High-Assurance System Observability Protection with Efficient Permission Switches
In Proceedings of the 31st ACM Conference on Computer and Communications Security (CCS 2024).
Keywords: eBPF, TEE/enclave, OS/hypervisor, ARM Confidential Computing Architecture (ARM CCA)
<aside> đź’ˇ System observability (eBPF) is critical but vulnerable to a privileged, untrusted OS. We protect the integrity and availability of observability using a first-principles approach, which includes: (a) leveraging memory permission primitives (Stage-2 Page Table, S2PT, or Granule Protection Table, GPT), and (b) creating a secure enclave without trusting the OS or hypervisor.
</aside>
Paper | Code | Slides
PalanTĂr: Optimizing Attack Provenance with Hardware-enhanced System Observability
In Proceedings of the 29st ACM Conference on Computer and Communications Security (CCS 2022).
Keywords: system auditing, Intel Processor Tracing (Intel PT), static taint summarization
<aside> đź’ˇ System call-level auditing is the fundamental approach for forensics but is too coarse-grained. We enhance its granularity by introducing hardware-assisted userspace control flow tracing, which (a) recovers instruction-level dependencies among syscalls, and (b) ensures efficient provenance tracking by static taint summarization.
</aside>
Paper | Code | Slides
- The HitchHiker's Guide to High-Assurance System Observability Protection with Efficient Permission Switches
- PalanTĂr: Optimizing Attack Provenance with Hardware-enhanced System Observability
