đź“ž +1 (480)-639-9641
đź“© zhangchuqi1999 AT gmail DOT com
🗺️ Singapore / Tempe, Arizona, USA
<aside> <img src="https://prod-files-secure.s3.us-west-2.amazonaws.com/93c3be3b-0845-402a-851e-2c59447f333f/f30304aa-3449-4968-94ed-4711f30b0b92/icons8-twitter-48.png" alt="https://prod-files-secure.s3.us-west-2.amazonaws.com/93c3be3b-0845-402a-851e-2c59447f333f/f30304aa-3449-4968-94ed-4711f30b0b92/icons8-twitter-48.png" width="40px" /> @ChuqiZhang99
</aside>
<aside> <img src="https://prod-files-secure.s3.us-west-2.amazonaws.com/93c3be3b-0845-402a-851e-2c59447f333f/46a01e87-8cf8-4ca8-98b3-f6bc18fbef39/linkedin_480px.png" alt="https://prod-files-secure.s3.us-west-2.amazonaws.com/93c3be3b-0845-402a-851e-2c59447f333f/46a01e87-8cf8-4ca8-98b3-f6bc18fbef39/linkedin_480px.png" width="40px" /> @ChuqiZhang
</aside>
<aside> <img src="https://prod-files-secure.s3.us-west-2.amazonaws.com/93c3be3b-0845-402a-851e-2c59447f333f/2fa74db2-238f-4c09-9885-67ffd6699abb/icons8-instagram-48.png" alt="https://prod-files-secure.s3.us-west-2.amazonaws.com/93c3be3b-0845-402a-851e-2c59447f333f/2fa74db2-238f-4c09-9885-67ffd6699abb/icons8-instagram-48.png" width="40px" /> @cookiecan999
</aside>
$$ \Huge \textbf {Chuqi ZHANG} \\ \small \textnormal {Ph.D. student in computer science} $$
Hello there! I'm a third-year Ph.D. student at the National University of Singapore (NUS), where I am working with Dr. Zhenkai Liang as my advisor. Meanwhile, I'm fortunate to have met, collaborated with, and been advised by Dr. Adil Ahmad at Arizona State University (ASU) since November 2022.
My research interests mainly lie in low-level system software design, such as operating systems and hypervisors, as well as confidential computing and trusted execution environment (TEE) design. Currently, I work on enhancing sandboxes, enclaves, and reliable isolated environments within confidential virtual machines (CVMs). I aim to improve the reliability, security, and efficiency of cloud infrastructures like SaaS or FaaS platforms. Previously, I also worked on eBPF, auditing system architecture design, forensics/provenance analysis, and program (binary) analysis.
Before pursuing my Ph.D. degree, I received my B.E. degree in Computer Science at the Huazhong University of Science and Technology in June, 2021.
(Anonymized) Sandboxing Secret Client Data within Confidential VMs
Preprint 2025.
Keywords: TEE/sandbox container, Confidential VM, Intel Trust Domain eXtensions (Intel TDX)
<aside> đź’ˇ To be released.
</aside>
The HitchHiker's Guide to High-Assurance System Observability Protection with Efficient Permission Switches
In Proceedings of the 31st ACM Conference on Computer and Communications Security (CCS 2024).
Keywords: eBPF, TEE/enclave, OS/hypervisor, ARM Confidential Computing Architecture (ARM CCA)
<aside> đź’ˇ System observability (eBPF) is critical but vulnerable to a privileged, untrusted OS. We protect the integrity and availability of observability using a first-principles approach, which includes: (a) leveraging memory permission primitives (Stage-2 Page Table, S2PT, or Granule Protection Table, GPT), and (b) creating a secure enclave without trusting the OS or hypervisor.
</aside>
Paper | Code | Slides
(Anonymized) A Fine-grained System Auditing Architecture Design
Preprint 2025.
Keywords: system auditing, kernel exploit, virtualization-based security monitor, Extended Page Table (EPT), EPTP-switching, LLVM
<aside> đź’ˇ To be released.
</aside>
PalanTĂr: Optimizing Attack Provenance with Hardware-enhanced System Observability
In Proceedings of the 29st ACM Conference on Computer and Communications Security (CCS 2022).
Keywords: system auditing, Intel Processor Tracing (Intel PT), static taint summarization
<aside> đź’ˇ System call-level auditing is the fundamental approach for forensics but is too coarse-grained. We enhance its granularity by introducing hardware-assisted userspace control flow tracing, which (a) recovers instruction-level dependencies among syscalls, and (b) ensures efficient provenance tracking by static taint summarization.
</aside>
Paper | Code | Slides
- The HitchHiker's Guide to High-Assurance System Observability Protection with Efficient Permission Switches
- PalanTĂr: Optimizing Attack Provenance with Hardware-enhanced System Observability
