• ISCA2022 There’s Always a Bigger Fish: A Clarifying Analysis of a Machine-Learning-Assisted Side-Channel Attack.
    Jack Cook, Jules Drean, Jonathan Behrens, Mengjia Yan

  • ASPLOS2022 DAGguise: Mitigating Memory Timing Side Channels.
    Peter W. Deutsch, Yuheng Yang, Thomas Bourgeat, Jules Drean, Joel Emer, Mengjia Yan [pdf]

  • MICRO2020 CaSA: End-to-end Quantitative Security Analysis of Randomly Mapped Caches.
    Thomas Bourgeat*, Jules Drean*, Yuheng Yang, Lillian Tsai, Joel Emer, Mengjia Yan (*co-first authors) [pdf]

  • DATE2019 Sanctorum: A lightweight security monitor for secure enclaves.
    Ilia Lebedev, Kyle Hogan, Jules Drean, David Kohlbrenner, Dayeol Lee, Krste Asanović, Dawn Song, Srinivas Devadas [pdf][code]

  • IROS2019 Benchmarking and workload analysis of robot dynamics algorithms.
    Sabrina M Neuman, Twan Koolen, Jules Drean, Jason E Miller, Srinivas Devadas [pdf] [code]

Current Projects

The MIT Secure Enclave Platform

The MIT Secure Enclave Platform is a series of publications, implementations and ongoing projects that aim at developing real-world secure enclaves. Enclaves are a strong isolation primitive that make it possible for a user to run sensitive computations on a remote and untrusted server while ensuring the integrity and privacy of the computation. Enclaves usually assume a very strong threat model including an untrusted OS. At MIT, we push the concept even further by also considering most timing side channels as part of our threat model. We are looking at secure communication between an enclave and the outside world. Exploring solutions such as shared memory between the enclave and the OS. This is an especially tricky problem in the presence of speculation. The enclave programmer might not be fully in control of the interactions the enclave might have with the outside, would it be which addresses are accessed, the ordering or the timing of these interactions.

Fine-Grained Light-Weight Isolation Primitives

Modern systems lack meaningful abstractions for security domains. At the moment, only processes are potentially isolated from one another at an architectural level (some part of a process's memory might be private). This abstraction is not only broken by micro-architectural side channels but is also greatly limited. Modern software imports untrusted libraries, calls into legacy code and execute content from different security domains. The current solution, like in modern web browsers, has been to place each of these security domains in a different process. Nevertheless, we believe the existence of alternative isolation abstractions and hardware primitives to enforce them could change the way we isolate and secure software. We've been looking at building these new primitives to enable secure isolation of libraries, functions and other fine-grained security domains.


Jules Drean

Office 32-G890


Copyright (c) 2022 Jules Drean