A common approach to securing computing systems is identifying and securing the trusted computing base (TCB), which enforces the overall security policies under a particular threat model. For the sake of whole-system security, the TCB should be small enough to be trustworthy, be capable of mediating critical operations to enforce security policies and have a minimized attacking surface. In this talk, I will introduce my journey of exploring virtualization to creating a TCB for both mobile and cloud systems. I will also share my experiences of making the TCB efficient and trustworthy, through exploiting existing hardware mechanisms as well as hardware/software co-designs. Finally, I will briefly outlook the challenges and opportunities in virtualization-based TCB for emerging computing models like serverless and AIoT.

Haibo Chen is a Distinguished Professor of Shanghai Jiao Tong University, where he founds and directs the Institute for Parallel and Distributed Systems (IPADS). His main research areas are operating systems and distributed systems and their interaction with formal methods. He has won the First Prize of Technical Invention by the Ministry of Education, China Youth Science and Technology Award, President’s Award of Shanghai Jiao Tong University, CCF Young Scientist Award, National Excellent Doctoral Dissertation Award of China, etc. He is currently the Chair of ACM SIGOPS ChinaSys, the Vice-Chair of the Special Committee on System Software of the China Computer Federation, serves on the editorial board member for contributed articles and as the co-chair of Special Sections of Communications of the ACM, and the editorial board member of ACM Transactions on Storage. He has also received Best Paper Awards from ASPLOS, EuroSys, VEE, ICPP and APSys, etc.