Notes, not a blog! I intend to write about things I learn, and things I want to remember. I also update old ones as I revisit topics and learn more.

Once again, I've been trying out new apps for the new year. But what is a good metric for a good app? I think i've found one. It is very similar to what Niklaus Wirth a titan of programming languages, programming methodology, software engineering and hardware design said about compiler optimizations. Not a direct quote but something along the lines of:

Only add an optimization passes if they improve the compiler's self-compilation time.

A single, self-contained metric that captures the muti-variate optimization between the execution speed and complexity of the code added. Elegant.

I think the same can be said about apps. Only add an app if it saves you (screen) time.

Various analysis tools use the LLVM bitcode representation of the source. Compiling a single source file into bitcode is straightforward.

  1. clang -S -emit-llvm <file.c> to get the readable bitcode.
  2. clang -c -emit-llvm <file.c> to get the binary bitcode.

However, compiling large projects like the Linux kernel into bitcode is not as straightforward.

At a high level, each *.c source file is compiled into an object file. Object files .o in a sub-system are linked together to into an intermediate built-in.a file. Finally, all the built-in.a files are linked together to get the final kernel image vmlinux.

Continue Reading →

I worked as a Research Intern at the Computer Science Laboratory at SRI International this 2022 Summer.

The main research objective we started of with was:

How do we protect the integrity of open-source software projects from malicious actors and influence operations within the community?

The motivation for this research comes from the fact that open-source software has become a critical part of our infrastructure. And we have seen multiple attacks on open-source projects that have resulted in supply chain attacks and other security incidents downstream. With this larger goal in mind, we first tried to tackle a smaller problem:

Continue Reading →

I interned at the Intelligent Systems Laboratory at PARC during the Summer of 2021. The problem, at the high level was:

How would you go about removing backdoors from a control binary?

I primarily contributed to the binary de-compilation and program analysis work. Dabbed in a bit of program re-synthesis.

More details in the paper CONSTRUCT: A Program Synthesis Approach for Reconstructing Control Algorithms from Embedded System Binaries in Cyber-Physical Systems.

Here is a collection of security papers, specifically those related to Linux and published between 2000 and 2019 at top security conferences. I compiled this as part of my survey for my PhD qualifying exam.

You can find the repository akshithg/linux-security-papers

I was part of the Shadow PC for IEEE S&P 2020. THe Shadow PCs replicate the entire peer review process of a conference in parallel to the actual conference. This includes reading and reviewing papers, debating our reviews and scores with other members, and finally arriving at a consensus on the paper's accepted. The results of the shadow PC are then compared with main PC to see if any papers had strong disagreements.

The reading and review is in itself not very different from what we do as graduate stedents. But comparing our reviews with those of others and debating the merits of each paper was a great learning experience. This extended to the comparison of our reviews with those of the main PC. It was interesting to see how the main PC arrived at their decisions and how they differed from ours.

Continue Reading →