💻️ System software, such as operating systems (OS) and virtualization software, has special privileges that allow it to control the entire computer system—capabilities not available to ordinary applications. For example, an OS can execute privileged CPU instructions, access all physical memory, and directly control all hardware devices. Because these privileges profoundly affect system performance and security, system software is a fascinating yet challenging research area.
🔭 System software research has a theoretical side, exploring the fundamental principles of computers and providing applications with essential, well-abstracted functionalities. Concepts like processes and files are widely used abstractions that enhance software development ease, performance, and portability. Thus, developing well-designed abstractions is a key aspect of system software research.
⚙️ On the other hand, this field also has a practical engineering side, requiring the design, implementation, and evaluation of software closely tied to actual hardware. Even if a theoretical algorithm promises high performance, its effectiveness must be proven on real hardware. Modern computers are complex, and unexpected issues often arise during implementation. Therefore, hands-on programming and testing skills are essential.
🖼️ Moreover, designing system software often involves a sense of artistry, requiring aesthetic and architectural judgment. Debates over whether a monolithic or microkernel OS architecture is better highlight the role of design philosophy and intuition. Many renowned OS kernels are the work of visionary developers—such as Linus Torvalds (Linux) and Dave Cutler (Windows)—who approach development with an artistic mindset. This blend of science, engineering, and art makes system software research uniquely compelling.
In recent years, improving system security has become an increasingly critical challenge. At the Shinagawa Laboratory, we explore various methods to enhance security through system software.
One focus area is the development of secure isolated execution environments to minimize damage if software is compromised. For instance, we research ways to strengthen sandboxing, where system calls from applications are monitored by a reference monitor, granting only the minimum necessary privileges. We also study methods to restrict OS privileges and implement security features independently of the OS, using a domestic hypervisor called BitVisor. Additionally, we investigate how to use Confidential Virtual Machines (CVMs) to securely process sensitive data in cloud environments without trusting cloud providers.
In collaboration with Imperial College London, we are developing Capability Virtual Machines (CAP-VMs), leveraging the CHERI CPU architecture from the University of Cambridge for fine-grained, flexible protection at byte-level granularity. Other projects include physically isolated execution environments utilizing FPGA-based lightweight RDMA.
We also work on fuzzing, a technique that automatically generates massive inputs to expose vulnerabilities in existing software. Specifically, we aim to apply fuzzing to low-level system software, enhancing the robustness of complex technologies like containers and nested virtualization. Our research includes novel visualization techniques to support root cause analysis of crashes found through fuzzing, which traditionally relied heavily on manual effort.
Other areas of focus include Use-After-Free mitigation using new CPU features, systems that support secure language migration via automatic C-to-Rust translation, and malware analysis using machine learning.
Beyond security, the Shinagawa Laboratory is engaged in a wide range of research to improve the performance and functionality of system software.
Current projects include developing mechanisms that use FPGAs to virtualize kernel memory operations, and designing architectures that facilitate device driver reuse for new OS development. We also research address translation passthrough to accelerate nested paging in virtualization environments, faster container startup through efficient layer retrieval, file systems for non-volatile memory, low-latency cluster schedulers, and OS emulators that enable Linux binaries to run on macOS and Windows.
The following are some of the key topics we research at the Shinagawa Laboratory, though our work is not limited to these areas: