Security

• TLS, PKI, and Secure Protocols: How Encrypted Web Traffic Works · 2025-11-18

  A deep technical guide to TLS, certificate validation, key exchange, record protection, modern cipher suites, TLS 1.3, QUIC, and practical deployment best practices for secure networked applications.

• Differential Privacy: Formal Guarantees, Composition Theorems, and the Engineering of Private Systems · 2025-08-12

  Build differential privacy from first principles: the formal (ε, δ)-definition, the Laplace and Gaussian mechanisms, composition theorems (basic and advanced), the sparse vector technique, and how to engineer practical private data systems at scale.

• CHERI and Capability Hardware: Memory Safety at the Gate Level · 2025-03-11

  How CHERI Concentrate compression, the load barrier for temporal safety, and the Arm Morello prototype are reshaping what it means to build a secure processor — and why formal verification of capability integrity is the hard part.

• Simultaneous Multithreading: Resource Sharing, Security Implications, and the SMT Performance-Security Tradeoff · 2024-02-01

  A deep dive into SMT/Hyper-Threading: how frontend and backend resources are shared between threads, the security vulnerabilities like PortSmash and TLBleed, and the evolving performance-security tradeoff.

• Countdown to Quantum: Migrating an Enterprise to Post-Quantum Cryptography · 2024-01-29

  Practical lessons from a multi-year effort to adopt quantum-safe cryptography without breaking production.

• Sealing the Supply Chain: Zero-Trust Build Pipelines That Scale · 2023-10-08

  An engineer’s map for rebuilding the software supply chain around zero-trust principles without stopping delivery.

• Smart Contract Security: Reentrancy, Front-Running, and Verification with Certora and Foundry · 2023-09-15

  A rigorous treatment of smart contract vulnerabilities—reentrancy, integer overflow, front-running/sandwich attacks—and the modern verification toolkit including the Certora Prover and Foundry fuzzing framework.

• Software Supply Chain Security: SBOMs, Sigstore, Reproducible Builds, and Attestation · 2022-04-19

  An in-depth guide to securing the software supply chain: SBOMs, provenance, Sigstore, SLSA, reproducible builds, code signing, and operational best practices.

• Trusted Execution: Intel SGX Enclaves, AMD SEV-SNP, Attestation Protocols, and the Confidential Computing Promise · 2021-03-25

  A deep exploration of trusted execution environments — how SGX and SEV encrypt computation, the attestation protocols that verify enclave integrity, and the promise of confidential computing that protects data even from the cloud operator.

• Capability-Based Security: CHERI Architecture, Hardware Capabilities, Spatial and Referential Safety, and Compartmentalization · 2021-02-26

  A deep exploration of the CHERI capability architecture — how hardware-enforced capabilities provide spatial memory safety, referential integrity, and fine-grained compartmentalization at the instruction level.

• Security Engineering (3rd ed.)