Michael LeMay

Michael LeMay

Senior Staff Research Scientist

Intel Labs

Biography

Research Scientist with a focus on memory management architectures for security.

Interests
  • Formal specification and verification
  • Compiler-based security hardening
  • Anti-malware techniques
  • Computer architecture
  • Operating systems and virtualization
Education
  • MS, PhD, and Postdoc in Computer Science, 2012

    University of Illinois at Urbana-Champaign

  • BS in Computer Science, 2005

    University of Wisconsin-Eau Claire

Experience

 
 
 
 
 
Senior Staff Research Scientist
Jun 2012 – Present Oregon

I define and evaluate innovative security architectures for mitigating exploits and malware. I draw on my expertise in architecture, compilers, operating systems, virtualization, HW/SW co-design, and formal methods to effectively devise solutions that are well-adapted to workload requirements.

Co-lead liaison from Intel for the SRC JUMP CONIX research center.

 
 
 
 
 
PhD Student and Postdoc
Sep 2005 – May 2012 Illinois

Advisor: Carl A. Gunter

National Defense Science and Engineering Graduate (NDSEG) Fellow

PhD Dissertation: Compact Integrity-Aware Architectures

MS Thesis: Dependable Emergency-Response Networking Based on Retaskable Network Infrastructures

TA for Advanced Computer Security (Instructor: Carl A. Gunter)

TA for Advanced Operating Systems (Instructor: Samuel T. King)

Other Publications

Quickly discover relevant content by filtering publications.
(2021). Isolation Without Taxation: Near Zero Cost Transitions for SFI. Foundations of Computer Security (FCS).

PDF Project

(2014). Power-Based Diagnosis of Node Silence in Remote High-End Sensing Systems. ACM Transactions on Sensor Networks (ToSN).

PDF DOI

(2014). Protecting Sensor Data from Malware Attacks (pages 178-197). Intel Technology Journal (ITJ).

PDF

(2011). Reliable telemetry in white spaces using remote attestation. Annual Computer Security Applications Conference (ACSAC).

PDF Slides DOI

(2010). Diagnostic Powertracing for Sensor Node Failure Analysis. Information Processing in Sensor Networks (IPSN).

PDF DOI

(2009). Sh@re: Negotiated audit in social networks. Systems, Man and Cybernetics (SMC).

PDF DOI

(2009). Cumulative Attestation Kernels for Embedded Systems. European Symposium on Research in Computer Security (ESORICS).

PDF Slides DOI

(2009). Collaborative Recommender Systems for Building Automation. Hawaii International Conference on System Sciences (HICSS).

PDF Slides DOI

(2007). Supporting Emergency-Response by Retasking Network Infrastructures. HotNets.

PDF Slides

(2007). PolicyMorph: interactive policy transformations for a logical attribute-based access control framework. Symposium on Access Control Models and Technologies (SACMAT).

PDF Slides DOI

(2007). Unified Architecture for Large-Scale Attested Metering. Hawaii International Conference on System Sciences (HICSS).

PDF Slides DOI

(2006). Acoustic Surveillance of Physically Unmodified PCs. Security and Management (SAM).

PDF Slides

(2004). Comprehensive message control and assurance with the secure email transport protocol. Electro/Information Technology (EIT).

DOI

(2004). Abstracting Low-Level Network Programming With ACE, a Pattern-Oriented Network Programming Framework. Software Engineering Research and Practice (SERP).

PDF

Patents

Issued patents:

  1. 11,250,165 (2022): Binding of cryptographic operations to context or speculative execution restrictions
  2. 11,222,127 (2022): Processor hardware and instructions for SHA3 cryptographic operations
  3. 11,216,366 (2022): Security check systems and methods for memory allocations
  4. 11,188,639 (2021): System, method and apparatus for automatic program compartmentalization
  5. 11,171,983 (2021): Techniques to provide function-level isolation with capability-based security
  6. 11,163,569 (2021): Hardware apparatuses, methods, and systems for individually revocable capabilities for enforcing temporal memory safety
  7. 11,144,479 (2021): System for address mapping and translation protection
  8. 11,080,401 (2021): Memory scanning methods and apparatus
  9. 11,036,850 (2021): Technologies for object-oriented memory management with extended segmentation
  10. 11,030,113 (2021): Apparatus and method for efficient process-based compartmentalization
  11. 10,884,952 (2021): Enforcing memory operand types using protection keys
  12. 10,860,709 (2020): Encoded inline capabilities
  13. 10,795,997 (2020): Hardened safe stack for return oriented programming attack mitigation
  14. 10,785,028 (2020): Protection of keys and sensitive data from attack within microprocessor architecture
  15. 10,769,272 (2020): Technology to protect virtual machines from malicious virtual machine managers
  16. 10,706,164 (2020): Crypto-enforced capabilities for isolation
  17. 10,642,752 (2020): Auxiliary processor resources
  18. 10,558,582 (2020): Technologies for execute only transactional memory
  19. 10,515,023 (2019): System for address mapping and translation protection
  20. 10,503,664 (2019): Virtual machine manager for address mapping and translation protection
  21. 10,453,114 (2019): Selective sharing of user information based on contextual relationship information, such as to crowd-source gifts of interest to a recipient
  22. 10,452,848 (2019): Memory scanning methods and apparatus
  23. 10,324,863 (2019): Protected memory view for nested page table access by virtual machine guests
  24. 10,318,733 (2019): Techniques for detecting malware with minimal performance degradation
  25. 10,235,301 (2019): Dynamic page table edit control
  26. 10,216,522 (2019): Technologies for indirect branch target security
  27. 10,157,277 (2018): Technologies for object-oriented memory management with extended segmentation
  28. 10,152,612 (2018): Cryptographic operations for secure page mapping in a virtual machine environment
  29. 10,104,122 (2018): Verified sensor data processing
  30. 10,061,918 (2018): System, apparatus and method for filtering memory access logging in a processor
  31. 10,007,784 (2018): Technologies for control flow exploit mitigation using processor trace
  32. 9,954,950 (2018): Attestable information flow control in computer systems
  33. 9,858,411 (2018): Execution profiling mechanism
  34. 9,830,162 (2017): Technologies for indirect branch target security
  35. 9,817,976 (2017): Techniques for detecting malware with minimal performance degradation
  36. 9,805,194 (2017): Memory scanning methods and apparatus
  37. 9,792,222 (2017): Validating virtual address translation by virtual machine monitor utilizing address validation structure to validate tentative guest physical address and aborting based on flag in extended page table requiring an expected guest physical address in the address validation structure
  38. 9,710,393 (2017): Dynamic page table edit control
  39. 9,703,703 (2017): Control of entry into protected memory views
  40. 9,665,373 (2017): Protecting confidential data with transactional processing in execute-only memory
  41. 9,501,637 (2016): Hardware shadow stack support for legacy guests
  42. 9,335,943 (2016): Method and apparatus for fine grain memory protection
  43. 9,124,635 (2015): Verified sensor data processing
  44. 8,458,791 (2013): Hardware-implemented hypervisor for root-of-trust monitoring and control of computer system
  45. 7,774,411 (2010): Secure electronic message transport protocol

Published patent applications:

  1. 17/485,213: OBJECT AND CACHELINE GRANULARITY CRYPTOGRAPHIC MEMORY INTEGRITY
  2. 17/314,349: TECHNOLOGY TO CONTROL SYSTEM CALL INVOCATIONS WITHIN A SINGLE ADDRESS SPACE
  3. 17/255,588: FUNCTION AS A SERVICE (FAAS) SYSTEM ENHANCEMENTS
  4. 16/998,913: PROTECTION OF KEYS AND SENSITIVE DATA FROM ATTACK WITHIN MICROPROCESSOR ARCHITECTURE
  5. 16/912,378: COLLISION-FREE HASHING FOR ACCESSING CRYPTOGRAPHIC COMPUTING METADATA AND FOR CACHE EXPANSION
  6. 16/862,022: MEMORY WRITE FOR OWNERSHIP ACCESS IN A CORE
  7. 16/776,467: CRYPTOGRAPHIC COMPUTING ENGINE FOR MEMORY LOAD AND STORE UNITS OF A MICROARCHITECTURE PIPELINE
  8. 16/740,359: CRYPTOGRAPHIC COMPUTING USING ENCRYPTED BASE ADDRESSES AND USED IN MULTI-TENANT ENVIRONMENTS
  9. 16/724,105: MICROPROCESSOR PIPELINE CIRCUITRY TO SUPPORT CRYPTOGRAPHIC COMPUTING
  10. 16/724,026: DATA ENCRYPTION BASED ON IMMUTABLE POINTERS
  11. 16/723,977: CRYPTOGRAPHIC ISOLATION OF MEMORY COMPARTMENTS IN A COMPUTING ENVIRONMENT
  12. 16/722,707: CRYPTOGRAPHIC COMPUTING USING ENCRYPTED BASE ADDRESSES AND USED IN MULTI-TENANT ENVIRONMENTS
  13. 16/722,342: POINTER BASED DATA ENCRYPTION
  14. WO2020096639: Function as a Service (FaaS) System Enhancements
  15. 16/024,257: Memory tagging for side-channel defense, memory safety, and sandboxing
  16. 15/859,142: Apparatus and method for pausing processor trace for efficient analysis
  17. 15/721,553: Installing and manipulating a secure virtual machine image through an untrusted hypervisor
  18. 15/713,573: Methods and arrangements to determine physical resource assignments
  19. 16/040,193: System, method and apparatus for automatic program compartmentalization
  20. 15/273,286: Access control
  21. 15/201,018: Regulating control transfers for execute-only code execution

Skills

C/C++

App, kernel, and hypervisor development for Linux, Windows, and embedded systems with Boost and generics experience

Rust
Go
SMT-LIB / Z3

SAT/SMT solver (completed Coursera course)

X86 Assembly

Somewhat familiar with assembly language for other architectures as well

LLVM/Clang

Compiler framework

Bluespec SystemVerilog

High-Level Synthesis (HLS) language based on Term-Rewriting Systems

Maude

Model checker based on Term-Rewriting Systems and Linear-Temporal Logic

Isabelle/HOL

Interactive theorem prover

Python
Java
Verilog/VHDL

Experience using Intel Quartus and Xilinx Vivado FPGA toolchains. Experience using Synopsys VCS and Mentor Graphics Modelsim simulators. Experience extending and maintaining an in-house Verilog simulator during an internship with Cray, Inc.

Prolog

Logic programming language

Professional Service and Volunteering

Professional society memberships:

  • Senior Member of the Association for Computing Machinery (ACM)
  • Senior Member of IEEE

PC member:

  • TRUST 2010 & 2011

Journal reviews:

  • 2019 IEEE Transactions on Networking
  • 2013 IEEE Transactions on Information Forensics & Security (TIFS)
  • 2009 Journal of Computer Security (JCS)
  • 2009 IEEE Transactions on Industrial Electronics (TIE)
  • 2007 ACM Transactions on the Web (TWEB)
  • 2005 ACM Transactions on Information and System Security (TISSEC)

Conference and workshop reviews:

  • 2021 Design Automation Conference (DAC)
  • 2013 IEEE PowerTech
  • 2009 International Conference on Distributed Computing Systems (ICDCS)
  • 2009 IEEE Symposium on Security and Privacy (Oakland)
  • 2008 IEEE Workshop on Policies for Distributed Systems and Networks (POLICY)
  • 2008 Hawaiian International Conference on System Sciences (HICSS)
  • 2007 IEEE Computer Security Foundations Symposium (CSF)
  • 2007 ACM Workshop on Privacy in the Electronic Society (WPES)
  • 2006 IEEE International Conference on Network Protocols (ICNP)
  • 2006 IFIP International Conference on Critical Infrastructure Protection (ICCIP)
  • 2006 ACM Workshop on Privacy in the Electronic Society (WPES)

Selected Mentoring Experiences:

Volunteering:

Hobbies

Contact

For messages related to my work at Intel, please contact me at michael dot lemay at intel dot com.

For other messages, please contact me at m at lemays dot org.