Internet for Users: Building Secure, Verifiable, and Reliable Systems

Member: Pierre-Louis Aublin

Category:

Tags: , , , , , , ,

Internet for Users: Building Secure, Verifiable, and Reliable Systems

Background

“The Internet’s potential is unlimited. As a worldwide resource, the Internet supports commerce, recreation, research, education, entertainment, and everything in between. But with different stakeholders and competing demands of the network, safeguarding the future of the Internet can seem like an impossible task.”The Internet Society


Today’s Internet is dominated by centralized, opaque platforms that control security, reliability and user data, and force users to surrender autonomy, giving up control over their data, choices or when they can access the system.

Not only a technical failure at a single intermediary — such as a cloud service provider1 or AS2 — can render vast portions of the global Internet inaccessible, but also various Internet actors — cloud providers, ISPs, and more — routinely exploit Internet users’ trust for commercial profit3, state surveillance4, and malicious traffic manipulation5.

Purpose

This project shifts the focus from Internet actors to their users in order to build a better Internet where systems are secure, verifiable, and reliable so that people can use technology without surrendering autonomy to monopolies or opaque platforms.

This means users can, without sacrificing practicality:

  • protect their data and secrets;
  • verify the system behaviour;
  • access online services despite the presence of faults;
  • use alternative systems, avoiding user lock-in.

Approach

Our approach is based on the following technical pillars:

  • Guarantees over Trust: use Formal Verification (TLA+6, Verus7, Flux8, etc.) to prove systems are correct9 and Trusted Execution Environments for security and privacy guarantees1011.
  • Reliability: implement fault-tolerance12 and resilience13 to prevent and recover from failures.
  • Composability: build small and verifiable components, like Lego blocks, instead of monoliths to avoid user lock-in and make it easy to isolate a failed or compromised component1415.
  • Practicality: resilience and security must not come at the cost of utility. If a system is too complex or slow, it will be bypassed or abandoned16. Therefore, we aim to build systems that are not only resilient and secure, but that also provide acceptable performance17.

Current Research Directions

Guaranteed Internet Users Security

Today’s security is often an illusion: users “trust” platforms, OSes, or hardware — but cannot easily verify if their data is secure and untampered.

We leverage Trusted Execution Environments — secure areas within processors that protect code and data against powerful attackers — to build systems that protect users’ data and give them back guarantees as to what the platform is doing. This includes making serverless computing confidential and practical, securing user inputs from keyloggers and malwares, or designing novel Trusted Execution Environments that offer strong security guarantees.

Improve Byzantine Fault Tolerance Adoption

Fault-tolerance, in particular Byzantine Fault-Tolerance (BFT), ensures continued functionality despite arbitrary faults (crash, configuration error, malicious attacker, etc.), but require additional resources, complex communication mechanisms, and adds a non negligible performance overhead that hinders its adoption.

We develop novel solutions to achieve fault-tolerance without compromising performance, resilience or usability:

  • by integrating Trusted Execution Environments and/or smartNICs to make such protocols more transparent from the user or developer point of view;
  • by carefully introducing performance optimizations that do not weaken the system robustness.

Dissemination

(An extended list can be found here.)

Blog Articles

  • “Fault-Tolerance for LLM Inference”. IIJ Engineering blog. December 2024.
  • “Toward Trusted Pictures to Combat Fake News”. IIJ Engineering blog. July 2024.

Presentations

  • Co-organized the VMPSec ’25 workshop in Grenoble, France, June 2025.
  • Presented our current work-in-progress on Serverless Confidential VMs at IIJLab seminar, May 2025.
  • Work presented at FAU-Erlangen, TU Munich, Royal Holloway University and Imperial College London, September 2024.

Scientific publications

  • “What You See Is Not What You Get: Introducing the Trusted Camera Framework to Combat Fake News”, Pierre-Louis Aublin, DASC ’25 conference, October 2025.
  • “BFTaaS: Byzantine Fault Tolerance as a Service through NIC-Level Aggregation”. Rui Wang, Arne Vogel and Pierre-Louis Aublin, DASC ’25 poster, October 2025.
  • “Mitigating Cryptographic Bottlenecks of Low-latency BFT Protocols”, Pierre-Louis Aublin and Arne Vogel, DAIS ’25 conference. June 2025
  • “Transparent Management of BFT Systems with TEE”. Bijun Li, and Pierre-Louis Aublin. In Proceedings of the 6th Workshop on System Software for Trusted Execution (SysTEX 2023). May 2023.
  • “Easy-to-Adopt and Bottleneck-free Byzantine Fault Tolerant Protocols”. Pierre-Louis Aublin. In the 17th Asian Internet Engineering Conference (AINTEC). December 2022.
  • “Towards TEEs with Large Secure Memory and Integrity Protection Against HW Attacks”. Pierre-Louis Aublin, Mohammad Mahhouk, and Ruediger Kapitza. In the 5th Workshop on System Software for Trusted Execution (SysTEX 2022). March 2022.

Software

  • Code artifact for the “Mitigating Cryptographic Bottlenecks of Low-latency BFT Protocols” paper

Reaching out

If you are interested in one of these projects, or have any question, please do not hesitate to contact me.

  1. O’Flaherty, K. Cloudflare Down—New Outage Takes Internet Down, Again. Forbes (2025).↩︎

  2. Sharma A. Major BGP leak disrupts thousands of networks globally. Bleeping Computer (2021).↩︎

  3. Thomas, K. et al. Ad injection at scale: Assessing deceptive advertisement modifications. IEEE Symposium on Security and Privacy (2015).↩︎

  4. NSA Stops Certain Section 702 “Upstream” Activities. NSA (2017).↩︎

  5. Birge-Lee, H. et al. Bamboozling certificate authorities with BGP. USENIX Security Symposium (2018).↩︎

  6. Lamport, L. Specifying systems: The TLA+ language and tools for hardware and software engineers. Addison-Wesley (2002).↩︎

  7. Lattuada, A. et al. Verus: A Practical Foundation for Systems Verification. ACM SOSP (2024).↩︎

  8. Lehmann, N. et al. Flux: Liquid types for rust. ACM PLDI (2023).↩︎

  9. Hawblitzel, C. et al. IronFleet: Proving Practical Distributed Systems Correct. ACM SOSP 2015.↩︎

  10. Costan, V. and Devadas, S. Intel SGX Explained, IARC Cryptology (2016).↩︎

  11. Misono, M. et al. Confidential VMs explained: An empirical analysis of AMD SEV-SNP and Intel TDX. ACM POMACS 8.3: 1-42 (2024).↩︎

  12. Castro, M. and Liskov, B. Practical Byzantine Fault Tolerance. Usenix OSDI (1999)↩︎

  13. Ergenc D. et al. Resilience in Edge Computing: Challenges and Concepts. 5), Foundations and Trends in Networking 14:4: 254-340 (2025).↩︎

  14. Ferraiuolo, A. et al. Komodo: Using verification to disentangle secure-enclave hardware from software. ACM SOSP (2017).↩︎

  15. Sartakov, V. et al. Spons & Shields: practical isolation for trusted execution. ACM VEE (2021).↩︎

  16. Saltzer, J. and Schroeder, M. The protection of information in computer systems. IEEE journal 63:9, 1278-1308 (1975).↩︎

  17. Lampson B. Hints for computer system design. ACM SOSP (1983).↩︎

PAGE TOP