Publications
[P29]. (Blog Post) Mengmei Ye, Claudio Carvalho, Niteesh Dubey, Ariel Adam, Pradipta Banerjee, Jens Freimann, Emanuele Giuseppe Esposito. “The power of confidential containers on Red Hat OpenShift with NVIDIA GPUs.” Red Hat, October 2025. [Details] [Demo on Intel TDX] [Demo on AMD SEV-SNP]
[P28]. (Blog Post) Angel Nunez Mencias, Chandra Shekhar Reddy Potula, Daniele Buono, Claudio Carvalho, Mengmei Ye. “Advancing Confidential AI with Confidential Computing.” Phoenix Technologies, May 2025. [Details]
[P27]. Zhongze Tang, Zichen Zhu, Mengmei Ye, Yao Liu, Sheng Wei. “Privacy-Preserving Multimedia Mobile Cloud Computing Using Cost-Effective Protective Perturbation.” The Workshop on Network and Operating System Support for Digital Audio and Video (NOSSDAV) co-located with the ACM Multimedia Systems Conference (MMSys), March 2025. [PDF]
[P26]. Mengmei Ye, Sandhya Koteshwara, Derren Dunn, Hubertus Franke, Chris Porter, Tobin Feldman-Fitzthum, Angelo Ruocco, Daniele Buono, Claudio Carvalho. “Position Paper: From Confidential Computing to Zero Trust, Come Along for the (Bumpy?) Ride.” The International Workshop on Hardware and Architectural Support for Security and Privacy (HASP) in conjunction with IEEE/ACM International Symposium on Microarchitecture (MICRO), November 2024. [PDF][Keynote Slide Deck]
[P25]. (Poster) Mengmei Ye, Apoorve Mohan, Hubertus Franke. “vLLM in Confidential CPU-GPU Enclaves: Does it Perform?” IEEE AI Compute Symposium (AICS), November 2024. [Abstract]
[P24] Apoorve Mohan, Mengmei Ye, Hubertus Franke, Mudhakar Srivatsa, Zhuoran Liu, Nelson Gonzale. “Securing AI Inference in the Cloud: Is CPU-GPU Confidential Computing Ready?” IEEE International Conference on Cloud Computing (CLOUD), July 2024. (Acceptance rate: 19.4%) [PDF]
[P23] Wei Ren, Sandhya Koteshwara, Mengmei Ye, Hubertus Franke, Deming Chen. “S2TAR-Cloud: Shared Secure Trusted Accelerators with Reconfiguration for Machine Learning in the Cloud.” IEEE International Conference on Cloud Computing (CLOUD), July 2024. (Acceptance rate: 19.4%) [PDF]
[P22] Angelo Ruocco, Chris Porter, Claudio Carvalho, Daniele Buono, Derren Dunn, Hubertus Franke, James Bottomley, Marcio Silva, Mengmei Ye, Niteesh Dubey, Tobin Feldman-Fitzthum (author list ordered by alphabet). “Aligning Confidential Computing with Cloud-native ML Platforms.” Workshop on Artificial Intelligence System with Confidential Computing (AISCC), co-located with Network and Distributed System Security (NDSS) Symposium, February 2024. [PDF]
[P21] Vikram Narayanan, Claudio Carvalho, Angelo Ruocco, Gheorghe Almási, James Bottomley, Mengmei Ye, Tobin Feldman-Fitzthum, Daniele Buono, Hubertus Franke, Anton Burtsev. “Remote Attestation of Confidential VMs Using Ephemeral vTPMs.” Annual Computer Security Applications Conference (ACSAC), December 2023. (Acceptance rate: 24%. Distinguished Paper with Artifacts) [PDF]
[P20] (Exhibitor Forum) Mengmei Ye, Derren Dunn. “The Cost of Flexibility and Security in Cloud-Based HPC – A Case Study Running EDA Workloads with Confidential Computing Technology.” International Conference for High Performance Computing, Networking, Storage, and Analysis (SC), November 2023. [Details]
[P19] Mengmei Ye, Angelo Ruocco, Daniele Buono, James Bottomley, Hubertus Franke. “Free the Turtles: Removing Nested Virtualization for Performance and Confidentiality in the Cloud.” IEEE International Conference on Cloud Computing (IEEE CLOUD), July 2023. [PDF][Code]
[P18] Wei Ren, William Kozlowski, Sandhya Koteshwara, Mengmei Ye, Hubertus Franke, Deming Chen. “AccShield: A New Trusted Execution Environment with Machine-Learning Accelerators.” Design Automation Conference (DAC), July 2023. (Acceptance rate: 23%) [PDF]
[P17] (Presentation) Mengmei Ye, Angelo Ruocco. “No More Turtles: The SecondaryVM Framework - An Alternative to Nested Virtualization.” KVM Forum, September 2022. [Details]
[P16] (Blog Post) Mengmei Ye, Angelo Ruocco, Daniele Buono, James Bottomley, Hubertus Franke. “An Alternative to Nested Virtualization - Why It’s Time To “Free the Turtles.” IBM Research Blog, September 2022. [Details]
[P15] Mengmei Ye, Zhongze Tang, Huy Phan, Yi Xie, Bo Yuan, Sheng Wei, “Visual Privacy Protection in Mobile Image Recognition Using Protective Perturbation.” ACM Multimedia Systems Conference (MMSys), June 2022. [PDF][Code]
[P14] (Blog Post) Jaime H. Moreno, Hubertus Franke, Paul Crumley, Mengmei Ye, “Calling for the Return of Non-Virtualized Microprocessor Systems.” ACM SIGARCH, May 2022. [Details]
[P13] Xianglong Feng, Yi Xie, Mengmei Ye, Zhongze Tang, Bo Yuan, Sheng Wei, “Fake Gradient: A Security and Privacy Protection Framework for DNN-based Image Classification.” ACM Multimedia Conference (MM), October 2021. (Acceptance rate: 542/1942 = 27.9%) [PDF][Code]
[P12] Xianglong Feng, Mengmei Ye, Ke Xia, Sheng Wei, “Runtime Fault Injection Detection for FPGA-based DNN Execution Using Siamese Path Verification.” Design, Automation and Test in Europe Conference (DATE), February 2021. [PDF]
[P11] Akshay Gangal, Mengmei Ye, Sheng Wei, “HybridTEE: Secure Mobile DNN Execution Using Hybrid Trusted Execution Environment.” IEEE Asian Hardware Oriented Security and Trust Symposium (AsianHOST), December 2020. (Acceptance rate: 13/48 = 27.1%) [PDF] [Code]
[P10] Mengmei Ye, Xianglong Feng, Sheng Wei, “Runtime Hardware Security Verification Using Approximate Computing: A Case Study on Video Motion Detection.” IEEE Asian Hardware Oriented Security and Trust Symposium (AsianHOST), December 2019. [PDF]
[P9] Mengmei Ye, Xianglong Feng, Sheng Wei, “HISA: Hardware Isolation-based Secure Architecture for CPU-FPGA Embedded Systems.” International Conference on Computer Aided Design (ICCAD), November 2018. (Acceptance rate: 98/396 = 24.7%) [PDF] [Code]
[P8] Mengmei Ye, Myra B. Cohen, Witawas Srisa-An, Sheng Wei, “EvoIsolator: Evolving Program Slices for Hardware Isolation Based Security.” Hot off the Press track in Symposium on Search-Based Software Engineering (SSBSE), September 2018. [PDF]
[P7] Mengmei Ye, Jonathan Sherman, Witawas Srisa-an, Sheng Wei, “TZSlicer: Security-Aware Dynamic Program Slicing for Hardware Isolation.” IEEE International Symposium on Hardware Oriented Security and Trust (HOST), May 2018. (Acceptance rate 17/84 = 20.2%. Best Paper Nomination) [PDF] [Code]
[P6] Mengmei Ye, Mehrdad Zaker Shahrak, Sheng Wei, “PUFSec: Protecting Physical Unclonable Functions Using Hardware Isolation-based System Security Techniques.” IEEE Asian Hardware Oriented Security and Trust Symposium (AsianHOST), October 2017. [PDF]
[P5] Xianglong Feng, Mengmei Ye, Viswanathan Swaminathan, Sheng Wei, “Towards the Security of Motion Detection-based Video Surveillance on IoT Devices.” ACM Multimedia Conference - Thematic Workshop, October 2017. [PDF]
[P4] Mengmei Ye, Nan Jiang, Hao Yang, Qiben Yan, “Security Analysis of Internet-of-Things: A Case Study of August Smart Lock.” IEEE INFOCOM - Workshop on the Security, Privacy, and Digital Forensics of Mobile Systems and Networks (MobiSec), May 2017. [PDF]
[P3] Mengmei Ye, Nianhang Hu, Sheng Wei, “Lightweight Secure Sensing Using Hardware Isolation.” IEEE SENSORS, October 2016. [PDF]
[P2] Nianhang Hu, Mengmei Ye, Sheng Wei, “Surviving Information Leakage Hardware Trojan Attacks Using Hardware Isolation.” IEEE International Conference on Computer Design (ICCD), October 2016. (Acceptance rate: 28.8%. Best Paper Award in “Test, Verification, and Security” Track. The paper was published in IEEE Transactions on Emerging Topics in Computing (TETC).) [PDF]
[P1] Mehrdad Zaker Shahrak, Mengmei Ye, Viswanathan Swaminathan, Sheng Wei, “Two-Way Real Time Multimedia Stream Authentication Using Physical Unclonable Functions.” IEEE Workshop on Multimedia Signal Processing (MMSP), September 2016. [PDF]