Staff Software Engineer
Security & Privacy Team, AI Platform Center
Samsung Electronics
sangwan.kwon@samsung.com · bitboom9@gmail.com
System security engineer with 10+ years of experience building security-critical software across embedded security processors, mobile devices, and cloud infrastructure.
Specialized in confidential computing and Rust-based systems programming; built a hypervisor now adopted as a Linux Foundation Confidential Computing Consortium (CCC) project.
Currently designing a hardened Cloud OS for Private Cloud Compute, enabling secure AI inference with hardware isolation.
- Confidential Computing
- Designing a hardened Cloud OS for Private Cloud Compute using Intel TDX
- Built Rust-based Realm Management Monitor (RMM) for Arm CCA adopted as a CCC Project
- Contributed Arm CCA backend support in CCC projects for cross-platform confidential computing APIs
- System & Kernel Security
- Designed and implemented embedded secure OS for Samsung Knox Vault's hardware-isolated security processor, completing technology transfer to business division
- Built security middleware for Tizen platforms including unified security monitors, authentication framework supporting TrustZone and software-based backends, and per-application isolated SSL trust anchors
- Rust Systems Programming
- Applied Rust across the full spectrum from bare-metal no_std to full-featured environments
- Developed a compiler-level tool to detect unsafe code at the HIR stage and used Miri-based validation to improve auditability and reduce unsafe usage
- Maintain CCC open-source project, reviewing and evaluating external contributions
- Architecting a hardened Cloud OS leveraging Intel TDX for Private Cloud Compute
- Defining OS-level enforcement to achieve on-device-equivalent privacy
- Planned for open-source release
- Core architect and developer of Arm CCA-based confidential computing platform, implementing Rust-based Realm Management Monitor (RMM) managing realm lifecycle
- Built a Confidential Application SDK providing Attestation and Sealing
- Contributed the Rust-based RMM to the Linux Foundation’s Confidential Computing Consortium (CCC) as a project deliverable
- Collaborated with VMware on Certifier Framework, implementing Arm CCA backend support for cross-platform confidential computing APIs
- Demonstrated at Confidential Computing Summit 2023
- Designed and implemented a Rust-based secure OS for Samsung Knox Vault's hardware-isolated security processor, covering both kernel and user-space components in a bare-metal environment
- Built a type-safe RPC framework for secure inter-process communication
- Developed a Rust tool to trace unsafe code at the HIR stage, minimizing unsafe code usage
- Completed technology transfer to business division, meeting production requirements for stability, performance, and reliability in mass-produced devices
- Contributed to commercialization of Mobile, TV, and Wearable products
- Designed unified security monitor for device policy management
- Built authentication framework with pluggable backends supporting both software-based and TrustZone-backed secure storage
- Implemented Modern C++ RPC framework for secure client-server method invocation
- Maintained SSL trust anchors and application signature validation
- Islet Project — Maintainer
- Certifier Framework — Contributor
- Patents: Confidential Computing (KR 2024), Key Management (KR 2020, US 2022), Data Protection (KR 2020), Container Security (KR 2019, US 2020)
M.S., Computer Science | Yonsei University, South Korea | 2014 – 2017
B.S., Computer Science | Kookmin University, South Korea | 2007 – 2014
- Islet Project (GitHub): https://github.com/islet-project/islet
- Confidential Computing Consortium (Projects): https://confidentialcomputing.io/projects/current-projects/
- Certifier Framework: https://github.com/ccc-certifier-framework/certifier-framework-for-confidential-computing
- The Register (CCC/Standards): https://www.theregister.com/2023/06/30/confidential_computing_standards/
- SiliconANGLE (VMware-Samsung): https://siliconangle.com/2023/06/29/vmware-partners-samsung-amd-risc-v-accelerate-confidential-computing/