Skip to content
View bitboom's full-sized avatar
7 followers · 4 following

Achievements

Achievement: Pair ExtraordinaireAchievement: Pull Sharkx2Achievement: QuickdrawAchievement: YOLOAchievement: Arctic Code Vault Contributor

Achievements

Achievement: Pair ExtraordinaireAchievement: Pull Sharkx2Achievement: QuickdrawAchievement: YOLOAchievement: Arctic Code Vault Contributor

Block or report bitboom

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
bitboom/README.md

Sangwan Kwon

Staff Software Engineer
Security & Privacy Team, AI Platform Center
Samsung Electronics
sangwan.kwon@samsung.com · bitboom9@gmail.com

Professional Summary

System security engineer with 10+ years of experience building security-critical software across embedded security processors, mobile devices, and cloud infrastructure.

Specialized in confidential computing and Rust-based systems programming; built a hypervisor now adopted as a Linux Foundation Confidential Computing Consortium (CCC) project.

Currently designing a hardened Cloud OS for Private Cloud Compute, enabling secure AI inference with hardware isolation.

Core Technical Expertise

  • Confidential Computing
    • Designing a hardened Cloud OS for Private Cloud Compute using Intel TDX
    • Built Rust-based Realm Management Monitor (RMM) for Arm CCA adopted as a CCC Project
    • Contributed Arm CCA backend support in CCC projects for cross-platform confidential computing APIs
  • System & Kernel Security
    • Designed and implemented embedded secure OS for Samsung Knox Vault's hardware-isolated security processor, completing technology transfer to business division
    • Built security middleware for Tizen platforms including unified security monitors, authentication framework supporting TrustZone and software-based backends, and per-application isolated SSL trust anchors
  • Rust Systems Programming
    • Applied Rust across the full spectrum from bare-metal no_std to full-featured environments
    • Developed a compiler-level tool to detect unsafe code at the HIR stage and used Miri-based validation to improve auditability and reduce unsafe usage
    • Maintain CCC open-source project, reviewing and evaluating external contributions

Selected Projects

Vigilo — Hardened Cloud OS for Private Cloud Compute on Intel TDX (2025 – Present)

  • Architecting a hardened Cloud OS leveraging Intel TDX for Private Cloud Compute
  • Defining OS-level enforcement to achieve on-device-equivalent privacy
  • Planned for open-source release

Islet — On-Device Confidential Computing (2022 – 2024)

  • Core architect and developer of Arm CCA-based confidential computing platform, implementing Rust-based Realm Management Monitor (RMM) managing realm lifecycle
  • Built a Confidential Application SDK providing Attestation and Sealing
  • Contributed the Rust-based RMM to the Linux Foundation’s Confidential Computing Consortium (CCC) as a project deliverable
  • Collaborated with VMware on Certifier Framework, implementing Arm CCA backend support for cross-platform confidential computing APIs
  • Demonstrated at Confidential Computing Summit 2023

Camellia — Rust-based Secure OS for Security Processors (2020 – 2022)

  • Designed and implemented a Rust-based secure OS for Samsung Knox Vault's hardware-isolated security processor, covering both kernel and user-space components in a bare-metal environment
  • Built a type-safe RPC framework for secure inter-process communication
  • Developed a Rust tool to trace unsafe code at the HIR stage, minimizing unsafe code usage
  • Completed technology transfer to business division, meeting production requirements for stability, performance, and reliability in mass-produced devices

Tizen — Security Middleware (2015 – 2020)

  • Contributed to commercialization of Mobile, TV, and Wearable products
  • Designed unified security monitor for device policy management
  • Built authentication framework with pluggable backends supporting both software-based and TrustZone-backed secure storage
  • Implemented Modern C++ RPC framework for secure client-server method invocation
  • Maintained SSL trust anchors and application signature validation

Open Source & Patents

  • Islet Project — Maintainer
  • Certifier Framework — Contributor
  • Patents: Confidential Computing (KR 2024), Key Management (KR 2020, US 2022), Data Protection (KR 2020), Container Security (KR 2019, US 2020)

Education

M.S., Computer Science | Yonsei University, South Korea | 2014 – 2017
B.S., Computer Science | Kookmin University, South Korea | 2007 – 2014

Links

Pinned Loading

  1. islet-project/islet islet-project/islet Public

    An on-device confidential computing platform

    Rust 140 32

  2. islet islet Public

    Forked from islet-project/islet

    An on-device confidential computing framework

    Rust