Publications & Technical Research
Peer-reviewed research from Graziano Labs Corp. advancing the science of cryptographic observability.
The DMA Streaming Framework: Kernel-Level Buffer Orchestration for High-Performance AI Data Paths
Marco Graziano — Graziano Labs Corp.
Abstract
AI transport libraries move bytes efficiently, but they commonly assume that buffers are already correctly allocated, placed, shared, registered, and safe under completion and teardown pressure. This paper presents dmaplane, a Linux kernel module that makes this missing layer explicit as buffer orchestration. dmaplane exposes a stable kernel UAPI via /dev/dmaplane and composes ring-based command channels, DMA buffer lifecycle management, dma-buf export for cross-device sharing, a kernel-space RDMA engine, NUMA-aware allocation and verification, credit-based flow control, low-overhead observability, and GPU memory integration via PCIe BAR pinning. We evaluate orchestration sensitivity with measurements of NUMA cross-node penalties at DRAM scale, completion-safe flow control under sustained RDMA load, and GPU BAR mapping tiers versus cudaMemcpy. We also demonstrate end-to-end disaggregated inference by transferring KV-cache chunks between two machines using RDMA WRITE WITH IMMEDIATE and reconstructing tensor views on the receiver.
Key Contributions
Buffer Orchestration Layer
Explicit kernel-level management of DMA buffer lifecycle — allocation, placement, sharing, registration, and teardown safety.
Kernel-Space RDMA Engine
Credit-based flow control under sustained RDMA load with completion-safe teardown guarantees.
NUMA & GPU Integration
NUMA-aware allocation with DRAM-scale penalty analysis; GPU memory via PCIe BAR pinning vs. cudaMemcpy.
Disaggregated Inference Demo
End-to-end KV-cache transfer between machines over RDMA WRITE WITH IMMEDIATE with tensor view reconstruction.
Cryptographic Observability and Drift Detection: A Dual-Layer Model and Reference Implementation
Marco Graziano — Graziano Labs Corp.
Abstract
Cryptographic systems deployed in production often differ substantially from their documented or configured cryptographic posture, creating blind spots that complicate security analysis and post-quantum migration planning. We introduce a dual-layer observability model that distinguishes between configured cryptography (static layer) and observed cryptography (runtime layer), and formalize cryptographic drift as the mismatch between these layers. We define two classes of drift: Configured-Not-Observed (CNO) and Observed-Not-Configured (ONC), and establish basic properties of drift detection under this model.
We present a reference implementation that realizes the model by combining binary-level cryptographic inventorying, runtime tracing of cryptographic operations, and passive network protocol analysis. The implementation enables detection of undocumented libraries, dynamically loaded cryptographic code, and network-visible cryptographic behavior without payload decryption. Experimental results on Linux and embedded systems demonstrate scalable static analysis, production-safe runtime tracing, and high-throughput network observation, and reveal substantial cryptographic drift in real deployments.
Key Contributions
Dual-Layer Model
Formal framework distinguishing static configuration from runtime behavior, enabling systematic drift detection.
Drift Taxonomy
Two drift classes — CNO (configured but not observed) and ONC (observed but not configured) — with formal properties.
Reference Implementation
Four open-source tools: cbom-generator, crypto-tracer (eBPF), pqc-flow, and cbom-explorer.
Experimental Validation
90%+ asset coverage on embedded Linux with <0.5% CPU overhead and 12,000+ files/min throughput.
Industry Whitepapers
Building a Distributed Cryptographic Bill of Materials Architecture for the Post‑Quantum Era
Marco Graziano — Graziano Labs Corp.
Presents the architecture of a distributed CBOM system that combines static analysis with runtime monitoring to provide complete cryptographic observability. Covers the agent-collector model, three-layer data acquisition, correlation engine, and policy enforcement.
Read Whitepaper →Built on Research, Ready for Production
CipherIQ's open-source tools implement the models described in our research. Try them today.