- Date : 16/07/2019
- Lieu : Inria de Paris - Salle JLL2
- Intervenant(s) : Nikos Vasilakis
Retrofitting Security, Module by Module
Nikos Vasilakis (University of Pennsylvania)
Developers of large-scale software systems use third-party modules to reduce costs and accelerate release cycles, at a risk to safety and security. I will introduce a series of techniques that exploit module boundaries to automate software compartmentalization and enforce security policies, enhancing safety and security. BreakApp transparently spawns modules in compartments while preserving their original behavior. Iris leverages language-based protection to offer finer-grained control and lower performance overheads. Finally, Mir uses a constrained read-write-execute protection model to fully automate compartmentalization.
Nikos Vasilakis is a Ph.D. candidate in Computer and Information Science at the University of Pennsylvania. His research interests lie in the broad areas of distributed systems, programming languages, and security. Recent work includes general-purpose distributed environments, automated distribution, application compartmentalization, sandboxing of third-party libraries, and distributed storage systems.