May 18, 2021
Nikos Vasilakis
Software developers make pervasive use of third-party software supply chains to reduce costs and accelerate release cycles, at a risk to safety and security. I will introduce a series of techniques that exploit module boundaries to automate software compartmentalization and enforce security policies, enhancing safety and security. BreakApp isolates select modules using powerful system-level containment mechanisms. Iris leverages language-based protection to offer finer-grained control and lower performance overheads. Finally, Mir uses a constrained read-write-execute protection model and a hybrid analysis to fully automate compartmentalization.