Retrofitting Security, Module by Module

May 18, 2021

Nikos Vasilakis


Retrofitting Security, Module by Module

Time:   11:00am
Location:   Zoom3 - https://zoom.us/j/3911012202 (pass: s3)

Software developers make pervasive use of third-party software supply chains to reduce costs and accelerate release cycles, at a risk to safety and security. I will introduce a series of techniques that exploit module boundaries to automate software compartmentalization and enforce security policies, enhancing safety and security. BreakApp isolates select modules using powerful system-level containment mechanisms. Iris leverages language-based protection to offer finer-grained control and lower performance overheads. Finally, Mir uses a constrained read-write-execute protection model and a hybrid analysis to fully automate compartmentalization.