Ensuring least privilege principle through isolation across all the computing stack
Event details
Date | 14.06.2022 |
Hour | 16:00 › 18:00 |
Speaker | Andrés Sanchez |
Location | |
Category | Conferences - Seminars |
EDIC candidacy exam
Exam president: Prof. Edouard Bugnion
Thesis advisor: Prof. Mathias Payer
Co-examiner: Prof. James Larus
Abstract
When combining different programming models, their connection requires an interface, which also should respect the security dimension. The default mixed languages interfaces design lacks from an isolation primitive (e.g., FFI between Rust and C) and raises a new question: how can we avoid unintended safety violations soundly while preserving the intended in-process memory layout? We ponder how to extend existing compartmentalization techniques and methods for the new in-process mutual distrust scenario, aided by compilation-based program analysis and low-overhead transitions.
Background papers
- Cross-Language Attacks (NDSS 2022), Samuel Mergendahl, Nathan Burow, and Hamed Okhravi (llink will come soon)
- Isolation without taxation: near-zero-cost transitions for WebAssembly and SFI (POPL 2022), link
- Ptrsplit: Supporting general pointers in automatic program partitioning (ACM CCS 2017), link
Exam president: Prof. Edouard Bugnion
Thesis advisor: Prof. Mathias Payer
Co-examiner: Prof. James Larus
Abstract
When combining different programming models, their connection requires an interface, which also should respect the security dimension. The default mixed languages interfaces design lacks from an isolation primitive (e.g., FFI between Rust and C) and raises a new question: how can we avoid unintended safety violations soundly while preserving the intended in-process memory layout? We ponder how to extend existing compartmentalization techniques and methods for the new in-process mutual distrust scenario, aided by compilation-based program analysis and low-overhead transitions.
Background papers
- Cross-Language Attacks (NDSS 2022), Samuel Mergendahl, Nathan Burow, and Hamed Okhravi (llink will come soon)
- Isolation without taxation: near-zero-cost transitions for WebAssembly and SFI (POPL 2022), link
- Ptrsplit: Supporting general pointers in automatic program partitioning (ACM CCS 2017), link
Practical information
- General public
- Free