BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Memento EPFL//
BEGIN:VEVENT
SUMMARY:Enforcing systems compartmentalization through hardware-software c
 o-design
DTSTART:20220816T100000
DTEND:20220816T120000
DTSTAMP:20260407T162510Z
UID:8d383f6af53e9f6226d158e9deea49327a42510dd907caf521ae1ceb
CATEGORIES:Conferences - Seminars
DESCRIPTION:Andrés SÁNCHEZ MARÍN\nEDIC candidacy exam\nExam president: 
 Prof. Edouard Bugnion\nThesis advisor: Prof. Mathias Payer\nCo-examiner: P
 rof. James Larus\n\nAbstract\nThere is a lack of consolidation for a robus
 t and efficient method that restricts a software system's vulnerability to
  trigger the whole system's security. A solution is to isolate potential c
 ompromised system components in compartments\, trimming the vulnerabilitie
 s' effects to the compartment they belong to. Resulting isolation should b
 e applicable at all sorts of granularity\, embracing the hardware-provided
  capabilities and designing the resulting software by satisfying the hardw
 are limitations.\n\nIn this work we explore the program's compartmentaliza
 tion problem through three papers in two directions: the requirements to a
 ddress effective division while minimizing its cost\, and the analysis req
 uired when partitioning a program including how to pass data through compa
 rtment boundaries. Enclosure employs a generic programming language isolat
 ion policy under which the programmer has the power to determine the compa
 rtments. PtrSplit presents a policy at the language level with an implemen
 tation fulfilling the limitations of raw pointers. ERIM focuses on the swi
 tching mechanism and the mandatory code transformations to encompass it. W
 e categorize the previous work's shortcomings and examine how to isolate p
 rocess stack frames as a proof of concept of compartmentalization aided by
  hardware-software co-design.\n\nBackground papers\n- Enclosure: language-
 based restriction of untrusted libraries:https://dl.acm.org/doi/10.1145/34
 45814.3446728\n- PtrSplit: Supporting General Pointers in Automatic Progra
 m Partitioning: https://dl.acm.org/doi/10.1145/3133956.3134066\n- ERIM: Se
 cure\, Efficient In-process Isolation with Protection Keys (MPK): https://
 www.usenix.org/system/files/sec19-vahldiek-oberwagner_0.pdf\n 
LOCATION:BC 333 https://plan.epfl.ch/?room==BC%20333
STATUS:CONFIRMED
END:VEVENT
END:VCALENDAR