Software testing and hardware isolation in modern systems.

The aim of the talk is to prepare for hiring interviews coming up soon.

Abstract:
Adversaries exploit vulnerabilities to compromise systems. For instance, a vulnerability in a Web browser sandbox may allow an attacker to leak private data. Reducing the number of bugs improves security guarantees; enforcing the principle of least privileges limits the potential damage of any remaining bug.

We will discuss two key aspects of system security: automated security testing and hardware isolation. Improving testing prevents bugs from reaching production environments. Modern hardware isolation technologies provide secure enclaves to store critical software and data, enabling the enforcement of least privileges. Enclaves assume a strong attacker model and are designed to resist against fully compromised systems. I will first introduce automatic testing, while the second part will revolve around new challenges regarding automatic testing and technologies for hardware isolation.

Bio:
Flavio Toffalini is a PostDoc in the HexHive group at EPFL. He works on system security in the context of trusted applications, automatic software testing, and exploit mitigation. Specifically, he studies threats and mitigations for SGX and TEE technologies, and designs novel fuzzing techniques. His background ranges from software engineering to mitigation and bug finding. He also serves on the program committee for conferences such as NDSS, Usenix SEC AE, and DIMVA.