Join us at noon on Thursday, March 31 in the Coda building or by Zoom as Shravan Narayan, Ph.D. student in the Computer Science and Engineering department at the University of California San Diego, presents a lecture to SCP’s faculty and students. More information on the talk and the zoom link are below.
Retrofitting Security in Real Systems
Abstract:
Most systems we use today are wildly insecure. This past year attackers have exploited bugs in systems like browsers and operating systems to steal user data, shut down hospitals, and stalk activists. Attackers are winning because bugs in a seemingly unimportant component like the browser’s spell-checker can be used to compromise the entire browser.
In this talk, I will describe my work retrofitting existing systems towards secure design. First, I will describe RLBox, a type-driven sandboxing framework that ships in the Firefox browser. RLBox helps Firefox engineers retrofit the browser to sandbox third-party libraries and safeguard its users from attacks that exploit vulnerabilities from these libraries. Then I will describe my work on VeriWasm analysis tool and Swivel compiler which together secure edge cloud platforms against attacks that exploit compiler bugs and micro-architectural vulnerabilities like Spectre. Along the way, I will describe the challenges and research questions that only arise when trying to deploy principles techniques (e.g., from programming languages and system design) to secure huge systems like Firefox.
Bio:
Shravan Narayan is a Ph.D. candidate at UC San Diego, advised by Deian Stefan. His research interests span security and systems. He is particularly interested in retrofitting security in large real-world systems like browsers. Shravan and his collaborators have won the Distinguished Paper Award at USENIX Security 2020, received an honorable mention at the NSA Best Scientific Cybersecurity Paper Competition, and won the applied research competition at CSAW 2020. His work is deployed in multiple real systems, including the Firefox browser.