Join us at noon on Thursday, April 14 in the 9th floor atrium of the Coda building or by Zoom as Nikos Vasilakis, a research scientist at the MIT Computer Science & Artificial Intelligence Laboratory (CSAIL), presents a lecture to SCP’s faculty and students. More information on the talk and the zoom link are below.
Security in a World of Software Supply-Chain Vulnerabilities
Abstract:
Modern software incorporates thousands of third-party components. Bugs or security vulnerabilities in these components can seriously compromise the integrity of incorporating applications. Because of their widespread use, and the difficulty of vetting the enormous number of integrated components for vulnerabilities, they comprise a compelling target for attackers, who purposefully insert vulnerabilities into widely used components with the goal of compromising the integrity of entire software ecosystems.
I will present a series of systems that leverage component boundaries to offer automated solutions to vulnerabilities that appear in the software component supply chain: BreakApp implements system-level containment techniques that prevent an attack from escaping its component; Iris leverages language-based protection to offer high performance enforcement of fine-grain security policies; Mir introduces a constrained privilege model and a hybrid analysis to deliver additional automation; and Harp uses active learning to infer and regenerate domain-specific components that are guaranteed to be free of inserted software vulnerabilities. Individually, these systems focus on transparent protection against classes of threats. Combined, they provide a holistic and in-depth transformation-based approach to securing software ecosystems.
Bio:
Nikos Vasilakis is a Research Scientist at MIT CSAIL. His research encompasses systems, programming languages, and security and has been recognized by several best paper, best presentation, and best demo awards. His current focus is on automatically enhancing software systems with new capabilities such as parallelism, distribution, and security against a variety of threat models. Nikos is also a Co-Founder and Chief Technology Officer at Require Security, a startup transitioning his software supply-chain research to industry; and a member of the Technical Steering Committee behind PaSh, a shell-script parallelization project hosted by the Linux Foundation.