Retrofitting Security in Applications with Many Third-party Modules

07.06.2018, 11:00 – 12:00

07.06.2018 11:00-12:00

Speaker: Nikos Vasilakis, University of Pennsylvania | Location: Mornewegstraße 32 (S4|14), Room 4.3.01, Darmstadt

Organizer: Prof. Michael Pradel, TU Darmstadt


Developers of large-scale software systems use third-party modules to reduce costs and accelerate release cycles, at a risk to safety and security. I will introduce a set of techniques that exploit module boundaries to automate compartmentalization of systems and enforce security policies, enhancing reliability and security. Our system, BreakApp, transparently spawns modules in protected compartments while preserving their original behavior. Optional high-level policies decouple security assumptions made during development from requirements imposed for module composition and use. These policies allow fine-tuning trade-offs such as security and performance based on changing threat models or load patterns. Evaluation of BreakApp with a prototype implementation for JavaScript -- an environment that is notorious today for its high-impact security problems -- demonstrates feasibility by enabling simplified security hardening of existing systems with low performance overhead.

Short bio

Nikos Vasilakis is a Ph.D. candidate in Computer and Information Science at the University of Pennsylvania, advised by Jonathan M.

Smith. Broadly construed, his research focus is large-scale distributed systems, with branches into systems security and programming languages. In the past, he worked as a software engineer in industrial environments that blend engineering with a tablespoon of research (e.g., VMware).