Developers of large-scale software systems use third-party modules to reduce costs and accelerate release cycles, at a risk to safety and security. I will introduce a series of techniques that exploit module boundaries to automate software compartmentalization and enforce security policies, enhancing safety and security. BreakApp transparently spawns modules in compartments while preserving their original behavior. Iris leverages language-based protection to offer finer-grained control and lower performance overheads. Finally, Mir uses a constrained read-write-execute protection model and static language-level analysis to fully automate compartmentalization.
Nikos Vasilakis is a post-doctoral researcher at the Massachusetts Institute of Technology (MIT). His research interests lie in the broad areas of distributed systems, programming languages, and computer security. Recent work includes general-purpose distributed environments, automated distribution, application compartmentalization, sandboxing of third-party libraries, and distributed storage systems. He received a Ph.D. from the department of Computer and Information Science at the University of Pennsylvania, and a diploma from the department of Computer Engineering and Informatics at the University of Patras.
