Memory corruption plagues systems since the dawn of computing. Despite the rise of strong mitigations, exploits are still prevalent. This situation calls for automatic software testing techniques that discover reachable vulnerabilities before any …
WebAssembly (Wasm) is a portable bytecode originally designed to safely run native code (e.g., C/C++ and Rust) in the browser. Since its initial design, though, Wasm has been increasingly used to sandbox untrusted code outside the browser. For …
Modern applications handle sensitive user data in complex ways, subject to increasingly complex security policies. A promising approach to enforcing these policies is to use Information Flow Control (IFC) frameworks, which separate policy …
Web application security is a complicated matter. To assist site operators in secure web application development, browser vendors offer client-side security mechanisms designed to offer robust protection against common threats. Unfortunately, prior …
The work of Fuzz has pioneered the use of functional programming languages where types allow reasoning about the sensitivity of programs. Fuzz and subsequent work (e.g., DFuzz and Duet) use technical devices like linear types, modal types, and …
Google disabled years ago the possibility to freely modify some internal configuration parameters, so options like silently (un)install browser extensions, changing the home page or the search engine were banned. This capability was as simple as …
This talk will give a first overview of research and activities trending in automotive security. We will look at future cooperative vehicle safety systems where cellular communications (i.e., 4G, 5G) and IEEE 802.11p are technologies enabling …
Who: Catalin Hritcu from Inria Paris, France \
When: 14:00 - 15:00 Thursday {{ page.date | date_to_long_string }}\
Where: Room ES52, Linsen (Maskingränd 2).\
Title: {{ page.title }}
Abstract:\
We propose a new formal criterion for evaluating secure compartmentalization schemes for unsafe languages like C and C++, expressing end-to-end security guarantees for software components that may become compromised after encountering undefined behavior—for example, by accessing an array out of bounds.