Abstract

Application compartmentalization decomposes software into sandboxed components in order to mitigate security vulnerabilities, and has proven effective in limiting the impact of compromise. Experience shows, however, that compartmentalizing existing C-language software is difficult, triggering correctness, performance, and most critically, security problems.

This talk introduces Security-Oriented Analysis of Application Programs (SOAAP), a set of LLVM -based analysis and simulation techniques that support software developers in exploring broad compartmentalization spaces available for each application.

Programmers annotate source code with compartmentalization hypotheses that notify SOAAP of past vulnerabilities, security goals such as data confidentiality, performance objectives, and a proposed compartmentalization strategy. SOAAP then evaluates the hypothesis through a blend of static and dynamic analysis, informing the programmer of potential data consistency bugs, security policy violations and expected performance.

Bio: Khilan Gudka is a Research Associate in the Security group at the University of Cambridge Computer Laboratory. Prior to this he did his PhD at Imperial College London. His research interests include software compartmentalisation, capability systems, static/dynamic program analysis, compilers/runtimes and concurrency.