Seminars

View all Seminars  |  Download ICal for this event

Unlocking Security: Automating Granular Compartmentalization of Legacy Codebases

Series: Department Seminar

Speaker: Nathan Dautenhahn, Rice University

Date/Time: Dec 21 15:00:00

Location: CSA Seminar Hall (Room No. 254, First Floor)

Abstract:
Enhancing the security of complex legacy codebases poses a significant challenge, particularly when striving for fine-grained privilege control to mitigate lateral exploitation. This task traditionally demands manual expertise, drawing from diverse domains including codebase knowledge, application security, and systems security. While experts can isolate components and secure data, achieving comprehensive compartmentalization throughout the entire system remains elusive. This presentation introduces a pioneering approach: Fitting Least-Authority Naturally (FLAN), a novel software engineering discipline. FLAN harnesses inherent modularity present within source structures and dynamic behaviors of codebases, revealing emergent privilege locality. This intrinsic modularity enables automated transformations that establish least-authority compartments, each with tailored privileges, without compromising compatibility. Our exploration demonstrates that this modularity can be extrapolated from source code, ushering in a new era of privileged compartmentalization. Join us to discover how FLAN revolutionizes security, automating the creation of fine-grained compartments within legacy systems.

Speaker Bio:
Nathan Dautenhahn is a trailblazer in systems security and program analysis, specializing in advanced compartmentalization techniques. He has pioneered program analysis tools that quantify privilege locality, driving the automation of privilege separation. Nathans work spans from theory to practice, including static and dynamic analysis tools, innovative enforcement mechanisms, and integration of isolation microkernels into runtimes. His insights have influenced major initiatives like DARPAs CPM program. Nathans dynamic analysis tool, Memorizer, is adopted by DARPAs HARDEN program and included in the LinuxKit open source project, underlining his impact. Nathans early work in securing critical data structures influenced large vendor operating systems and microarchitectures (Apple MacOS and ARM hardware extensions). His expertise shines in papers published in renowned security and systems conferences like IEEE S&P, CCS, NDSS, ASPLOS, and ISCA. Nathan Dautenhahn continues to reshape cybersecurity with his innovative contributions.

Host Faculty: Prof. Vinod Ganapathy