NDSS

The Long Winding Road from Idea to Impact in Web Security

Abstract

So, you want to make the web safer? Great! You’ll need more than just a good idea.

In this talk, I will share stories of the long and winding road, from idea to impact, of multi-year initiatives that have made Chrome and the open web platform safer. We’ll talk about the long arc of securing Flash content, progress after a multi-year push to drive HTTPS adoption, some of the boring work of the BoringSSL project, and a 5+ year refactoring project that helped us mitigate speculative cpu vulnerabilities over the past year. We’ll also talk about some of the practical constraints and lessons learned for others to consider when trying to improve security of large, complex, real-world systems.

Biography

Parisa Tabriz is a Director of Engineering at Google, currently responsible for making Chrome the most safe, stable, and useful tool for browsing the web across all your devices. She also manages the Project Zero team, is affectionately known as Google’s “Security Princess” (her former job title!), and has worked on information security at Google for over a decade, starting as a “hired hacker” software engineer for Google’s security team. As an engineer, she found and closed security holes in dozens of Google’s web applications, and taught other engineers how to do the same.


Outside of Google, Parisa has lectured at the Harvard Kennedy School, served in the White House U.S. Digital Service to enhance security of government technology, and consulted with multiple entertainment writers to help them understand the world of cybersecurity and technology so they can create and depict more accurate, diverse stories.