Deian Stefan (UCSD)

Modern browsers are massive, notoriously complex systems. We use them for everything. Unfortunately, they're also largely written in C and C++, and thus as useful to attackers as they are to us. Indeed, few systems are as widely exploited in the wild—to target everyone from ethnic groups to journalists and activists—as browsers. In this talk I'm going to give you an overview of our efforts using programming language techniques—from information flow type systems, to WebAssembly-based sandboxing, and automated verification—to shift the design and implementation of Firefox towards a more secure browser.

Speaker's Biography: Deian is an Associate Professor of Computer Science and Engineering at UC San Diego, where he co-leads the Security and Programming Systems groups. His research lies at the intersection of security and programming languages; he is particularly interested in building secure systems that are deployed in production. He is a co-founder of Cubist, a security and infrastructure digital assets platform, and a board director of the Bytecode Alliance. Previously he was a co-founder of Intrinsic, a runtime security startup acquired by VMware in 2019.

View More Papers

Poster: Probabilistic Chunk-Dispersed Routing for Mitigating Link-Flooding Attack in...

Hyeon-Min Choi (Incheon National University), Jae-Hyeon Park (Incheon National University), Eun-Kyu Lee (Incheon National University)

Read More

Discovering Blind-Trust Vulnerabilities in PLC Binaries via State Machine...

Fangzhou Dong (Arizona State University), Arvind S Raj (Arizona State University), Efrén López-Morales (New Mexico State University), Siyu Liu (Arizona State University), Yan Shoshitaishvili (Arizona State University), Tiffany Bao (Arizona State University), Adam Doupé (Arizona State University), Muslum Ozgur Ozmen (Arizona State University), Ruoyu Wang (Arizona State University)

Read More