ABSTRACT

Modern browsers are massive, notoriously complex systems. We use them for everything. Unfortunately, they're also largely written in C and C++, and thus as useful to attackers as they are to us. Indeed, few systems are as widely exploited in the wild—to target everyone from ethnic groups to journalists and activists—as browsers. In this talk I'm going to give you an overview of our efforts using programming language techniques—from information flow type systems, to WebAssembly-based sandboxing, and automated verification—to shiftthe design and implementation of Firefox towards a more secure browser.

BIO

Deian Stefan is an Associate Professor of Computer Science and Engineering at UC San Diego, where he co-leads the Security and Programming Systems groups. His research lies at the intersection of security and programming languages; he is particularly interested in building secure systems that are deployed in production. He is a co-founder of Cubist, a security and infrastructure digital assets platform, and a board director of the Bytecode Alliance. Previously he was a co-founder of Intrinsic, a runtime security startup acquired by VMware in 2019.