Galois Inc.

Abstract:

The formidable growth of the cyber-threat landscape today is accompanied by an imperative need for providing high-assurance software solutions. In the last decade, binary hardening via In-lined Reference Monitoring (IRMs) has been firmly established as a powerful and versatile technology, providing superior security enforcement for many platforms. IRM frameworks rewrite untrusted binary code, inserting runtime checks to produce safe, self-monitoring code; IRMs are equipped with the ability to enforce a rich set of history-based policies, without requiring access to source code.

In this talk, we present HybridGuard, an IRM framework for hybrid mobile apps. Hybrid mobile frameworks, such as React Native, Ionic, PhoneGap etc., are rapidly becoming the mainstay technology for developing mobile apps. Here, the developer need only write web code, and the framework automatically ports to popular mobile platforms such as Android, iOS etc. While slick, quick, and cost-effective, the exposure of sensitive mobile device resources to web content dramatically increases the attack surface, rendering the apps vulnerable to a slew of dangerous attacks such as code-injection, fracking, cross-site scripting, tapjacking, amongst others.

HybridGuard allows developers fine-grained access control and rich policy enforcement over hybrid mobile apps, protecting against the dangerous vulnerabilities that web code inclusion brings. We will discuss the research challenges and successes on adapting the IRM technology to secure this complex, cross-platform mobile space, and probe into its natural extension into the world of Internet-of-Things.

Bio:

Dr. Meera Sridhar is an Assistant Professor in the Department of Software and Information Systems at UNC Charlotte. Her research interests span language-based and systems security, formal methods, and their application to web, mobile and Internet-of-Things security. Her research is currently supported by the National Science Foundation (NSF). Dr. Sridhar is a member of ACM, ACM-W and WiCyS.

Dr. Sridhar received her Bachelor’s in Computer Science from Carnegie Mellon University in 2002, graduating with University and College Honors. She received her Master’s in Computer Science from Carnegie Mellon University in 2004, and her Ph.D. in Computer Science from The University of Texas at Dallas in 2014. Dr. Sridhar is an International Baccalaureate Diploma holder from the International School Manila, Philippines.

Abstract:

Teaching programming is a hard job. Teaching Haskell is a way harder given its inherent complexity and expectations students have. Nevertheless, there are many approaches to do that. In this talk, I would like to outline the practices that I use and those that I don’t find fruitful. There are quite a few books that can be used for teaching, and I will try to categorize them in terms of their ability to educate a professional Haskell developer. Haskell is a big language, so what should be taught is another crucial question. Should it be a course on functional programming in general or Haskell specifics are fine to teach? For example, there is no clear answer on whether you should attempt teaching something like lenses or stream I/O given limited time. How to teach students about monads? Well, everyone knows the right answer, I will describe my approach. I will also talk about ways to motivate students and to make them learn Haskell by themselves.

Speaker:

Vitaly Bragilevsky, Senior Lecturer at Southern Federal University

Bio:

Vitaly Bragilevsky serves as both the Haskell 2020 Language Committee and the GHC Steering Committee member. He works as a Senior Lecturer at the Southern Federal University in Rostov-on-Don, Russia where he teaches undergraduate students functional programming and theory of computations. He is the author of ‘Haskell in Depth’ (Manning Publications, available via Manning’s early access program).

Recording:

The presentation will be live streamed on our YouTube channel.