Marcela Melara will present her Pre FPO on Monday, March 11, 2019 at 2pm in CS 105. The members of her committee are as follows: Michael Freedman (adviser), Mic Bowman (Intel Labs), Amit Levy, Wyatt Lloyd, and Prateek Mittal All are welcome to attend. The talk title and abstract follow below. Title: Novel Systems for Intra-Process Least Privilege and Isolation Abstract: Third-party libraries reduce software development costs and effort. Designed for flexible reuse, libraries implement a small set of features, allowing developers to build applications by combining libraries that provide the desired functionality. However, third-party code also poses a great risk: because the source code is rarely inspected or even accessible by the application developer, bugs or vulnerabilities that can leak sensitive data may go unnoticed. Yet, existing data protection tools are insufficient because they do not enforce least privilege, restricting each library’s access to only those data it needs for its functionality. Prior proposals have addressed this issue with two main approaches: (1) running application components in separate processes for strong isolation, or (2) tracking individual data objects throughout the application to prevent unprivileged components from disclosing sensitive information. However, these approaches see limited adoption because they introduce significant integration complexity and performance overhead. This thesis proposes two systems for enforcing intra-process least privilege: both strongly isolate data within a single process address space while restricting access at the granularity of individual library functions. We first present Pyronia, a privilege separation system for language runtimes that targets IoT device applications. To protect sensitive OS resources and in-memory data objects, Pyronia combines three access control techniques: system call interposition, stack inspection, and memory protection domains. Developers then specify data access rules only for directly imported third-party functions in a central policy. We next present Griffin, a memory access control system for Intel SGX cloud applications. Intel SGX enables developers to run sensitive code inside an enclave, a hardware-protected memory region within an application’s address space. However, in practice, developers often include untrusted third-party libraries in the enclave, giving them unfettered access to all in-enclave data. Griffin leverages Intel memory protection keys (MPK) to partition an enclave and assign per-compartment access rules. As part of their SGX policy, developers declare sensitive data objects and access privileges for in-enclave functions. Griffin then automatically confines these data objects in MPK compartments. Pyronia and Griffin demonstrate the effectiveness of intra-process least privilege, reducing the performance impact on applications, and easing integration efforts for developers.