"Don't Get Owned by Your Dependencies" by Shravan Narayan (Strange Loop 2022)

Security

Learn how to master dependencies by isolating library functionality, achieving performance and feature parity, and enforcing security through incremental code changes and targeted checks.

Key takeaways
  • Don’t rely solely on library assumptions, sandbox libraries for dependency injection.
  • Use WebAssembly (RLBox) to isolate library functionality, automating sanity checking and error reporting.
  • Performance parity and feature parity between unsandboxed and sandboxed applications crucial.
  • Focus on incrementally changing code to decouple libraries, simplifying library integration.
  • Implement ABI interfaces for seamless interaction with other parts of the application.
  • Avoid performance slowdowns, optimizing and pruning code as necessary.
  • Gradual, automated verification can occur during code modifications to enforce security.
  • Native code components create security challenges; handle through targeted security checks and bug fixes.
  • Consider RLBox to leverage WebAssembly, as in-process sandboxing improves memory handling and reduces resource overhead.

More talks

Exploring Spring Boot Clients: A Comprehensive Overview by Patrick Baumgartner

Introduction to Kubernetes Security - Marc Boorshtein

Evolution 3.0: Solve your everyday Problems with genetic Algorithms | Mey Beisaron

What Django Deployment is Really About by James Walters

SV Node updates: Alert key, free transactions & restoring protocol | Connor Murray| #LDNBlockchain23

Not Missing a Beat, Developing Products in Crypto

Talent Need Not Apply: Tradecraft and Objectives of Job-themed APT Social Engineering

The 9th Annual Black Hat USA Network Operations Center (NOC) Report