Skip to main content

Library-Oriented Program Analysis with Lya

Nikos Vasilakis

Software developers make pervasive use of third-party libraries to reduce costs and accelerate release cycles, at a risk to safety and security. In this talk, I will introduce a coarse-grained dynamic analysis framework, Lya, that targets such risk within the JavaScript library ecosystem. Lya interposes at library boundaries to allow concise analyses for extracting access information or enforcing invariants — e.g., identifying security vulnerabilities, highlighting performance bottlenecks, and applying corrective actions. Part of the talk will be given in the style of a hands-on tutorial, showcasing how to build and use Lya to enable further research on library-oriented security analysis and enforcement.

Seminar Link (MS Teams)

Speaker bio

Nikos Vasilakis is a post-doctoral researcher at the Massachusetts Institute of Technology (MIT). His research interests lie in the broad areas of distributed systems, programming languages, and computer security. Recent work includes general-purpose distributed environments, automated distribution, application compartmentalization, sandboxing of third-party libraries, and distributed storage systems. He received a Ph.D. from the department of Computer and Information Science at the University of Pennsylvania, and a B.Sc./M.Eng from the department of Computer Engineering and Informatics at the University of Patras.

 

 

Share this: