Description

Supply chain security is paramount in a world increasingly reliant on third-party libraries and binaries, which often introduce hidden vulnerabilities and risks into software systems. We focus on understanding and addressing these risks by employing static and dynamic techniques. We understand and score the quality of library code through precise static analysis.  Through static transformations, we harden third-party components against known and unknown vulnerabilities, reducing their attack surface and enhancing their reliability. Complementing this, dynamic monitoring and enforcement ensure that these components behave securely at runtime, detecting and mitigating potential threats as they occur. Additionally, we have technologies to automatically retrofit compartmentalization onto third-party libraries, implementing runtime protections that mitigate the exploitation of potential vulnerabilities and limit their impact. By securing the software supply chain end-to-end, we enable organizations to integrate third-party software while minimizing exposure to evolving threats confidently.

Projects

Recent Blog Posts and News

• Mitigating Supply Chain Attacks Through Fine-Grained Privilege Enforcement

Papers

• Precise and Comprehensive Provenance Tracking for Android Devices. MIT Technical Report Report, 2019
• SARAN: A System for Android Application Interposition. Aarno Labs Technical Report, 2021
• BinWrap: Hybrid Protection Against Native Node.js Add-ons. Asia CCS, 2023
• Preventing Dynamic Library Compromise on Node.js via RWX-Based Privilege Reduction. CCS, 2021
• Mir: Automated Quantifiable Privilege Reduction Against Dynamic Library Compromise in JavaScript. arXiv, 2021