Jean-Baptiste Arnaud

PhotoJB

PhD Student, Computer Science

Research & Phd Topic

Ensure: reconciling reflection and security

Keywords:

dynamic languages, reflective programming, open-system, security, capabilities, language design, virtual machine

Scientific context

More and more applications require dynamic behavior, often based on the possibility to modify the execution itself. Such changes of behavior are often based on reflective features. Dynamic scripting-like languages get more and more presence: Languages like Lua gets embedded in Adobe Photoshop, F-Script can be embedded in any Cocoa Mac OS X applications and take control of the applications without any control, Javascript applications share the same execution environment in a web-browser, so malicious ads could easily access private data. In languages such as Ruby, Python, Smalltalk, it is possible to nearly change any aspect of an applications: load untrusted code, change objects… which is clearly a total lack of security. There are some approaches to control code execution but this is often based on a closed world assumption, limited to resources control or a minimal subset of Java bytecode.

The goal of this PhD is to study how it is possible to reconcile dynamic and reflective languages with secure applications. The idea is not to validate bytecodes as this is often done but to evaluate how by construction and control of reflective features it is possible to control and create sandbox for programs execution.

Publications

Sort by: Display: Hide controls:

  1. Jean-Baptiste Arnaud, Marcus Denker, Stéphane Ducasse, Damien Pollet, Alexandre Bergel, and Mathieu Suen. Read-Only Execution for Dynamic Languages. In Proceedings of the 48th International Conference Objects, Models, Components, Patterns (TOOLS'10), Malaga, Spain, 2010. DOI PDF 
  2. Gwenael Casaccio, Stéphane Ducasse, Luc Fabresse, Jean-Baptiste Arnaud, and Benjamin Ryseghem. Bootstrapping a Smalltalk. In Proceedings of Smalltalks 2011 International Workshop, Bernal, Buenos Aires, Argentina, 2011. PDF 

Teaching

In addition to my PhD thesis, I teach at the university of Lille. I have 48 hours of Network with Jean Carle. I conduct 16 hours of project in software developpement with Nicolas Anquetil. In addition to my teaching, I have 20 days of formation to prepare me to become a researcher-teacher.

Powered by Pharo, Seaside, and Pier