Shravan Ravi Narayan - Publications, talks, articles, etc.

Publications

Going Beyond the Limits of SFI: Flexible and Secure Hardware-Assisted In-Process Isolation with HFI

Shravan Narayan, Tal Garfinkel, Mohammadkazem Taram, Joey Rudek, Daniel Moghimi, Evan Johnson, Chris Fallin, Anjo Vahldiek-Oberwagner, Michael LeMay, Ravi Sahita, Dean Tullsen, Deian Stefan

Distinguished paper award

ASPLOS 2023: [ Code, Conference Video, HFI Region simulator ]
WaVe: a verifiably secure WebAssembly sandboxing runtime

Evan Johnson, Evan Laufer, Zijie Zhao, Shravan Narayan, Stefan Savage, Deian Stefan, Fraser Brown

Distinguished paper award

IEEE S&P 2023
Half&Half: Demystifying Intel’s Directional Branch Predictors for Fast, Secure Partitioned Execution

Hosein Yavarzadeh, Mohammadkazem Taram, Shravan Narayan, Deian Stefan, Dean Tullsen

IEEE S&P 2023
Segue & ColorGuard: Optimizing SFI Performance and Scalability on Modern x86

Shravan Narayan, Tal Garfinkel, Evan Johnson, David Thien, Joey Rudek, Michael LeMay, Anjo Vahldiek-Oberwagner, Dean Tullsen, Deian Stefan

PLAS 2022
Isolation without Taxation: Near-Zero-Cost Transitions for WebAssembly and SFI

Matthew Kolosick, Shravan Narayan, Evan Johnson, Conrad Watt, Michael LeMay, Deepak Garg, Ranjit Jhala, Deian Stefan

POPL 2022: [ Code, Conference video ]
Tutorial: Using RLBox to sandbox unsafe C code

Shravan Narayan, Craig Disselkoen, Deian Stefan

IEEE SecDev 2021: [ Presentation ]
Swivel: Hardening WebAssembly against Spectre

Shravan Narayan, Craig Disselkoen, Daniel Moghimi, Sunjay Cauligi, Evan Johnson, Zhao Gang, Anjo Vahldiek-Oberwagner, Ravi Sahita, Hovav Shacham, Dean Tullsen, Deian Stefan

USENIX Security 2021: [ Code, Conference video ]
Довер ́яй, но провер ́яй: SFI safety for native-compiled Wasm

Evan Johnson, Yousef Alhessi, David Thien, Shravan Narayan, Fraser Brown, Sorin Lerner, Tyler McMullen, Stefan Savage, Deian Stefan

(The title prefix means trust but verify )

NDSS 2021: [ Code, Conference video, How to cite this paper in Latex (handling cyrillic text) ]
The Road to Less Trusted Code: Lowering the Barrier to In-Process Sandboxing

Tal Garfinkel, Shravan Narayan, Craig Disselkoen, Hovav Shacham, Deian Stefan

Article in USENIX ;login; newsletter Winter 2020
RLBox: Retrofitting Fine Grain Isolation in the Firefox Renderer

Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Nathan Froyd, Eric Rahm, Sorin Lerner, Hovav Shacham, Deian Stefan

Distinguished paper award

USENIX Security 2020: [ Extended version, Code (from the paper), Conference video, Longer video ]

RLBox production version: [ Code, Docs Initial Firefox rollout, Full Firefox rollout ]
Towards verified programming of embedded devices

Jean-Pierre Talpin, Jean-Joseph Marty, Shravan Narayan, Deian Stefan, Rajesh Gupta

Invited paper, DATE 2019
Browser history re:visited

Michael Smith, Craig Disselkoen, Shravan Narayan, Fraser Brown, Deian Stefan

USENIX WOOT 2018
Finding and Preventing Bugs in JavaScript Bindings

Fraser Brown, Shravan Narayan, Riad S. Wahby, Dawson Engler, Ranjit Jhala, Deian Stefan

IEEE S&P 2017: [ Code ]

Others (talks, articles, posters, non-refereed)

Don't Get Owned by Your Dependencies: How Firefox Uses In-process Sandboxing To Protect Itself From Exploitable Libraries

Strange Loop Conference 2022
Don't Get Owned by Your Dependencies: How Firefox Uses In-process Sandboxing To Protect Itself From Exploitable Libraries

Black Hat USA Conference 2022
Invited Poster - RLBox: Retrofitting Fine Grain Isolation in the Firefox Renderer

Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Sorin Lerner, Hovav Shacham, Deian Stefan

IEEE S&P 2021
Making Software Sandboxing Practical using Language-based Techniques

Shravan Narayan, Deian Stefan

Article in SIGPLAN PL Perspectives blog, Jul 2021
Gobi: WebAssembly as a Practical Path to Library Sandboxing

Shravan Narayan, Tal Garfinkel, Sorin Lerner, Hovav Shacham, Deian Stefan

Unpublished short paper, originally written Jan 2019, updated Nov 2019