Publications

  1. Isolation without Taxation: Near-Zero-Cost Transitions for WebAssembly and SFI

    Matthew Kolosick, Shravan Narayan, Evan Johnson, Conrad Watt, Michael LeMay, Deepak Garg, Ranjit Jhala, Deian Stefan

    POPL 2022: [ Code, Conference video ]

  2. Tutorial: Using RLBox to sandbox unsafe C code

    Shravan Narayan, Craig Disselkoen, Deian Stefan

    IEEE SecDev 2021

  3. Swivel: Hardening WebAssembly against Spectre

    Shravan Narayan, Craig Disselkoen, Daniel Moghimi, Sunjay Cauligi, Evan Johnson, Zhao Gang, Anjo Vahldiek-Oberwagner, Ravi Sahita, Hovav Shacham, Dean Tullsen, Deian Stefan

    USENIX Security 2021: [ Code, Conference video ]

  4. Довер ́яй, но провер ́яй: SFI safety for native-compiled Wasm

    Evan Johnson, Yousef Alhessi, David Thien, Shravan Narayan, Fraser Brown, Sorin Lerner, Tyler McMullen, Stefan Savage, Deian Stefan

    (The title prefix means trust but verify )

    NDSS 2021: [ Code, Conference video, How to cite this paper in Latex (handling cyrillic text) ]

  5. The Road to Less Trusted Code: Lowering the Barrier to In-Process Sandboxing

    Tal Garfinkel, Shravan Narayan, Craig Disselkoen, Hovav Shacham, Deian Stefan

    Article in USENIX ;login; newsletter Winter 2020

  6. RLBox: Retrofitting Fine Grain Isolation in the Firefox Renderer

    Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Nathan Froyd, Eric Rahm, Sorin Lerner, Hovav Shacham, Deian Stefan

    USENIX Security 2020: [ Extended version, Code (from the paper), Conference video, Longer video ]

    RLBox production version: [ Code, Docs Initial Firefox rollout, Full Firefox rollout ]

  7. Towards verified programming of embedded devices

    Jean-Pierre Talpin, Jean-Joseph Marty, Shravan Narayan, Deian Stefan, Rajesh Gupta

    Invited paper, DATE 2019

  8. Browser history re:visited

    Michael Smith, Craig Disselkoen, Shravan Narayan, Fraser Brown, Deian Stefan

    USENIX WOOT 2018

  9. Finding and Preventing Bugs in JavaScript Bindings

    Fraser Brown, Shravan Narayan, Riad S. Wahby, Dawson Engler, Ranjit Jhala, Deian Stefan

    IEEE S&P 2017: [ Code ]

Others (articles, posters, non-refereed, unpublished)

  1. Invited Poster - RLBox: Retrofitting Fine Grain Isolation in the Firefox Renderer

    Shravan Narayan, Craig Disselkoen, Tal Garfinkel, Sorin Lerner, Hovav Shacham, Deian Stefan

    IEEE S&P 2021

  2. Making Software Sandboxing Practical using Language-based Techniques

    Shravan Narayan, Deian Stefan

    Article in SIGPLAN PL Perspectives blog, Jul 2021

  3. Gobi: WebAssembly as a Practical Path to Library Sandboxing

    Shravan Narayan, Tal Garfinkel, Sorin Lerner, Hovav Shacham, Deian Stefan

    Unpublished short paper, originally written Jan 2019, updated Nov 2019

Awards

  1. Winner of the IEEE Cybersecurity Awards for Practice, Secure Development Conference 2022. Retrofitting fine grain isolation in the Firefox renderer
  2. NSA Best Scientific Cybersecurity Paper, Honorable mention. Retrofitting fine grain isolation in the Firefox renderer
  3. Google V8 research award. Practical, portable, and verified library sandboxing using Wasm
  4. Fastly's "The edge computer project" award. Verifiable and spectre-safe sandboxing at the edge
  5. Finalist, Applied Research Competition, CSAW 2021. Довер'яй, но провер'яй: SFI safety for native-compiled Wasm
  6. Doctoral Award for Excellence in Research. Computer Science and Engineering, UC San Diego
  7. Winner, Applied Research Competition, CSAW 2020. Retrofitting fine grain isolation in the Firefox renderer
  8. Distinguished paper award at the USENIX Security Symposium 2020. Retrofitting fine grain isolation in the Firefox renderer

Program Committees

  1. USENIX Security Symposium 2022
  2. IEEE Secure Development Conference 2022
  3. Workshop on Programming Languages and Analysis for Security 2022