Using the PyPy Sandbox to explore Mobile Code Sandboxing Presented By Dr. Seth Nielson

#Python #Education #Sandbox #CAE #NSA #Society #NoVA
Share

Technology rarely follows the paths the visionaries imagine. Consider “Mobile Code.” Although the idea pre-dates Java, Java’s Applets were going to make Mobile Code in the Internet powerful, yet safe. Now more than 20 years later, Applets are deprecated and the sandbox designed to secure them is seen by many as a failure. Mobile Code did not die, of course. JavaScript, running in Browser Sandboxes has become ubiquitous and powers much of the dynamic Internet. Moreover, applications are increasingly being treated like Mobile Code and sandboxed in one form or another.

PyPy is “python written in python.” Primarily written as a faster python interpreter, it has an auxiliary feature of offering a “sandbox” for python. It can build an interpreter that has all operating system calls re-routed to a controlling process for authorization and execution. This redirection enables virtual file systems, mediated access to operating system API’s, and even mechanisms for controlling resource abuses.

In this technical talk, the PyPy architecture will be introduced as a background, and then highlight key components in the sandboxing low-level code. Then there will be a demo of several sandboxed applications, examining different example security policies and access features. The final technical talk focus will be a discuss how the Sandbox might be used in the classroom.

This technical talk is free and conducted live in real-time over the Internet so no travel is required.  Capitol Technology University (CTU) will be hosting the presentations using their online delivery platform (Adobe Connect) which employs slides, VOIP, and chat for live interaction. After you are registered, you will receive an email with the presentation URL and login instructions


  Date and Time

  Location

  Hosts

  Registration


  • Date: 15 Mar 2018
  • Time: 01:10 PM to 01:50 PM
  • All times are (GMT-05:00) US/Eastern
  • Add_To_Calendar_icon Add Event to Calendar
  • Online Only, Virginia
  • United States
  • Contact Event Host
  • Co-sponsored by Center for Academic Excellence Community
  • Starts 12 March 2018 01:45 PM
  • Ends 15 March 2018 11:00 AM
  • All times are (GMT-05:00) US/Eastern
  • No Admission Charge

  Speakers

Dr. Seth Nielson of Johns Hopkins University

Topic:

Using the PyPy Sandbox to explore Mobile Code Sandboxing

Biography:

Dr. Seth James Nielson is the Director of Advanced Research Projects at the Johns Hopkins University Information Security Institute (JHUISI). In this role, he is coordinating research opportunities and engagement within the University and with external partners. An important component of his work is the on-going development of JHUISI’s position as a leader in Computer Security education and research. Individually, he teaches network security courses and pursues research in various computer security topics. Dr. Nielson is also the founder and chief scientist of  Crimson Vista Inc., a consulting firm with specialties in computer security, computer networking, and programming languages.

In Dr. Nielson’s early career, he focused on software engineering as a discipline, and worked for several years in start-up companies. At the same time, he pursued a research-oriented Master’s degree and published papers related to programmer cognition, and software design patterns. He then shifted his focus to topics in computer security, working as a consultant/analyst and pursuing a Ph.D. in that area. In these roles, he created hardware-accelerated cryptographic libraries, analyzed systems for security vulnerabilities, and investigated hiding traffic within P2P crowds to achieve pseudo-anonymity. Most recent projects include, leading a team of analysts in an evaluation of the security of networked medical devices, a journal paper on teaching computer security, and research into how users pick passwords.




Agenda

Introduction

Architecture Background

Sandboxing Key Component

Classroom Use