Lindstedtsvägen 3, Level 5, Office 1547

KTH Campus, Stockholm, Sweden

About me

I graduated from the University of Havana(Cuba) in 2016 with a Master’s Degree in Computer Science. Currently, as a PhD student at KTH Royal Institute of Technology since 2019, I do Software Diversification for reliability and security. I am a team member of the Trustworthy Fullstack Computing (TRUSTFULL) project.

Logs

Proofs of concept and ongoing works

2022

  1. EGRAPHS 2022
  2. Cabrera Arteaga, Javier

Publications

2022

  1. MTD 2022
    Cabrera Arteaga, Javier, Laperdriex, Pierre, Monperrus, Martin, and Baudry, Benoit
    In MTD 2022

2021

  1. MADWeb 2021
    Cabrera Arteaga, Javier, Malivitsis, Orestis Floros, Pérez, Oscar Luis Vera, Baudry, Benoit, and Monperrus, Martin
    2021

2020

  1. MoreVM’s 2020
    Cabrera Arteaga, Javier, Donde, Shrinish, Gu, Jian, Floros, Orestis, Satabin, Lucas, Baudry, Benoit, and Monperrus, Martin
    In Conference Companion of the 4th International Conference on Art, Science, and Engineering of Programming 2020

2019

  1. VMIL 2019
    Cabrera Arteaga, Javier, Monperrus, Martin, and Baudry, Benoit
    In Proceedings of the 11th ACM SIGPLAN International Workshop on Virtual Machines and Intermediate Languages 2019

Courses highlighting

Some slides

Master theses supervision

  • Camille Fournier: Comparison of Smoothness in Progressive Web Apps and Mobile Applications on Android

    One of the main challenges of mobile development lies in the high fragmentation of mobile platforms. Developers often need to develop the same application several times for all targeted platforms, raising the cost of development and maintenance. One solution to this problem is cross-platform development, which traditionally only includes mobile applications. However, a new approach introduced by Google in 2015 also includes web applications. Progressive Web Apps, as they are called, are web applications that can be installed on mobile and behave like mobile applications. This research aims at studying and comparing their performance to mobile applications on Android, especially in terms of smoothness, memory and CPU usage. To that end, we analyzed the Rendering pipeline of Android and Chrome and deducted a smoothness metric. Then, a Progressive Web App, a Native Android and a React Native Interpreted Application were developed and their performance measured in several scenarios. The results imply that Progressive Web Applications, though they have great benefits, are not as smooth as Mobile applications on Android. Their memory performance and CPU usage lag behind Native Applications, but are similar to Interpreted applications.

  • Adam Benali: Neural Decompilation for WebAssembly

    WebAssembly is a new low-level language used as a compilation target which runs in web browsers. There are many benefits to using WebAssembly, mainly the speed gain compared to Javascript while still being able to run it in the same sandbox Javascript code runs in. Decompilation is the process of taking compiled binary code and producing textual source code that is equivalent to the original source code. However, it does not have to be identical to the latter. Decompiling a program to source code that is very faithful to the original source code is a hard task because a lot of the information about the source code is destroyed by compilers as they do various optimizations. Because of this, neural approaches for decompilation attempting to solve this problem have been studied. To expand on the latter, machine learning for source code is a new area of research where ML is being leveraged to handle large sizes of soure code, assist in code generation and source code translation. The above are the three main themes which are in the scope of this degree project.* *WebAssembly is a compiled language, but for conducting security analyses for example, binary code is not the ideal format to deal with. Hence, decompilation is an essential step when working with WASM. However, it is challenging to write an accurate decompiler (that can always reconstruct the source code that actually corresponds to the compiled code) and the implementation of decompilers currently relies on the careful, manual design of decompilation rules. Some recent works have proposed to use machine learning in order to train a decompiler. These works successfully applied this concept to decompile from x86 to C source code. Therefore, in this thesis, the goal will be to study decompilation learning for WebAssembly.

  • Djiar Salim: Securing Trigger-Action Platforms with WebAssembly

    The number of internet-connected devices and online services is increasing in the everyday lives of people. These devices and services solve independent tasks when used separately. However, they can solve complex tasks when used together. Trigger-action platforms (TAPs) allow users to create applications that connect their devices and services. The applications wait for a condition to be true in a device or service (trigger), and perform an operation in another device or service (action). JavaScript-driven TAPs allow users to add JavaScript code that is executed before the action. Currently, JavaScript-driven TAPs execute this code in the same JavaScript runtime for different applications. The problem is that they use unsafe isolation techniques that fail to secure code across applications. Thus, malicious applications can compromise other applications to leak their private data or control their behavior. Motivated to secure TAPs, we investigate isolation techniques on TAPs. The goal of this work is to propose isolation with WebAssembly, a recent language that is praised for its safe isolation. In line with the proposal, we prototype a WebAssembly-driven TAP. We also evaluate WebAssembly in terms of security, usability, and performance. For security, we perform a qualitative analysis of the security of current isolation techniques and WebAssembly. For usability, we implement and evaluate a set of applications on our novel platform. For performance, we conduct benchmarks on different isolation techniques including WebAssembly. The findings show that WebAssembly provides better isolation of code across applications than current isolation techniques. Our evaluation of usability and performance indicates that WebAssembly is also a practical and efficient solution. Furthermore, the performance results demonstrate that current JavaScript isolation techniques have significant performance issues that WebAssembly does not have. We conclude that WebAssembly can protect code across applications with isolation and it can be used in combination with other security measures to secure TAPs.