Supervision and Teaching

2022

  • Teacher Assistant in DD2488 Compiler Construction

  • Teacher Assistant in DD2525 Language Based Security

  • Master thesis supervision - Djiar Salim: Securing Trigger-Action Platforms with WebAssembly.

    The number of internet-connected devices and online services is increasing in the everyday lives of people. These devices and services solve independent tasks when used separately. However, they can solve complex tasks when used together. Trigger-action platforms (TAPs) allow users to create applications that connect their devices and services. The applications wait for a condition to be true in a device or service (trigger), and perform an operation in another device or service (action). JavaScript-driven TAPs allow users to add JavaScript code that is executed before the action. Currently, JavaScript-driven TAPs execute this code in the same JavaScript runtime for different applications. The problem is that they use unsafe isolation techniques that fail to secure code across applications. Thus, malicious applications can compromise other applications to leak their private data or control their behavior. Motivated to secure TAPs, we investigate isolation techniques on TAPs. The goal of this work is to propose isolation with WebAssembly, a recent language that is praised for its safe isolation. In line with the proposal, we prototype a WebAssembly-driven TAP. We also evaluate WebAssembly in terms of security, usability, and performance. For security, we perform a qualitative analysis of the security of current isolation techniques and WebAssembly. For usability, we implement and evaluate a set of applications on our novel platform. For performance, we conduct benchmarks on different isolation techniques including WebAssembly. The findings show that WebAssembly provides better isolation of code across applications than current isolation techniques. Our evaluation of usability and performance indicates that WebAssembly is also a practical and efficient solution. Furthermore, the performance results demonstrate that current JavaScript isolation techniques have significant performance issues that WebAssembly does not have. We conclude that WebAssembly can protect code across applications with isolation and it can be used in combination with other security measures to secure TAPs.

2021

  • Master thesis supervision - Adam Benali: Neural Decompilation for WebAssembly.

    WebAssembly is a new low-level language used as a compilation target which runs in web browsers. There are many benefits to using WebAssembly, mainly the speed gain compared to Javascript while still being able to run it in the same sandbox Javascript code runs in. Decompilation is the process of taking compiled binary code and producing textual source code that is equivalent to the original source code. However, it does not have to be identical to the latter. Decompiling a program to source code that is very faithful to the original source code is a hard task because a lot of the information about the source code is destroyed by compilers as they do various optimizations. Because of this, neural approaches for decompilation attempting to solve this problem have been studied. To expand on the latter, machine learning for source code is a new area of research where ML is being leveraged to handle large sizes of soure code, assist in code generation and source code translation. The above are the three main themes which are in the scope of this degree project.

    WebAssembly is a compiled language, but for conducting security analyses for example, binary code is not the ideal format to deal with. Hence, decompilation is an essential step when working with WASM. However, it is challenging to write an accurate decompiler (that can always reconstruct the source code that actually corresponds to the compiled code) and the implementation of decompilers currently relies on the careful, manual design of decompilation rules. Some recent works have proposed to use machine learning in order to train a decompiler. These works successfully applied this concept to decompile from x86 to C source code. Therefore, in this thesis, the goal will be to study decompilation learning for WebAssembly.

  • Teacher Assistant in DD1369 Programvarukonstruktion i projektform.

  • Teacher Assistant in DD2525 Language Based Security

2020

  • Master thesis supervision - Camille Fournier: Comparison of Smoothness in Progressive Web Apps and Mobile Applications on Android.

    One of the main challenges of mobile development lies in the high fragmentation of mobile platforms. Developers often need to develop the same application several times for all targeted platforms, raising the cost of development and maintenance. One solution to this problem is cross-platform development, which traditionally only includes mobile applications. However, a new approach introduced by Google in 2015 also includes web applications. Progressive Web Apps, as they are called, are web applications that can be installed on mobile and behave like mobile applications. This research aims at studying and comparing their performance to mobile applications on Android, especially in terms of smoothness, memory and CPU usage. To that end, we analyzed the Rendering pipeline of Android and Chrome and deducted a smoothness metric. Then, a Progressive Web App, a Native Android and a React Native Interpreted Application were developed and their performance measured in several scenarios. The results imply that Progressive Web Applications, though they have great benefits, are not as smooth as Mobile applications on Android. Their memory performance and CPU usage lag behind Native Applications, but are similar to Interpreted applications.

  • Teacher Assistant in DD2525 Language-based security at KTH.

2019

  • Teacher Assistant in DD1393 mvk Introduction to Software Engineering at KTH.

  • Teacher Assistant in DD2525 Language Based Security

2017

  • Assistant professor in Compiling and Language Theory at University of Havana.