Åsögatan 119, Plan 2
116 24 Stockholm, Sweden
About me
I earned my Master’s Degree in Computer Science from the University of Havana, Cuba, in 2016. Since 2019, I’ve been furthering my academic journey, earning my PhD degree at the esteemed KTH Royal Institute of Technology, specializing in Software Diversification to enhance reliability and security, with a primary emphasis on WebAssembly.
I am a Software Engineer at Hopsworks AB. I joined a common dream and effort to “Build, Maintain, and Monitor ML Systems”, also making ML accessible to everyone.
Logs
- March, 2024 PhD degree at KTH
- Jan, 2024 Wasm-Mutate: Fast and effective binary diversification for WebAssembly accepted at Computers&Security journal as a collaboration with Nick Fitzgerald
- May, 2023 WebAssembly Diversification for Malware Evasion accepted at Computers&Security journal as a collaboration with Tim Toady
- March, 2023 Dagstuhl seminar "Foundations of WebAssembly"
- October, 2022 Artificial Software Diversitication for WebAssembly manuscript, Teknologie licentiatexamen
- June, 2022 wasm-mutate presented at EGRAPHS, PLDI 2022
- June, 2022 MEWE presented at PAW, ECOOP 2022
- April, 2022 Officially aknowledged as a bytecode alliance contributor
- April, 2022 wasm-mutate was accepted as a talk in EGRAPHS 2022 Workshop, PLDI
- February, 2022 PC member for PAW 2022 Workshop
- September-December, 2021 Contractor Software Engineer at Fastly
- May 21, 2021 We receive acknowledgement for a CVE discovered in the Wasm Lucet compiler.
- Feb 18, 2021 CROW was presented at DiverSE team in University of Rennes 1
- Feb 25, 2021 CROW was presented at MADWeb Workshop in NDSS's 21
- Apr 14, 2021 CROW was presented at Spirals team in University of Lille
- May 4, 2021 CROW was presented at UC San Diego
Professional services
- Reviewer for Transactions on Software Engineering and Methodology TOSEM, ACK
- Co-reviewer for NDSS, USENIX, TSE
Publications
2024
2023
- COSE 2023
2022
- MTD 2022In Proceedings of the 9th ACM Workshop on Moving Target Defense 2022
- EGRAPHS’22
2021
- MADWeb 2021
2020
- MoreVM’s 2020In Conference Companion of the 4th International Conference on Art, Science, and Engineering of Programming 2020
2019
- VMIL 2019In Proceedings of the 11th ACM SIGPLAN International Workshop on Virtual Machines and Intermediate Languages 2019
Courses highlighting
Proofs of concept and ongoing works
Some slides
Master theses supervision
-
Camille Fournier: Comparison of Smoothness in Progressive Web Apps and Mobile Applications on Android
One of the main challenges of mobile development lies in the high fragmentation of mobile platforms. Developers often need to develop the same application several times for all targeted platforms, raising the cost of development and maintenance. One solution to this problem is cross-platform development, which traditionally only includes mobile applications. However, a new approach introduced by Google in 2015 also includes web applications. Progressive Web Apps, as they are called, are web applications that can be installed on mobile and behave like mobile applications. This research aims at studying and comparing their performance to mobile applications on Android, especially in terms of smoothness, memory and CPU usage. To that end, we analyzed the Rendering pipeline of Android and Chrome and deducted a smoothness metric. Then, a Progressive Web App, a Native Android and a React Native Interpreted Application were developed and their performance measured in several scenarios. The results imply that Progressive Web Applications, though they have great benefits, are not as smooth as Mobile applications on Android. Their memory performance and CPU usage lag behind Native Applications, but are similar to Interpreted applications.
-
Adam Benali: Neural Decompilation for WebAssembly
WebAssembly is a new low-level language used as a compilation target which runs in web browsers. There are many benefits to using WebAssembly, mainly the speed gain compared to Javascript while still being able to run it in the same sandbox Javascript code runs in. Decompilation is the process of taking compiled binary code and producing textual source code that is equivalent to the original source code. However, it does not have to be identical to the latter. Decompiling a program to source code that is very faithful to the original source code is a hard task because a lot of the information about the source code is destroyed by compilers as they do various optimizations. Because of this, neural approaches for decompilation attempting to solve this problem have been studied. To expand on the latter, machine learning for source code is a new area of research where ML is being leveraged to handle large sizes of soure code, assist in code generation and source code translation. The above are the three main themes which are in the scope of this degree project.* *WebAssembly is a compiled language, but for conducting security analyses for example, binary code is not the ideal format to deal with. Hence, decompilation is an essential step when working with WASM. However, it is challenging to write an accurate decompiler (that can always reconstruct the source code that actually corresponds to the compiled code) and the implementation of decompilers currently relies on the careful, manual design of decompilation rules. Some recent works have proposed to use machine learning in order to train a decompiler. These works successfully applied this concept to decompile from x86 to C source code. Therefore, in this thesis, the goal will be to study decompilation learning for WebAssembly.
-
Djiar Salim: Securing Trigger-Action Platforms with WebAssembly
The number of internet-connected devices and online services is increasing in the everyday lives of people. These devices and services solve independent tasks when used separately. However, they can solve complex tasks when used together. Trigger-action platforms (TAPs) allow users to create applications that connect their devices and services. The applications wait for a condition to be true in a device or service (trigger), and perform an operation in another device or service (action). JavaScript-driven TAPs allow users to add JavaScript code that is executed before the action. Currently, JavaScript-driven TAPs execute this code in the same JavaScript runtime for different applications. The problem is that they use unsafe isolation techniques that fail to secure code across applications. Thus, malicious applications can compromise other applications to leak their private data or control their behavior. Motivated to secure TAPs, we investigate isolation techniques on TAPs. The goal of this work is to propose isolation with WebAssembly, a recent language that is praised for its safe isolation. In line with the proposal, we prototype a WebAssembly-driven TAP. We also evaluate WebAssembly in terms of security, usability, and performance. For security, we perform a qualitative analysis of the security of current isolation techniques and WebAssembly. For usability, we implement and evaluate a set of applications on our novel platform. For performance, we conduct benchmarks on different isolation techniques including WebAssembly. The findings show that WebAssembly provides better isolation of code across applications than current isolation techniques. Our evaluation of usability and performance indicates that WebAssembly is also a practical and efficient solution. Furthermore, the performance results demonstrate that current JavaScript isolation techniques have significant performance issues that WebAssembly does not have. We conclude that WebAssembly can protect code across applications with isolation and it can be used in combination with other security measures to secure TAPs.
-
Anna Skantz: Performance Evaluation of Kotlin Multiplatform Mobile and Native iOS Development in Swift
Today's mobile development resides in the two main operating systems Android and iOS. It is popular to develop mobile applications individually for each respective platform, referred to as native development. To reduce additional costs, cross-platform solutions have emerged that enable shared development for both platforms. KMM is a relatively unexplored cross-platform tool developed by JetBrains. The purpose of this study is to evaluate the performance of iOS applications developed in KMM compared to native Swift. We compare the two approaches for developing iOS apps by compiling a benchmark suite and measuring the performance metrics execution time, memory consumption, and CPU usage. Our benchmark suite is a collection of 7 benchmarks consisting of high-level functionalities networking and database management, as well as low-level computational tasks from the CLBG suite. For the studied benchmarks, the results indicate that KMM generally achieves faster execution times, but with a trade-off overhead in higher memory consumption and CPU usage. We have found KMM to achieve up to 2,7 seconds faster execution time, consume up to 390MB more memory, and up to 30\% more CPU than with native Swift. Besides, our results highlight correlations between the garbage collection cycles of KMM with profiling patterns of memory consumption and CPU usage.