Sergio Benitez: 2017 Security Workshop

 

Monday, April 10, 2017
Location: McCaw Hall, Arrillaga Alumni Center

"Rocket Web Framework: Typed Requests for a Safer, More Secure Web"

11:50AM

Abstract:

Rocket is a web framework written in and for the Rust programming language. Rocket makes extensive use of Rust's type system and code generation facilities to provide a simple, flexible, and lean API while enforcing type safety at every layer of the web request/response path.


In Rocket, programmers guard request handlers through types that represent security and data validation policies. Rocket ensures that a request handler is only invoked if all required types can be derived from the incoming request. In other words, Rocket guarantees that a handler is only executed under validated security and data policies.


Bio:

Sergio is a third-year PhD student at Stanford advised by Professors David Mazières and Phil Levis. His research focuses on converging programming language theory with operating systems and security. His recent work introduced Rusty Types, a formal typing discipline based on the Rust programming language. Before Stanford, Sergio spent time interning at Google, Apple, and SpaceX where he worked on projects ranging from designing anomaly detection algorithms to tuning the performance of operating systems running on rockets and other spacecraft.