The video on-demand of this session is available to logged in QCon attendees only. Please login to your QCon account to watch the session.

Session + Live Q&A

Getting The Most Out Of Sandboxing

Privilege separation and reduction ("sandboxing") has significantly improved software security, and in many applications is a baseline requirement for safe design. (In fact, there are still many applications that can and should adopt sandboxing.)

Although necessary, sandboxing is not sufficient by itself. The designs and implementations of real-world operating systems put a ceiling on the effectiveness and applicability of sandboxing. From years of experience shipping Chromium, we have learned that (1) Chromium is at or near the limit of how much safety it can practically provide with privilege separation and reduction; and (2) we still need to provide greater resilience.

Therefore, we must find and develop additional security mechanisms. Our primary approach is now working toward increased memory safety. Where sandboxing limits the value attackers gain from exploiting vulnerabilities, memory-safe(r) code can eliminate vulnerabilities altogether or make it infeasible to use them in an exploit chain.

This talk is about lessons learned in the real world. I'll discuss the nature and particulars of the OS limitations we face, what security gap they leave us with, and what we are doing to make Chromium's large codebase less memory-unsafe. I'll highlight some lessons we've learned that security engineers working on other projects can hopefully make use of.


Chris Palmer

Software Security Engineer on Chrome @Google

I work at Google as a software security engineer on Chrome, where I work on hardening Chrome’s underpinnings and securing the web platform runtime. (I was previously on the Secure UX sub-team, and before that I did Web PKI... things.) I used to be on the Android team at Google....

Read more


Wednesday May 19 / 11:10AM EDT (40 minutes)


Modern CS in the Real World


Applied Computer Science

Add to Calendar

Add to calendar


From the same track

Session + Live Q&A Applied Computer Science

Differentiable Programming in Kotlin

Wednesday May 19 / 09:10AM EDT

Over the last few years, several frameworks have been developed to support differentiability. The most popular are PyTorch, TensorFlow and JAX which are all built on Python. These frameworks are oriented towards machine learning which involve building a model, performing batched computations on...

Irene Dea

Software Engineer @Facebook

Session + Live Q&A Applied Computer Science

Co-Designing Raft + Thread-per-Core Execution Model for the Kafka-API

Wednesday May 19 / 10:10AM EDT

Sometimes you get to reinvent the wheel when the road changes. Redpanda is a drop-in replacement for Apache Kafka®, designed from the ground up for modern hardware. Hardware looks nothing like it did 10 years ago. NVMe disks are 1000X faster than spinning disks. Cloud computers offer 30X more...

Alex Gallego

Founder and CEO @VectorizedIO

PANEL DISCUSSION + Live Q&A Applied Computer Science

Panel: Future of Language Support for ML

Wednesday May 19 / 12:10PM EDT

In this panel, we'll take a look at the state of the art of ML/AI development and how advances in language technology (specifically differentiable programming languages) can help.

Jendrik J├Ârdening

CTO @Nooxit

Irene Dea

Software Engineer @Facebook

Alanna Tempest

Software Engineer @Facebook

View full Schedule