Possum Pie
The goal of project Possum Pie is to equip developers with tooling to analyse, tighten, and eventually infer security policies for cloud systems.
Possum Pie
Possum Pie
The goal of project Possum Pie is to equip developers with tooling to analyse, tighten, and eventually infer security policies for cloud systems.
Project Overview
Securing systems deployed on the cloud is not trivial. As per the shared security model, cloud customers are responsible for secure identity and access management, network security and firewall configuration, data security in databases as well as client-side encryption.
Project Possum Pie aims to shift cloud security left by developing tools and techniques to:
1. Automatically model, plot, and analyse cloud systems in a holistic way
2. Assert that functional and security properties hold (e.g. policies satisfy the principle of least privilege)
3. Infer initial policies and configurations for a system under development
These ambitious goals will be achieved by using best-of-breed techniques from program analysis, automated reasoning, program synthesis and machine learning.
Industrial researcher with 10+ years leading research projects in program analysis and cybersecurity. Currently leading the Possum Pie project with an aim to check, tighten and ultimately infer security policies for cloud-native applications.
I am passionate about leading highly technical R&D projects and developing industrial tooling to automatically reason about code and detect vulnerabilities before they reach customers. Throughout my career, I have developed and patented static, dynamic, runtime and fuzzing analyses. I have also led explorations PDF and MS Office malware detection.