RASPunzel
Project RASPunzel aims to deliver an automated and scalable runtime application self-protection (RASP) solution for Java.
RASPunzel
RASPunzel
Project RASPunzel aims to deliver an automated and scalable runtime application self-protection (RASP) solution for Java.
Project Overview
How it works
Project RASPunzel brings RASP to the next level by synthesizing lightweight security monitors that can run along a production application and prevent attacks in real-time.
Key challenges
When it comes to security, there is no one-size-fits-all solution. RASPunzel, aims to continuously synthesize, update, and deploy custom RASP monitors based on data collected from the applications themselves.
Different vulnerabilities also call for different monitors and synthesis strategies. Our current research focus is regular expression, and grammar inference applied to the synthesis of lightweight deserialization, injection (e.g. SQLi, XML, and others) and cryptographic misuse monitors.
Davin is an engineer at Oracle Labs Australia, working on the RASPunzel project, where he has been instrumental in development of cryptography API monitoring for detection and prevention of misuse.
His interests include static program analysis, formal methods, and program security.
He joined Oracle in 2019, after completing his PhD in Computer Science at the University of Kent in the United Kingdom. He holds a Bachelor of Computer Science from Monash University, Melbourne, Australia.