RASPunzel
Project RASPunzel aims to deliver an automated and scalable runtime application self-protection (RASP) solution for Java.
RASPunzel
RASPunzel
Project RASPunzel aims to deliver an automated and scalable runtime application self-protection (RASP) solution for Java.
Project Overview
How it works
Project RASPunzel brings RASP to the next level by synthesizing lightweight security monitors that can run along a production application and prevent attacks in real-time.
Key challenges
When it comes to security, there is no one-size-fits-all solution. RASPunzel, aims to continuously synthesize, update, and deploy custom RASP monitors based on data collected from the applications themselves.
Different vulnerabilities also call for different monitors and synthesis strategies. Our current research focus is regular expression, and grammar inference applied to the synthesis of lightweight deserialization and injection (e.g. SQLi, XML, and others) monitors.
François Gauthier is a Principal Researcher for Oracle Labs, working in the Program Analysis Group. He is currently developing next-gen Runtime Application Self Protection (RASP) solutions.
His main research focus is automated security analysis, through fuzzing, static, and dynamic analysis. His research interests also include software engineering, testing, and machine learning.
Education:
* PhD Computer Engineering 2014, University of Montreal, Canada
* MSc Bioinformatics 2007, University of Montreal, Canada
* BSc Bioinformatics 2005, University of Montreal, Canada