RASPunzel

Project RASPunzel aims to deliver an automated and scalable runtime application self-protection (RASP) solution for Java.

Project Details

RASPunzel

RASPunzel

Project RASPunzel aims to deliver an automated and scalable runtime application self-protection (RASP) solution for Java.

Project Overview

How it works

Project RASPunzel brings RASP to the next level by synthesizing lightweight security monitors that can run along a production application and prevent attacks in real-time.

Key challenges

When it comes to security, there is no one-size-fits-all solution. RASPunzel, aims to continuously synthesize, update, and deploy custom RASP monitors based on data collected from the applications themselves. 

Different vulnerabilities also call for different monitors and synthesis strategies. Our current research focus is regular expression, and grammar inference applied to the synthesis of lightweight deserialization, injection (e.g. SQLi, XML, and others) and cryptographic misuse monitors.

Principal Investigator

Francois Gauthier

Consulting Researcher

François Gauthier is a Consulting Researcher and project lead at Oracle Labs, working in the Program Analysis Group. He is currently researching and developing next-gen Runtime Application Self Protection (RASP) solutions. His main research interests revolve around automated security analysis, through fuzzing, static and dynamic analysis, and machine learning. He is also interested in reverse engineering and analysis of malware.

Prior to joining Oracle Labs, he worked as a software engineer in a biotech before re-orienting his career after graduating from his PhD at the University of Montreal.

Education:

* PhD Computer Engineering 2014, University of Montreal, Canada
* MSc Bioinformatics 2007, University of Montreal, Canada
* BSc Bioinformatics 2005, University of Montreal, Canada

Publications