News Release

Computer Scientist Deian Stefan Receives Prestigious Sloan Research Fellowship

Stefan's research focuses on developing secure systems, especially for web browsers

Deian Stefan, an assistant professor in the Department of Computer Science and Engineering, is one of this year's Sloan Fellows.

February 15, 2022-- UC San Diego computer scientist Deian Stefan has been honored with an Alfred P. Sloan Research Fellowship. Stefan, who is an assistant professor in the Department of Computer Science and Engineering, will receive $75,000 during the two-year fellowship to advance his work on browser security.

The fellowship supports young scientists pursuing fundamental research with great potential to impact their fields. Code developed by Stefan and his team to make browsing safer is part of the newest releases of browsers Firefox and Brave. 

“This is a true honor,” said Stefan. “The researchers in my field who have gotten a Sloan Fellowship are an impressive bunch, and just being part of this is really rewarding.”

Two other UC San Diego researchers also have been recognized this year, in the Divisions of Physical Sciences and Biological Sciences. 

Stefan is being recognized for his work on secure systems. Programmers can inadvertently introduce bugs that allow hackers to steal information or hold systems for ransom. He believes a new generation of compilers–programs that turn instructions into code a machine can understand–can help solve this problem.

The key is creating secure compilers that will give programmers end-to-end guarantees that the security of their source code is preserved down to the machine code level. Stefan plans to design these compilers by building on WebAssembly, a relatively new computer language designed to enhance safety.

“By building secure compilers from high-level languages to WebAssembly, and secure compilers of WebAssembly to different hardware, we can make it easier for developers to build secure systems that have formal security guarantees,” said Stefan. With his collaborators, Stefan has been applying these ideas to make browsers safer.

Web browsers use third-party libraries–code resource repositories–to implement different features – such as rendering images, spell checking text and processing XML documents. These libraries are typically written in unsafe but fast languages, such as C, and often have unreported bugs that can be exploited by hackers to take control over computers.

To prevent attackers from exploiting these vulnerabilities, Stefan and others are modifying WebAssembly to sandbox these libraries into their own isolated worlds. This ensures the libraries cannot be used as vectors for attack.

“We’re trying to sandbox libraries so that users can browse the web safely without worrying about potentially compromised libraries harming their machines,” said Stefan. “We’re also starting to tackle this problem on the server side. We want to make it impossible for attackers to, say, upload an image and compromise servers and all the user data stored on those servers.”

Stefan has worked closely with Firefox, which has already incorporated some of his group's sandboxing work into its browser. He sees wide applications to other browsers, including Chrome and Brave, serverless cloud platforms, machine learning as service platforms and embedded systems.

The $75,000 award will give Stefan extra firepower from students and other researchers to accelerate this project and create these extra defenses. As always with computer security, it’s essential to get these new safeguards up and running quickly.

“There have been a bunch of recent, high-profile attacks on real people that could have been prevented if we had sandboxed libraries early,” said Stefan. “They have far more privileges than they need to perform their assigned tasks, and that is largely an artifact of how we build software. As we showed in Firefox, we can fundamentally shift system design towards security and eliminate this whole class of attacks.”

Media Contacts

Ioana Patringenaru
Jacobs School of Engineering
858-822-0899
ipatrin@ucsd.edu

Joshua Baxt
Computer Science and Engineering Writer
000-000-0000
none@none.none