Explore how security tools and techniques can be repurposed to address challenges in performance, compliance, privacy, and data abuse in this 17-minute conference talk from USENIX Enigma 2022. Discover case studies from Meta, including how static taint flow analysis, originally developed for security purposes, was applied to ensure proper handling of user locations in Instagram Threads. Learn about additional examples where product security tools have been adapted to detect implementation flaws across various domains. Examine the limitations of this approach, considering tool constraints, organizational structures, and the need for defense in depth. Gain insights into innovative applications of existing security tooling for your organization, covering topics such as logging of passwords, performance regressions, bug bounty programs, data abuse prevention, encryption, and privacy solutions.
Reusing Security Solutions in Novel Domains - Teaching an Old Dog New Tricks
USENIX Enigma Conference via YouTube
Overview
Syllabus
Introduction
About me
Motivation
Generalized Solutions
Meta
Generalized Tooling
Case Studies
Case Study 1 Instagram
Static Paint Flow Analysis
Static Chain Flow Analysis
Location Data
Tools
Logging of passwords
Performance regressions
Bug Bounty Program
Data Abuse Bounty Program
Defense in Depth
Encryption
Unsafe Data Access
Privacy
Solutions
Organizational Design
Defense and Depth
Conclusion
Review
Thank you
Taught by
USENIX Enigma Conference
