2023-05-18, 16:00–16:30, Salle de Bal
The onus of data security and privacy till now has always been dumped on consumers - they have to navigate myriads of privacy policies and "Yes, I consent" clicks. Apps keep on leaking data, but hardly are the apps themselves questioned! Some laws (GDPR/CCPA) do outline what data can be collected and how it is supposed to be processed in the software - but this seldom creates actionable engineering directives that developers need to follow to build privacy respecting apps. We always see the privacy protection function from the lens of data collected and stored in DBs. What if we actually dug deeper and started looking not just at what data is collected, but at the exact lines of code responsible for collection and generation of data itself? Imagine a world where privacy is baked in the app itself and is not an afterthought. This talk explores how we can leverage static analysis techniques to find and fix privacy bug, early on in the game - before they ever manifest.
English
Suchakra Sharma is the Chief Scientist at Privado where he helps build code analysis tools for data privacy and data security. He completed his Ph.D. in computer engineering from Polytechnique Montréal where he worked on eBPF technology and hardware-assisted tracing techniques for OS analysis. For the last six years, Suchakra has been working on enhancing static analysis tooling for fixing security bugs at scale. He has delivered talks and trainings at venues such as USENIX LISA, Enigma, SCALE, RSA, BlackHat Arsenal, Papers We Love, NorthSec etc. When not playing with computers, he develops film photographs and writes poems.