Least-Privilege Authorization for the Internet: From Zoom to ChatGPT and Beyond

Abstract: The principle of least privilege states that software should have minimal access to the set of privileges needed to complete its stated functionality. This is a simple foundational principle for the secure design of computer systems and yet we have real-world systems that obey the “principle” of maximum privilege — get access to everything, whether necessary for functionality or not. This talk will discuss some of my group’s work in the space of creating least-privilege authorization protocols for the Internet that are practical for real-world usage. The applications range from locking down the access that Zoom has to your Google Calendar to sandboxing the behavior of the latest “AI Agents” like ChatGPT.

Bio: Earlence Fernandes is an assistant professor of computer science at UC San Diego. His research focuses on computer security for emerging technologies. He has received two best paper awards, the NSF CAREER award, and research awards from Meta, Amazon and Google. Earlence hacks things for fun and research. He once hacked a Stop sign, and it is now in a museum. He also recently hacked a bicycle.

Website: https://www.earlence.com/