Stanford Security Lunch

Welcome to Security Lunch. We host speakers from both industry and academia to give talks related to applied cryptography, and system and network security.
If you're interested in attending, please sign up for the mailing list to receive updates about upcoming talks. There is an option to join virtually on Zoom.
If you're interested in giving a talk, we would love to have you! Please find more details in the About page.
You can find the upcoming and past talks for the current quarter below. We meet every Wednesday, 12 pm in CoDa E160.

Winter 2026

Upcoming

Abstract: Software-based fault isolation (SFI) is a compiler-based technique for isolating untrusted code in-process, offering fast context switches and lightweight sandboxing without hardware privilege changes. Lightweight Fault Isolation (LFI) is a recent SFI system I have been developing, designed to sandbox existing C/C++ libraries with minimal overhead on x86-64 and AArch64. LFI is now moving from research into production. The LFI compiler is being upstreamed into LLVM 23 starting in the AArch64 backend, with x86-64 to follow. It is planned to be deployed in Android in the media stack. Academic colleagues at UT Austin in collaboration with Mozilla are using it to sandbox SpiderMonkey, Firefox's JavaScript engine. Looking ahead, new hardware features offer a path towards zero-overhead SFI: memory protection keys in the form of Intel MPK/Arm POE can provide memory isolation without any per-access instrumentation, and hardware CFI in the form of Intel CET can eliminate most control-flow overheads. In this talk, I'll describe my experience in the tech transfer process, how LFI has evolved to support concrete use-cases, and where I think the field of sandboxing is headed.

Bio: Zachary Yedidia is a 5th year PhD student advised by David Mazières

Past