Keynotes

Software compartmentalization is the practice of breaking down a program into isolated components to mitigate the impact of bugs and security vulnerabilities. In the event of a compromise, compartmentalization contains the exploit, raising the bar for attackers to mount successful attacks. Although vastly successful in popular software such as web browsers or server software, compartmentalization is still not a widespread software development practice. In this talk, based on our recent publication "SoK: Software Compartmentalization" at IEEE S&P 2025, we will discuss compartmentalization approaches in industry and academia to understand the remaining challenges to making compartmentalization a truly widespread practice, raise awareness on this practice, and show how it can lead to fundamentally more secure and dependable software.

Side-channel vulnerabilities keep showing up in cryptographic software—despite a decade of automated detection tools meant to stop them. Why do these leaks keep slipping through? In the first part of this keynote, we explore this paradox, benchmarking tools against real-world vulnerabilities and uncovering why detection is harder than it looks. In the second part, we show that even when developers get constant-time code right, the compiler may not. Optimization passes in GCC and LLVM can quietly sabotage security, turning constant time into wishful thinking. We reveal which optimizations are to blame, how to catch them, and what practical defenses developers can actually use. Your compiler is not your friend—but with the right knowledge, you can keep it from turning against you.We conclude by analyzing the impact of recent attacks on automated detection tools.