John Renner PhD Student @ UCSD

I'm a graduate currently pursuing my PhD in Computer Science at UCSD. My work uses programming language techniques to solve security problems.

Email: john@jrenner.net

Education


PhD Student
2017-Now
B.S. Software Engineering
2017-Now

Publications

Scooter & Sidecar: A Domain-Specific Approach to Writing Secure Database Migrations

John Renner, Alex Sanchez-Stern, Fraser Brown, Sorin Lerner, Deian Stefan
PLDI '21
@inproceedings{10.1145/3453483.3454072,
  author = {Renner, John and Sanchez-Stern, Alex and Brown, Fraser and Lerner, Sorin and Stefan, Deian},
  title = {Scooter & Sidecar: A Domain-Specific Approach to Writing Secure Database Migrations},
  year = {2021},
  isbn = {9781450383912},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  url = {https://doi.org/10.1145/3453483.3454072},
  doi = {10.1145/3453483.3454072},
  booktitle = {Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation},
  pages = {710–724},
  numpages = {15},
  keywords = {verification, domain-specific language, secure ORM, database migration},
  location = {Virtual, Canada},
  series = {PLDI 2021}
}

Towards a Verified Range Analysis for Javascript JITs

Fraser Brown, John Renner, Andres Noetzli, Sorin Lerner, Hovav Schacham, Deian Stefan
PLDI '20
@inproceedings{brown:2020:vera,
  author    = {Fraser Brown and John Renner and Andres Noetzli and Sorin Lerner and Hovav Schacham and Deian Stefan},
  title     = {Towards a Verified Range Analysis for Javascript JITs},
  booktitle = {Programming Language Design and Implementation (PLDI)},
  month     = {June},
  year      = {2020},
  publisher = {ACM SIGPLAN}
}

FaCT: a DSL for timing-sensitive computation

Conrad Watt, John Renner, Natalie Popescu, Sunjay Cauligi, Deian Stefan
PLDI '19
@inproceedings{10.1145/3314221.3314605,
  author = {Cauligi, Sunjay and Soeller, Gary and Johannesmeyer, Brian and Brown, Fraser and Wahby, Riad S. and Renner, John and Gr\'{e}goire, Benjamin and Barthe, Gilles and Jhala, Ranjit and Stefan, Deian},
  title = {FaCT: A DSL for Timing-Sensitive Computation},
  year = {2019},
  isbn = {9781450367127},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  url = {https://doi.org/10.1145/3314221.3314605},
  doi = {10.1145/3314221.3314605},
  abstract = {Real-world cryptographic code is often written in a subset of C intended to execute in constant-time, thereby avoiding timing side channel vulnerabilities. This C subset eschews structured programming as we know it: if-statements, looping constructs, and procedural abstractions can leak timing information when handling sensitive data. The resulting obfuscation has led to subtle bugs, even in widely-used high-profile libraries like OpenSSL. To address the challenge of writing constant-time cryptographic code, we present FaCT, a crypto DSL that provides high-level but safe language constructs. The FaCT compiler uses a secrecy type system to automatically transform potentially timing-sensitive high-level code into low-level, constant-time LLVM bitcode. We develop the language and type system, formalize the constant-time transformation, and present an empirical evaluation that uses FaCT to implement core crypto routines from several open-source projects including OpenSSL, libsodium, and curve25519-donna. Our evaluation shows that FaCT’s design makes it possible to write readable, high-level cryptographic code, with efficient, constant-time behavior.},
  booktitle = {Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation},
  pages = {174–189},
  numpages = {16},
  keywords = {program transformation, cryptography, domain-specific language},
  location = {Phoenix, AZ, USA},
  series = {PLDI 2019}
}

Position Paper: Progressive Memory Safety for WebAssembly

Craig Disselkoen, John Renner, Conrad Watt, Tal Garfinkel, Amit Levy, and Deian Stefan
HASP '19
@inproceedings{10.1145/3337167.3337171,
  author = {Disselkoen, Craig and Renner, John and Watt, Conrad and Garfinkel, Tal and Levy, Amit and Stefan, Deian},
  title = {Position Paper: Progressive Memory Safety for WebAssembly},
  year = {2019},
  isbn = {9781450372268},
  publisher = {Association for Computing Machinery},
  address = {New York, NY, USA},
  url = {https://doi.org/10.1145/3337167.3337171},
  doi = {10.1145/3337167.3337171},
  booktitle = {Proceedings of the 8th International Workshop on Hardware and Architectural Support for Security and Privacy},
  articleno = {4},
  numpages = {8},
  keywords = {tagged memory, memory safety, WebAssembly, Wasm},
  location = {Phoenix, AZ, USA},
  series = {HASP '19}
}

Foundations for Parallel Information Flow Control Runtime Systems

Marco Vassena, Gary Soeller, Peter Amidon, Matthew Chan, John Renner, Deian Stefan
POST '19
@inproceedings{10.1007/978-3-030-17138-4_1,
  author="Vassena, Marco and Soeller, Gary and Amidon, Peter and Chan, Matthew and Renner, John and Stefan, Deian",
  editor="Nielson, Flemming and Sands, David",
  title="Foundations for Parallel Information Flow Control Runtime Systems",
  booktitle="Principles of Security and Trust",
  year="2019",
  publisher="Springer International Publishing",
  address="Cham",
  pages="1--28",
  isbn="978-3-030-17138-4"
}

CT-Wasm: Type-Driven Secure Cryptography for the Web Ecosystem

Conrad Watt, John Renner, Natalie Popescu, Sunjay Cauligi, Deian Stefan
POPL '19
@inproceedings{watt:2019:ct-wasm,
  author    = {Conrad Watt and John Renner and Natalie Popescu and Sunjay Cauligi and Deian Stefan},
  title     = {{CT-Wasm}: Type-Driven Secure Cryptography for the Web Ecosystem},
  booktitle = {ACM SIGPLAN Symposium on Principles of Programming Languages (POPL)},
  month     = {January},
  year      = {2019},
  publisher = {ACM}
}

Constant-time WebAssembly

John Renner, Sunjay Cauligi, Deian Stefan
PriSC '18
@inproceedings{renner:2018:ct-wasm,
    author    = {John Renner and Sunjay Cauligi and Deian Stefan},
    title     = {Constant-Time {WebAssembly}},
    booktitle = {Principles of Secure Compilation (PriSC)},
    month     = {January},
    year      = {2018},
}

Projects & Work


Kythe Language Server

Implemented a Language Server capable of providing local cross-references and type information supplied by Kythe’s static index. My work was incorporated into the default workstation config at Google.

Rust Indexer for Kythe

Designed and built a tool for indexing cross-references in Rust code using the Kythe knowledge graph protocols, enabling definition lookups and codesearch.

Facebook Cache Monitoring

Created a service for determining and alerting on realtime cache consistency for Facebook’s whole memcache and TAO deployment.