A modern application's safety and security relies on a staggeringly complex stack of abstractions, from software libraries and operating systems, to firmware and chip architectural choices. Often, performance-oriented design choices at a lower level can impact security in surprising ways, and have no clean fix.

This talk will cover how I construct secure and deployable systems without needing to know the adversary's exact technique. To understand the threat posed by leaky abstractions, I first detail my work on a novel class of side-channel attacks. With this as motivation, I present my Fuzzyfox project for securing the Firefox web browser against all known and unknown timing attacks. Finally, I describe a new way to construct trusted systems leveraging both software and hardware in the Keystone Trusted Execution Environment Framework and future projects.