|![[Search]](https://talks.cam.ac.uk/images/search.gif?1209136071)
|![[A-Z Index]](https://talks.cam.ac.uk/images/az.gif?1209136071)
|![[Contact]](https://talks.cam.ac.uk/images/contact.gif?1209136071)
||![[University of Cambridge]](https://talks.cam.ac.uk/images/identifier2.gif?1209136071){kind=small} |
COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. | ![[Talks.cam]](https://talks.cam.ac.uk/images/talkslogosmall.gif?1209136071) |
University of Cambridge > Talks.cam > Computer Laboratory NetOS Group Talklets > Not-quite-so-broken TLS: lessons in re-engineering a security protocol specification and implementation
Not-quite-so-broken TLS: lessons in re-engineering a security protocol specification and implementationAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Heidi Howard. Transport Layer Security (TLS) implementations have a history of security flaws. The immediate causes of these are often programming errors, e.g.~in memory management, but the root causes are more fundamental: the challenges of interpreting the ambiguous prose specification, the complexities inherent in large APIs and code bases, inherently unsafe programming choices, and the impossibility of directly testing conformance between implementations and the specification. We present Not-quite-so-broken TLS , the result of our re-engineered approach to security protocol specification and implementation that addresses these root causes. The same code serves dual roles: it is both a specification of TLS , executable as a test oracle to check conformance of traces from arbitrary implementations, and a usable implementation of TLS ; a modular and declarative programming style provides clean separation between its components. Many security flaws are thus excluded by construction. Not-quite-so-broken TLS can be used in standalone applications, which we demonstrate with a messaging client, and can also be compiled into a Xen unikernel (a specialised virtual machine image) with a TCB that is 4\% of a standalone system running a standard Linux/OpenSSL stack, with all network traffic being handled in a memory-safe language; this supports applications including HTTPS , IMAP, Git, and Websocket clients and servers. This talk is part of the Computer Laboratory NetOS Group Talklets series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsThe obesity epidemic: Discussing the global health crisis How to write a successful grant application Chinese Culture Events Clinical Neuroscience and Mental Health Symposium CMIH Hub seminar series Cambridge Area Sequencing Informatics Meeting VII (2015)Other talksDon't be Leeroy Jenkins – or how to manage your research data without getting your whole project wiped out Social support and breastfeeding in the UK: evolutionary perspectives and implications for public health Short-Selling Restrictions and Returns: a Natural Experiment Production Processes Group Seminar - "Advanced water filtration platforms based on hierarchically structured carbon nanotubes." Prof Kate Jones (UCL): Biodiversity & Conservation Active Machine Learning: From Theory to Practice |
Tuesday 24 March 2015, 13:15-13:45