Explore a comprehensive analysis of TLS security architecture and abstractions in this USENIX Enigma Conference talk. Delve into the challenges developers face when implementing TLS correctly and discover a proposed solution through a security layer fitting into the Internet architecture. Learn about the POSIX socket API as a simple abstraction for TLS interface and understand its implications for developers, administrators, and OS vendors. Examine the benefits of centralized, well-tested services for creating secure applications and enforcing best practices through system policies. Gain insights into simplifying complex aspects of TLS, including certificate validation and client authentication. Access code examples for the security layer and application demonstrations to further explore this innovative approach to enhancing TLS implementation and security.
Using Architecture and Abstractions to Design a Security Layer for TLS - USENIX Enigma 2019
USENIX Enigma Conference via YouTube
Overview
Syllabus
Intro
What's Being Done to Fix This?
A Security Layer for TLS
POSIX Socket API Abstraction
Secure Socket API
Separation of Concerns
Configuration Instead of Implementation
Centralization
No Discernible Overhead
No problem...
Client Authentication Architecture
Client Authentication, Step-by-step
Automated Certificates at Registration
Let's Authenticate
Architecture is the Holy Grail
Continue the Quest
Taught by
USENIX Enigma Conference
